Jeff Mitchell
09a9587523
Move renewer to internal package so tests don't barf
2019-09-09 16:09:53 -04:00
Jeff Mitchell
a965378b17
Support batch tokens in renewer and caching proxy for transit auto-unseal ( #7441 )
...
Currently this uses a fork of the api.Renewer code, which we should consolidate in 1.3.
2019-09-09 12:58:28 -07:00
Becca Petrin
64ecf46fb6
rename pcf to cf maintaining backwards compat ( #7346 )
2019-08-26 09:55:08 -07:00
Jeff Malnick
ba4fbd4df8
Allow setting file mode on vault agent sink file ( #7275 )
...
* feat: enable setting mode on vault agent sink file
* doc: update vault agent file sink with mode configuration
2019-08-21 20:41:55 -07:00
John Morrissey
596b1a990c
avoid a panic on failed creds polling ( #7238 )
2019-08-01 16:22:15 -04:00
Christian Muehlhaeuser
e6febc5839
Fixed a bunch of typos ( #7146 )
2019-07-18 21:10:15 -04:00
Michel Vocks
524c7517e9
Add namespace config option to agent auto-auth config ( #6988 )
...
* Added namespace option to vault agent auto-auth method
* Implemented review feedback
2019-07-03 09:33:20 +02:00
Aaron Donovan
09acded420
Allow configuration of nonce for ec2 authentication ( #6953 )
...
* Allow configuration of nonce for ec2 authentication
* Addressing pull request comment
2019-06-27 11:06:20 -04:00
Becca Petrin
8bbf6e6fc3
update to latest plugin dependencies
2019-06-19 10:04:49 -07:00
Becca Petrin
66aaa46588
add PCF auth method, agent, and cli handler
2019-06-06 12:26:04 -07:00
Jeff Mitchell
068b38faa0
Make flushing the cache race safe ( #6828 )
...
* Make flushing the cache race safe
* Remove noop aborts
2019-06-05 02:52:18 -04:00
Calvin Leung Huang
679f7415ea
agent/caching: support proxying request query parameters ( #6772 )
...
* agent/caching: support proxying request query parameters
* update comment
* rejig other agent log messages to output method followed by path
2019-05-22 09:21:47 -07:00
Jim Kalafut
8a0d423ed8
Fix gofmt ( #6764 )
2019-05-20 15:15:05 -07:00
vishalnayak
36581e3a2a
Increase the ttl for the tests to pass
2019-05-08 12:10:48 -04:00
Travis Cosgrave
236d7c5e52
Add certificate auto-auth method to vault agent ( #6652 )
...
* adding auto auth for cert auth methods
* Adding Docs for Cert Auto-auth method
* fixes errors in docs
* wrong documentation title
* repariting a few typos in the docs and being very clear about where the certificates should be configured
* clarifying the name parameter documentation
* Fixes gofmt issues in command/agent.go
* Fix typo in docs
* Add nil check to Config for cert auto-auth and add test with and without a specified name
2019-05-06 10:39:27 -04:00
Jeff Mitchell
213b9fd1cf
Update to api 1.0.1 and sdk 0.1.8
2019-04-15 14:10:07 -04:00
Jeff Mitchell
9ebc57581d
Switch to go modules ( #6585 )
...
* Switch to go modules
* Make fmt
2019-04-13 03:44:06 -04:00
Becca Petrin
6ded269700
Merge pull request #6268 from hashicorp/6234-aws-region
...
Add region to CLI for generating AWS login data
2019-04-12 16:15:38 -07:00
Jeff Mitchell
371db36ede
Move useragent to sdk
2019-04-12 18:17:49 -04:00
Jeff Mitchell
8bcb533a1b
Create sdk/ and api/ submodules ( #6583 )
2019-04-12 17:54:35 -04:00
Becca Petrin
f20772310b
Merge branch 'opensource-master' into 6234-aws-region
2019-04-12 11:13:17 -07:00
Calvin Leung Huang
c336059812
agent/cache: add comment around APIProxy.Send return case
2019-04-05 13:58:12 -07:00
ncabatoff
ef1926b5e4
Agent auto auth wrapping new config checks ( #6479 )
...
* Simplify Run(): the function that was being sent over a channel doesn't
need to close over anything except latestToken, and we don't need to
create a new one each iteration. Instead just pass the relevant items,
namely the token and sink to work on.
* Disallow the following config combinations:
1. auto_auth.method.wrap_ttl > 0 and multiple file sinks
2. auto_auth.method.wrap_ttl > 0 and single file sink with wrap_ttl > 0
3. auto_auth.method.wrap_ttl > 0 and cache.use_auto_auth_token = true
* Expose errors that occur when APIProxy is forwarding request to Vault.
* Fix merge issues.
2019-04-05 16:12:54 -04:00
Becca Petrin
339cfcaaf8
merge master
2019-04-01 13:52:44 -07:00
Alessandro De Blasis
c96362d466
agent: allow AppRole Auto-Auth when bind_secret_id = false ( #6324 )
...
* agent: allow AppRole Auto-Auth when bind_secret_id = false
2019-04-01 16:27:54 -04:00
ncabatoff
d8043c544f
Add support in Agent for running cache+auto_auth without any sinks ( #6468 )
...
* Add support in Agent for running cache+auto_auth without any sinks
configured.
* Add missing fixture.
2019-04-01 16:26:41 -04:00
T.K
453f1ac109
changed misspelled english words ( #6432 )
2019-03-19 09:32:45 -04:00
ncabatoff
fab1fde145
Move listener config from 'cache' block to top-level 'listener' blocks. Allow cache without auto-auth. ( #6421 )
...
* Since we want to use the Agent listener for #6384 , move listener config
from top-level 'cache' block to new top-level 'listeners' block.
* Make agent config allow cache and listener blocks without auto-auth
configured.
2019-03-15 14:58:53 -04:00
Vishal Nayak
f7907c2809
Agent: Listener refactoring and socket file system permissions ( #6397 )
...
* Listener refactoring and file system permissions
* added listenerutil and move some common code there
* Added test for verifying socket file permissions
* Change default port of agent to 8200
* address review feedback
* Address review feedback
* Read socket options from listener config
2019-03-14 11:53:14 -07:00
Calvin Leung Huang
b7dcef399d
agent/caching: add X-Cache and Age headers ( #6394 )
...
* agent/caching: add X-Cache and Age headers, update Date header on cached resp
* Update command/agent/cache/lease_cache.go
Co-Authored-By: calvn <cleung2010@gmail.com>
* Update command/agent/cache/proxy.go
Co-Authored-By: calvn <cleung2010@gmail.com>
2019-03-12 13:21:02 -07:00
Calvin Leung Huang
86df7ee2d5
agent/caching: use locks on LeaseCache.Send ( #6374 )
...
* agent/caching: use locks on LeaseCache.Send to prevent running multiple renewer goroutines
* update comment
2019-03-07 15:50:12 -08:00
Calvin Leung Huang
e6798347a7
Refactor handleCacheClear input params ( #6350 )
...
* Refactor handleCacheClear input params
* address review feedback
* fix handleCacheClear's token_accessor case
2019-03-06 18:08:19 -08:00
Calvin Leung Huang
a74b0deac0
agent/caching: proxy redirect and non-json responses; update tests ( #6353 )
...
* agent/caching: proxy redirect and non-json responses; update tests
* agent/caching: do not wrap error responses as internal errors, simply proxy them back as-is
* minor refactoring of APIProxy.Send logic
* add test case to ensure error response is not wrapped
2019-03-06 17:23:20 -08:00
Vishal Nayak
d8f39d54c9
Change agent's port to 8007 ( #6348 )
2019-03-05 12:57:17 -05:00
Vishal Nayak
ffcd85e1af
Test request token overriding auto-auth case ( #6346 )
2019-03-05 12:49:58 -05:00
Becca Petrin
1909b20217
merge master
2019-03-05 09:39:53 -08:00
Vishal Nayak
59e8632d2d
Refactor respond error function ( #6343 )
2019-03-05 11:43:30 -05:00
Calvin Leung Huang
d73216b5c3
Fix TestLeaseCache_SendCacheable ( #6333 )
2019-03-04 15:18:52 -08:00
Jeff Mitchell
718ae5a010
Minor syncs
2019-03-04 13:35:22 -05:00
Calvin Leung Huang
c5aaf8dcb0
agent/caching: simplify orphan check; add orphan token creation tests ( #6322 )
2019-03-01 17:57:25 -08:00
Vishal Nayak
ce42e9ea1f
Add locking around base context ( #6321 )
...
Got offline 👍 from Calvin.
2019-03-01 20:30:14 -05:00
Vishal Nayak
a5195949d9
added client_key and client_cert options to the agent config ( #6319 )
2019-03-01 15:11:16 -05:00
Calvin Leung Huang
23395891d3
agent/caching: refactor ContextInfo ( #6311 )
...
* agent/caching: refactor ContextInfo
* use NewContextInfo in NewLeaseCache
2019-03-01 11:20:36 -08:00
vishalnayak
d31c5fe4d9
Agent config vault block should be optional
2019-03-01 12:23:00 -05:00
Vishal Nayak
ac2b499fc9
Support reading Vault's address from Agent's config file ( #6306 )
...
* Support reading Vault's address from Agent's config file
* use consts and switch
* Add tls options to agent config vault block
* Update command/agent/config/config.go
Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
* remove fmt.Printfs
2019-02-28 17:29:28 -05:00
Calvin Leung Huang
5eb50a261e
agent/caching: test renaming; add api-level cache-clear test ( #6305 )
...
* test renaming; add api-level cache-clear test
* fix import ordering
2019-02-28 10:05:55 -08:00
Calvin Leung Huang
c07253999c
agent/caching: enable caching of leases generated by autoauth token ( #6293 )
...
* agent/caching: enable caching of leases generated by autoauth token
* add test for auth/token/create path
* update error message log
* Some minor updates
* add sleep timer for renewal logic to process
2019-02-27 13:14:58 -08:00
Vishal Nayak
ffabeda5d9
Agent Caching: Remove response updates using renewal output ( #6303 )
...
* Agent Caching: Remove response updates using renewal output
* Use renewal output channel to log the fact
2019-02-27 14:33:45 -05:00
vishalnayak
f04b4d1668
Change agent's default port number to 8100
2019-02-26 10:02:12 -05:00
Jim Kalafut
ebb63652cd
Fix agent test ( #6281 )
2019-02-21 21:24:16 -08:00
Calvin Leung Huang
fda590f538
agent/caching: use const for cache-clear path ( #6271 )
2019-02-21 14:53:34 -08:00
Calvin Leung Huang
8fc9138fe4
agent/caching: remove EvictByPrefix and EvictAll ( #6269 )
2019-02-21 14:52:10 -08:00
Becca Petrin
65b8ad9187
allow aws region in cli login
2019-02-20 16:43:21 -08:00
Vishal Nayak
779d49bab5
AgentCache: Properly compute auto-auth token ( #6264 )
...
* Properly compute auto-auth token
* Use inmem sink to track auto-auth token
* update debug statement
* Only add inmem sink if using auto-auth token is allowed
2019-02-20 02:11:05 -05:00
Vishal Nayak
5037185d5d
Agent Cache: Some review feedback ( #6257 )
...
* Revamp agent cache client
* Update command/agent.go
Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>
* Agent cache auto auth token lookup case (#6258 )
* agent cache auto auth token lookup case
* Use Blake2b256Hash instead of SHA256
* agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259 )
* agent/cache: update cache-clear endpoint; use bytes.NewReader instead
* agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b
* agent/cache: Only parse response body if it's non-nil (#6260 )
* Differently disable agent address in the API client
* Remove DisableAgent
2019-02-19 16:53:29 -05:00
Vishal Nayak
614ec67b05
address some review back ( #6237 )
2019-02-15 13:40:03 -05:00
Jim Kalafut
a7b6d9d2a8
Fix JWT end-to-end test ( #6244 )
2019-02-15 09:39:23 -08:00
Calvin Leung Huang
4e31f955cb
cacememdb: add LeaseToken and TokenParent tests for GetByPrefix
2019-02-15 07:55:09 -08:00
vishalnayak
cdaac4a715
Fix cachememdb test
2019-02-15 10:34:19 -05:00
Vishal Nayak
feb235d5f8
Vault Agent Cache ( #6220 )
...
* vault-agent-cache: squashed 250+ commits
* Add proper token revocation validations to the tests
* Add more test cases
* Avoid leaking by not closing request/response bodies; add comments
* Fix revoke orphan use case; update tests
* Add CLI test for making request over unix socket
* agent/cache: remove namespace-related tests
* Strip-off the auto-auth token from the lookup response
* Output listener details along with configuration
* Add scheme to API address output
* leasecache: use IndexNameLease for prefix lease revocations
* Make CLI accept the fully qualified unix address
* export VAULT_AGENT_ADDR=unix://path/to/socket
* unix:/ to unix://
2019-02-14 20:10:36 -05:00
Jim Kalafut
d0e2badbae
Run goimports across the repository ( #6010 )
...
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Clint Shryock
37e75a95c7
fix typo in comment
2018-11-28 10:06:23 -06:00
Julien Balestra
a60ed6a53c
agent: fix auth when multiple redirects ( #5814 )
2018-11-19 15:50:42 -08:00
Clint
dfe585c7f7
Agent kube projected token ( #5725 )
...
* Add support for custom JWT path in Agent: kubernetes auth
- add support for "token_path" configuration
- add a reader for mocking in tests
* add documentation for token_path
2018-11-19 14:28:17 -08:00
Calvin Leung Huang
ef8f40647a
Bump timeout due to potential backoff retry delay ( #5706 )
2018-11-06 11:06:06 -08:00
Calvin Leung Huang
c5c6588f7e
Bump timeout due to potential backoff retry delay ( #5663 )
2018-11-02 13:22:15 -07:00
Dilan Bellinghoven
5109be59a6
command/agent/sink/sink.go: This fix solves the problem where when multiple file sinks are specified in the agent HCL file, there is unexpected behavior ( #5610 )
2018-11-01 14:44:13 -07:00
Jeff Mitchell
605a7e30ad
Add the ability for secret IDs in agent approle to be wrapped ( #5654 )
2018-10-30 20:53:49 -04:00
Jeff Mitchell
6d20c8fce2
Add approle agent method removing secret ID file by default. ( #5648 )
...
Also, massively update tests.
2018-10-30 14:09:04 -04:00
Aleksey Zhukov
5361205d5b
WIP Agent AppRole auto-auth ( #5621 )
2018-10-30 12:17:19 -04:00
Jeff Mitchell
2c17930aaf
Remove agent reauthentication on new credentials. ( #5615 )
...
Functionality is left in for use in testing (where it is indeed quite
useful).
Fixes #5522
2018-10-27 10:45:55 -07:00
Jeff Mitchell
af73c5872d
Buffer authhandler output channel to prevent hang on shutdown ( #5507 )
...
Fixes #5026
2018-10-15 11:02:53 -04:00
Jeff Mitchell
919b968c27
The big one ( #5346 )
2018-09-17 23:03:00 -04:00
Becca Petrin
b2ff87c9c2
Poll for new creds in the AWS auth agent ( #5300 )
2018-09-12 13:30:57 -07:00
Becca Petrin
625592c5e6
update to match aws ( #5315 )
2018-09-11 11:10:50 -07:00
Becca Petrin
7e0e49656a
Add AliCloud auth to the Vault Agent ( #5179 )
2018-09-05 11:56:30 -04:00
Becca Petrin
c0f2f21d97
Auth handler shutdown logic ( #5170 )
2018-08-24 09:17:14 -04:00
Jeff Mitchell
a6d0ae5890
Add exit-after-auth functionality to agent ( #5013 )
...
This allows it to authenticate once, then exit once all sinks have
reported success. Useful for things like an init container vs. a
sidecard container.
Also adds command-level testing of it.
2018-07-30 10:37:04 -04:00
Paul Nicholson
c761a9a8f2
agent: kubernetes: add missing slash in token path ( #5010 )
2018-07-29 15:50:18 -04:00
Jeff Mitchell
e72890e83f
VSI ( #4985 )
2018-07-24 22:02:27 -04:00