Commit graph

11145 commits

Author SHA1 Message Date
Jim Kalafut b3d53e4ef2
Fix Azure auth api docs (#7649)
Fixes #7648
2019-10-14 10:12:45 -07:00
Calvin Leung Huang 0aa1369195
ci: extend test timeout to 60m (#7647) 2019-10-14 08:51:53 -07:00
Brian Kassouf 1167fad704
Improve raft write performance by utilizing FSM Batching (#7527)
* Start benchmark work

* Add batching FSM function

* dedupe some code

* Update dependency on chunking FSM

* fix raft external tests

* fix go.mod

* Add batching test

* uncomment test

* update raft deps

* update vendor

* Update physical/raft/fsm.go

Co-Authored-By: Michel Vocks <michelvocks@gmail.com>

* Update physical/raft/fsm.go
2019-10-14 09:25:07 -06:00
ncabatoff cbde4d4357
Use a much longer delay before giving up and failing the test. (#7646)
On circleci we've seen the test run very slowly so it's often failing here.
2019-10-14 11:06:02 -04:00
Mike Jarmy caea22f13b go mod tidy and vendor 2019-10-14 09:28:18 -04:00
Mike Jarmy 510d82551a
Vault Agent Cache Auto-Auth SSRF Protection (#7627)
* implement SSRF protection header

* add test for SSRF protection header

* cleanup

* refactor

* implement SSRF header on a per-listener basis

* cleanup

* cleanup

* creat unit test for agent SSRF

* improve unit test for agent SSRF

* add VaultRequest SSRF header to CLI

* fix unit test

* cleanup

* improve test suite

* simplify check for Vault-Request header

* add constant for Vault-Request header

* improve test suite

* change 'config' to 'agentConfig'

* Revert "change 'config' to 'agentConfig'"

This reverts commit 14ee72d21fff8027966ee3c89dd3ac41d849206f.

* do not remove header from request

* change header name to X-Vault-Request

* simplify http.Handler logic

* cleanup

* simplify http.Handler logic

* use stdlib errors package
2019-10-11 18:56:07 -04:00
Brian Kassouf 024c29c36a
OSS portions of raft non-voters (#7634)
* OSS portions of raft non-voters

* add file

* Update vault/raft.go

Co-Authored-By: Vishal Nayak <vishalnayak@users.noreply.github.com>
2019-10-11 11:56:59 -07:00
isbric e6e20e9eb3 Correct spelling of error message (#7630) 2019-10-11 11:14:41 -04:00
kuritonasu f5b7c55532 Minor typo fix (#7631) 2019-10-11 11:12:38 -04:00
ncabatoff cbc00365f5
Revert "Minor typo fix (#7628)" (#7629)
This reverts commit 6093eec62e4b43a1c7e0a20d352756c00271faf0.
2019-10-11 10:52:39 -04:00
kuritonasu 0dcf563e04 Minor typo fix (#7628) 2019-10-11 10:52:07 -04:00
Chris Hoffman ad575396a4
changelog++ 2019-10-11 10:47:09 -04:00
Michel Vocks 8b1c1e1abe
changelog++ 2019-10-11 09:10:29 +02:00
Jason O'Donnell 71122111e3
changelog++ 2019-10-10 15:01:40 -04:00
Jack Kleeman de7489124f Close cassandra session if we fail to validate it (#7613)
Currently in the C* database plugin, connection validation errors, as
well as a parsing error, can lead us to return an error and never use an
open gocql session, which may in fact have many open connections. These
connections stay open forever. If you end up in an error loop due to,
for example, a problem with permissions, you will eventually exhaust
file descriptors on the machine.

We simply need to close the session if we aren't going to use it.
2019-10-10 11:45:59 -07:00
Jason O'Donnell e7974b5a14 bug: VAULT_CLUSTER_ADDR not used in raft (#7619)
* bug: VAULT_CLUSTER_ADDR not used in raft

* Make env take precedence
2019-10-10 11:42:59 -07:00
Jim Kalafut 1f875770e0
changelog++ 2019-10-10 10:34:33 -07:00
Jim Kalafut 1c8dbb07f7
changelog++ 2019-10-10 10:16:07 -07:00
ncabatoff 192c926e87
changelog++ 2019-10-10 08:19:52 -04:00
Matthew Irish 07613fc4a6
pgp list fix (#7542)
* add data selectors

* add tests for pgp-list component and refactor so initialization works

* fix comment

* fix linting

* add else statement
2019-10-09 21:09:25 -05:00
Vlad Fedosov dc3a8c175a New third-party tool added (#7596) 2019-10-09 15:56:34 -04:00
Chris Hoffman 72f6101768
changelog++ 2019-10-09 15:41:43 -04:00
Matthew Irish 2658f902bc
don't abort transitions if you're already on that route (#7602) 2019-10-09 11:38:20 -05:00
Chris Hoffman 5a51377978
changelog++ 2019-10-09 10:38:20 -04:00
Gerardo Di Giacomo 884067097c fixed panic in #7485 (#7546) 2019-10-09 10:22:46 -04:00
ncabatoff c16e3bbceb
Cache whether we've been initialized to reduce load on storage (#7549) 2019-10-08 17:52:38 -04:00
Brian Kassouf f43f84a354
Port over cache refresh changes (#7599) 2019-10-08 13:23:43 -07:00
Calvin Leung Huang f9199ceede
changelog++ 2019-10-08 11:04:10 -07:00
Mike Jarmy 5986ce922d
add counters for active service tokens, and identity entities (#7541) 2019-10-08 13:58:19 -04:00
Calvin Leung Huang d8875b1991
sys/config: config state endpoint (#7424)
* sys/config: initial work on adding config state endpoint

* server/config: add tests, fix Sanitized method

* thread config through NewTestCluster's config to avoid panic on dev modes

* properly guard endpoint against request forwarding

* add http tests, guard against panics on nil RawConfig

* ensure non-nil rawConfig on NewTestCluster cores

* update non-forwarding logic

* fix imports; use no-forward handler

* add missing config test fixture; update gitignore

* return sanitized config as a map

* fix test, use deep.Equal to check for equality

* fix http test

* minor comment fix

* config: change Sanitized to return snake-cased keys, update tests

* core: hold rlock when reading config; add docstring

* update docstring
2019-10-08 10:57:15 -07:00
Jim Kalafut 2e4c9995ac
changelog++ 2019-10-08 08:54:08 -07:00
James Stoker 49c9352f75 Add config parameter to Azure storage backend to allow specifying the ARM endpoint to support Azure Stack. (#7567) 2019-10-08 08:51:36 -07:00
Michel Vocks a0c122926a
Unauth metrics: Fix missing parse form and error response (#7569)
* Unauth metrics: Fix missing parse form and error response

* Change metrics error response to text/plain content type always
2019-10-08 14:55:25 +02:00
Matthew Irish 7f80626162
UI - namespace fixes (#7587)
* check for model in the edit form before rolling back

* make sure namespace service name is consistent in the auth service

* actually tell it what service to inject
2019-10-07 20:41:04 -05:00
Calvin Leung Huang 9622a351ae docs: add sys/pprof API docs (#7562)
* docs: add sys/pprof api docs

* fix header
2019-10-07 11:55:17 -04:00
Calvin Leung Huang dd02d94a41 docs: add sys/host-info API docs (#7563)
* docs: add sys/host-info api docs

* remove extra closing bracket in sample response
2019-10-07 11:54:48 -04:00
Michel Vocks f8c233a63b Docs: Add unauthenticated metrics access docs (#7566) 2019-10-07 11:54:09 -04:00
Aric a2b70c7bc7 Update index.html.md (#7580)
"before storage data at rest" seems like it was intended to read either "before storing data at rest" or "before storage of data at rest".
2019-10-07 11:53:17 -04:00
Brian Shumate 66a3218331 Typo (#7586) 2019-10-07 08:08:18 -07:00
Anton Soroko 1ef95b240c Remove unused code in kv_get.go (#7583) 2019-10-07 10:18:04 -04:00
Brian Shumate 4b5be69252 Docs: update plugin_dir (#7585)
- Add note that plugin_dir value cannot be a symlink
2019-10-07 10:17:12 -04:00
Brian Shumate 41374ecd82 Add note about plugin_directory (#7584)
- Note that plugin_directory cannot be a symbolic link
2019-10-07 09:59:34 -04:00
Noelle Daley 71e2263534
Update CHANGELOG.md 2019-10-04 14:17:41 -07:00
Noelle Daley 899f0dc2cb
do not swallow ControlGroupErrors when viewing or editing kvv2 secrets (#7504)
* do not swallow ControlGroupErrors when viewing or editing kvv2 secrets

* test kv v2 control group workflow

* do not manually clearModelCache when logging out since this already happens when leaving the logout route

* remove pauseTest

* update comments

* wip - looking into why restricted user can see the control group protected secret after it has already been unwrapped once

* strip version from query params so we can unwrap a secret after it is authorized

* use attachCapabilities instead of lazyCapabilities to ensure models are cleaned up properly

* remove comment

* make ControlGroupError extend AdapterError

* fix broken redirect_to test

* one day i will remember to remove my debugger statements; today is not that day

* no need to check for a ControlGroupError since it extends an AdapterError

* see if using EmberError instead of AdapterError fixes the browserstack tests

* Revert "see if using EmberError instead of AdapterError fixes the browserstack tests"

This reverts commit 14ddd67cacbf1ccecb8cc2d1f59a2c273866da72.
2019-10-04 13:15:33 -07:00
Jim Kalafut e9560ea13c
Fix transit docs env var typo (#7572)
Fixes #7570
2019-10-04 12:45:02 -07:00
Brian Shumate 77311bf24f Docs: update Transit Secrets Engine Create Key (#7568)
- Use type that supports derivation in sample payload
2019-10-04 10:56:18 -07:00
Calvin Leung Huang 7a385a7854 update go.mod and sdk/go.mod 2019-10-04 09:40:23 -07:00
Nick Cabatoff 85e387439e go mod vendor and go mod tidy 2019-10-04 09:14:37 -04:00
Michel Vocks a7a6dd55a5
Add config parameter to allow unauthenticated metrics access (#7550)
* Implement config parameter to allow unathenticated metricss access

* Add unit test for unauthenticated metrics access parameter

* go mod tidy
2019-10-04 09:29:51 +02:00
Calvin Leung Huang 8239612352
sys/pprof: fix pprof index description (#7564) 2019-10-03 17:02:41 -07:00