Commit graph

3369 commits

Author SHA1 Message Date
vishalnayak efcc07967e Accept instance_id in the URL for whitelist endpoint 2016-04-26 10:22:28 -04:00
Jeff Mitchell cf56895772 Switch around some logic to be more consistent/readable and respect max
TTL on initial token issuance.
2016-04-26 10:22:28 -04:00
vishalnayak 338054d49e Return un-expired entries from blacklist and whitelist 2016-04-26 10:22:28 -04:00
vishalnayak b6bd30b9fb Test ConfigClient 2016-04-26 10:22:28 -04:00
vishalnayak d3adc85886 AWS EC2 instances authentication backend 2016-04-26 10:22:28 -04:00
Sean Chittenden 51a97717db Merge pull request #1351 from hashicorp/f-backend-logger
Logger objects for all the physical backends
2016-04-25 20:47:10 -07:00
Sean Chittenden 557d8b8a24 Make use of logger interface inside of the Consul BE 2016-04-25 20:10:55 -07:00
Sean Chittenden aeea7628d6 Add a *log.Logger argument to physical.Factory
Logging in the backend is a good thing.  This is a noisy interface change but should be a functional noop.
2016-04-25 20:10:32 -07:00
Sean Chittenden ef62ecbb2d changelog++ 2016-04-25 18:19:38 -07:00
Sean Chittenden 98b4ab5798 Merge pull request #1349 from hashicorp/f-vault-service
Vault-driven Consul service registration and TTL checks.
2016-04-25 18:12:06 -07:00
Sean Chittenden 5fd5869bc5 Rewriting history before it gets away from me 2016-04-25 18:05:50 -07:00
Sean Chittenden 5a33edb57d Change to the pre-0.6.4 Consul Check API
Consul is never going to pass in more than 1K of output.  This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden 9b8095d7ea Change to the pre-0.6.4 Consul Check API
Consul is never going to pass in more than 1K of output.  This mitigates the pre-0.6.4 concern.
2016-04-25 18:01:13 -07:00
Sean Chittenden f5183fa506 Collapse UpdateAdvertiseAddr() into RunServiceDiscovery() 2016-04-25 18:01:13 -07:00
Sean Chittenden 5104c58c54 Update tests to chase sealed -> unsealed transition 2016-04-25 18:01:13 -07:00
Sean Chittenden 7fe0b2c6a1 Persistently retry to update service registration
If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second.  Allow for concurrent changes to the state with a single registration updater.  Fix standby initialization.
2016-04-25 18:01:13 -07:00
Sean Chittenden 3228d25c65 Add a small bit of wording re: disable_registration
Consul service registration for Vault requires Consul 0.6.4.
2016-04-25 18:01:13 -07:00
Sean Chittenden 3977057cc9 Disable service registration for consul HA tests 2016-04-25 18:01:13 -07:00
Sean Chittenden dd3219ec56 Provide documentation and example output 2016-04-25 18:01:13 -07:00
Sean Chittenden 3449fa1bc3 Consistently skip Consul checks
Hide all Consul checks behind `CONSUL_HTTP_ADDR` env vs `CONSUL_ADDR` which is non-standard.
2016-04-25 18:01:13 -07:00
Sean Chittenden 1f8397f0a3 Use spaces in tests to be consistent
The rest of the tests here use spaces, not tabs
2016-04-25 18:01:13 -07:00
Sean Chittenden 60006f550f Various refactoring to clean up code organization
Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`
2016-04-25 18:01:13 -07:00
Sean Chittenden 53f9cea87c Compare the correct values when validating check_timeout 2016-04-25 18:01:13 -07:00
Sean Chittenden e7f600b4e6 Improve error handling re: homedir expansion
Useful if the HOME envvar is not set because `vault` was launched in a clean environment (e.g. `env -i vault ...`).
2016-04-25 18:01:13 -07:00
Sean Chittenden 70ae7f73b4 Detect type conversion failure 2016-04-25 18:01:13 -07:00
Sean Chittenden ae66e65bcf Don't export the builtin backends 2016-04-25 18:01:13 -07:00
Sean Chittenden bd3335c1bd go fmt the PostgreSQL backend 2016-04-25 18:01:13 -07:00
Sean Chittenden 6b2c83564e Teach Vault how to register with Consul
Vault will now register itself with Consul.  The active node can be found using `active.vault.service.consul`.  All standby vaults are available via `standby.vault.service.consul`.  All unsealed vaults are considered healthy and available via `vault.service.consul`.  Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)).

Healthy/active:

```
curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty' && echo;
[
    {
        "Node": {
            "Node": "vm1",
            "Address": "127.0.0.1",
            "TaggedAddresses": {
                "wan": "127.0.0.1"
            },
            "CreateIndex": 3,
            "ModifyIndex": 20
        },
        "Service": {
            "ID": "vault:127.0.0.1:8200",
            "Service": "vault",
            "Tags": [
                "active"
            ],
            "Address": "127.0.0.1",
            "Port": 8200,
            "EnableTagOverride": false,
            "CreateIndex": 17,
            "ModifyIndex": 20
        },
        "Checks": [
            {
                "Node": "vm1",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm1",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "passing",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "",
                "ServiceID": "vault:127.0.0.1:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 19
            }
        ]
    }
]
```

Healthy/standby:

```
[snip]
        "Service": {
            "ID": "vault:127.0.0.2:8200",
            "Service": "vault",
            "Tags": [
                "standby"
            ],
            "Address": "127.0.0.2",
            "Port": 8200,
            "EnableTagOverride": false,
            "CreateIndex": 17,
            "ModifyIndex": 20
        },
        "Checks": [
            {
                "Node": "vm2",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm2",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "passing",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "",
                "ServiceID": "vault:127.0.0.2:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 19
            }
        ]
    }
]
```

Sealed:

```
        "Checks": [
            {
                "Node": "vm2",
                "CheckID": "serfHealth",
                "Name": "Serf Health Status",
                "Status": "passing",
                "Notes": "",
                "Output": "Agent alive and reachable",
                "ServiceID": "",
                "ServiceName": "",
                "CreateIndex": 3,
                "ModifyIndex": 3
            },
            {
                "Node": "vm2",
                "CheckID": "vault-sealed-check",
                "Name": "Vault Sealed Status",
                "Status": "critical",
                "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server",
                "Output": "Vault Sealed",
                "ServiceID": "vault:127.0.0.2:8200",
                "ServiceName": "vault",
                "CreateIndex": 19,
                "ModifyIndex": 38
            }
        ]
```
2016-04-25 18:01:13 -07:00
Sean Chittenden 2060766107 Update vendor'ed version of hashicorp/consul/lib
Note: Godeps.json not updated
2016-04-25 18:00:54 -07:00
Sean Chittenden 230b59f34c Stub out service discovery functionality
Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.
2016-04-25 18:00:54 -07:00
Sean Chittenden 0c23acb818 Comment nits 2016-04-25 18:00:54 -07:00
Jeff Mitchell d77f9e0583 Update vendoring 2016-04-26 00:18:04 +00:00
Jeff Mitchell 398ed86d04 Split out TestSeal 2016-04-26 00:14:16 +00:00
Jeff Mitchell 8d4e5aacae Change seal test name in command package 2016-04-26 00:12:14 +00:00
Jeff Mitchell f00beb4e32 Update azure backend for newer sdk 2016-04-26 00:08:07 +00:00
Jeff Mitchell 81137128b9 changelog++ 2016-04-25 19:56:18 +00:00
Jeff Mitchell a481bff2b1 Fix commenting S3 -> Azure 2016-04-25 19:53:07 +00:00
Jeff Mitchell c12dcba9bc Merge pull request #1266 from sepiroth887/azure_backend
added Azure Blobstore backend support
2016-04-25 15:53:09 -04:00
Jeff Mitchell 0f0a6ae368 Merge pull request #1282 from rileytg/patch-1
change github example team to admins
2016-04-25 15:45:01 -04:00
Jeff Mitchell 267b13c1ba Merge pull request #1326 from hashicorp/sethvargo/hint_noreauth
Hint that you don't need to run auth twice
2016-04-25 15:43:55 -04:00
Jeff Mitchell 164168a5c5 Merge pull request #1350 from hashicorp/sealtests
Add seal tests and update generate-root and others to handle dualseal.
2016-04-25 15:40:46 -04:00
Jeff Mitchell 98d09b0dc6 Add seal tests and update generate-root and others to handle dualseal. 2016-04-25 19:39:04 +00:00
Jeff Mitchell 30ba5b7887 Merge pull request #1291 from mmickan/ssh-keyinstall-perms
Ensure authorized_keys file is readable when uninstalling an ssh key
2016-04-25 14:00:37 -04:00
Jeff Mitchell f293b1bb98 Merge pull request #1328 from hashicorp/sethvargo/path-help
Add missing path-helps and clarify subpaths in tables
2016-04-25 13:53:06 -04:00
Jeff Mitchell a331f0e62f Merge pull request #1348 from hashicorp/sethvargo/referrer
Do not allow referrer to modify the parent
2016-04-23 09:45:19 -04:00
Seth Vargo da1735e396
Do not allow referrer to modify the parent
http://mathiasbynens.github.io/rel-noopener/
2016-04-22 23:41:09 -04:00
Vishal Nayak 8f5ba88186 Merge pull request #1343 from hashicorp/b-doc-wordsmith
Wordsmith the docs around the `list` command.
2016-04-20 19:09:38 -04:00
Sean Chittenden f6bec6e017 Wordsmith the docs around the list command.
Prompted by: feedback from conference attendees at PGConf '16
2016-04-20 18:13:58 -04:00
Jeff Mitchell e68de75e83 Next version will likely not be 0.6.0 2016-04-20 20:24:17 +00:00
Jeff Mitchell 04816ed25e changelog++ 2016-04-20 20:23:08 +00:00