Seth Vargo
f2110b5a4e
More consistent output
2017-10-24 09:34:30 -04:00
Seth Vargo
f5543844f3
Use a unified helper for seal output
2017-10-24 09:34:12 -04:00
Seth Vargo
51a27b758b
Resolve the most painful merge conflict known on earth
2017-10-24 09:34:12 -04:00
Seth Vargo
578f9a4872
Use vault login instead of vault list in example
2017-10-24 09:32:15 -04:00
Seth Vargo
c5665920f6
Standardize on "auth method"
...
This removes all references I could find to:
- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend
in favor of the unified:
- auth method
2017-10-24 09:32:15 -04:00
Seth Vargo
acb33eaa3f
Write all the deprecated commands together
2017-10-24 09:30:48 -04:00
Seth Vargo
f851309361
Add a custom flag for specifying "system" ttls
2017-10-24 09:30:48 -04:00
Seth Vargo
e1b63d4803
Move more formatting into base_helpers
2017-10-24 09:30:48 -04:00
Seth Vargo
dbd07addf5
Update write command
2017-10-24 09:30:48 -04:00
Seth Vargo
3ad4f5dcf1
Update unwrap command
2017-10-24 09:30:48 -04:00
Seth Vargo
71ed308e6c
Update version command
2017-10-24 09:30:48 -04:00
Seth Vargo
05b18b8e4f
Update status command
2017-10-24 09:30:48 -04:00
Seth Vargo
c4ccbf3ab3
Update ssh command
2017-10-24 09:30:48 -04:00
Seth Vargo
5b78a9905c
Update server command
2017-10-24 09:30:48 -04:00
Seth Vargo
b982365fbb
Add "operator" subcommand
2017-10-24 09:30:48 -04:00
Seth Vargo
204006bd56
Rename mounts to secrets engines and add the subcommand
2017-10-24 09:30:48 -04:00
Seth Vargo
d71decc112
Update read command
2017-10-24 09:30:48 -04:00
Seth Vargo
2f8bf3c71f
Add "policy" subcommand
2017-10-24 09:30:48 -04:00
Seth Vargo
0800385283
Update path-help command
2017-10-24 09:30:48 -04:00
Seth Vargo
6fc5f05c4b
Update list command
2017-10-24 09:30:47 -04:00
Seth Vargo
76de999b34
Add lease subcommand
2017-10-24 09:30:47 -04:00
Seth Vargo
02341c3b6a
Update delete command
2017-10-24 09:30:47 -04:00
Seth Vargo
810c0afe38
Predict "generic" as a secrets engine
2017-10-24 09:30:47 -04:00
Seth Vargo
1488ba6d72
Add token as a subcommand
2017-10-24 09:30:47 -04:00
Seth Vargo
5aab30091e
Make audit a subcommand
2017-10-24 09:30:47 -04:00
Seth Vargo
939495c7bb
Add login subcommand
...
This replaces the "auth" part of "vault auth"
2017-10-24 09:30:47 -04:00
Seth Vargo
69784a3bf1
Introduce auth as a subcommand
2017-10-24 09:30:47 -04:00
Seth Vargo
d85c6a43c0
Wire all commands together
2017-10-24 09:30:47 -04:00
Seth Vargo
f7782df97e
Update write command
2017-10-24 09:30:47 -04:00
Seth Vargo
f7c9fe6d20
Update version command
2017-10-24 09:30:47 -04:00
Seth Vargo
ca6e002235
Update unwrap command
2017-10-24 09:30:47 -04:00
Seth Vargo
0c0d90913a
update unseal command
2017-10-24 09:30:47 -04:00
Seth Vargo
2f0eb0a216
Update unmount command
2017-10-24 09:30:46 -04:00
Seth Vargo
c63e1a7b96
Update token-revoke command
2017-10-24 09:30:46 -04:00
Seth Vargo
5dcd51302e
Update token-renew command
2017-10-24 09:30:46 -04:00
Seth Vargo
5cd62171f9
Update token-lookup command
2017-10-24 09:30:46 -04:00
Seth Vargo
ad28d1d82a
Update token-create command
2017-10-24 09:30:46 -04:00
Seth Vargo
c14629cb5d
Update step-down command
2017-10-24 09:30:46 -04:00
Seth Vargo
530144f7f7
Update status command
2017-10-24 09:30:46 -04:00
Seth Vargo
1d91e96c8e
Update ssh command
2017-10-24 09:30:46 -04:00
Seth Vargo
3f7f8b20bb
Update seal command
2017-10-24 09:30:46 -04:00
Seth Vargo
48e6460da5
Update rotate command
2017-10-24 09:30:46 -04:00
Seth Vargo
191ec2d750
Update revoke command
2017-10-24 09:30:46 -04:00
Seth Vargo
108f748d18
Update renew command
2017-10-24 09:30:46 -04:00
Seth Vargo
8df3be5656
Update remount command
2017-10-24 09:30:46 -04:00
Seth Vargo
a72ab1ecf5
Update rekey command
2017-10-24 09:30:46 -04:00
Seth Vargo
648e0c7913
Update read command
2017-10-24 09:29:37 -04:00
Seth Vargo
db4f5bac11
Update policy-write command
2017-10-24 09:29:37 -04:00
Seth Vargo
a8b061723c
Update policy-list command
2017-10-24 09:29:37 -04:00
Seth Vargo
bd879f2731
Update policy-delete command
2017-10-24 09:29:36 -04:00
Seth Vargo
85e5c33352
Update path-help command
2017-10-24 09:29:36 -04:00
Seth Vargo
19caaafe13
Update mounts command
2017-10-24 09:29:36 -04:00
Seth Vargo
136ef51f49
Update mount-tune command
2017-10-24 09:28:07 -04:00
Seth Vargo
7abb3341a3
Update mount command
2017-10-24 09:28:07 -04:00
Seth Vargo
4d0b10ebd2
Update list command
2017-10-24 09:28:07 -04:00
Seth Vargo
7cd7338f9d
Update key-status command
2017-10-24 09:28:07 -04:00
Seth Vargo
076703ebc1
Update init command
2017-10-24 09:28:07 -04:00
Seth Vargo
9500cb7fc7
Update generate-root command
2017-10-24 09:28:07 -04:00
Seth Vargo
9b949cebd5
Update format to not use colored UI for json/yaml
2017-10-24 09:28:07 -04:00
Seth Vargo
38823efa70
Update delete command
2017-10-24 09:28:07 -04:00
Seth Vargo
fd5ba4c5ed
Update capabilities command
2017-10-24 09:28:06 -04:00
Seth Vargo
d93c418db3
Add new auth-list command
2017-10-24 09:28:06 -04:00
Seth Vargo
153bfd6a83
Add new auth-help command
2017-10-24 09:28:06 -04:00
Seth Vargo
6178d61d6d
Update auth-enable command
2017-10-24 09:28:06 -04:00
Seth Vargo
43465577d4
Update auth-disable command
2017-10-24 09:28:06 -04:00
Seth Vargo
595456df69
Update auth command
2017-10-24 09:28:06 -04:00
Seth Vargo
ac0be24253
Update audit-list command
2017-10-24 09:28:06 -04:00
Seth Vargo
8e343caeda
Update audit-enable command
2017-10-24 09:28:06 -04:00
Seth Vargo
197d7840cc
Update audit-disable command
2017-10-24 09:28:06 -04:00
Seth Vargo
d03caa18b5
Add more testing helper functions
2017-10-24 09:28:06 -04:00
Seth Vargo
06580ebd61
Remove wrapping tests
...
There are no dedicated tests for this, but ttl wrapping is littered throughout other tests
2017-10-24 09:28:06 -04:00
Seth Vargo
9e2a833b19
Detect terminal and use the output writer for raw fields
...
If the value is being "piped", we don't print colors or the newline character at the end. If it's not, we still give users pretty when selecting a raw field/value.
2017-10-24 09:28:06 -04:00
Seth Vargo
5a6b08caab
Add helper for decrypting via PGP in tests
2017-10-24 09:28:06 -04:00
Seth Vargo
e516762328
Remove unused file for tests
2017-10-24 09:28:06 -04:00
Seth Vargo
bb4edc30f8
Add more predictors
2017-10-24 09:28:06 -04:00
Seth Vargo
d271bdd4e1
Read env config for predictions
2017-10-24 09:28:05 -04:00
Seth Vargo
3331b25895
Expand and centralize helpers
2017-10-24 09:28:05 -04:00
Seth Vargo
971307351b
Cleanup base flags a bit
2017-10-24 09:28:05 -04:00
Seth Vargo
197339e78c
Use a TokenHelper method
...
It's weird to have two different helper funcs that can return different errors
2017-10-24 09:28:05 -04:00
Seth Vargo
5d31c4cb08
Allow hiding flags
2017-10-24 09:28:05 -04:00
Seth Vargo
502d7a2040
Add an in-mem token helper for testing
2017-10-24 09:27:19 -04:00
Seth Vargo
5b0b8b9db5
Add interface assertions for token helpers
...
This will ensure they meet the right API
2017-10-24 09:27:19 -04:00
Seth Vargo
acd4241740
Drop cli and meta packages
...
This centralizes all command-related things in the command package
2017-10-24 09:27:19 -04:00
Seth Vargo
50705bcce7
Unwrap cli.Ui to get to the underlying writer
...
This allows us to write without a newline character, since the Ui
interface doesn't expose a direct Write() method.
2017-10-24 09:26:45 -04:00
Seth Vargo
0f2905fd7c
Only print default values if they are non-zero
2017-10-24 09:26:44 -04:00
Seth Vargo
5093b8dff8
More arbitrary function for wrapping at a length
2017-10-24 09:26:44 -04:00
Seth Vargo
9347c110f2
Delegate usage to the UI
2017-10-24 09:26:44 -04:00
Seth Vargo
6c73d28967
Make predict it's own struct
...
The previous architecture would create an API client many times, slowing down the CLI exponentially for each new command added.
2017-10-24 09:26:44 -04:00
Seth Vargo
bd3064327c
Separate "files" and "folders" in predictor
2017-10-24 09:26:44 -04:00
Seth Vargo
2f3acd9068
Remove coupling between Raw() and UI
2017-10-24 09:26:44 -04:00
Seth Vargo
cb31f95e75
Add testing harness for a vault cluster
2017-10-24 09:26:44 -04:00
Seth Vargo
9064d52e66
Output JSON with spaces not tabs
2017-10-24 09:26:44 -04:00
Seth Vargo
cc0140be80
Add start of base command, flags, prediction
2017-10-24 09:26:44 -04:00
Jeff Mitchell
65f664be47
Make compile
2017-10-23 17:41:44 -04:00
Jeff Mitchell
a25dae82dd
Final sync
2017-10-23 17:39:21 -04:00
Jeff Mitchell
6bafb02a5b
Sync up server.go a bit
2017-10-10 12:27:51 -04:00
Jeff Mitchell
17a15cd594
Add option to disable client certificate requesting. ( #3373 )
...
Fixes #3372
2017-09-25 14:41:46 -04:00
Calvin Leung Huang
29911bfea8
Add support for stored shares and skip-init in dev mode ( #3364 )
2017-09-21 15:23:29 -04:00
Vishal Nayak
e99640f462
Add 'pid_file' config option ( #3321 )
...
* add pid_file config option
* address review feedback
* address review comments
2017-09-16 17:09:37 -04:00
Chris Hoffman
1029ad3b33
Rename "generic" secret backend to "kv" ( #3292 )
2017-09-15 09:02:29 -04:00
Chris Hoffman
9d73c81f38
Disable the sys/raw
endpoint by default ( #3329 )
...
* disable raw endpoint by default
* adding docs
* config option raw -> raw_storage_endpoint
* docs updates
* adding listing on raw endpoint
* reworking tests for enabled raw endpoints
* root protecting base raw endpoint
2017-09-15 00:21:35 -04:00
Chris Hoffman
91338d7aa2
Adding latency injector option to -dev mode for storage operations ( #3289 )
2017-09-11 14:49:08 -04:00
Jeff Mitchell
223c4fc325
Change auth helper interface to api.Secret. ( #3263 )
...
This allows us to properly handle wrapped responses.
Fixes #3217
2017-08-31 16:57:00 -04:00
Calvin Leung Huang
6f417d39da
Normalize plugin_name option for mount and enable-auth ( #3202 )
2017-08-31 12:16:59 -04:00
Jeff Mitchell
3edb337a00
Add option to set cluster TLS cipher suites. ( #3228 )
...
* Add option to set cluster TLS cipher suites.
Fixes #3227
2017-08-30 16:28:23 -04:00
Brian Kassouf
23089dafbc
Add basic autocompletion ( #3223 )
...
* Add basic autocompletion
* Add autocomplete to some common commands
* Autocomplete the generate-root flags
* Add information about autocomplete to the docs
2017-08-24 15:23:40 -07:00
Doyoon Kim
3ffebb7780
Moved PROXY protocol wrap to execute before the TLS wrap ( #3195 )
2017-08-23 12:00:09 -04:00
Seth Vargo
ec9e187ce4
Thread stderr through too ( #3211 )
...
* Thread stderr through too
* Small docs typo
2017-08-21 17:23:29 -04:00
Jeff Mitchell
654e7d92ac
Properly lowercase policy names. ( #3210 )
...
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.
Fixes #3187
2017-08-18 19:47:23 -04:00
Seth Vargo
51d8e5ff86
Do not revoke SSH key ( #3208 )
...
There is no secret to revoke - this produces an error on the CLI
2017-08-18 15:44:20 -04:00
Seth Vargo
2e3a9ebd06
Add host key checking for SSH CA
2017-08-18 12:59:09 -04:00
Seth Vargo
89cffaf25e
Revoke temporary cred after creation, update warning
...
/cc @vishalnayak
2017-08-18 12:59:09 -04:00
Seth Vargo
430fc22023
Initial pass at SSH CLI CA type authentication
...
1. The current implementation of the SSH command is heavily tied to the
assumptions of OTP/dynamic key types. The SSH CA backend is
fundamentally a different approach to login and authentication. As a
result, there was some restructuring of existing methods to share more
code and state.
2. Each authentication method (ca, otp, dynamic) are now fully-contained
in their own handle* function.
3. -mode and -role are going to be required for SSH CA, and I don't
think the magical UX (and overhead) of guessing them is a good UX. It's
confusing as to which role and how Vault guesses. We can reduce 66% of
the API calls and add more declaration to the CLI by making -mode and
-role required. This commit adds warnings for that deprecation, but
these values are both required for CA type authentication.
4. The principal and extensions are currently fixed, and I personally
believe that's good enough for the first pass at this. Until we
understand what configuration options users will want, I think we should
ship with all the local extensions enabled. Users who don't want that
can generate the key themselves directly (current behavior) or submit
PRs to make the map of extensions customizable.
5. Host key checking for the CA backend is not currently implemented.
It's not strictly required at setup, so I need to think about whether it
belongs here.
This is not ready for merge, but it's ready for early review.
2017-08-18 12:59:08 -04:00
Calvin Leung Huang
ea6a1382ff
Improve auth-enable output for plugin backends ( #3189 )
...
* Improve auth-enable output for plugin backends
* Unquote authType on final output
2017-08-16 14:31:16 -04:00
Jeff Mitchell
c34a5b2e93
* Add ability to specify a plugin dir in dev mode ( #3184 )
...
* Change (with backwards compatibility) sha_256 to sha256 for plugin
registration
2017-08-16 11:17:50 -04:00
Seth Vargo
f8922bf674
Update help output (spaces instead of tabs) ( #3178 )
2017-08-15 21:21:30 -04:00
Seth Vargo
c1e6e0bdf2
Use SSHPASS envvar instead of -p for sshpass ( #3177 )
...
From the sshpass manpage:
> The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.
This PR changes the sshpass behavior to execute a subprocess with the
SSHPASS envvar (which is generally regarded as more secure) than using
the -p option.
2017-08-15 19:43:39 -04:00
Jeff Mitchell
fdaaaadee2
Migrate physical backends into separate packages ( #3106 )
2017-08-03 13:24:27 -04:00
Gobin Sougrakpam
8e01c994bf
tls_client_ca_file option for verifying client ( #3034 )
2017-08-03 07:33:06 -04:00
Calvin Leung Huang
db9d9e6415
Store original request path in WrapInfo ( #3100 )
...
* Store original request path in WrapInfo as CreationPath
* Add wrapping_token_creation_path to CLI output
* Add CreationPath to AuditResponseWrapInfo
* Fix tests
* Add and fix tests, update API docs with new sample responses
2017-08-02 18:28:58 -04:00
Jeff Mitchell
7e3ff5e56c
Add PROXY protocol support ( #3098 )
2017-08-02 18:24:12 -04:00
Brian Kassouf
e0713b307d
Add Testing Interface to test helpers ( #3091 )
...
* Add testing interface
* Add vendored files
2017-08-01 11:07:08 -07:00
Jeff Mitchell
d39d1b4003
Add some useful variable output to three node dev startup
2017-08-01 11:50:41 -04:00
Jeff Mitchell
1f36e2a846
Use 1-based indexing for unseal keys in three node dev cluster
2017-08-01 11:12:45 -04:00
Jeff Mitchell
d0f329e124
Add leader cluster address to status/leader output. ( #3061 )
...
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.
Fixes #3042
2017-07-31 18:25:27 -04:00
Jeff Mitchell
1bfc6d4fe7
Add a -dev-three-node option for devs. ( #3081 )
2017-07-31 11:28:06 -04:00
Calvin Leung Huang
bb54e9c131
Backend plugin system ( #2874 )
...
* Add backend plugin changes
* Fix totp backend plugin tests
* Fix logical/plugin InvalidateKey test
* Fix plugin catalog CRUD test, fix NoopBackend
* Clean up commented code block
* Fix system backend mount test
* Set plugin_name to omitempty, fix handleMountTable config parsing
* Clean up comments, keep shim connections alive until cleanup
* Include pluginClient, disallow LookupPlugin call from within a plugin
* Add wrapper around backendPluginClient for proper cleanup
* Add logger shim tests
* Add logger, storage, and system shim tests
* Use pointer receivers for system view shim
* Use plugin name if no path is provided on mount
* Enable plugins for auth backends
* Add backend type attribute, move builtin/plugin/package
* Fix merge conflict
* Fix missing plugin name in mount config
* Add integration tests on enabling auth backend plugins
* Remove dependency cycle on mock-plugin
* Add passthrough backend plugin, use logical.BackendType to determine lease generation
* Remove vault package dependency on passthrough package
* Add basic impl test for passthrough plugin
* Incorporate feedback; set b.backend after shims creation on backendPluginServer
* Fix totp plugin test
* Add plugin backends docs
* Fix tests
* Fix builtin/plugin tests
* Remove flatten from PluginRunner fields
* Move mock plugin to logical/plugin, remove totp and passthrough plugins
* Move pluginMap into newPluginClient
* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck
* Change shim logger's Fatal to no-op
* Change BackendType to uint32, match UX backend types
* Change framework.Backend Setup signature
* Add Setup func to logical.Backend interface
* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments
* Remove commented var in plugin package
* RegisterLicense on logical.Backend interface (#3017 )
* Add RegisterLicense to logical.Backend interface
* Update RegisterLicense to use callback func on framework.Backend
* Refactor framework.Backend.RegisterLicense
* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs
* plugin: Revert BackendType to remove TypePassthrough and related references
* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
Jeff Mitchell
76d1402a44
Add token-only. ( #2971 )
2017-07-12 15:04:34 -04:00
Jeff Mitchell
d169918465
Create and persist human-friendly-ish mount accessors ( #2918 )
2017-06-26 18:14:36 +01:00
Jeff Mitchell
d55d75a79f
Convert listener arguments to map[string]interface{} ( #2905 )
...
This allows people to use more natural constructs, e.g. for tls_disable
it can be a bool, int, or string.
2017-06-22 20:29:53 +01:00
Jeff Mitchell
286392c2a2
Fix tests
2017-06-21 11:19:38 -04:00
Jeff Mitchell
069764ea8f
Add option to have dev mode generic backend return leases
2017-06-21 10:42:50 -04:00
Chris Hoffman
7e7d766e21
Exclude /sys/leases/renew from registering with expiration manager ( #2891 )
...
* exclude /sys/leases/renew from registering with expiration manager
* adding sys/leases/renew to return full secret object, adding tests to catch renew errors
2017-06-20 12:34:00 -04:00
Jeff Mitchell
cf7d56e8f3
Fix up CORS.
...
Ref #2021
2017-06-17 01:26:25 -04:00
Jeff Mitchell
33ca94773f
Add DogStatsD metrics output. ( #2883 )
...
Fixes #2490
2017-06-16 23:51:46 -04:00
Jeff Mitchell
fcc9f35c77
Add a no-store
option to vault auth
( #2809 )
...
Fixes #2746
2017-06-05 16:36:28 -04:00
Jeff Mitchell
72a5b5e23b
Fix tests
2017-05-25 09:00:49 -04:00
Jeff Mitchell
9d4801b1e8
Revert grpc back a version (they introduced a panic) and clean up a bunch of old request forwarding stuff
2017-05-24 10:38:48 -04:00
emily
aa40d2cff6
add gofmt checks to Vault and format existing code ( #2745 )
2017-05-19 08:34:17 -04:00
Brian Kassouf
5ee0d696d4
Merge remote-tracking branch 'oss/master' into database-refactor
2017-05-04 10:45:18 -07:00
Jeff Mitchell
ed24a1b5a5
Write always needs a path, even with force. ( #2675 )
...
Fixes #2674
2017-05-04 06:40:58 -04:00
Jeff Mitchell
3d939dbe50
Further Sethisize loglevel inputz
2017-04-25 11:14:25 -04:00
Jeff Mitchell
7283894f41
Sethisize log level
2017-04-25 11:12:38 -04:00
Brian Kassouf
6c8239ba03
Update the builtin keys; move catalog to core; protect against unset plugin directory
2017-04-24 10:30:33 -07:00
Brian Kassouf
6f9d178370
Calls to builtin plugins now go directly to the implementation instead of go-plugin
2017-04-20 18:46:41 -07:00
Brian Kassouf
af9ff63e9a
Merge remote-tracking branch 'oss/master' into database-refactor
2017-04-19 15:16:00 -07:00
Christoph Blecker
c82e7a631c
Add -self flag to token-revoke ( #2596 )
2017-04-17 12:40:51 -04:00
Brian Kassouf
8a3ef906d5
Update the plugin directory logic
2017-04-13 11:22:53 -07:00
Brian Kassouf
0cfe1ea81c
Cleanup path files
2017-04-12 17:35:02 -07:00
Brian Kassouf
8ccf10641b
Merge branch 'master' into database-refactor
2017-04-12 14:29:10 -07:00
Brian Kassouf
93136ea51e
Add backend test
2017-04-07 15:50:03 -07:00
Brian Kassouf
ca2c3d0c53
Refactor to use builtin plugins from an external repo
2017-04-05 16:20:31 -07:00
Brian Kassouf
b071144c67
move builtin plugins list to the pluginutil
2017-04-05 11:00:13 -07:00
Brian Kassouf
11abcd52e6
Add a cli command to run builtin plugins
2017-04-04 17:12:02 -07:00
Brian Kassouf
0034074691
Execute builtin plugins
2017-04-04 14:43:39 -07:00
Jeff Mitchell
a8d64c5721
Add some minor tweaks to the PR
2017-04-04 12:22:14 -04:00
Brian Kassouf
e8781b6a2b
Plugin catalog
2017-04-03 17:52:29 -07:00
Greg Parris
ad9546104b
Typo corrections and tweaks to commands' help info
...
* Normalize "X arguments expected" messages
* Use "Vault" when referring to the product and "vault" when referring to an instance of the product
* Various minor tweaks to improve readability and/or provide clarity
2017-03-25 12:51:12 -05:00
Jeff Mitchell
5d760d4090
Add option to require valid client certificates ( #2457 )
2017-03-08 10:21:31 -05:00
Jeff Mitchell
f03d500808
Add option to disable caching per-backend. ( #2455 )
2017-03-08 09:20:09 -05:00
Jeff Mitchell
b11f92ba5a
Rename physical backend to storage and alias old value ( #2456 )
2017-03-08 09:17:00 -05:00
Jeff Mitchell
5119b173c4
Rename helper 'duration' to 'parseutil'. ( #2449 )
...
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.
Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Jeff Mitchell
2cc0906b33
Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 ( #2412 )
2017-02-27 12:49:35 -05:00
Sean Chittenden
42d1c28bf5
Change the default DisplayName for a Circonus check to be Vault
instead of the InstanceID.
...
Trivial defaults change, committing direct to `master`.
2017-02-26 15:18:46 -08:00
Jeff Mitchell
3ab4a82e03
Don't try synthesizing cluster when not in dev mode
2017-02-24 12:50:26 -05:00
Jeff Mitchell
b29861f7bb
Do some porting to make diffing easier
2017-02-24 10:45:29 -05:00
Jeff Mitchell
37f3b2bafd
Fix missing newline in status output
2017-02-17 11:23:20 -05:00
Jeff Mitchell
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
Jeff Mitchell
e0c9bfd926
Add WithOptions methods to audit/auth enabling ( #2383 )
2017-02-16 11:37:27 -05:00
Jeff Mitchell
388d8cd191
Correct port parsing. ( #2354 )
...
* Correct port parsing.
Fixes #2351
* use strings.Contains instead of strings.HasSuffix
* Make the error message point to the wrong input
2017-02-08 13:50:17 -05:00
Roman Vynar
1615280efa
Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener ( #2293 )
2017-01-23 13:48:35 -05:00
Vishal Nayak
fa7d61baa3
Merge pull request #2202 from fcantournet/fix_govet_fatalf
...
all: test: Fix govet warnings
2017-01-17 16:45:35 -05:00
Jeff Mitchell
69eb5066dd
Multi value test seal ( #2281 )
2017-01-17 15:43:10 -05:00
Jeff Mitchell
dd0e44ca10
Add nonce to unseal to allow seeing if the operation has reset ( #2276 )
2017-01-17 11:47:06 -05:00
vishalnayak
adb6ac749f
init: pgp-keys input validations
2017-01-11 23:32:38 -05:00
Jeff Mitchell
3129187dc2
JWT wrapping tokens ( #2172 )
2017-01-04 16:44:03 -05:00
Cameron Stokes
b5f4558b7a
Fix generate-root help and progress output.
2017-01-04 09:01:17 -08:00
Félix Cantournet
103b7ceab2
all: test: Fix govet warnings
...
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
2016-12-21 19:44:07 +01:00
Jeff Mitchell
dc0f751994
Change an output to an error
2016-12-06 07:56:45 -05:00
Jeff Mitchell
7865143c1d
Minor ports
2016-12-05 12:28:12 -05:00
Vishal Nayak
ad09acb479
Use Vault client's scheme for auto discovery ( #2146 )
2016-12-02 11:24:57 -05:00
Jeff Mitchell
0f5b847748
Fix panic when unwrapping if the server EOFs
2016-11-29 16:50:07 -05:00
Jeff Mitchell
b87b070987
Add cgo info to vault version output
2016-11-27 19:32:57 -05:00
Jeff Mitchell
fef97d9169
Print the revision, if known, separately from the version.
...
Also, indicate whether the build is dynamic or not.
2016-11-27 19:28:35 -05:00
Jeff Mitchell
f1f38de8d4
Only add version sha if known
2016-11-27 19:16:44 -05:00
Jeff Mitchell
545e338a9e
Add version sha to server startup output
2016-11-22 16:43:05 -05:00
Jeff Mitchell
fc81a301b8
Don't say mlock is supported on OSX when it isn't. ( #2120 )
...
Fixes #2119
2016-11-22 12:56:36 -05:00
Kyle McCullough
aeb23b72d7
cli: fix bug with 'vault read -field=...' when the field value contains a printf formatting verb ( #2109 )
2016-11-22 12:30:23 -05:00
Chris Lundquist
9b5ee87929
prevent binding 0.0.0.0 -> ::0 ( #2094 )
2016-11-15 12:00:57 -05:00
matt maier
57925ee863
Vendor circonus ( #2082 )
2016-11-10 16:17:55 -05:00
vishalnayak
931c96d1ba
ssh: Use temporary file to store the identity file
2016-10-18 12:50:12 -04:00
Jeff Mitchell
53efd18dda
Make listener shutdown more synchronous ( #1985 )
2016-10-10 13:18:19 -04:00
Jeff Mitchell
21e1f38e6a
Split HA server command tests from reload tests
2016-10-07 11:06:01 -04:00
Jeff Mitchell
2c85fdfeb9
Switch default case of disable cluster. ( #1959 )
2016-10-02 14:54:01 -04:00
Jeff Mitchell
6d00f0c483
Adds HUP support for audit log files to close and reopen. ( #1953 )
...
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.
As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
2016-09-30 12:04:50 -07:00
Jeff Mitchell
85315ff188
Rejig where the reload functions live
2016-09-30 00:07:22 -04:00
Jeff Mitchell
b45a481365
Wrapping enhancements ( #1927 )
2016-09-28 21:01:28 -07:00
Jeff Mitchell
f0203741ff
Change default TTL from 30 to 32 to accommodate monthly operations ( #1942 )
2016-09-28 18:32:49 -04:00
Jeff Mitchell
72b9c4c649
Fix parsing env var, needed to be in the helper too
2016-09-23 13:20:26 -04:00
Evan Phoenix
4214a0199d
Advertise the cluster_(id|name) in the Scada handshake ( #1906 )
2016-09-23 10:55:51 -04:00
Jeff Mitchell
57f3904d74
Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT
2016-09-22 17:22:02 -04:00
Jeff Mitchell
bbe87db913
Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways
2016-09-20 14:56:16 -04:00
Jeff Mitchell
f3ab4971a6
Follow Vault convention on DELETE
being idempotent ( #1903 )
...
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
2016-09-19 13:02:25 -04:00
vishalnayak
e123f33a91
Add yml alias for yaml
2016-09-16 10:43:23 -04:00
Jeff Mitchell
722e26f27a
Add support for PGP encrypting the initial root token. ( #1883 )
2016-09-13 18:42:24 -04:00
Jeff Mitchell
640351b7d1
Update text of init/rekey around recovery values
2016-09-12 16:20:21 -04:00
Jeff Mitchell
7e5aef279c
Don't panic on bad auth path
...
Fixes #1860
2016-09-08 11:14:47 -04:00
Jeff Mitchell
1c6f2fd82b
Add response wrapping to list operations ( #1814 )
2016-09-02 01:13:14 -04:00
Vishal Nayak
90737d3b44
Merge pull request #1836 from hashicorp/truncate-version-string
...
Remove the string 'Vault' from version information
2016-09-01 20:23:26 -04:00
Seth Vargo
fc4a5bae3c
Update audit-enable to show more examples ( #1842 )
...
* Update audit-enable to show more examples
* Update audit_enable.go
2016-09-01 20:14:29 -04:00
Seth Vargo
a438f5e950
Add more examples and cleanup docs for auth ( #1841 )
2016-09-01 19:56:30 -04:00
vishalnayak
5bd665a842
Update atlas listener factory to use version with pre-release info.
2016-09-01 17:21:11 -04:00
vishalnayak
f5447d8fa9
Avoid commas while printing policies
2016-09-01 16:32:27 -04:00
Jeff Mitchell
35800b0782
Don't output key/value header if there are no values to display. ( #1838 )
...
Fixes #1835
2016-09-01 15:58:16 -04:00
vishalnayak
9c78c58948
Remove the string 'Vault' from version information
2016-09-01 14:54:04 -04:00
Jeff Mitchell
61f1eee72c
Remove hex output from keys; standardize on B64 for CLI output. This ( #1831 )
...
aligns with all other interactions which use B64 encoding for bytes.
2016-09-01 12:59:15 -04:00
Jeff Mitchell
ecf61e9ba4
Add a separator to list output
2016-08-30 16:48:55 -04:00
Jeff Mitchell
2ce4397deb
Plumb through the ability to set the storage read cache size. ( #1784 )
...
Plumb through the ability to set the storage read cache size.
Fixes #1772
2016-08-26 10:27:06 -04:00
Jeff Mitchell
1ee4cb4725
Strip trailing whitespace in token from file.
...
Fixes #1774
2016-08-23 20:22:45 -04:00
Jeff Mitchell
dd53c4b1d8
Don't validate a dev listen address as that makes a proper Docker
...
entrypoint difficult.
Fixes #1762
2016-08-23 08:34:43 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
bdcfe05517
Clustering enhancements ( #1747 )
2016-08-19 11:03:53 -04:00
Jeff Mitchell
56940c282b
Force dev on when dev-ha is on
2016-08-19 08:29:34 -04:00
Jeff Mitchell
62c69f8e19
Provide base64 keys in addition to hex encoded. ( #1734 )
...
* Provide base64 keys in addition to hex encoded.
Accept these at unseal/rekey time.
Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
2016-08-15 16:01:15 -04:00
Jeff Mitchell
37320f8798
Request forwarding ( #1721 )
...
Add request forwarding.
2016-08-15 09:42:42 -04:00
Jeff Mitchell
bcb4ab5422
Add periodic support for root/sudo tokens to auth/token/create
2016-08-12 21:14:12 -04:00
Jeff Mitchell
92f4fdf892
Add some info about -f to the "expects two arguments" error.
...
Ping #1722
2016-08-12 15:47:16 -04:00
Jeff Mitchell
c1a46349fa
Change to keybase openpgp fork as it has important fixes
2016-08-11 08:31:43 -04:00
Jeff Mitchell
5771a539a5
Add HTTP test for renew and fix muxing
2016-08-08 20:01:08 -04:00
Jeff Mitchell
529e36636c
Rename mounttune.go
2016-08-08 16:22:28 -04:00
Jeff Mitchell
69c1121d29
Fix generate-root synopsis
2016-08-05 16:35:03 -04:00
vishalnayak
e029d3c87a
Support execution of remote commands using 'vault ssh'
2016-08-01 14:53:00 -04:00
Jeff Mitchell
6ffefb649d
Close the shutdown channel instead of sending a value down
2016-08-01 11:58:45 -04:00
vishalnayak
05b8ce8348
Address review feedback
2016-08-01 11:15:25 -04:00
vishalnayak
5ed10f4074
Make the defer statement of waitgroup to execute last
2016-08-01 10:24:27 -04:00
vishalnayak
ea2e677f02
Sharing shutdown message with physical consul backend
2016-07-31 10:09:16 -04:00
vishalnayak
a8b4fc0d3c
Add waitgroup wait to allow physical consul to deregister checks
2016-07-30 13:17:29 -04:00
vishalnayak
8b0b0d5922
Add cluster information to 'vault status'
2016-07-29 14:13:53 -04:00
vishalnayak
e5e0431393
Added Vault version informationto the 'status' command
2016-07-28 17:37:35 -04:00
Vishal Nayak
c7bcaa5bb6
Merge pull request #1655 from hashicorp/cluster-id
...
Vault cluster name and ID
2016-07-26 14:12:48 -04:00
Evan Phoenix
41ed3de3b1
Report the simple version string
2016-07-26 10:21:24 -07:00
vishalnayak
6e1d020c3a
Added cluster_name for existing config tests
2016-07-26 11:38:24 -04:00
vishalnayak
7daa92f42c
Update cluster name during config merge
2016-07-26 11:11:12 -04:00
vishalnayak
a3e6400697
Remove global name/id. Make only cluster name configurable.
2016-07-26 10:01:35 -04:00
vishalnayak
c7dabe4def
Storing local and global cluster name/id to storage and returning them in health status
2016-07-26 02:32:42 -04:00
matt maier
6519c224ac
Circonus integration for telemetry metrics
2016-07-22 15:49:23 -04:00
vishalnayak
a7665723e3
Address review feedback
2016-07-22 11:31:55 -04:00
vishalnayak
f53792efc7
Update docs on the init command
2016-07-22 11:22:10 -04:00
Vishal Nayak
caab9d40f2
Merge pull request #1642 from hashicorp/init-service-discovery
...
Add service discovery to init command
2016-07-21 20:47:32 -04:00
vishalnayak
b243ee256e
Address review feedback by @jefferai
2016-07-21 20:46:31 -04:00
vishalnayak
bd8ff10462
Address review feedback from @sean
2016-07-21 19:04:43 -04:00
vishalnayak
5316082675
Added documentation for init service discovery
2016-07-21 17:27:56 -04:00
vishalnayak
f557457909
Added a separate flag consul-service to receive Consul service name
2016-07-21 16:51:38 -04:00
vishalnayak
23800c5f1d
Add service discovery to init command
2016-07-21 16:17:29 -04:00
Jeff Mitchell
3ec81debe7
Trim leading/trailing space around PEM bundles.
...
Fixes #1634
2016-07-20 13:57:49 -04:00
Jeff Mitchell
9d68297ffa
Have human-oriented token duration and secret duration output display a more human-friendly format
2016-07-19 12:15:00 -04:00
Jeff Mitchell
a3ce0dcb0c
Turn off DynamoDB HA by default.
...
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
2016-07-18 13:19:58 -04:00
vishalnayak
c14235b206
Merge branch 'master-oss' into json-use-number
...
Conflicts:
http/handler.go
logical/framework/field_data.go
logical/framework/wal.go
vault/logical_passthrough.go
2016-07-15 19:21:55 -04:00
vishalnayak
f34f0ef503
Make 'tls_min_version' configurable
2016-07-12 19:32:47 -04:00
vishalnayak
ad7cb2c8f1
Added JSON Decode and Encode helpers.
...
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
2016-07-06 12:25:40 -04:00
Jeff Mitchell
61250157d7
Don't panic on an empty configuration during merge
2016-07-05 16:49:15 -04:00
Jeff Mitchell
2c1b9499fc
Add aliases for field flag to allow printing auth results.
...
Also fix the write command to use the shared function with aliases.
Fixes #1566
2016-06-27 23:19:09 -04:00
Jeff Mitchell
07ebfce1a4
Up sleep time during reload test to not fail under certain test conditions
2016-06-27 15:37:25 -04:00
Jeff Mitchell
a7e15a8c0e
Fix up external token helper tests
2016-06-22 10:04:43 -04:00
Tom Maher
3f40d8cbc7
Correctly check for existence of external token_helper binaries
2016-06-21 19:32:19 -07:00
Vishal Nayak
d4d47ce5e3
Merge pull request #1531 from hashicorp/auth-mount-tune-params
...
Auth tune endpoints and config settings output from CLI
2016-06-20 20:24:47 -04:00
Vishal Nayak
949bb97ebc
Merge pull request #1532 from hashicorp/vault-auth-path
...
Added -path option to 'vault auth' command
2016-06-20 16:43:26 -04:00
vishalnayak
3b308713ad
Added -path option to help output
2016-06-20 16:24:49 -04:00
vishalnayak
9be9f73806
Concatenating the output instead of printing twice
2016-06-20 15:26:33 -04:00
vishalnayak
91668dd21d
Fix the output format when warnings are present
2016-06-15 17:13:14 -04:00
vishalnayak
53fede4b70
Added '-path' option to 'vault auth' command
2016-06-15 16:54:27 -04:00
vishalnayak
848b479a61
Added 'sys/auth/<path>/tune' endpoints.
...
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
2016-06-15 13:58:24 -04:00
Jeff Mitchell
e925987cb6
Add token accessor to wrap information if one exists
2016-06-13 23:58:17 +00:00
Jeff Mitchell
65d8973864
Add explicit max TTL capability to token creation API
2016-06-08 14:49:48 -04:00
Jeff Mitchell
6ff0742aa6
Remove unneeded else
2016-06-08 13:55:31 -04:00
Jeff Mitchell
c0155ac02b
Add renewable flag and API setting for token creation
2016-06-08 11:14:30 -04:00
Jeff Mitchell
bb1e8ddaa2
Make token renewable status work properly on lookup
2016-06-08 09:19:39 -04:00
Jeff Mitchell
10b218d292
Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this...
2016-06-07 16:01:09 -04:00
Jeff Mitchell
401456ea50
Add creation time to returned wrapped token info
...
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.
This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
2016-06-07 15:00:35 -04:00
Bill Monkman
de8477244e
#1486 : Fixed sealed and leader checks for consul backend
2016-06-03 16:00:31 -07:00
Jeff Mitchell
5cefd6bd3a
Merge pull request #1470 from hashicorp/unwrap-in-api
...
Make Unwrap a first-party API command and refactor UnwrapCommand to u…
2016-06-03 13:25:10 -04:00
Jeff Mitchell
64c180510e
Add a metadata node_id field for Atlas usage and fix tests
2016-06-02 18:19:51 -04:00
Jeff Mitchell
0d9ea2a1a1
Initial Atlas listener implementation
2016-06-02 14:05:47 -04:00
vishalnayak
c197414b3b
Prioritize dev flags over its env vars
2016-06-01 12:21:29 -04:00
vishalnayak
4c08d43950
Address review feedback
2016-06-01 11:39:48 -04:00
vishalnayak
8d50543a88
Supplying strictHostKeyChecking and userKnownHostsFile from env vars
2016-06-01 11:08:24 -04:00
vishalnayak
315f9c868c
Provide option to disable host key checking
2016-06-01 11:08:24 -04:00
Jeff Mitchell
63aba520c6
Make Unwrap a first-party API command and refactor UnwrapCommand to use it
2016-05-27 21:04:30 +00:00
vishalnayak
ff6f5ae75b
Add a non-nil check for 'port' field to be present in the response
2016-05-25 21:26:32 +00:00
Jeff Mitchell
199f99d031
Decode json.Number before handing to mapstructure
2016-05-25 19:02:31 +00:00
Jeff Mitchell
05b2d4534c
Add unwrap test function and some robustness around paths for the wrap lookup function
2016-05-19 11:49:46 -04:00
Jeff Mitchell
0da8762bd5
Add unwrap command, and change how the response is embedded (as a string, not an object)
2016-05-19 11:25:15 -04:00
Jeff Mitchell
dce8a8da42
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-19 02:43:22 +00:00
Jeff Mitchell
0168b74e03
Rename lease_duration to refresh_interval when there is no lease ID, and output ---- between header and values
2016-05-17 17:10:12 +00:00
Jeff Mitchell
c4431a7e30
Address most review feedback. Change responses to multierror to better return more useful values when there are multiple errors
2016-05-16 16:11:33 -04:00
Jeff Mitchell
4c67a739b9
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-16 12:14:40 -04:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Jeff Mitchell
560e9c30a3
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-12 14:59:12 -04:00
Jeff Mitchell
885cc73b2e
Merge branch 'master-oss' into f-vault-service
2016-05-04 17:20:00 -04:00
Jeff Mitchell
99a5b4402d
Merge branch 'master-oss' into cubbyhole-the-world
2016-05-04 14:42:14 -04:00