luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity
8,170 Commits 1 Branch 0 Tags 214 MiB
Commit Graph

876 Commits

Author SHA1 Message Date
Jed da955a8f1b Lil typo fixes (#3925) 
Read through the initial docs and noticed a few typos
 2018-02-07 09:38:11 -05:00
Vishal Nayak b20b7ef61d
command/ssh: create and reuse the api client (#3909) 
* pass around the api client

* reuse the client object in the base command
 2018-02-06 13:06:17 -05:00
Jeff Mitchell 642b88c76a go vet fixes 2018-02-05 14:26:31 -05:00
Jeff Mitchell 20465d8040 Add centrify CLI handler support 2018-02-05 10:56:57 -05:00
Chris Hoffman ffa6fdaf1e
Adding tests to ensure all backends are mountable (#3861) 2018-02-01 11:30:04 -05:00
Jeff Mitchell 1b982750f5 (Re...)Add Nomad secrets engine. 
Fixes #3858
 2018-01-28 14:38:19 -05:00
Vishal Nayak 7be7bc1754
Redirect server output warnings to stdout (#3831) 2018-01-22 20:58:27 -05:00
Chris Hoffman b22b065206 adding back -dr-token flag to generate-root command (#3818) 2018-01-19 19:25:45 -05:00
Jeff Mitchell e5e4307713 Add centrify plugin as builtin 2018-01-19 06:03:33 -05:00
Jeff Mitchell ffe3ae9118 Add gcp and kubernetes back now that they're updated 2018-01-19 05:56:34 -05:00
Jeff Mitchell 33b68ebf3d Remove context from a few extraneous places 2018-01-19 03:44:06 -05:00
Brian Kassouf 2f19de0305 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Vishal Nayak b826c56686
SHA2-256 salting for AppID (#3806) 
* Use SHA2-256 hash with prefix to upgrade the paths

* test the SHA1 upgrade to SHA256

* Remove hash identifier and the delimiter; use 's' instead

* Added API test to verify the correctness of the fix

* Fix broken test

* remove unneeded test
 2018-01-17 19:48:32 -05:00
Jeff Mitchell 5a6a7900ae Change next major release of Vault to 0.11 or later to make it less scary 2018-01-17 19:31:52 -05:00
Jeff Mitchell cef171e4ea Fix outdated test 2018-01-10 11:33:53 -05:00
Jeff Mitchell d1803098ae Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jeff Mitchell 821d62c1cc
Allow log level to be specified in an env var (#3721) 2017-12-19 17:12:23 -05:00
Chris Hoffman 0bacec0184
adding recovery info to seal status (#3706) 2017-12-18 09:58:14 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Chris Hoffman 822ce95dc4
adding ability to override temp dir in dev cluster (#3673) 2017-12-11 18:02:35 -05:00
Jeff Mitchell 548629e8ef Port over some changes 2017-11-30 09:43:07 -05:00
Jeff Mitchell 304e1b96b8 Use Seal Type instead of Type in status output for less confusion 2017-11-21 12:14:00 -05:00
Chris Hoffman 9e79e9b397
generate token functions to share common names (#3576) 2017-11-13 15:44:26 -05:00
Jeff Mitchell ccfcac17fe grpclogfaker should use or, not and, to check whether to log 2017-11-13 15:37:00 -05:00
Jeff Mitchell 2b78bc2a9b
Port over bits (#3575) 2017-11-13 15:31:32 -05:00
Calvin Leung Huang 87feab4492
Docs update related to new top-level config values (#3556) 
* Add new top level config value docs, add VAULT_API_ADDR, purge old references

* Fix indentation

* Update wording on ha.html

* Add section on split data/HA mode

* Fix grammar
 2017-11-10 20:06:07 -05:00
Jeff Mitchell a5c821532c Don't output log level twice in three node mode 2017-11-10 16:33:16 -05:00
Jeff Mitchell e66c4b11d5 Add core numbers to output in dev three node 2017-11-10 16:21:46 -05:00
Brian Kassouf ab3b625a3b
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) 
* Add API and Command code for generating a DR Operation Token

* Update generate root to accept different token strategies
 2017-11-10 10:19:42 -08:00
Calvin Leung Huang 882f85740b Move HA-related config values to top level (#3550) 
* Move HA-related config values to top level

* Add config2.hcl test-fixture
 2017-11-08 14:19:41 -05:00
Calvin Leung Huang 0762ac14cf aws_region->region on awskms config 2017-11-02 16:31:16 -04:00
Vishal Nayak 7bae606662
External identity groups (#3447) 
* external identity groups

* add local LDAP groups as well to group aliases

* add group aliases for okta credential backend

* Fix panic in tests

* fix build failure

* remove duplicated struct tag

* add test steps to test out removal of group member during renewals

* Add comment for having a prefix check in router

* fix tests

* s/parent_id/canonical_id

* s/parent/canonical in comments and errors
 2017-11-02 16:05:48 -04:00
Jeff Mitchell d229d7d5b0
Redo API locking (#3508) 
* Redo the API client quite a bit to make the behavior of NewClient more
predictable and add locking to make it safer to use with Clone() and if
multiple goroutines for some reason decide to change things.

Along the way I discovered that currently, the x/net/http2 package is
broke with the built-in h2 support in released Go. For those using
DefaultConfig (the vast majority of cases) this will be a non-event.
Others can manually call http2.ConfigureTransport as needed. We should
keep an eye on commits on that repo and consider more updates before
release. Alternately we could go back revisions but miss out on bug
fixes; my theory is that this is not a purposeful break and I'll be
following up on this in the Go issue tracker.

In a few tests that don't use NewTestCluster, either for legacy or other
reasons, ensure that http2.ConfigureTransport is called.

* Use tls config cloning

* Don't http2.ConfigureServer anymore as current Go seems to work properly without requiring the http2 package

* Address feedback
 2017-11-02 09:30:04 -05:00
Jeff Mitchell e0669746b6
Add seal type to seal-status output. (#3516) 2017-11-01 21:00:41 -05:00
Seth Vargo 2bb2ed11d3
Use renamed method 2017-10-24 09:39:51 -04:00
Jeff Mitchell 713d5d5307
Don't swallow errors on token functions. 2017-10-24 09:39:35 -04:00
Seth Vargo 82cc9664f0
Update to use hidden commands 2017-10-24 09:39:34 -04:00
Seth Vargo 0b15e790d4
Fix bad rebase 
Apparently I can't git...
 2017-10-24 09:39:34 -04:00
Seth Vargo f2110b5a4e
More consistent output 2017-10-24 09:34:30 -04:00
Seth Vargo f5543844f3
Use a unified helper for seal output 2017-10-24 09:34:12 -04:00
Seth Vargo 51a27b758b
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo 578f9a4872
Use vault login instead of vault list in example 2017-10-24 09:32:15 -04:00
Seth Vargo c5665920f6
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Seth Vargo acb33eaa3f
Write all the deprecated commands together 2017-10-24 09:30:48 -04:00
Seth Vargo f851309361
Add a custom flag for specifying "system" ttls 2017-10-24 09:30:48 -04:00
Seth Vargo e1b63d4803
Move more formatting into base_helpers 2017-10-24 09:30:48 -04:00
Seth Vargo dbd07addf5
Update write command 2017-10-24 09:30:48 -04:00
Seth Vargo 3ad4f5dcf1
Update unwrap command 2017-10-24 09:30:48 -04:00
Seth Vargo 71ed308e6c
Update version command 2017-10-24 09:30:48 -04:00
Seth Vargo 05b18b8e4f
Update status command 2017-10-24 09:30:48 -04:00
Seth Vargo c4ccbf3ab3
Update ssh command 2017-10-24 09:30:48 -04:00
Seth Vargo 5b78a9905c
Update server command 2017-10-24 09:30:48 -04:00
Seth Vargo b982365fbb
Add "operator" subcommand 2017-10-24 09:30:48 -04:00
Seth Vargo 204006bd56
Rename mounts to secrets engines and add the subcommand 2017-10-24 09:30:48 -04:00
Seth Vargo d71decc112
Update read command 2017-10-24 09:30:48 -04:00
Seth Vargo 2f8bf3c71f
Add "policy" subcommand 2017-10-24 09:30:48 -04:00
Seth Vargo 0800385283
Update path-help command 2017-10-24 09:30:48 -04:00
Seth Vargo 6fc5f05c4b
Update list command 2017-10-24 09:30:47 -04:00
Seth Vargo 76de999b34
Add lease subcommand 2017-10-24 09:30:47 -04:00
Seth Vargo 02341c3b6a
Update delete command 2017-10-24 09:30:47 -04:00
Seth Vargo 810c0afe38
Predict "generic" as a secrets engine 2017-10-24 09:30:47 -04:00
Seth Vargo 1488ba6d72
Add token as a subcommand 2017-10-24 09:30:47 -04:00
Seth Vargo 5aab30091e
Make audit a subcommand 2017-10-24 09:30:47 -04:00
Seth Vargo 939495c7bb
Add login subcommand 
This replaces the "auth" part of "vault auth"
 2017-10-24 09:30:47 -04:00
Seth Vargo 69784a3bf1
Introduce auth as a subcommand 2017-10-24 09:30:47 -04:00
Seth Vargo d85c6a43c0
Wire all commands together 2017-10-24 09:30:47 -04:00
Seth Vargo f7782df97e
Update write command 2017-10-24 09:30:47 -04:00
Seth Vargo f7c9fe6d20
Update version command 2017-10-24 09:30:47 -04:00
Seth Vargo ca6e002235
Update unwrap command 2017-10-24 09:30:47 -04:00
Seth Vargo 0c0d90913a
update unseal command 2017-10-24 09:30:47 -04:00
Seth Vargo 2f0eb0a216
Update unmount command 2017-10-24 09:30:46 -04:00
Seth Vargo c63e1a7b96
Update token-revoke command 2017-10-24 09:30:46 -04:00
Seth Vargo 5dcd51302e
Update token-renew command 2017-10-24 09:30:46 -04:00
Seth Vargo 5cd62171f9
Update token-lookup command 2017-10-24 09:30:46 -04:00
Seth Vargo ad28d1d82a
Update token-create command 2017-10-24 09:30:46 -04:00
Seth Vargo c14629cb5d
Update step-down command 2017-10-24 09:30:46 -04:00
Seth Vargo 530144f7f7
Update status command 2017-10-24 09:30:46 -04:00
Seth Vargo 1d91e96c8e
Update ssh command 2017-10-24 09:30:46 -04:00
Seth Vargo 3f7f8b20bb
Update seal command 2017-10-24 09:30:46 -04:00
Seth Vargo 48e6460da5
Update rotate command 2017-10-24 09:30:46 -04:00
Seth Vargo 191ec2d750
Update revoke command 2017-10-24 09:30:46 -04:00
Seth Vargo 108f748d18
Update renew command 2017-10-24 09:30:46 -04:00
Seth Vargo 8df3be5656
Update remount command 2017-10-24 09:30:46 -04:00
Seth Vargo a72ab1ecf5
Update rekey command 2017-10-24 09:30:46 -04:00
Seth Vargo 648e0c7913
Update read command 2017-10-24 09:29:37 -04:00
Seth Vargo db4f5bac11
Update policy-write command 2017-10-24 09:29:37 -04:00
Seth Vargo a8b061723c
Update policy-list command 2017-10-24 09:29:37 -04:00
Seth Vargo bd879f2731
Update policy-delete command 2017-10-24 09:29:36 -04:00
Seth Vargo 85e5c33352
Update path-help command 2017-10-24 09:29:36 -04:00
Seth Vargo 19caaafe13
Update mounts command 2017-10-24 09:29:36 -04:00
Seth Vargo 136ef51f49
Update mount-tune command 2017-10-24 09:28:07 -04:00
Seth Vargo 7abb3341a3
Update mount command 2017-10-24 09:28:07 -04:00
Seth Vargo 4d0b10ebd2
Update list command 2017-10-24 09:28:07 -04:00
Seth Vargo 7cd7338f9d
Update key-status command 2017-10-24 09:28:07 -04:00
Seth Vargo 076703ebc1
Update init command 2017-10-24 09:28:07 -04:00
Seth Vargo 9500cb7fc7
Update generate-root command 2017-10-24 09:28:07 -04:00
Seth Vargo 9b949cebd5
Update format to not use colored UI for json/yaml 2017-10-24 09:28:07 -04:00
Seth Vargo 38823efa70
Update delete command 2017-10-24 09:28:07 -04:00
Seth Vargo fd5ba4c5ed
Update capabilities command 2017-10-24 09:28:06 -04:00
Seth Vargo d93c418db3
Add new auth-list command 2017-10-24 09:28:06 -04:00
Seth Vargo 153bfd6a83
Add new auth-help command 2017-10-24 09:28:06 -04:00
Seth Vargo 6178d61d6d
Update auth-enable command 2017-10-24 09:28:06 -04:00
Seth Vargo 43465577d4
Update auth-disable command 2017-10-24 09:28:06 -04:00
Seth Vargo 595456df69
Update auth command 2017-10-24 09:28:06 -04:00
Seth Vargo ac0be24253
Update audit-list command 2017-10-24 09:28:06 -04:00
Seth Vargo 8e343caeda
Update audit-enable command 2017-10-24 09:28:06 -04:00
Seth Vargo 197d7840cc
Update audit-disable command 2017-10-24 09:28:06 -04:00
Seth Vargo d03caa18b5
Add more testing helper functions 2017-10-24 09:28:06 -04:00
Seth Vargo 06580ebd61
Remove wrapping tests 
There are no dedicated tests for this, but ttl wrapping is littered throughout other tests
 2017-10-24 09:28:06 -04:00
Seth Vargo 9e2a833b19
Detect terminal and use the output writer for raw fields 
If the value is being "piped", we don't print colors or the newline character at the end. If it's not, we still give users pretty when selecting a raw field/value.
 2017-10-24 09:28:06 -04:00
Seth Vargo 5a6b08caab
Add helper for decrypting via PGP in tests 2017-10-24 09:28:06 -04:00
Seth Vargo e516762328
Remove unused file for tests 2017-10-24 09:28:06 -04:00
Seth Vargo bb4edc30f8
Add more predictors 2017-10-24 09:28:06 -04:00
Seth Vargo d271bdd4e1
Read env config for predictions 2017-10-24 09:28:05 -04:00
Seth Vargo 3331b25895
Expand and centralize helpers 2017-10-24 09:28:05 -04:00
Seth Vargo 971307351b
Cleanup base flags a bit 2017-10-24 09:28:05 -04:00
Seth Vargo 197339e78c
Use a TokenHelper method 
It's weird to have two different helper funcs that can return different errors
 2017-10-24 09:28:05 -04:00
Seth Vargo 5d31c4cb08
Allow hiding flags 2017-10-24 09:28:05 -04:00
Seth Vargo 502d7a2040
Add an in-mem token helper for testing 2017-10-24 09:27:19 -04:00
Seth Vargo 5b0b8b9db5
Add interface assertions for token helpers 
This will ensure they meet the right API
 2017-10-24 09:27:19 -04:00
Seth Vargo acd4241740
Drop cli and meta packages 
This centralizes all command-related things in the command package
 2017-10-24 09:27:19 -04:00
Seth Vargo 50705bcce7
Unwrap cli.Ui to get to the underlying writer 
This allows us to write without a newline character, since the Ui
interface doesn't expose a direct Write() method.
 2017-10-24 09:26:45 -04:00
Seth Vargo 0f2905fd7c
Only print default values if they are non-zero 2017-10-24 09:26:44 -04:00
Seth Vargo 5093b8dff8
More arbitrary function for wrapping at a length 2017-10-24 09:26:44 -04:00
Seth Vargo 9347c110f2
Delegate usage to the UI 2017-10-24 09:26:44 -04:00
Seth Vargo 6c73d28967
Make predict it's own struct 
The previous architecture would create an API client many times, slowing down the CLI exponentially for each new command added.
 2017-10-24 09:26:44 -04:00
Seth Vargo bd3064327c
Separate "files" and "folders" in predictor 2017-10-24 09:26:44 -04:00
Seth Vargo 2f3acd9068
Remove coupling between Raw() and UI 2017-10-24 09:26:44 -04:00
Seth Vargo cb31f95e75
Add testing harness for a vault cluster 2017-10-24 09:26:44 -04:00
Seth Vargo 9064d52e66
Output JSON with spaces not tabs 2017-10-24 09:26:44 -04:00
Seth Vargo cc0140be80
Add start of base command, flags, prediction 2017-10-24 09:26:44 -04:00
Jeff Mitchell 65f664be47 Make compile 2017-10-23 17:41:44 -04:00
Jeff Mitchell a25dae82dd Final sync 2017-10-23 17:39:21 -04:00
Jeff Mitchell 6bafb02a5b Sync up server.go a bit 2017-10-10 12:27:51 -04:00
Jeff Mitchell 17a15cd594 Add option to disable client certificate requesting. (#3373) 
Fixes #3372
 2017-09-25 14:41:46 -04:00
Calvin Leung Huang 29911bfea8 Add support for stored shares and skip-init in dev mode (#3364) 2017-09-21 15:23:29 -04:00
Vishal Nayak e99640f462 Add 'pid_file' config option (#3321) 
* add pid_file config option

* address review feedback

* address review comments
 2017-09-16 17:09:37 -04:00
Chris Hoffman 1029ad3b33 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman 9d73c81f38 Disable the `sys/raw` endpoint by default (#3329) 
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
 2017-09-15 00:21:35 -04:00
Chris Hoffman 91338d7aa2 Adding latency injector option to -dev mode for storage operations (#3289) 2017-09-11 14:49:08 -04:00
Jeff Mitchell 223c4fc325 Change auth helper interface to api.Secret. (#3263) 
This allows us to properly handle wrapped responses.

Fixes #3217
 2017-08-31 16:57:00 -04:00
Calvin Leung Huang 6f417d39da Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Jeff Mitchell 3edb337a00 Add option to set cluster TLS cipher suites. (#3228) 
* Add option to set cluster TLS cipher suites.

Fixes #3227
 2017-08-30 16:28:23 -04:00
Brian Kassouf 23089dafbc Add basic autocompletion (#3223) 
* Add basic autocompletion

* Add autocomplete to some common commands

* Autocomplete the generate-root flags

* Add information about autocomplete to the docs
 2017-08-24 15:23:40 -07:00
Doyoon Kim 3ffebb7780 Moved PROXY protocol wrap to execute before the TLS wrap (#3195) 2017-08-23 12:00:09 -04:00
Seth Vargo ec9e187ce4 Thread stderr through too (#3211) 
* Thread stderr through too

* Small docs typo
 2017-08-21 17:23:29 -04:00
Jeff Mitchell 654e7d92ac Properly lowercase policy names. (#3210) 
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.

Fixes #3187
 2017-08-18 19:47:23 -04:00
Seth Vargo 51d8e5ff86 Do not revoke SSH key (#3208) 
There is no secret to revoke - this produces an error on the CLI
 2017-08-18 15:44:20 -04:00
Seth Vargo 2e3a9ebd06
Add host key checking for SSH CA 2017-08-18 12:59:09 -04:00
Seth Vargo 89cffaf25e
Revoke temporary cred after creation, update warning 
/cc @vishalnayak
 2017-08-18 12:59:09 -04:00