Calvin Leung Huang
be05907515
autoseal: fix error typos ( #5877 )
2018-11-29 16:07:08 -08:00
Calvin Leung Huang
a510537778
Reset rekey progress once threshold has been met ( #5743 )
...
* Reset rekey progress once threshold has been met
* Reverting log message changes
* Add progress check on invalid rekey test
* Minor comment update
2018-11-19 17:03:07 -08:00
Calvin Leung Huang
907dd834ff
Revert deprecated plugin var names ( #5822 )
...
* Revert field back to ListPluginsResponse.Names
* Revert field back to MountConfig.PluginName and APIMountConfig.PluginName
2018-11-19 15:23:48 -08:00
Calvin Leung Huang
ad3e105012
Mount tune options ( #5809 )
...
* Refactor mount tune to support upsert options values and unset options.
* Do not allow unsetting options map
* add secret tune version regression test
* Only accept valid options version
* s/meVersion/optVersion/
2018-11-19 14:23:25 -08:00
Jeff Mitchell
127413461b
Remove token store paths with token/accessors in URLs ( #5773 )
2018-11-19 16:58:19 -05:00
Brian Kassouf
33776b89c2
Wrap storage calls with encoding checks ( #5819 )
...
* Add encoding backend
* More work on encoding checks
* Update error message
* Update physical/encoding.go
* Disable key checks if configured
2018-11-19 13:13:16 -08:00
Brian Kassouf
c16f7485e7
perf-standby: Fix audit table upgrade on standbys ( #5811 )
2018-11-19 10:21:53 -08:00
Konstantinos Tsanaktsidis
f75e3603ba
Paper over GCS backend corruption issues ( #5804 )
...
We're having issues with leases in the GCS backend storage being
corrupted and failing MAC checking. When that happens, we need to know
the lease ID so we can address the corruption by hand and take
appropriate action.
This will hopefully prevent any instances of incomplete data being sent
to GSS
2018-11-16 08:07:06 -05:00
Vishal Nayak
43e3ff808a
Update group memberships when entity is deleted ( #5786 )
...
* Use common abstraction for entity deletion
* Update group memberships before deleting entity
* Added test
* Fix return statements
* Update comment
* Cleanup member entity IDs while loading groups
* Added test to ensure that upgrade happens properly
* Ensure that the group gets persisted if upgrade code modifies it
2018-11-15 20:07:45 -05:00
Calvin Leung Huang
227a664b06
Continue on plugin registration error in dev mode ( #5791 )
...
* Continue on plugin registration error in dev mode
* Continue only on unknown type error
* Continue only on unknown type error
* Print plugin registration error on exit
Co-Authored-By: calvn <cleung2010@gmail.com>
2018-11-15 16:55:24 -08:00
Calvin Leung Huang
e99957aed9
Support registering plugin with name only ( #5787 )
...
* Support registering plugin with name only
* Make RegisterPlugin backwards compatible
* Add CLI backwards compat command to plugin info and deregister
* Add server-side deprecation warnings if old read/dereg API endpoints are called
* Address feedback
2018-11-15 14:33:11 -08:00
Vishal Nayak
56d6d929ce
Fix sys/auth/path/tune to accept token_type ( #5777 )
2018-11-14 11:22:08 -08:00
vishalnayak
c6faa3ee28
Add a comment to retain misspelling
2018-11-13 13:30:42 -05:00
vishalnayak
a96641c86f
Fix TestPolicy_ParseBadPath
2018-11-13 13:22:56 -05:00
Jeff Mitchell
9735bd7d69
Fix more awskms test brokenness
2018-11-13 13:01:40 -05:00
Jeff Mitchell
e5aad14d79
Fix test where AWS wasn't being skipped properly
2018-11-13 12:45:30 -05:00
Vishal Nayak
b4836575fb
Test for issue 5729 ( #5750 )
...
* Test for 5729
* Remove unneeded space
Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
2018-11-13 11:16:10 -05:00
Calvin Leung Huang
e4087474b6
Let ctx handle matching mount entry ( #5765 )
2018-11-12 20:02:02 -08:00
Chris Hoffman
3f5117e87d
fix key version tracking ( #5757 )
2018-11-12 09:52:31 -08:00
Chris Hoffman
3d1320d997
Fixing AliCloud KMS seal encryption/decryption ( #5756 )
...
* fixing seal encryption/decryption
* Address feedback.
Co-Authored-By: chrishoffman <christopher.hoffman@gmail.com>
2018-11-12 10:57:02 -05:00
Becca Petrin
3b8d543189
AWS auto-unseal acceptance test ( #5739 )
2018-11-09 14:12:29 -08:00
Jeff Mitchell
c01983cffd
Fix two problems with entity alias updating ( #5733 )
...
Fix two problems with entity alias updating
2018-11-08 13:04:24 -05:00
Vishal Nayak
510726494a
Fix panic when storage value is nil ( #5724 )
...
* Fix panic when storage value is nil
* Ensure the value is at least of expected length
* Format correction
* Address review feedback
2018-11-07 14:10:08 -08:00
Jeff Mitchell
fa26beeaed
fmt
2018-11-07 16:52:01 -05:00
Jeff Mitchell
a742857edb
Fix some remount logic within namespaces ( #5722 )
2018-11-07 14:56:24 -05:00
Brian Kassouf
422b6a2274
Break plugins back out into two path functions ( #5721 )
2018-11-07 09:38:48 -08:00
Jeff Mitchell
8b6b344d86
Add default-service
/default-batch
to token store roles ( #5711 )
2018-11-07 09:45:09 -05:00
Becca Petrin
7bd22e6779
Run all builtins as plugins ( #5536 )
2018-11-06 17:21:24 -08:00
Vishal Nayak
0b5ea9917e
Disallow writing to empty paths ( #5702 )
2018-11-06 14:08:55 -05:00
Jim Kalafut
5806179144
Update sys path definitions for OpenAPI ( #5687 )
2018-11-06 10:09:06 -08:00
Calvin Leung Huang
46f37f3363
Add HSMAutoDeprecated for ent upgrade ( #5704 )
2018-11-06 09:42:03 -08:00
Jim Kalafut
8ac04495d3
Framework and API changes to support OpenAPI ( #5546 )
2018-11-05 12:24:39 -08:00
Jeff Mitchell
41649c1511
Clean up stored barrier keys after migration to shamir ( #5671 )
2018-11-05 14:06:39 -05:00
Vishal Nayak
332e32294a
Remove namespace.TestContext and namespace.TestNamespace ( #5682 )
2018-11-05 11:11:32 -05:00
Jim Kalafut
b1bc2a6b2b
Fix a few vet warnings ( #5674 )
2018-11-02 13:21:44 -07:00
Chris Hoffman
237fa63908
matching config name to storage backend ( #5670 )
2018-11-02 11:15:07 -04:00
Chris Thunes
16f52969f4
Fix memory issue caused by append of group slice to itself. ( #5611 )
...
The slice returned by `collectGroupsReverseDFS` is an updated copy of
the slice given to it when called. Appending `pGroups` to `groups`
therefore led to expontential memory usage as the slice was repeatedly
appended to itself.
Fixes #5605
2018-10-29 10:38:34 -04:00
Chris Hoffman
8c88eb3e2a
Add -dev-auto-seal option ( #5629 )
...
* adding a -dev-auto-seal option
* adding logger to TestSeal
2018-10-29 09:30:24 -04:00
Jeff Mitchell
f8ec4d59b8
Remove disableIndexing
2018-10-23 16:05:45 -04:00
Jeff Mitchell
8a274fba51
Add disable indexing to core object
2018-10-23 15:04:36 -04:00
Jeff Mitchell
a979f49cd7
Add disable-indexing
2018-10-23 15:03:17 -04:00
Jeff Mitchell
82992d6097
Seal migration (OSS) ( #781 )
2018-10-22 23:34:02 -07:00
Jeff Mitchell
89f0efb6a1
fmt
2018-10-20 21:09:51 -04:00
Jeff Mitchell
9f6dd376e2
Merge branch 'master-oss' into 1.0-beta-oss
2018-10-19 17:47:58 -04:00
Calvin Leung Huang
a08ccbffa7
[Review Only] Autoseal OSS port ( #757 )
...
* Port awskms autoseal
* Rename files
* WIP autoseal
* Fix protobuf conflict
* Expose some structs to properly allow encrypting stored keys
* Update awskms with the latest changes
* Add KeyGuard implementation to abstract encryption/decryption of keys
* Fully decouple seal.Access implementations from sealwrap structs
* Add extra line to proto files, comment update
* Update seal_access_entry.go
* govendor sync
* Add endpoint info to configureAWSKMSSeal
* Update comment
* Refactor structs
* Update make proto
* Remove remove KeyGuard, move encrypt/decrypt to autoSeal
* Add rest of seals, update VerifyRecoveryKeys, add deps
* Fix some merge conflicts via govendor updates
* Rename SealWrapEntry to EncryptedBlobInfo
* Remove barrier type upgrade check in oss
* Add key to EncryptedBlobInfo proto
* Update barrierTypeUpgradeCheck signature
2018-10-19 14:43:57 -07:00
Vishal Nayak
c677cd0790
Case insensitive identity names ( #5404 )
...
* case insensitive identity names
* TestIdentityStore_GroupHierarchyCases
* address review feedback
* Use errwrap.Contains instead of errwrap.ContainsType
* Warn about duplicate names all the time to help fix them
* Address review feedback
2018-10-19 12:47:26 -07:00
Chris Hoffman
09a4c8214f
safely clean up loaded map ( #5558 )
2018-10-19 15:21:42 -04:00
Jeff Mitchell
841c4fcdd1
Merge branch 'master-oss' into 1.0-beta-oss
2018-10-19 09:25:17 -04:00
Vishal Nayak
6ab030511c
Remove lookup check during alias removal ( #5524 )
...
* Possible fix for 5348
* Fix compilation
2018-10-18 07:53:12 -07:00
Vishal Nayak
5818977dca
Deprecate SHA1 in token store ( #770 )
...
* Deprecate SHA1 in token store
* Fallback to SHA1 for user selected IDs
* Fix existing tests
* Added warning
* Address some review feedback and remove root token prefix
* Tests for service token prefixing
* Salting utility tests
* Adjust OTP length for root token generation
* Fix tests
* Address review feedback
2018-10-17 13:23:04 -07:00