Commit graph

6561 commits

Author SHA1 Message Date
Paul Pieralde 567f2ce1f1 Fix docs for Certificate authentication (#3301)
Fix discrepencies in the documentation for TLS Certificate
authentication. The Delete CRL method has a misleading title and
description.
2017-09-07 10:28:14 -04:00
Paul Pieralde 25976b340e Fixed small typo in RabbitMQ secret backend. (#3300)
Fixed `name` param for the Delete Role API in the RabbitMQ secret backend.
2017-09-07 10:00:32 -04:00
Chris Hoffman 53164d528c Fix unauth bind issues due to lib update (#3293) 2017-09-07 08:46:43 -04:00
Jeff Mitchell 44bf03e3b6 Fix compile after dep update 2017-09-05 18:18:34 -04:00
Jeff Mitchell 0665badfdd Bump deps 2017-09-05 18:06:47 -04:00
Jeff Mitchell 675cbe1bcd Handle expiration manager being nil 2017-09-05 12:01:02 -04:00
Jeff Mitchell 03088a94ee
Cut version 0.8.2 2017-09-05 11:16:44 -04:00
Jeff Mitchell 7f7f2c7cfc Update version 2017-09-05 11:14:25 -04:00
Chris Hoffman 71952b7738 ExpirationManager restoration to load in the background (#3260) 2017-09-05 11:09:00 -04:00
Jeff Mitchell af9859214a changelog++ 2017-09-05 10:58:32 -04:00
Jeff Mitchell dae06d9a0e Simplify a lot of the mount tuning code (#3285) 2017-09-05 10:57:25 -04:00
Jeff Mitchell 3576aa73d9 Bump gcp plugin dep 2017-09-05 10:56:32 -04:00
Chris Hoffman 0321510596 changelog++ 2017-09-05 10:37:07 -04:00
Vishal Nayak db0bda4a90 Fix build (#3288) 2017-09-05 09:02:17 -04:00
Brian Kassouf a8d9426d9f Update locking components from DR replication changes (#3283)
* Update locking components from DR replication changes

* Fix plugin backend test

* Add a comment about needing the statelock:
2017-09-04 19:38:37 -04:00
Jeff Mitchell 9185fd9e67 Fix hook 2017-09-04 19:20:39 -04:00
Jeff Mitchell 060c69c7b9 Add pre-push hook 2017-09-04 19:16:11 -04:00
Jeff Mitchell d7e933a072 Fix inverted skipinit logic 2017-09-04 18:39:57 -04:00
Jeff Mitchell 4785e56283 Fix nil pointer on test 2017-09-04 18:08:56 -04:00
Jeff Mitchell 0da8fa412d DoNotInit -> SkipInit 2017-09-04 16:29:43 -04:00
Jeff Mitchell cbb0313f78 Add option to NewTestCluster to not init 2017-09-04 16:28:21 -04:00
Jeff Mitchell 7be6905eb0 Add a bit more delay to backend test in case Travis is loaded 2017-09-04 14:45:12 -04:00
Joel Thompson 2a53d852f3 auth/aws: Properly handle malformed ARNs (#3280)
The parseIamArn method was making assumptions about the input arn being
properly formatted and of a certain type. If users tried to pass a
bound_iam_principal_arn that was malformed (or was the ARN of the root
user), it would cause a panic. parseIamArn now explicitly checks the
assumptions it's making and tests are added to ensure it properly errors
out (rather than panic'ing) on malformed input.
2017-09-03 20:37:06 -04:00
Jeff Mitchell 105a7068d1 Bump Go dep 2017-09-03 12:34:07 -04:00
Jeff Mitchell 4b6279a990 Bump hclog dep 2017-09-03 12:33:44 -04:00
Lars Lehtonen f3d6866735 Fix goroutine logging in cert test (#3224) 2017-09-01 16:55:16 -04:00
Calvin Leung Huang 48263622cb Add comment to the reason behind mounting a nil backend for plugin mounts during setup 2017-09-01 12:26:31 -04:00
Calvin Leung Huang b4f950becc changelog++ 2017-09-01 12:12:08 -04:00
Calvin Leung Huang ef055a7b0b changelog++ 2017-09-01 12:05:45 -04:00
Jeff Mitchell 1a85a0e7a0 Bump readme go requirement 2017-09-01 08:36:05 -04:00
Eugene Bekker e85e22b00e Fixing the response sample for reading a plugin (#3278)
The plugin config data properties are returned immediately within the response's `data` object.
2017-09-01 08:34:54 -04:00
Jeff Mitchell 9578361513 Massive update to response-wrapping concept page 2017-09-01 08:32:55 -04:00
Brian Kassouf ed6e818fea Plugin Version Update (#3275)
* Bump plugin version requirement

* Register time.Duration with gob
2017-09-01 00:01:14 -07:00
Calvin Leung Huang a581e96b78 Lazy-load plugin mounts (#3255)
* Lazy load plugins to avoid setup-unwrap cycle

* Remove commented blocks

* Refactor NewTestCluster, use single core cluster on basic plugin tests

* Set c.pluginDirectory in TestAddTestPlugin for setupPluginCatalog to work properly

* Add special path to mock plugin

* Move ensureCoresSealed to vault/testing.go

* Use same method for EnsureCoresSealed and Cleanup

* Bump ensureCoresSealed timeout to 60s

* Correctly handle nil opts on NewTestCluster

* Add metadata flag to APIClientMeta, use meta-enabled plugin when mounting to bootstrap

* Check metadata flag directly on the plugin process

* Plumb isMetadataMode down to PluginRunner

* Add NOOP shims when running in metadata mode

* Remove unused flag from the APIMetadata object

* Remove setupSecretPlugins and setupCredentialPlugins functions

* Move when we setup rollback manager to after the plugins are initialized

* Fix tests

* Fix merge issue

* start rollback manager after the credential setup

* Add guards against running certain client and server functions while in metadata mode

* Call initialize once a plugin is loaded on the fly

* Add more tests, update basic secret/auth plugin tests to trigger lazy loading

* Skip mount if plugin removed from catalog

* Fixup

* Remove commented line on LookupPlugin

* Fail on mount operation if plugin is re-added to catalog and mount is on existing path

* Check type and special paths on startBackend

* Fix merge conflicts

* Refactor PluginRunner run methods to use runCommon, fix TestSystemBackend_Plugin_auth
2017-09-01 01:02:03 -04:00
Jeff Mitchell 590e2de328 changelog++ 2017-08-31 23:09:09 -04:00
Jeff Mitchell ef92e823f2 changelog++ 2017-08-31 23:08:32 -04:00
Jeff Mitchell abb2ab2918 Add pki/root/sign-self-issued. (#3274)
* Add pki/root/sign-self-issued.

This is useful for root CA rolling, and is also suitably dangerous.

Along the way I noticed we weren't setting the authority key IDs
anywhere, so I addressed that.

* Add tests
2017-08-31 23:07:15 -04:00
Jeff Mitchell f38daffbe8 Travis, be happier please 2017-08-31 21:43:31 -04:00
Jeff Mitchell 1623ff7993 changelog++ 2017-08-31 16:58:05 -04:00
Jeff Mitchell 223c4fc325 Change auth helper interface to api.Secret. (#3263)
This allows us to properly handle wrapped responses.

Fixes #3217
2017-08-31 16:57:00 -04:00
Jeff Mitchell 9a159a597f changelog++ 2017-08-31 16:52:06 -04:00
Jeff Mitchell d64929b58d Try reconnecting Mongo on EOF (#3269) 2017-08-31 16:50:26 -04:00
Jeff Mitchell 4ec737b013 Don't append a trailing slash to the request path if it doesn't actually help find something (#3271) 2017-08-31 16:50:03 -04:00
Jeff Mitchell 2c484080de changelog++ 2017-08-31 15:50:14 -04:00
Jeff Mitchell d62937aaf3 Use TypeDurationSecond for TTL values in PKI. (#3270) 2017-08-31 15:46:13 -04:00
Calvin Leung Huang 1934fe21fe changelog++ 2017-08-31 14:53:50 -04:00
Jeff Mitchell 5224c296f0 changelog++ 2017-08-31 12:32:15 -04:00
Jeff Mitchell 7585349e46 Use net.SplitHostPort on Consul address (#3268) 2017-08-31 12:31:34 -04:00
Calvin Leung Huang 6f417d39da Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Chris Hoffman 194491759d Updating Okta lib for credential backend (#3245)
* migrating to chrismalek/oktasdk-go Okta library

* updating path docs

* updating bool reference from config
2017-08-30 22:37:21 -04:00