Commit graph

8739 commits

Author SHA1 Message Date
Raja Nadar 56fcd2e7b3 .net 2.0 standard leap (#5019)
2.0 is more conducive for consumers
2018-08-01 08:57:49 -04:00
Chris Hoffman b229df9cd2
fixing rollback test 2018-07-31 22:45:38 -04:00
Yoko aadfccaa6b
[Guide] Direct App Integration guide (#4948)
* Direct App Integration guide

* Added a tag for step3
2018-07-31 09:19:23 -07:00
Sean Malloy 7e9ec5afb4 Fix GCP auth docs typo (#5017)
The bound_bound_service_accounts parameter does not exist. The correct
spelling is bound_service_accounts.
2018-07-31 10:57:34 -04:00
Brian Kassouf 1781ade3a1
core: Read lock when doing a rollback (#5016) 2018-07-30 19:55:43 -06:00
Chris Hoffman 51f8cd9668
do not grab statelock when requested not to (#5015) 2018-07-30 14:54:54 -04:00
Jeff Mitchell b60acd819c changelog++ 2018-07-30 10:37:56 -04:00
Jeff Mitchell a6d0ae5890
Add exit-after-auth functionality to agent (#5013)
This allows it to authenticate once, then exit once all sinks have
reported success. Useful for things like an init container vs. a
sidecard container.

Also adds command-level testing of it.
2018-07-30 10:37:04 -04:00
Pat Downey 0ad44a7ac5 Expand TOFU acronym in AWS auto-auth docs (#5011) 2018-07-29 18:05:49 -07:00
Paul Nicholson c761a9a8f2 agent: kubernetes: add missing slash in token path (#5010) 2018-07-29 15:50:18 -04:00
Yoko 3d8bf1441b
[Guide] Transit Secrets Engine beginner guide (#4943)
* Intro to Transit Secrets Engine guide

* Added the Katacoda scenario link in the Reference Materials section

* Referencig this guide in the existing encryption guides
2018-07-27 16:08:52 -07:00
Brian Kassouf 215d4404e0
Update ad plugin (#5008) 2018-07-27 14:52:38 -06:00
Michael Herman 05f944c580 Update index.html.md (#5005) 2018-07-27 15:30:59 -04:00
Chris Hoffman 083157cb24
adding environment to azure auth docs (#5004) 2018-07-27 08:33:20 -04:00
Chris Hoffman d02284657e
adding missing properties (#5003) 2018-07-27 08:19:12 -04:00
Chris Hoffman c13ef667d3
adding upgrade guide for 0.10.4 (#4992) 2018-07-25 12:54:48 -04:00
Jeff Mitchell 109cd5f3a8
Cut version 0.10.4 2018-07-25 10:15:52 -04:00
Jeff Mitchell eeef86c0e0 changelog++ 2018-07-25 10:10:39 -04:00
Jeff Mitchell 6e1e326199 Prep for 0.10.4 2018-07-25 09:52:09 -04:00
Jeff Mitchell fdc18011a4 changelog++ 2018-07-25 04:08:00 -04:00
Jeff Mitchell 34a0ae1e5d
Update path_tidy_user_id_test.go 2018-07-25 03:37:24 -04:00
Jeff Mitchell 7e6faf021d Fix race in test 2018-07-25 00:18:32 -04:00
Matthew Irish 07cdda2cd9
e.errors not e.error (#4990) 2018-07-24 23:16:03 -05:00
Jeff Mitchell 0e659ca6be Simplify sealInternal 2018-07-24 23:26:28 -04:00
Chris Hoffman 611e4ff08c
changelog++ 2018-07-24 22:39:44 -04:00
Jeff Mitchell 09ac94a59f Update plugins 2018-07-24 22:19:38 -04:00
Chris Hoffman 1cd2509065
updating azure plugin (#4989) 2018-07-24 22:13:23 -04:00
Jeff Mitchell 21b1516a4f changelog++ 2018-07-24 22:12:10 -04:00
Jeff Mitchell 0f10a8d0ba changelog++ 2018-07-24 22:07:20 -04:00
Jeff Mitchell e72890e83f
VSI (#4985) 2018-07-24 22:02:27 -04:00
Chris Hoffman 1578c5b982 Add locking when adding aliases to existing entities (#4965) 2018-07-24 22:01:58 -04:00
Brian Kassouf 2c254119e3
changelog++ 2018-07-24 17:37:16 -07:00
Brian Kassouf 419202094c
changelog+++ 2018-07-24 17:33:11 -07:00
Brian Kassouf beda7845f6
API: Add context to each raw request call (#4987) 2018-07-24 15:49:55 -07:00
Matthew Irish 5b00b4b10a
UI - add JWT auth, remove alias metadata (#4986)
* remove the ability to edit metadata on entity aliases
* add JWT auth method in the UI
2018-07-24 17:35:31 -05:00
Jeff Mitchell 4261618d10 Add request timeouts in normal request path and to expirations (#4971)
* Add request timeouts in normal request path and to expirations

* Add ability to adjust default max request duration

* Some test fixes

* Ensure tests have defaults set for max request duration

* Add context cancel checking to inmem/file

* Fix tests

* Fix tests

* Set default max request duration to basically infinity for this release for BC

* Address feedback
2018-07-24 14:50:49 -07:00
Jeff Mitchell 9bfd73bfc6 Modify approle tidy to validate dangling accessors (#4981) 2018-07-24 14:00:53 -07:00
Jeff Mitchell 9687ccc8fa Tackle #4929 a different way (#4932)
* Tackle #4929 a different way

This turns c.sealed into an atomic, which allows us to call sealInternal
without a lock. By doing so we can better control lock grabbing when a
condition causing the standby loop to get out of active happens. This
encapsulates that logic into two distinct pieces (although they could
be combined into one), and makes lock guarding more understandable.

* Re-add context canceling to the non-HA version of sealInternal

* Return explicitly after stopCh triggered
2018-07-24 13:57:25 -07:00
Jeff Mitchell d144f2935e Two-pronged fix for renew policy checking (#4960)
1) In backends, ensure they are now using TokenPolicies
2) Don't reassign auth.Policies until after expmgr registration as we
don't need them at that point

Fixes #4829
2018-07-24 12:03:11 -07:00
Chris Hoffman da1704e0a0
changelog++ 2018-07-24 14:27:01 -04:00
Chris Hoffman 45be1ee3e1
Read all pages when list results are paged (#4983) 2018-07-24 14:24:32 -04:00
Jeff Mitchell e6ca29d96d changelog++ 2018-07-24 10:10:31 -04:00
andrejvanderzee c1c9e23fc5 Fixed writing config attribute 'max_retries' for existing client configs for aws auth method. (#4980) 2018-07-24 10:09:44 -04:00
Jim Kalafut ca8dd26374
Update Azure auth plugin (#4978) 2018-07-23 15:00:46 -07:00
Matthew Irish 5896af60e6
changelog++ 2018-07-23 16:58:50 -05:00
Matthew Irish 756056a9be
UI - fix kv object so that falsey values don't get coerced to empty strings (#4977)
* fix kv object so that falsey values don't get coerced to empty strings
* equal for string compare
2018-07-23 16:57:35 -05:00
Jeff Mitchell 9775340547 Log nil secret IDs instead of swallowing error 2018-07-23 17:46:20 -04:00
Jeff Mitchell 73f442ce86 changelog++ 2018-07-23 12:45:49 -04:00
Jeff Mitchell caa5661031
Pass identity metadata through to plugins (#4967)
It's not obvious why this should be secret, and if it were considered
secret, when and what anything would ever be allowed to access it.
Likely the right way to tie secret values to particular
entities/aliases/groups would be to use the upcoming templated ACL
feature.
2018-07-23 12:45:06 -04:00
Chris Hoffman 0c87e69486
changelog++ 2018-07-23 10:02:22 -04:00