8e8675053b
Sync some bits over
2018-01-22 21:44:49 -05:00
ffc15201dd
Allow API to return health response when in a custom state
2018-01-17 23:50:37 -05:00
842e3cb5dd
Add replication mode sys health information to Go API
2018-01-17 22:50:37 -05:00
b994e83c65
Cleanup of deprecated commands in tests, docs ( #3788 )
2018-01-15 15:19:28 -05:00
d1803098ae
Merge branch 'master-oss' into sethvargo/cli-magic
2018-01-03 14:02:31 -05:00
2225b20ec9
Fix up comment
2017-12-18 10:11:24 -05:00
82fd89b3b3
Support Incrementing Lease TTL in Renew api ( #3688 )
2017-12-18 10:09:59 -05:00
0bacec0184
adding recovery info to seal status ( #3706 )
2017-12-18 09:58:14 -05:00
548629e8ef
Port over some changes
2017-11-30 09:43:07 -05:00
58dc99ac95
Update the path for generating DR Operation tokens ( #3578 )
2017-11-13 20:28:34 -05:00
9e79e9b397
generate token functions to share common names ( #3576 )
2017-11-13 15:44:26 -05:00
2b78bc2a9b
Port over bits ( #3575 )
2017-11-13 15:31:32 -05:00
d55f94f4a3
Plumb more seal wrap stuff through and move to outside layer of mount options ( #3572 )
2017-11-13 11:22:22 -05:00
e4750fc793
Fix typo in test (and failure)
2017-11-13 10:35:36 -05:00
57f60c4f9f
Fix client test
2017-11-12 12:34:56 -05:00
8efa6756c3
Make -client-cert and -client-key work when the server doesn't know ( #3568 )
...
about the CA used to sign the cert.
Stop swallowing an error in meta.
Fixes #2946
2017-11-10 18:16:50 -05:00
0798ccdd7c
Populate config error in three node test function
2017-11-10 17:44:25 -05:00
ab3b625a3b
Add API methods for creating a DR Operation Token and make generate root accept strategy types ( #3565 )
...
* Add API and Command code for generating a DR Operation Token
* Update generate root to accept different token strategies
2017-11-10 10:19:42 -08:00
7e80b4b7ad
Minor client refactoring ( #3539 )
2017-11-06 12:06:19 -05:00
d229d7d5b0
Redo API locking ( #3508 )
...
* Redo the API client quite a bit to make the behavior of NewClient more
predictable and add locking to make it safer to use with Clone() and if
multiple goroutines for some reason decide to change things.
Along the way I discovered that currently, the x/net/http2 package is
broke with the built-in h2 support in released Go. For those using
DefaultConfig (the vast majority of cases) this will be a non-event.
Others can manually call http2.ConfigureTransport as needed. We should
keep an eye on commits on that repo and consider more updates before
release. Alternately we could go back revisions but miss out on bug
fixes; my theory is that this is not a purposeful break and I'll be
following up on this in the Go issue tracker.
In a few tests that don't use NewTestCluster, either for legacy or other
reasons, ensure that http2.ConfigureTransport is called.
* Use tls config cloning
* Don't http2.ConfigureServer anymore as current Go seems to work properly without requiring the http2 package
* Address feedback
2017-11-02 09:30:04 -05:00
e0669746b6
Add seal type to seal-status output. ( #3516 )
2017-11-01 21:00:41 -05:00
08d9353c60
Only call ConfigureTransport if "h2" is not already in NextProtos.
...
Fixes #3435
2017-10-27 14:08:30 -04:00
713d5d5307
Don't swallow errors on token functions.
2017-10-24 09:39:35 -04:00
42f3215589
Remove redundant TokenMeta
2017-10-24 09:39:34 -04:00
c5665920f6
Standardize on "auth method"
...
This removes all references I could find to:
- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend
in favor of the unified:
- auth method
2017-10-24 09:32:15 -04:00
f66d49b79b
Add more secret helpers for getting secret data
2017-10-24 09:30:47 -04:00
8910915c86
Add API functions for token helpers
2017-10-24 09:26:44 -04:00
8e271dcbdc
More syncing
2017-10-23 16:52:56 -04:00
3033a7beb6
do not panic when Client.Transport is not *http.Transport ( #3440 )
2017-10-10 08:46:54 -04:00
3cf4e3e142
Fix panic when setting a client http client with no transport ( #3437 )
...
Fixes #3436
2017-10-09 08:49:20 -04:00
3d00731fda
Add http headers to the api client ( #3394 )
2017-10-06 14:27:58 -04:00
1029ad3b33
Rename "generic" secret backend to "kv" ( #3292 )
2017-09-15 09:02:29 -04:00
6f417d39da
Normalize plugin_name option for mount and enable-auth ( #3202 )
2017-08-31 12:16:59 -04:00
ae5996a737
Add SignKey endpoint for SSH API client
2017-08-18 12:59:08 -04:00
d2410e3399
gofmt
2017-08-02 19:38:35 -04:00
888e1e3859
Add SRV record functionality for client side host/port discovery of Vault ( #3035 )
...
* added SRV record functionality for client side port discovery of Vault
* Add a check on returned address length
2017-08-02 19:19:06 -04:00
db9d9e6415
Store original request path in WrapInfo ( #3100 )
...
* Store original request path in WrapInfo as CreationPath
* Add wrapping_token_creation_path to CLI output
* Add CreationPath to AuditResponseWrapInfo
* Fix tests
* Add and fix tests, update API docs with new sample responses
2017-08-02 18:28:58 -04:00
cefa70c8a3
Have sys health api always return even in an error case ( #3087 )
...
* Have sys health api always return even in an error case, which HTTP API docs say it should
* Use specific return codes to bypass automatic error handling
2017-08-02 10:01:40 -04:00
d0f329e124
Add leader cluster address to status/leader output. ( #3061 )
...
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.
Fixes #3042
2017-07-31 18:25:27 -04:00
1bfc6d4fe7
Add a -dev-three-node option for devs. ( #3081 )
2017-07-31 11:28:06 -04:00
5cb87e26ef
moving client calls to new endpoint ( #2867 )
2017-07-25 11:58:33 -04:00
bb54e9c131
Backend plugin system ( #2874 )
...
* Add backend plugin changes
* Fix totp backend plugin tests
* Fix logical/plugin InvalidateKey test
* Fix plugin catalog CRUD test, fix NoopBackend
* Clean up commented code block
* Fix system backend mount test
* Set plugin_name to omitempty, fix handleMountTable config parsing
* Clean up comments, keep shim connections alive until cleanup
* Include pluginClient, disallow LookupPlugin call from within a plugin
* Add wrapper around backendPluginClient for proper cleanup
* Add logger shim tests
* Add logger, storage, and system shim tests
* Use pointer receivers for system view shim
* Use plugin name if no path is provided on mount
* Enable plugins for auth backends
* Add backend type attribute, move builtin/plugin/package
* Fix merge conflict
* Fix missing plugin name in mount config
* Add integration tests on enabling auth backend plugins
* Remove dependency cycle on mock-plugin
* Add passthrough backend plugin, use logical.BackendType to determine lease generation
* Remove vault package dependency on passthrough package
* Add basic impl test for passthrough plugin
* Incorporate feedback; set b.backend after shims creation on backendPluginServer
* Fix totp plugin test
* Add plugin backends docs
* Fix tests
* Fix builtin/plugin tests
* Remove flatten from PluginRunner fields
* Move mock plugin to logical/plugin, remove totp and passthrough plugins
* Move pluginMap into newPluginClient
* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck
* Change shim logger's Fatal to no-op
* Change BackendType to uint32, match UX backend types
* Change framework.Backend Setup signature
* Add Setup func to logical.Backend interface
* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments
* Remove commented var in plugin package
* RegisterLicense on logical.Backend interface (#3017 )
* Add RegisterLicense to logical.Backend interface
* Update RegisterLicense to use callback func on framework.Backend
* Refactor framework.Backend.RegisterLicense
* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs
* plugin: Revert BackendType to remove TypePassthrough and related references
* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
2ddbc4a939
Adding option to set custom vault client timeout using env variable VAULT_CLIENT_TIMEOUT ( #3022 )
2017-07-18 09:48:31 -04:00
c77986d03e
Do not double-convert to seconds
2017-07-11 16:06:50 -07:00
cfad705ddc
Fix typo
2017-07-10 22:26:42 -07:00
8fee1ec31d
updating for TestCluster changes
2017-07-10 20:47:03 -07:00
725e0e5b73
Fix doc
2017-07-07 17:15:43 -04:00
8da29a5a23
Use the core client
2017-07-07 17:14:49 -04:00
994cf1db5c
Fix failing test
2017-07-07 17:14:49 -04:00
462d30fd38
Buffer doneCh
2017-07-07 17:14:49 -04:00
d48c51185d
Add configurable buffer size
2017-07-07 17:14:48 -04:00
29255fd2eb
Do not block writing to doneCh if stopped
2017-07-07 17:14:48 -04:00
e22b3d9ec8
Make lock private
2017-07-07 17:14:48 -04:00
7f47f06014
Remove init() seed
2017-07-07 17:14:47 -04:00
81a24fda29
Fix vet errors
2017-07-07 17:14:47 -04:00
ae7d6da993
Allow a custom randomizer
2017-07-07 17:14:47 -04:00
5f658abc12
Use Fatalf
2017-07-07 17:14:47 -04:00
207e1d5dd3
Use a more heurstic function for calculating sleep backoff
2017-07-07 17:14:46 -04:00
f18b7fd6dc
Seed the random generator
2017-07-07 17:14:46 -04:00
10cdc62c62
Move renewer integration tests into separate package
2017-07-07 17:14:46 -04:00
a09c84ce75
Use a separate package for API integration tests
...
This removes the cyclic dependency
2017-07-07 17:14:45 -04:00
d711dfebd1
Send a more useful struct for renewal
2017-07-07 17:14:45 -04:00
951421e613
Reorg
2017-07-07 17:14:45 -04:00
1ea998e2f5
Use unbuffered channels
2017-07-07 17:14:45 -04:00
dcdbef1dfb
Use a time.Duration instead of an int for grace
2017-07-07 17:14:44 -04:00
62e1f5c498
Use RenewTokenAsSelf instead
2017-07-07 17:14:44 -04:00
77ee95cb82
Add secret renewer
2017-07-07 17:14:44 -04:00
4069eb21b6
Add test stubs for starting a vault server and pg database
2017-07-07 17:14:43 -04:00
506a304ecc
Add API helper for renewing a token as another token
2017-07-07 17:14:42 -04:00
d169918465
Create and persist human-friendly-ish mount accessors ( #2918 )
2017-06-26 18:14:36 +01:00
084064389e
Add a convenience function for copying a client ( #2887 )
2017-06-20 04:08:15 +01:00
5817a8a5f8
Return error on bad CORS and add Header specification to API request primitive
2017-06-19 18:20:44 -04:00
0303f51b68
Cors headers ( #2021 )
2017-06-17 00:04:55 -04:00
a91763b81f
reverting client changes in #2856 ( #2866 )
2017-06-14 16:39:20 -04:00
ec1d943dce
moving client calls to new endpoint ( #2856 )
2017-06-14 10:38:15 -04:00
2d61087b99
api: Don't treat 429 as error ( #2850 )
...
* api: Don't treat 429 as error
* Added parenthesis
2017-06-12 18:31:36 -04:00
0be37ca78b
Add Health() method to Sys client ( #2805 )
2017-06-05 11:00:45 -04:00
aa40d2cff6
add gofmt checks to Vault and format existing code ( #2745 )
2017-05-19 08:34:17 -04:00
bf34484d9d
Respect the configured address's path in the client ( #2588 )
2017-04-13 14:06:38 -04:00
0fb75d9e89
Pass user/pass for HTTP Basic Authentication in URL parameters ( #2469 )
2017-03-10 07:19:23 -05:00
f03d500808
Add option to disable caching per-backend. ( #2455 )
2017-03-08 09:20:09 -05:00
5ef2b0145b
Add ability to set max retries to API
2017-03-01 12:24:08 -05:00
fa77e7cfa2
api: add `EnvVaultToken` constant. ( #2413 )
2017-02-27 18:36:21 -05:00
2cc0906b33
Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 ( #2412 )
2017-02-27 12:49:35 -05:00
4ec5937e2d
Move http-using API tests into http package
2017-02-24 14:23:21 -05:00
e0c9bfd926
Add WithOptions methods to audit/auth enabling ( #2383 )
2017-02-16 11:37:27 -05:00
ec10a9171d
ConfigureTLS() sets default HttpClient if nil ( #2329 )
2017-02-06 17:47:56 -05:00
dd0e44ca10
Add nonce to unseal to allow seeing if the operation has reset ( #2276 )
2017-01-17 11:47:06 -05:00
ad09acb479
Use Vault client's scheme for auto discovery ( #2146 )
2016-12-02 11:24:57 -05:00
3397d55722
Better handle nil responses in logical unwrap
2016-12-01 16:38:08 -05:00
0f5b847748
Fix panic when unwrapping if the server EOFs
2016-11-29 16:50:07 -05:00
97ca3292a4
Set number of pester retries to zero by default and make seal command… ( #2093 )
...
* Set number of pester retries to zero by default and make seal command return 403 if unauthorized instead of 500
* Fix build
* Use 403 instead and update test
* Change another 500 to 403
2016-11-16 14:08:09 -05:00
12e986c6ec
Fix unwrap CLI command when there is no client token set. ( #2077 )
2016-11-08 11:36:15 -05:00
22b5bd54e3
change api so if wrapping token is the same as the client token it doesn't set it in the body
2016-10-27 12:15:30 -04:00
4072ac0eb9
Fix NOT logical bug.
...
Ping #2014
2016-10-18 09:51:45 -04:00
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
ac5ea8ccc2
Reinstate the token parameter to api.RevokeSelf to avoid breaking compatibility
2016-09-13 11:03:05 -04:00
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
d7502e543d
Add golang api method for creating orphan tokens ( #1834 )
2016-09-01 15:39:44 -04:00
9fee9ce8ff
Don't allow tokens in paths. ( #1783 )
2016-08-24 15:59:43 -04:00
a110cd637c
allow a TLS server name to be configured for SSH agents ( #1720 )
2016-08-23 22:06:56 -04:00
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
ba87c6c0d6
Restore compatibility with pre-0.6.1 servers for CLI/Go API calls
2016-08-14 14:52:45 -04:00
bcb4ab5422
Add periodic support for root/sudo tokens to auth/token/create
2016-08-12 21:14:12 -04:00
9c33224928
Don't retry on redirections.
2016-08-12 15:13:42 -04:00
ff22640015
Use default config and read environment by default while creating client object
2016-08-12 11:37:13 -04:00
5a1ca832af
Merge pull request #1699 from hashicorp/dataonly
...
Return sys values in top level normal api.Secret
2016-08-09 07:17:02 -04:00
ab71b981ad
Add ability to specify renew lease ID in POST body.
2016-08-08 18:00:44 -04:00
3c2aae215c
Fix tests and update mapstructure
2016-08-08 16:00:31 -04:00
4d5de08a46
Merge pull request #1682 from hashicorp/f-refactor-tls-config
...
Refactor the TLS configuration between meta.Client and the api.Config
2016-08-02 13:35:37 -07:00
92ede0db17
Address comments
2016-08-02 13:17:45 -07:00
8b0b0d5922
Add cluster information to 'vault status'
2016-07-29 14:13:53 -04:00
e5e0431393
Added Vault version informationto the 'status' command
2016-07-28 17:37:35 -04:00
f5d56ad8f8
Refactor the TLS configuration between meta.Client and the api.Config
2016-07-27 17:26:26 -07:00
a76d51d0ee
Plumb request UUID through the API
2016-07-27 09:25:04 -04:00
23800c5f1d
Add service discovery to init command
2016-07-21 16:17:29 -04:00
8a1bb1626a
Merge pull request #1583 from hashicorp/ssh-allowed-roles
...
Add allowed_roles to ssh-helper-config and return role name from verify call
2016-07-19 12:04:12 -04:00
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
a6682405a3
Migrate number of retries down by one to have it be max retries, not tries
2016-07-11 21:57:14 +00:00
57cdb58374
Switch to pester from go-retryablehttp to avoid swallowing 500 error messages
2016-07-11 21:37:46 +00:00
7023eafc67
Make the API client retry on 5xx errors.
...
This should help with transient issues. Full control over min/max delays
and number of retries (and ability to turn off) is provided in the API
and via env vars.
Fix tests.
2016-07-06 16:50:23 -04:00
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
5367a7223d
Add allowed_roles to ssh-helper-config and return role name from verify call
2016-07-05 11:14:29 -04:00
848b479a61
Added 'sys/auth/<path>/tune' endpoints.
...
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
c0155ac02b
Add renewable flag and API setting for token creation
2016-06-08 11:14:30 -04:00
10b218d292
Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this...
2016-06-07 16:01:09 -04:00
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
63aba520c6
Make Unwrap a first-party API command and refactor UnwrapCommand to use it
2016-05-27 21:04:30 +00:00
05b2d4534c
Add unwrap test function and some robustness around paths for the wrap lookup function
2016-05-19 11:49:46 -04:00
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
c5008bcaac
Add more tests
2016-05-07 21:08:13 -04:00
99a5b4402d
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-04 14:42:14 -04:00
45a120f491
Switch our tri-copy ca loading code to go-rootcerts
2016-05-03 12:23:25 -04:00
1ffd5653c6
Add wrap support to API/CLI
2016-05-02 02:03:23 -04:00
4e53f4b1a4
Use UseNumber() on json.Decoder to have numbers be json.Number objects
...
instead of float64. This fixes some display bugs.
2016-04-20 18:38:20 +00:00
fb07d07ad9
all: Cleanup from running go vet
2016-04-13 14:38:29 -05:00
348be0e50b
Remove RevokePrefix from the API too as we simply do not support it any
...
longer.
2016-04-05 11:00:12 -04:00
afae46feb7
SealInterface
2016-04-04 10:44:22 -04:00
4e6dcfd6d0
Enable callbacks for handling logical.Request changes before processing requests
2016-03-17 22:29:53 -04:00
f275cd2e9c
Fixed capabilities API to receive logical response
2016-03-17 21:03:32 -04:00
a5d79d587a
Refactoring the capabilities function
2016-03-17 21:03:32 -04:00
71fc07833f
Rename id to path and path to file_path, print audit backend paths
2016-03-14 17:15:07 -04:00
c70b4bbbb2
Merge pull request #1201 from hashicorp/accessor-cli-flags
...
Accessor CLI flags
2016-03-11 09:55:45 -05:00
b8d202f920
Restore RevokeSelf API
2016-03-11 06:30:45 -05:00
0486fa1a3a
Added accessor flag to token-revoke CLI
2016-03-10 21:21:20 -05:00
ed8a096596
Add accessor flag to token-lookup command and add lookup-accessor client API
2016-03-10 21:21:20 -05:00
Jeff Mitchell