Commit graph

52 commits

Author SHA1 Message Date
T.K 453f1ac109 changed misspelled english words (#6432) 2019-03-19 09:32:45 -04:00
ncabatoff fab1fde145
Move listener config from 'cache' block to top-level 'listener' blocks. Allow cache without auto-auth. (#6421)
* Since we want to use the Agent listener for #6384, move listener config
from top-level 'cache' block to new top-level 'listeners' block.

* Make agent config allow cache and listener blocks without auto-auth
configured.
2019-03-15 14:58:53 -04:00
Vishal Nayak f7907c2809 Agent: Listener refactoring and socket file system permissions (#6397)
* Listener refactoring and file system permissions

* added listenerutil and move some common code there

* Added test for verifying socket file permissions

* Change default port of agent to 8200

* address review feedback

* Address review feedback

* Read socket options from listener config
2019-03-14 11:53:14 -07:00
Calvin Leung Huang b7dcef399d
agent/caching: add X-Cache and Age headers (#6394)
* agent/caching: add X-Cache and Age headers, update Date header on cached resp

* Update command/agent/cache/lease_cache.go

Co-Authored-By: calvn <cleung2010@gmail.com>

* Update command/agent/cache/proxy.go

Co-Authored-By: calvn <cleung2010@gmail.com>
2019-03-12 13:21:02 -07:00
Calvin Leung Huang 86df7ee2d5
agent/caching: use locks on LeaseCache.Send (#6374)
* agent/caching: use locks on LeaseCache.Send to prevent running multiple renewer goroutines

* update comment
2019-03-07 15:50:12 -08:00
Calvin Leung Huang e6798347a7
Refactor handleCacheClear input params (#6350)
* Refactor handleCacheClear input params

* address review feedback

* fix handleCacheClear's token_accessor case
2019-03-06 18:08:19 -08:00
Calvin Leung Huang a74b0deac0
agent/caching: proxy redirect and non-json responses; update tests (#6353)
* agent/caching: proxy redirect and non-json responses; update tests

* agent/caching: do not wrap error responses as internal errors, simply proxy them back as-is

* minor refactoring of APIProxy.Send logic

* add test case to ensure error response is not wrapped
2019-03-06 17:23:20 -08:00
Vishal Nayak d8f39d54c9
Change agent's port to 8007 (#6348) 2019-03-05 12:57:17 -05:00
Vishal Nayak ffcd85e1af
Test request token overriding auto-auth case (#6346) 2019-03-05 12:49:58 -05:00
Vishal Nayak 59e8632d2d
Refactor respond error function (#6343) 2019-03-05 11:43:30 -05:00
Calvin Leung Huang d73216b5c3
Fix TestLeaseCache_SendCacheable (#6333) 2019-03-04 15:18:52 -08:00
Jeff Mitchell 718ae5a010 Minor syncs 2019-03-04 13:35:22 -05:00
Calvin Leung Huang c5aaf8dcb0
agent/caching: simplify orphan check; add orphan token creation tests (#6322) 2019-03-01 17:57:25 -08:00
Vishal Nayak ce42e9ea1f
Add locking around base context (#6321)
Got offline 👍 from Calvin.
2019-03-01 20:30:14 -05:00
Vishal Nayak a5195949d9
added client_key and client_cert options to the agent config (#6319) 2019-03-01 15:11:16 -05:00
Calvin Leung Huang 23395891d3
agent/caching: refactor ContextInfo (#6311)
* agent/caching: refactor ContextInfo

* use NewContextInfo in NewLeaseCache
2019-03-01 11:20:36 -08:00
vishalnayak d31c5fe4d9 Agent config vault block should be optional 2019-03-01 12:23:00 -05:00
Vishal Nayak ac2b499fc9
Support reading Vault's address from Agent's config file (#6306)
* Support reading Vault's address from Agent's config file

* use consts and switch

* Add tls options to agent config vault block

* Update command/agent/config/config.go

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* remove fmt.Printfs
2019-02-28 17:29:28 -05:00
Calvin Leung Huang 5eb50a261e agent/caching: test renaming; add api-level cache-clear test (#6305)
* test renaming; add api-level cache-clear test

* fix import ordering
2019-02-28 10:05:55 -08:00
Calvin Leung Huang c07253999c
agent/caching: enable caching of leases generated by autoauth token (#6293)
* agent/caching: enable caching of leases generated by autoauth token

* add test for auth/token/create path

* update error message log

* Some minor updates

* add sleep timer for renewal logic to process
2019-02-27 13:14:58 -08:00
Vishal Nayak ffabeda5d9
Agent Caching: Remove response updates using renewal output (#6303)
* Agent Caching: Remove response updates using renewal output

* Use renewal output channel to log the fact
2019-02-27 14:33:45 -05:00
vishalnayak f04b4d1668 Change agent's default port number to 8100 2019-02-26 10:02:12 -05:00
Jim Kalafut ebb63652cd
Fix agent test (#6281) 2019-02-21 21:24:16 -08:00
Calvin Leung Huang fda590f538
agent/caching: use const for cache-clear path (#6271) 2019-02-21 14:53:34 -08:00
Calvin Leung Huang 8fc9138fe4
agent/caching: remove EvictByPrefix and EvictAll (#6269) 2019-02-21 14:52:10 -08:00
Vishal Nayak 779d49bab5
AgentCache: Properly compute auto-auth token (#6264)
* Properly compute auto-auth token

* Use inmem sink to track auto-auth token

* update debug statement

* Only add inmem sink if using auto-auth token is allowed
2019-02-20 02:11:05 -05:00
Vishal Nayak 5037185d5d
Agent Cache: Some review feedback (#6257)
* Revamp agent cache client

* Update command/agent.go

Co-Authored-By: vishalnayak <vishalnayak@users.noreply.github.com>

* Agent cache auto auth token lookup case (#6258)

* agent cache auto auth token lookup case

* Use Blake2b256Hash instead of SHA256

* agent/cache: update cache-clear endpoint; use bytes.NewReader instead (#6259)

* agent/cache: update cache-clear endpoint; use bytes.NewReader instead

* agent/cache: Fix TestCache_ComputeIndexID after switching to blake2b

* agent/cache: Only parse response body if it's non-nil (#6260)

* Differently disable agent address in the API client

* Remove DisableAgent
2019-02-19 16:53:29 -05:00
Vishal Nayak 614ec67b05
address some review back (#6237) 2019-02-15 13:40:03 -05:00
Jim Kalafut a7b6d9d2a8 Fix JWT end-to-end test (#6244) 2019-02-15 09:39:23 -08:00
Calvin Leung Huang 4e31f955cb cacememdb: add LeaseToken and TokenParent tests for GetByPrefix 2019-02-15 07:55:09 -08:00
vishalnayak cdaac4a715 Fix cachememdb test 2019-02-15 10:34:19 -05:00
Vishal Nayak feb235d5f8
Vault Agent Cache (#6220)
* vault-agent-cache: squashed 250+ commits

* Add proper token revocation validations to the tests

* Add more test cases

* Avoid leaking by not closing request/response bodies; add comments

* Fix revoke orphan use case; update tests

* Add CLI test for making request over unix socket

* agent/cache: remove namespace-related tests

* Strip-off the auto-auth token from the lookup response

* Output listener details along with configuration

* Add scheme to API address output

* leasecache: use IndexNameLease for prefix lease revocations

* Make CLI accept the fully qualified unix address

* export VAULT_AGENT_ADDR=unix://path/to/socket

* unix:/ to unix://
2019-02-14 20:10:36 -05:00
Jim Kalafut d0e2badbae Run goimports across the repository (#6010)
The result will still pass gofmtcheck and won't trigger additional
changes if someone isn't using goimports, but it will avoid the
piecemeal imports changes we've been seeing.
2019-01-08 16:48:57 -08:00
Clint Shryock 37e75a95c7
fix typo in comment 2018-11-28 10:06:23 -06:00
Julien Balestra a60ed6a53c agent: fix auth when multiple redirects (#5814) 2018-11-19 15:50:42 -08:00
Clint dfe585c7f7 Agent kube projected token (#5725)
* Add support for custom JWT path in Agent: kubernetes auth

- add support for "token_path" configuration
- add a reader for mocking in tests

* add documentation for token_path
2018-11-19 14:28:17 -08:00
Calvin Leung Huang ef8f40647a Bump timeout due to potential backoff retry delay (#5706) 2018-11-06 11:06:06 -08:00
Calvin Leung Huang c5c6588f7e
Bump timeout due to potential backoff retry delay (#5663) 2018-11-02 13:22:15 -07:00
Dilan Bellinghoven 5109be59a6 command/agent/sink/sink.go: This fix solves the problem where when multiple file sinks are specified in the agent HCL file, there is unexpected behavior (#5610) 2018-11-01 14:44:13 -07:00
Jeff Mitchell 605a7e30ad
Add the ability for secret IDs in agent approle to be wrapped (#5654) 2018-10-30 20:53:49 -04:00
Jeff Mitchell 6d20c8fce2
Add approle agent method removing secret ID file by default. (#5648)
Also, massively update tests.
2018-10-30 14:09:04 -04:00
Aleksey Zhukov 5361205d5b WIP Agent AppRole auto-auth (#5621) 2018-10-30 12:17:19 -04:00
Jeff Mitchell 2c17930aaf
Remove agent reauthentication on new credentials. (#5615)
Functionality is left in for use in testing (where it is indeed quite
useful).

Fixes #5522
2018-10-27 10:45:55 -07:00
Jeff Mitchell af73c5872d
Buffer authhandler output channel to prevent hang on shutdown (#5507)
Fixes #5026
2018-10-15 11:02:53 -04:00
Jeff Mitchell 919b968c27
The big one (#5346) 2018-09-17 23:03:00 -04:00
Becca Petrin b2ff87c9c2
Poll for new creds in the AWS auth agent (#5300) 2018-09-12 13:30:57 -07:00
Becca Petrin 625592c5e6
update to match aws (#5315) 2018-09-11 11:10:50 -07:00
Becca Petrin 7e0e49656a Add AliCloud auth to the Vault Agent (#5179) 2018-09-05 11:56:30 -04:00
Becca Petrin c0f2f21d97 Auth handler shutdown logic (#5170) 2018-08-24 09:17:14 -04:00
Jeff Mitchell a6d0ae5890
Add exit-after-auth functionality to agent (#5013)
This allows it to authenticate once, then exit once all sinks have
reported success. Useful for things like an init container vs. a
sidecard container.

Also adds command-level testing of it.
2018-07-30 10:37:04 -04:00