Commit graph

10419 commits

Author SHA1 Message Date
Sam Salisbury e2e5e16ff2 ci: break config into separate files (#6849)
* ci: break config into separate files

* Untangle githooks

* githooks: fix whitespace

* .hooks/pre-commit: add ui -> lint-staged check

- We no longer require dependency on husky with this change.

* ui: remove husky dependency and config

- The previous commit obviates the need for it.
- We will now have to manage these hooks by hand, but this removes
  the conflict between husky-installed hooks and those in the .hooks dir.

* ui: update yarn.lock with husky removed

* .hooks/pre-commit: always use subshell + docs

- Always use subshell means we consistently exit from the
  same place which feels less complex.
- Docs are necessary for horrible bash like this I think...

* Makefile: remove old husky githooks

- Husky has installed a handler for every single git hook.
- This causes warnings on every git operation.
- Eventually we can remove this, but better not to confuse
  people with these messages for now.

* ci: fix go build tags

* Makefile: improve compatibility of rm call

- Looks like the xargs in Travis does something different to the one
  on my mac, this more verbose call should be safe everywhere.

* ci: fix make target names

* ci: fix test-ui invocation

* Makefile: simplify husky hook cleanup

* ci: more focussed readme
2019-06-11 09:55:53 -05:00
Michel Vocks fcf1b9c54e
Fixed wrong rekey recovery backup client API URL (#6841)
* Fixed wrong rekey recovery backup client API URL

* Fixed wrong rekey recovery backup client API URL delete

* Changed output for recovery backup key delete
2019-06-11 10:05:44 +02:00
Mark Gritter d4d1ae55a0
Be more permissive in what URLs to allow; added test for unix socket. (#6859) 2019-06-10 13:59:13 -05:00
ncabatoff cc41e608dc
Add core.coreNumber field, used to differentiate multiple cores/clusters when running tests (#6855)
This is not used or exposed in prod.

Remove some test-specific code from the cluster-building helpers. The corresponding additions go on the ent side.
2019-06-10 14:07:16 -04:00
Yoko 2b81ea64c3
Adding vault kv command doc (#6845)
* Adding vault kv command doc

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/destroy.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/destroy.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/undelete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>

* Update website/source/docs/commands/kv/delete.html.md

Co-Authored-By: Becca Petrin <beccapetrin@gmail.com>
2019-06-10 10:41:55 -07:00
Yoko daebe65d1c
upgrade guide warning about downgrading (#6836)
* upgrade guide warning about downgrading

* Changed the wording
2019-06-10 09:54:21 -07:00
Brian Kassouf 414035956c
changelog++ 2019-06-07 09:56:08 -07:00
Brian Kassouf 8ea9486dc4
changelog++ 2019-06-07 09:54:40 -07:00
Jeff Mitchell 6d71da0401 Update vendoring 2019-06-06 13:51:34 -04:00
Justin Weissig 0ae53eb5aa docs: minor fixes to improve sentence flow (#6839) 2019-06-06 08:25:59 -07:00
Jeff Mitchell c02abb969c
Attempt to grab read statelock in emit metrics to remove some raciness (#6829) 2019-06-05 12:26:29 -04:00
Jeff Mitchell 068b38faa0
Make flushing the cache race safe (#6828)
* Make flushing the cache race safe

* Remove noop aborts
2019-06-05 02:52:18 -04:00
Jeff Mitchell 841616defa Remove data races around error/latency injector rand objects 2019-06-05 01:37:40 -04:00
Michael Gaffney 055c5ff311
Fix data race in kvv2_upgrade_test (#6825) 2019-06-04 18:48:31 -04:00
Lexman 9aa4662cec transit cache is an Interface implemented by wrapped versions of sync… (#6225)
* transit cache is an Interface implemented by wrapped versions of syncmap and golang-lru

* transit cache is an Interface implemented by wrapped versions of syncmap and golang-lru

* changed some import paths to point to sdk

* Apply suggestions from code review

Co-Authored-By: Lexman42 <Lexman42@users.noreply.github.com>

* updates docs with information on transit/cache-config endpoint

* updates vendored files

* fixes policy tests to actually use a cache where expected and renames the struct and storage path used for cache configurations to be more generic

* updates document links

* fixed a typo in a documentation link

* changes cache_size to just size for the cache-config endpoint
2019-06-04 15:40:56 -07:00
Jeff Mitchell 30e1f4c505 changelog++ 2019-06-04 16:50:09 -04:00
Jeff Mitchell fe251f3af3 changelog++ 2019-06-04 16:48:14 -04:00
Matthew Irish 813c9f0a92
fix error when running formatOptions on items that don't come from the API response (#6824) 2019-06-04 12:44:58 -05:00
Jeff Mitchell 38c0a9d7a5 Audit listing with format json returns json, not a string (#6776)
* Audit listing with format json returns json, not a string

Fixes #6775

* list, kv list and namespace list with format json returns json, not a string

* Changed audit list return code to 2 which aligns with other list commands return codes
2019-06-04 10:36:34 -07:00
Jeff Mitchell 5f7321dcc7 Fix a case where mounts could be duplicated (#6771)
When unmounting, the router entry would be tainted, preventing routing.
However, we would then unmount the router before clearing storage, so if
an error occurred the router would have forgotten the path. For auth
mounts this isn't a problem since they had a secondary check, but
regular mounts didn't (not sure why, but this is true back to at least
0.2.0). This meant you could then create a duplicate mount using the
same path which would then not conflict in the router until postUnseal.

This adds the extra check to regular mounts, and also moves the location
of the router unmount.

This also ensures that on the next router.Mount, tainted is set to the
mount entry's tainted status.

Fixes #6769
2019-06-04 10:33:36 -07:00
Michel Vocks 71e99d9490 Added missing entity_id to SecretAuth struct (#6819) 2019-06-04 10:04:20 -07:00
Justin Weissig ef17e7cbaa Update comment spelling in postgresql.go (#6817)
Fixed minor comment: PostgresSQL/PostgreSQL
2019-06-04 02:29:36 -05:00
Justin Weissig fb75728c71 docs: minor spelling fix (#6818)
Fixed spelling: PostgresSQL/PostgreSQL.
2019-06-04 02:28:44 -05:00
Martin Lee 07978c08d6 Update pki-engine docs (#6238)
The user needs to set a decent TTL for the intermediate cert, otherwise all certs issued will be valid only for 30 minutes max.
2019-06-03 15:45:11 -05:00
Matthew Irish b0701f528d
changelog++ 2019-06-03 15:30:24 -05:00
Madalyn 43f4c5532d use ember-power-select-with-create instead of ember-power-select (#6728)
* use ember-power-select-with-create instead of ember-power-select

* add custom Add message to clarify whether you need a name or ID

* add search-select to storybook

* add wormhole div for ember-basic-dropdown

* add search-select to storybook

* make sure knobs are working

* remove unused code
2019-06-03 15:25:59 -05:00
Justin Weissig ff3e23e050 docs: fixed typos (#6809)
Fixed two typos: lifecyle + specfied.
2019-05-31 14:33:13 -05:00
Martin Lee b7dadc11e6 Add hard-won practical knowledge to the Okta notes (#6808) 2019-05-31 11:44:59 -05:00
Jim Kalafut 8f1eeda737
Fix OIDC API examples (#6803)
Fixes #6684
2019-05-30 21:50:34 -05:00
benz0 2e6686cc18 Explain owner role requirement (#6801) 2019-05-30 21:25:30 -05:00
Justin Weissig 3fc537da0b docs: spelling (#6799)
Fixed spelling: Specifiy/Specify.
2019-05-30 21:20:57 -05:00
Justin Weissig 7643eda03f docs: wording (#6798)
Fixed minor sentence flow: an sealed state -> a sealed state.
2019-05-29 19:13:13 -05:00
Jeff Mitchell 51eae6c3c1 Bump AWS plugin again 2019-05-28 17:37:47 -04:00
Joel Thompson 98ee4b84b4 Bump AWS SDK dependency to latest (#6788)
Also pull the latest into the local vendor
2019-05-28 16:36:32 -05:00
tonyd 0570966cb9 Allow logical backends access to the disabled state of an entity (#6791)
* Allow logical backends access to the disabled state of an entity via SystemView.EntityInfo().

* Add generated file in vendor directory.
2019-05-28 16:31:50 -05:00
Jeff Mitchell 1b30d21705 changelog++ 2019-05-28 17:26:11 -04:00
Jeff Mitchell 78746c7ace Make fmt 2019-05-28 17:25:23 -04:00
Jeff Mitchell ff2e8053e8
Fully omitempty audit (#6727) 2019-05-28 16:24:30 -05:00
Justin Weissig 2d727a5640 docs: wording (#6746)
* docs: wording

Fixed wording: "lets create an"/"lets create a"

* Update website/source/docs/secrets/nomad/index.html.md

Co-Authored-By: Jeff Mitchell <jeffrey.mitchell@gmail.com>
2019-05-24 15:44:09 -04:00
Brian Shumate 543e149b8c Docs: Minor updates to PKI Secrets Engine (#6778)
* Docs: Minor updates to PKI Secrets Engine

- Update `ttl` and `max-lease-ttl` values from _43800_ which
  appears to be a typo, to _4380_; this helps avoid warnings
  like: "The expiration time for the signed certificate is
  after the CA's expiration time. If the new certificate is
  not treated as a root, validation paths with the
  certificate past the issuing CA's expiration time will
  fail." when following the Quick Start and using the tuned
  Root CA TTL of 8760h
- Change _my-role_ role name to _example-dot-com_ in **Setup**
  to help reduce confusion and match what is used in
  **Quick Start**

* ttl changes
2019-05-24 15:39:56 -04:00
Srikanth Venkatesh d08edf7483 Typo in concepts/policy-syntax (#6782) 2019-05-24 15:39:11 -04:00
Sam Salisbury 78c6668d80 ci: make ember-ci-test (browserstack) (#6751)
* ci: make ember-ci-test (browserstack) VLTES-28

* Update .circleci/config.yml

Co-Authored-By: Josh Freda <jfreda@users.noreply.github.com>

* Update .circleci/config.yml

Co-Authored-By: Josh Freda <jfreda@users.noreply.github.com>

* ci: rename test-ember -> test-ui-browserstack

* Makefile: ember-ci-test -> test-ui-browserstack

- Use the same name for this test everywhere to reduce cognitive load.

* browserstack: exit non-zero on failure to connect

* .travis.yml: ember-ci-test -> test-ui-browserstack

* browserstack: add vault bin to the path

* Makefile: browserstack: fail early w/clear msgs

This might save someone time later. The same checks could be applied
elsewhere too trivially.
2019-05-24 08:02:51 -04:00
Srikanth Venkatesh b9f67e5622 Fixed typo in documentation on vault internals/architecture (#6781) 2019-05-23 21:58:31 -07:00
nathan r. hruby 0762d9c6eb
fix indeting for mount options (#6780) 2019-05-23 19:09:52 -07:00
Jeff Mitchell 1943cc7380 Update vendor 2019-05-23 10:44:19 -04:00
ncabatoff ad28263b69
Allow plugins to submit audit requests/responses via extended SystemView (#6777)
Move audit.LogInput to sdk/logical.  Allow the Data values in audited
logical.Request and Response to implement OptMarshaler, in which case
we delegate hashing/serializing responsibility to them.  Add new
ClientCertificateSerialNumber audit request field.

SystemView can now be cast to ExtendedSystemView to expose the Auditor
interface, which allows submitting requests and responses to the audit
broker.
2019-05-22 18:52:53 -04:00
Matthew Irish f34427c523
changelog++ 2019-05-22 16:09:02 -05:00
Matthew Irish 23946d75a7
web-cli quote parsing (#6755)
* upgrade yargs-parser for better quote handling

* remove encoding pre&post parse, and remove wrapping quotes when pushing to data array

* add test for spaces and strings

* base64 encode policy strings in tests where we're using them with string interpolation

* improve regex to only remove wrapping single and double quotes

* don't support quotes in paths in the web cli
2019-05-22 16:07:42 -05:00
Calvin Leung Huang 39cf729114
changelog++ 2019-05-22 10:21:22 -07:00
Calvin Leung Huang 18d769ae96
changelog++ 2019-05-22 09:25:42 -07:00