Commit graph

1317 commits

Author SHA1 Message Date
Calvin Leung Huang 0df09e356d
agent: add an inflight cache better concurrent request handling (#10705)
* agent: do not grap idLock writelock until caching entry

* agent: inflight cache using sync.Map

* agent: implement an inflight caching mechanism

* agent/lease: add lock for inflight cache to prevent simultaneous Set calls

* agent/lease: lock on a per-ID basis so unique requests can be processed independently

* agent/lease: add some concurrency tests

* test: use lease_id for uniqueness

* agent: remove env flags, add comments around locks

* agent: clean up test comment

* agent: clean up test comment

* agent: remove commented debug code

* agent/lease: word-smithing

* Update command/agent/cache/lease_cache.go

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* agent/lease: return the context error if the Done ch got closed

* agent/lease: fix data race in concurrency tests

* agent/lease: mockDelayProxier: return ctx.Err() if context got canceled

* agent/lease: remove unused inflightCacheLock

* agent/lease: test: bump context timeout to 3s

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-01-26 12:09:37 -08:00
Vishal Nayak 2602675402
Set namespace for template server in agent (#10757)
* Set namespace for template server in agent

* cl++
2021-01-25 17:37:01 -05:00
Ricardo Cardenas 049301f70b
feat(agent): add retry configuration for vault agent (#10644)
* feat(agent): add retry configuration for vault agent

* feat(agent): add test fixtures for retry

* fix(retry): move retry stanza to top level as template_retry

* fix(retry): add retry config to ServerConfig struct

* fix(retry): point config parser to parse template_retry instead of retry

* remove netlify config (#10711)

* Fix build (#10749)

* Move the declaration to a OSS build tag file to not have it collide w… (#10750)

* Move the declaration to a OSS build tag file to not have it collide with ent declarations

* Add comment

* Remove comment to trigger ci

* Unconditionally use the root namespace when calling sys/seal-status. (#10742)

* feat(agent): add retry configuration for vault agent

* feat(agent): add test fixtures for retry

* fix(retry): move retry stanza to top level as template_retry

* fix(retry): add retry config to ServerConfig struct

* fix(retry): point config parser to parse template_retry instead of retry

Co-authored-by: Hridoy Roy <roy@hashicorp.com>
Co-authored-by: Jeff Escalante <jescalan@users.noreply.github.com>
Co-authored-by: Vishal Nayak <vishalnayak@users.noreply.github.com>
Co-authored-by: Mark Gritter <mgritter@hashicorp.com>
2021-01-25 11:00:17 -08:00
Mark Gritter bd6d25499f
Unconditionally use the root namespace when calling sys/seal-status. (#10742) 2021-01-25 11:25:54 -06:00
Vishal Nayak 5d270db1df
Add list peers to DR secondaries (#10746) 2021-01-22 11:50:59 -05:00
Eugene R 331529fc94
Aerospike storage backend (#10131)
* add an Aerospike storage backend

* go mod vendor

* add Aerospike storage configuration docs

* review fixes

* bump aerospike client to v3.1.1

* rename the defaultHostname variable

* relocate the docs page
2021-01-12 15:26:07 -08:00
Lauren Voswinkel 7189a67a33
Adding snowflake as a bundled database secrets plugin (#10603)
* Adding snowflake as a bundled database secrets plugin

* Add snowflake-database-plugin to expected bundled plugins

* Add snowflake plugin name to the mockBuiltinRegistry
2021-01-07 09:30:24 -08:00
Jace Tan 74cadeb8e5
Fix typo in usage description of operator init -status flag (#10618)
This commit fixes a typo in the operator init -status flag's usage
description and aligns it with that found on https://www.vaultproject.io/docs/commands/operator/init#status.
2020-12-23 13:12:44 -07:00
Nick Cabatoff d2096b251d
Add log gathering to debug command. (#10609) 2020-12-22 15:15:24 -05:00
Mark Gritter 8c67bed7ae
Send a test message before committing a new audit device. (#10520)
* Send a test message before committing a new audit device.
Also, lower timeout on connection attempts in socket device.
* added changelog
* go mod vendor (picked up some unrelated changes.)
* Skip audit device check in integration test.
Co-authored-by: swayne275 <swayne@hashicorp.com>
2020-12-16 16:00:32 -06:00
Josh Black a7aac342bd
Only set the namespace if the env var isn't present (#1519) (#10556) 2020-12-14 11:40:48 -08:00
Brian Kassouf 275ca323e8
core: Record the time a node became active (#10489)
* core: Record the time a node became active

* Update vault/core.go

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

* Add omitempty field

* Update vendor

* Added CL entry and fixed test

* Fix test

* Fix command package tests

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2020-12-11 16:50:19 -08:00
Nick Cabatoff 84d566db9e
Be consistent with how we report init status. (#10498)
Also make half-joined raft peers consider storage to be initialized, whether or not they're sealed.
2020-12-08 13:55:34 -05:00
Caius Durling c1fa14e00c
Fix typo in print token synopsis text (#10320)
Co-authored-by: swayne275 <swayne@hashicorp.com>
2020-12-03 10:59:09 -07:00
Josh Black b8ba047b35
Allow Vault Agent to run as a Windows service (#10231) 2020-11-23 14:24:32 -08:00
Mark Gritter ab2e28bf55
"vault operator usage" CLI for client count reporting (#10365)
* Working draft of CLI command.
* Sort order, robustness checking.
* Text edits and check of queries_available.
* Added changelog.
2020-11-23 14:57:35 -06:00
Michel Vocks 22d55c00e6
Fix KV list command with whitespaces (#8017)
* Fix KV list command with whitespaces

* Fix kv list whitespace

* Fix list whitespace

* Fix failing test

Co-authored-by: swayne275 <swayne@hashicorp.com>
2020-11-23 12:38:14 -07:00
Hridoy Roy 6261afb343
Port: Telemetry For Lease Expiration Times (#10375)
* port lease metrics

* go mod vendor

* caught a bug
2020-11-13 10:26:58 -08:00
Brian Kassouf 10668331e4
Update go version to 1.15.3 (#10279)
* Update go version to 1.15.3

* Fix OU ordering for go1.15.x testing

* Fix CI version

* Update docker image

* Fix test

* packagespec upgrade -version 0.1.8

Co-authored-by: Sam Salisbury <samsalisbury@gmail.com>
2020-10-30 16:44:06 -04:00
Brian Kassouf 81a86f48e8
Backport some OSS changes (#10267)
* Backport some OSS changes

* go mod vendor
2020-10-29 16:47:34 -07:00
Scott Miller dd0ea9a389
Wrap the dev logs in a sync.Once and deregister first, to eliminate the possibility of emitting the dev output twice in a race. (#10258) 2020-10-28 10:23:18 -05:00
Aleksandr Bezobchuk 95bbd8d920
Merge PR #10192: Auto-Join: Configurable Scheme & Port (and add k8s provider) 2020-10-23 16:13:09 -04:00
Byungjin Park (BJ) ca63903321
Fix outdated enable-versioning command usage in kv (#10212) 2020-10-23 12:46:20 -07:00
Nick Cabatoff 0d6a929a4c
Same seal migration oss (#10224)
* Refactoring and test improvements.

* Support migrating from a given type of autoseal to that same type but with different parameters.
2020-10-23 14:16:04 -04:00
Michael Golowka bd79fbafb3
Add couchbase, elasticsearch, and mongodbatlas back (#10222)
Updated the `Serve` function so these can be added back into Vault
2020-10-22 17:20:17 -06:00
Michael Golowka e6c8ee24ea
DBPW - Enables AutoMTLS for DB plugins (#10220)
This also temporarily disables couchbase, elasticsearch, and
mongodbatlas because the `Serve` function needs to change signatures
and those plugins are vendored in from external repos, causing problems
when building.
2020-10-22 15:43:19 -06:00
Brian Kassouf 84dbca38a1
Revert "Migrate internalshared out (#9727)" (#10141)
This reverts commit ee6391b691ac12ab6ca13c3912404f1d3a842bd6.
2020-10-13 16:38:21 -07:00
Aleksandr Bezobchuk d37be9af6e
Merge PR #10095: Integrated Storage Cloud Auto-Join 2020-10-13 16:26:39 -04:00
Jeff Mitchell e6881c8147
Migrate internalshared out (#9727)
* Migrate internalshared out

* fix merge issue

* fix merge issue

* go mod vendor

Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com>
2020-10-12 11:56:24 -07:00
Hridoy Roy 27d68e7df2
Flaky Test Fix: TestSink [VAULT-720] (#10086)
* fixed

* test sink fix

* remove print statements used for debugging

* remove print statements used for debugging

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MBP.hitronhub.home>
2020-10-05 10:29:08 -07:00
Aleksandr Bezobchuk a3cfa7c447
Merge PR #10059: Port OSS changes from #1497 2020-10-01 15:15:20 -04:00
Calvin Leung Huang 90a3f32771
agent: return a non-zero exit code on error (#9670)
* agent: return a non-zero exit code on error

* agent/template: always return on template server error, add case for error_on_missing_key

* agent: fix tests by updating Run params to use an errCh

* agent/template: add permission denied test case, clean up test var

* agent: use unbuffered errCh, emit fatal errors directly to the UI output

* agent: use oklog's run.Group to schedule subsystem runners (#9761)

* agent: use oklog's run.Group to schedule subsystem runners

* agent: clean up unused DoneCh, clean up agent's main Run func

* agent/template: use ts.stopped.CAS to atomically swap value

* fix tests

* fix tests

* agent/template: add timeout on TestRunServer

* agent: output error via logs and return a generic error on non-zero exit

* fix TestAgent_ExitAfterAuth

* agent/template: do not restart ct runner on new incoming token if exit_after_auth is set to true

* agent: drain ah.OutputCh after sink exits to avoid blocking on the channel

* use context.WithTimeout, expand comments around ordering of defer cancel()
2020-09-29 18:03:09 -07:00
Theron Voran 52581cd472
Add logging during awskms auto-unseal (#9794)
Adds debug and warn logging around AWS credential chain generation,
specifically to help users debugging auto-unseal problems on AWS, by
logging which role is being used in the case of a webidentity token.

Adds a deferred call to flush the log output as well, to ensure logs
are output in the event of an initialization failure.
2020-09-28 14:06:49 -07:00
Hridoy Roy c595244482
Normalize format output for vault status [VAULT-508] (#9976)
* normalize format output for vault status

* interim commit

* interim commit

* make formatting idiomatic

* clean up comments

* added formatting test

* updated comments in format test to match godocs

Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MBP.hitronhub.home>
Co-authored-by: HridoyRoy <hridoyroy@Hridoys-MacBook-Pro.local>
2020-09-23 10:30:01 -07:00
Lauren Voswinkel 5740e1ff9e
5844 AWS Root Credential Rotation (#9921)
* strip redundant field type declarations

* root credential rotation for aws creds plugin

* Change location of mocks awsutil and update methods that no longer exist

* Update website/pages/docs/auth/aws.mdx

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* Update sdk version to get the awsutil mock file

* Re-vendor modules to pass CI

* Use write lock for the entirety of AWS root cred rotation

* Update docs for AWS root cred rotation for clarity

Co-authored-by: Becca Petrin <beccapetrin@gmail.com>
Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-09-15 15:26:56 -07:00
ncabatoff b615da43d7
Run CI tests in docker instead of a machine. (#8948) 2020-09-15 10:01:26 -04:00
Scott Miller ed131225a2
Don't open a raft snapshot file until we have a successful snapshot response. (#9894)
* Don't open the snapshot file until we have a successful response

* Check the success of Close if nothing else errors
2020-09-14 12:22:45 -05:00
Jason O'Donnell 6f552506ea
Add disable_mlock env support (#9931) 2020-09-11 12:56:30 -04:00
Jason O'Donnell 469555ef1a
agent/auth/kerberos: add disable_fast_negotiation (#9892)
* agent/auth/kerberos: add disable_fast_negotiation

* simplify test

* Update command/agent/auth/kerberos/kerberos_test.go

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>

* simplify tests

Co-authored-by: Calvin Leung Huang <cleung2010@gmail.com>
2020-09-04 16:46:18 -04:00
Mark Gritter c4ee595e23
Retry a KV put command if the message indicates kv-v2 upgrade. (#9873) 2020-09-02 10:53:36 -05:00
Scott Miller 24794d8457
Dev Message after log quiescence (#9702)
* Register a log sink that delays the printing of the big dev warning until logs have settled down

* Since this is always an intercept logger, just be explicit about the type

* changelog++
2020-08-31 10:45:50 -05:00
Mark Gritter 6d1b71962f
Add date/time argument type. (#9817)
* Add date/time argument type.
* Add an argument to select which time formats are valid.
* Increase minimum date for epoch timestamps to avoid ambiguity.
2020-08-26 14:40:23 -05:00
Calvin Leung Huang 8b7a3812dc
agent: support providing certificate information in cert's config map (#9819)
* agent: support providing certificate information in cert's config map

* update TestCertEndToEnd

* remove URL reference on warning message
2020-08-25 14:26:06 -07:00
Scott Miller 5b003b06f8
Trail of bits 018 (#9674)
* TOB-018 remediation

* Make key derivation an optional config flag, off by default, for backwards compatibility

* Fix unit tests

* Address some feedback

* Set config on unit test

* Fix another test failure

* One more conf fail

* Switch one of the test cases to not use a derive dkey

* wip

* comments
2020-08-17 11:36:16 -05:00
Rodrigo D. L d0df8bfa21
adding new config flag disable_sentinel_trace (#9696) 2020-08-10 06:23:44 -04:00
ncabatoff b0a3972892
Use printf field widths instead of strings.Repeat. (#9681) 2020-08-07 08:54:23 -04:00
Tom Proctor 4ca978598f
Bundle couchbase database plugin with vault (#9664) 2020-08-07 11:01:04 +01:00
Alexander Bezobchuk 479777fcfe
Merge PR #9615: tests: attempt build tag fix 2020-07-28 21:43:14 -04:00
ncabatoff b491c6d72a
Fix parsing of seal stanzas that have an array for purpose (#9589)
Hexadecimal integers will be converted to decimal, which is unfortunate but shouldn't have any negative effects other than perhaps confusion in the `vault debug` output.
2020-07-27 16:28:52 -04:00
aphorise 7e2f80b8c4
Always provide version & storage type in status output (#9598) 2020-07-27 14:33:57 -04:00