Commit graph

6218 commits

Author SHA1 Message Date
Brian Rodgers d8e47e6f79 docs: Added text to clarify that root does not refer to AWS root creds (#2950) 2017-07-31 17:31:44 -04:00
Calvin Leung Huang 54dd6967d8 Default mock-plugin type to logical.TypeLogical on Factory func 2017-07-31 16:20:52 -04:00
Jeff Mitchell fbf6fb423c changelog++ 2017-07-31 16:18:20 -04:00
Jeff Mitchell a9b1d699d0 Make sys/wrapping/lookup unauthenticated. (#3084)
We still perform validation on the token, so if the call makes it
through to this endpoint it's got a valid token (either explicitly
specified in data or as the request token). But this allows
introspection for sanity/safety checking without revoking the token in
the process.
2017-07-31 16:16:16 -04:00
Jeff Mitchell 5074ccb9f3 Fix up tests 2017-07-31 15:31:44 -04:00
Jeff Mitchell 474f008b2d Clean up plugin tests with CA info 2017-07-31 15:09:19 -04:00
Jeff Mitchell 1b603b8e22 Validate opts is not nil in NewTestCluster 2017-07-31 12:13:29 -04:00
Jeff Mitchell 1bfc6d4fe7 Add a -dev-three-node option for devs. (#3081) 2017-07-31 11:28:06 -04:00
Calvin Leung Huang 3e8aecc7d5 Add BackendType to existing backends (#3078) 2017-07-28 14:04:46 -04:00
Jeff Mitchell 45fd7dad60 Add note about ed25519 hashing to docs and path help.
Fixes #3074
Closes #3076
2017-07-28 09:30:27 -04:00
Chris Hoffman e67d165185 changelog++ 2017-07-28 07:25:12 -04:00
Chris Hoffman ef8add724b changelog++ 2017-07-28 07:23:57 -04:00
Chris Hoffman d375f231d5 initialize the metadata map to fix panic (#3075) 2017-07-28 07:18:26 -04:00
Chris Hoffman 94ed9bf7e7 Merge pull request #3072 from hashicorp/req-forwarding-recover
Recover from panics during request forwarding
2017-07-27 21:55:41 -04:00
Chris Hoffman d404dfc494 fixing recovery from x/golang/crypto panics 2017-07-27 21:00:31 -04:00
Jeff Mitchell 1770191e1b Try to fix travis timing out errors 2017-07-27 12:35:45 -04:00
Vishal Nayak f6b03e8b1b Adding logical/identity.go to OSS (#3054) 2017-07-27 11:56:32 -04:00
Jeff Mitchell 935b6d7b5c Fix error message formatting and response body 2017-07-27 11:44:56 -04:00
Jeff Mitchell 0a2ac3160d Recover during a request forward.
gRPC doesn't have a handler for recovering from a panic like a normal
HTTP request so a panic will actually kill Vault's listener. This
basically copies the net/http logic for managing this.

The SSH-specific logic is removed here as the underlying issue is caused
by the request forwarding mechanism.
2017-07-27 11:44:56 -04:00
Chris Hoffman a3b5e18da0 adding filtered mount docs (#3059) 2017-07-27 09:28:52 -04:00
Jeff Mitchell 8519b3e8ed Make logical.InmemStorage standalone (#3066) 2017-07-26 17:59:14 -04:00
Xiang Li d61a47a01c physical: format fixes (#3062) 2017-07-26 17:51:58 -04:00
Brian Kassouf 1a3b6facf0 Add docs for DR Replication (#3067)
* Add docs for DR Replication

* Fix up docs
2017-07-26 13:47:41 -07:00
Jonathan Duncan 8e9f54fc70 Updated policy format to use capabilities keyword (#3063)
The `policy` key name is deprecated and has been replaced with `capabilities`.
2017-07-26 14:05:11 -04:00
Calvin Leung Huang 40c1c93937 Fix gob register issue when using tls certs on plugins (#3060) 2017-07-26 13:44:07 -04:00
Jeff Mitchell ba9bd5a2c7 Bump timeout in testrace to match that of test to stop Travis errorring. 2017-07-26 13:03:04 -04:00
Lars Lehtonen 72ee5e573c Handle dropped checkok pattern in postgresql package (#3046) 2017-07-26 12:28:02 -04:00
James Phillips 0ab5b0e26b Fixes a typo in the VSI doc. (#3047) 2017-07-26 12:18:52 -04:00
Lars Lehtonen b851d88d68 fix swallowed error in vault package. (#2993) 2017-07-26 12:15:54 -04:00
Xiang Li 7c761b8414 physical: add default timeout for etcd3 requests (#3053) 2017-07-26 12:10:12 -04:00
Jeremy Voorhis 87d4014b6b s/alterate/alternate/ (#3056) 2017-07-26 11:44:06 -04:00
Vishal Nayak a80d7fb9c8 docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Jeff Mitchell 867cbcf965
Cut version 0.8.0-beta1 2017-07-25 17:44:33 -04:00
Calvin Leung Huang c00741d587 Do not send storage on HandleRequest and HandleExistenceCheck on plugins 2017-07-25 16:57:26 -04:00
Jeff Mitchell c18a4faeff Update dockerfile to use debian stable 2017-07-25 16:44:31 -04:00
Jeff Mitchell 87bc982256 Sirupsen->sirupsen 2017-07-25 15:49:10 -04:00
Jeff Mitchell c7e6410c75 Remove uppercase Sirupsen logrus dep 2017-07-25 15:36:14 -04:00
Jeff Mitchell c46d6f1d93 Update version and changelog for 0.8 beta 2017-07-25 15:21:35 -04:00
Chris Hoffman 5fc402ce86 changelog++ 2017-07-25 13:25:21 -04:00
Chris Hoffman b89114b011 root protect /sys/revoke-force/* (#2876) 2017-07-25 11:59:43 -04:00
Chris Hoffman 5cb87e26ef moving client calls to new endpoint (#2867) 2017-07-25 11:58:33 -04:00
Chris Hoffman 62a97ff232 changelog++ 2017-07-23 09:01:34 -04:00
Chris Hoffman 2aa02fb3f0 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang 43736b9b19 changelog++ 2017-07-20 14:18:52 -04:00
Calvin Leung Huang c14e7cb8f6 changelog++ 2017-07-20 14:17:00 -04:00
Calvin Leung Huang bb54e9c131 Backend plugin system (#2874)
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
Jeff Mitchell 64f9edc5b0 changelog++ 2017-07-18 15:16:14 -04:00
Brian Kassouf b04e0a7a2a Dynamically load and invalidate the token store salt (#3021)
* Dynaically load and invalidate the token store salt

* Pass salt function into the router
2017-07-18 09:02:03 -07:00
Jeff Mitchell e553fe0d99 Bump deps 2017-07-18 10:15:54 -04:00
Joel Thompson 3704751a8f Improve sts header parsing (#3013) 2017-07-18 09:51:45 -04:00