Commit graph

7336 commits

Author SHA1 Message Date
Jeff Mitchell 0fe05f544d changelog++ 2017-12-19 17:03:27 -05:00
Jeff Mitchell 92aaebd20e Bust recovery cache after unsealed is set true to force migration 2017-12-19 16:22:09 -05:00
Antergone 312db6cc02 fix consul tls settings (#3719) 2017-12-19 14:24:21 -05:00
Antergone d68cc66954 check schema and table before create it (#3716) 2017-12-19 14:23:58 -05:00
Jeff Mitchell 7e033efa4c Revert grabbing lock in database Connection funcs 2017-12-19 12:53:21 -05:00
Jeff Mitchell e6d60ee551 Clarify control group APIs are enterprise only.
Fixes #3702
2017-12-19 11:00:02 -05:00
Jeff Mitchell be47ecc215 Add lock to sql connection as well 2017-12-19 10:38:26 -05:00
Jeff Mitchell 15df4d1f36 Add lock and close check on cassandra as well 2017-12-19 10:26:46 -05:00
Jeff Mitchell 3cf61a5d8f Ping the mongo session when the connection is retrieved.
This was in the deprecated backend where it fixed a similar issue a long
time ago but for some reason didn't make it over. Additionally the
function wasn't being locked properly.

Hopefully fixes #2973
2017-12-19 10:11:04 -05:00
Brian Kassouf a97b8c6f30
secret/database: Fix upgrading database backend (#3714) 2017-12-18 19:38:47 -08:00
Jeff Mitchell 4ac36c8e88 changelog++ 2017-12-18 15:31:40 -05:00
Calvin Leung Huang c4e951efb8 Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Roger Berlind 27cdb42258 Added example for Azure SQL Database (#3700) 2017-12-18 13:55:56 -05:00
Chris Hoffman b1aee36251
short circuit cert extensions check (#3712) 2017-12-18 13:19:05 -05:00
Jeff Mitchell 313360a686 changelog++ 2017-12-18 13:07:05 -05:00
Jeff Mitchell 30f8c8d80c changelog++ 2017-12-18 12:55:16 -05:00
Travis Cosgrave cf3e284396 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Jeff Mitchell 08f73e4a50
Merge pull request #3695 from hashicorp/creds-period-logic 2017-12-18 12:40:03 -05:00
Jeff Mitchell ff23426e98
Merge pull request #3401 from hashicorp/f-nomad 2017-12-18 12:24:10 -05:00
Jeff Mitchell 77a7c52392
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Ernest W. Durbin III 98e04c42d3 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
Calvin Leung Huang 254a5c90db changelog++ 2017-12-18 11:42:03 -05:00
Calvin Leung Huang 69a0457dda changelog++ 2017-12-18 10:32:02 -05:00
Chris Hoffman 7f9815f186 changelog++ 2017-12-18 10:15:29 -05:00
Jeff Mitchell 2225b20ec9 Fix up comment 2017-12-18 10:11:24 -05:00
jaloren 82fd89b3b3 Support Incrementing Lease TTL in Renew api (#3688) 2017-12-18 10:09:59 -05:00
Jeff Mitchell 516cadd863 changelog++ 2017-12-18 10:06:39 -05:00
Jeff Mitchell 9630f93845
Fix audited request header lookup (#3707)
The headers are stored lowercased but the lookup function wasn't
properly lowercasing when indexing in the header map.

Fixes #3701
2017-12-18 10:05:51 -05:00
Jeff Mitchell feaef93fb6 changelog++ 2017-12-18 10:00:04 -05:00
immutability e7faad641c Add Duo MFA to the Github backend (#3696) 2017-12-18 09:59:17 -05:00
Chris Hoffman 0bacec0184
adding recovery info to seal status (#3706) 2017-12-18 09:58:14 -05:00
Jeff Mitchell edab61c204 Pull in new go-cleanhttp to fix data race 2017-12-18 09:40:22 -05:00
James Nugent e320d0580a physical/dynamodb: Clarify ha_enabled type (#3703)
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
2017-12-18 09:30:29 -05:00
James Nugent 618b52d72d docs: Add correct method for mlock on systemd (#3704)
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
2017-12-18 09:29:37 -05:00
Raja Nadar 446b87ee0e added the missing nonce and type fields (#3694) 2017-12-17 16:26:07 -05:00
Chris Hoffman 400d738403 use defaultconfig as base, adding env var test 2017-12-17 10:51:39 -05:00
Chris Hoffman f6bed8b925 fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Calvin Leung Huang 685b4a27e4 Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697) 2017-12-15 20:19:37 -05:00
Chris Hoffman ef56322369 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Add support for encrypted TLS key files (#3685)
2017-12-15 19:51:28 -05:00
Chris Hoffman b08606b320 adding existence check for roles 2017-12-15 19:50:20 -05:00
Chris Hoffman b904d28d82 adding access config existence check and delete endpoint 2017-12-15 19:18:32 -05:00
Chris Hoffman 164849f056
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Calvin Leung Huang 997a1453e7 Use shortMaxTTL on Ec2 paths 2017-12-15 17:29:40 -05:00
Chris Hoffman c71f596fbd address some feedback 2017-12-15 17:06:56 -05:00
Chris Hoffman db0006ef65 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Defer reader.Close that is used to determine sha256
  changelog++
  Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686)
  Add logic for using Auth.Period when handling auth login/renew requests (#3677)
  plugins/database: use context with plugins that use database/sql package (#3691)
  changelog++
  Fix plaintext backup in transit (#3692)
  Database gRPC plugins (#3666)
2017-12-15 17:05:42 -05:00
Calvin Leung Huang fe7ce434e4 Update logic on renew paths 2017-12-15 16:26:42 -05:00
Calvin Leung Huang 643451d46a Update login logic for aws creds backend 2017-12-15 16:18:19 -05:00
Calvin Leung Huang ba19b99f55 Update login logic for aws creds backend 2017-12-15 16:01:40 -05:00
Calvin Leung Huang 57bc19c169 Defer reader.Close that is used to determine sha256 2017-12-15 14:04:09 -05:00
Jeff Mitchell bc282a2e8d changelog++ 2017-12-15 13:32:30 -05:00