Commit graph

9770 commits

Author SHA1 Message Date
ncabatoff cab3e6815b Fix broken tests resulting from new mount config field passthrough_request_headers. (#6245) 2019-02-15 10:20:29 -08:00
Jim Kalafut a7b6d9d2a8 Fix JWT end-to-end test (#6244) 2019-02-15 09:39:23 -08:00
Jim Kalafut a32c7b6d91 Fix agent test (#6243) 2019-02-15 09:27:57 -08:00
Chris Hoffman 999fbd3bca fixing operator unseal test (#6241) 2019-02-15 09:06:37 -08:00
Chris Hoffman a6841a5e94 fixing command server tests (#6242) 2019-02-15 09:06:20 -08:00
Calvin Leung Huang 4e31f955cb cacememdb: add LeaseToken and TokenParent tests for GetByPrefix 2019-02-15 07:55:09 -08:00
vishalnayak cdaac4a715 Fix cachememdb test 2019-02-15 10:34:19 -05:00
Jeff Mitchell 3dfa30acb4 Add ability to use path wildcard segments (#6164)
* Path globbing

* Add glob support at the beginning

* Ensure when evaluating an ACL that our path never has a leading slash. This already happens in the normal request path but not in tests; putting it here provides it for tests and extra safety in case the request path changes

* Simplify the algorithm, we don't really need to validate the prefix first as glob won't apply if it doesn't

* Add path segment wildcarding

* Disable path globbing for now

* Remove now-unneeded test

* Remove commented out globbing bits

* Remove more holdover glob bits

* Rename k var to something more clear
2019-02-14 18:31:43 -08:00
Brian Kassouf f5b5fbb392
Refactor the cluster listener (#6232)
* Port over OSS cluster port refactor components

* Start forwarding

* Cleanup a bit

* Fix copy error

* Return error from perf standby creation

* Add some more comments

* Fix copy/paste error
2019-02-14 18:14:56 -08:00
Vishal Nayak feb235d5f8
Vault Agent Cache (#6220)
* vault-agent-cache: squashed 250+ commits

* Add proper token revocation validations to the tests

* Add more test cases

* Avoid leaking by not closing request/response bodies; add comments

* Fix revoke orphan use case; update tests

* Add CLI test for making request over unix socket

* agent/cache: remove namespace-related tests

* Strip-off the auto-auth token from the lookup response

* Output listener details along with configuration

* Add scheme to API address output

* leasecache: use IndexNameLease for prefix lease revocations

* Make CLI accept the fully qualified unix address

* export VAULT_AGENT_ADDR=unix://path/to/socket

* unix:/ to unix://
2019-02-14 20:10:36 -05:00
Martin 9044173d6e Prometheus support on v1/sys/metrics endpoint (#5308)
* initial commit for prometheus and sys/metrics support

* Throw an error if prometheusRetentionTime is 0,add prometheus in devmode

* return when format=prometheus is used and prom is disable

* parse prometheus_retention_time from string instead of int

* Initialize config.Telemetry if nil

* address PR issues

* add sys/metrics framework.Path in a factory

* Apply requiredMountTable entries's MountConfig to existing core table

* address pr comments

* enable prometheus sink by default

* Move Metric-related code in a separate metricsutil helper
2019-02-14 12:46:59 -08:00
Jim Kalafut 8be2951472 Fix unit tests broken with JWT plugin update 2019-02-14 12:14:18 -08:00
Jeff Mitchell e5ca13d0be
Don't add kv by default in non-dev scenarios (#6109)
It's retained for tests though since most rely on it.
2019-02-14 11:55:32 -08:00
Jeff Mitchell 6e182c3237 Remove deprecated CLI commands (#6112) 2019-02-14 11:54:47 -08:00
Jim Kalafut 6aa32db736 Update jwt plugin 2019-02-14 11:03:26 -08:00
madalynrose 2e94336fa1
Dynamic OpenAPI UI (#6209) 2019-02-14 13:52:34 -05:00
madalynrose 625f0c7546
Update OpenAPI responses to include information the UI can use (#6204) 2019-02-14 12:42:44 -05:00
Matthew Irish 0357790fb8
UI - jwt auth (#6188)
* fix default rendering of svg and allow plugins access to mount tune form

* add auth-jwt component

* add callback route, and allow it to be navigated to on load

* add jwt as a supported auth method

* use auth-jwt component and implement intial oidc flow

* allow wrapping un-authed requests

* pass redirect_url and properly redirect with the wrapped token

* popup for login

* center popup window and move to localStorage events for cross window communication because of IE11

* access window via a getter on the auth-form component

* show OIDC provider name on the button

* fetch default role on render of the auth-jwt component

* simplify auth-form template

* style callback page

* refetch auth_url when path changes for auth-jwt component

* fix glimmer error on alias metadata, and add back popup-metadata component

* fix link in metadata page

* add logo-edition component and remove use of partial for logo svg

* render oidc callback template on the loading page if we're going there

* add docs icon and change timeout on the auth form

* move OIDC auth specific things to auth-jwt component

* start to add branded buttons for OIDC providers

* add google button

* finish branded buttons

* update glyph for error messages

* update tests for auth screen not showing tabs, add adapter tests and new auth jwt tests

* start auth-jwt tests

* simplify auth-jwt

* remove negative top margin on AlertInline

* only preventDefault if there's an event

* fill out tests

* sort out some naming

* feedback on templates and styles

* clear error when starting OIDC auth and call for new auth_url

* also allow 'oidc' as the auth method type

* handle namespaces with OIDC auth

* review feedback

* use new getters in popup-metadata
2019-02-14 09:39:19 -06:00
Jim Kalafut 164ca0834b Update vendored JWT plugin 2019-02-12 17:08:04 -08:00
Jim Kalafut 6485850886
Output default as part of OpenAPI (#6222) 2019-02-12 15:36:13 -08:00
Brian Kassouf 524b65cb9b
Remove netRPC based plugins (#6173)
* Remove netRPC backend plugins

* Remove netRPC database plugins

* Fix tests and comments
2019-02-12 09:31:03 -08:00
Calvin Leung Huang 77d737c8b2 Merge branch 'master-oss' into 1.1-beta 2019-02-11 14:47:22 -08:00
Sean Carolan 58ba07f666 Make this easier for new users (#6211) 2019-02-11 17:34:22 -05:00
Jim Kalafut df4139df51
Create alias and command for OIDC (#6206) 2019-02-11 13:37:55 -08:00
Giacomo Tirabassi 820f27fd29 remove panicking and added usage (#6208) 2019-02-11 11:19:08 -08:00
Jeff Mitchell 87383123a2 changelog++ 2019-02-11 13:10:57 -05:00
Jeff Mitchell 5fa9e48b21
Don't duplicate CORS headers (#6207)
Fixes #6182
2019-02-11 13:10:26 -05:00
Jeff Mitchell ebf57b15b4
Fixes a regression in forwarding from #6115 (#6191)
* Fixes a regression in forwarding from #6115

Although removing the authentication header is good defense in depth,
for forwarding mechanisms that use the raw request, we never add it
back. This caused perf standby tests to throw errors. Instead, once
we're past the point at which we would do any raw forwarding, but before
routing the request, remove the header.

To speed this up, a flag is set in the logical.Request to indicate where
the token is sourced from. That way we don't iterate through maps
unnecessarily.
2019-02-11 13:08:15 -05:00
Jeff Mitchell 3e3e47ea1b changelog++ 2019-02-11 13:04:29 -05:00
Clint 0db43e697b Add signed key constraints to SSH CA [continued] (#6030)
* Adds the ability to enforce particular ssh key types and minimum key
lengths when using Signed SSH Certificates via the SSH Secret Engine.
2019-02-11 13:03:26 -05:00
Jeff Mitchell 6e4cfdabd2 changelog++ 2019-02-10 18:35:28 -05:00
Andrej van der Zee 604e8dd0f0 Added socket keep alive option to Cassandra plugin. (#6201) 2019-02-10 18:34:50 -05:00
Matthew Irish e0e4ec1cac
fix nav-to-nearest mixin when there are no ancestors (#6198) 2019-02-08 18:50:50 -06:00
vishalnayak c2df541fd2 changelog++ 2019-02-08 16:34:23 -05:00
Vishal Nayak b4ba344782
Merge entities during unseal only on the primary (#6075)
* Merge entities during unseal only on the primary

* Add another guard check

* Add perf standby to the check

* Make primary to not differ from case-insensitivity status w.r.t secondaries

* Ensure mutual exclusivity between loading and invalidations

* Both primary and secondaries won't persist during startup and invalidations

* Allow primary to persist when loading case sensitively

* Using core.perfStandby

* Add a tweak in core for testing

* Address review feedback

* update memdb but not storage in secondaries

* Wire all the things directly do mergeEntity

* Fix persist behavior

* Address review feedback
2019-02-08 16:32:06 -05:00
Becca Petrin ba3ed879f8
Use null strings in MSSQL to prevent errs (#6099) 2019-02-08 10:04:54 -08:00
Michel Vocks 1ddd194c28 Added missing backslash in iam identity guide (#6193) 2019-02-08 09:56:36 -08:00
Jeff Mitchell 82a85aa8c8 Make fmt 2019-02-08 09:12:55 -05:00
Naoki Ainoya a967078d80 add missing key bound_cidrs in pathCertRead Response (#6080) 2019-02-07 22:41:38 -05:00
Brian Nuszkowski 707c6d1813 Add SHA1 signing/verification support to transit engine (#6037)
* Add SHA1 signing/verification support to transit engine

* Update signing/verification endpoint documentation to include sha1 hash algorithm
2019-02-07 15:31:31 -08:00
Graham Land 13e60dbb40 Add Vault supported log levels (#6185)
Documentation : Add the supported log level configurations

`Supported log levels: Trace, Debug, Error, Warn, Info.`
2019-02-07 11:27:08 -08:00
Martins Sipenko ea56be1e69 Fix section heading size (#6137) 2019-02-07 11:18:58 -08:00
Becca Petrin 3225a66d34 Return a more helpful error message for unknown db roles (#6157)
* return a more helpful err msg

* update test, print fmt

* fix other test failure
2019-02-07 11:16:23 -08:00
Eero Niemi f9cb767d9c Fixed typo (newtwork -> network) (#6177) 2019-02-07 13:06:38 -05:00
Jeff Mitchell d883af3d30
If the log level isn't set, don't display "(not set)" (#6183) 2019-02-07 03:48:50 -05:00
Jeff Mitchell ea61e8fbec Remove refresh_interval from kvv1 API docs and CLI docs since kv get doesn't use it 2019-02-06 21:51:08 -05:00
Aidan Daniels-Soles 39893a1e15 Fix wrong file name in service definition (#6174) 2019-02-06 15:43:03 -05:00
Jeff Mitchell 7337f1ab75 changelog++ 2019-02-05 21:03:03 -05:00
Jeff Mitchell 9ef0680e7f
Fix leader info repopulation (#6167)
* Two things:

* Change how we populate and clear leader UUID. This fixes a case where
if a standby disconnects from an active node and reconnects, without the
active node restarting, the UUID doesn't change so triggers on a new
active node don't get run.

* Add a bunch of test helpers and minor updates to things.
2019-02-05 21:01:18 -05:00
d 97a73d6bf8 Revert "fixed trailing slash in consul.html.md example"
This reverts commit 4310bb58c83285ebd9cfcb302b70d1db432a11e2.

Accidental push to master, my apologies. See PR https://github.com/hashicorp/vault/pull/6175
2019-02-05 17:42:15 -07:00