Commit graph

11262 commits

Author SHA1 Message Date
Matthew Irish 267d5e7e40
make style overrides more specific because loading order isn't guaranteed (#7049) 2019-07-03 08:17:14 -05:00
Mike Jarmy 9c0d9f6fc0
fix output-curl-string for 'vault kv patch' (#6848)
* fix output-curl-string for 'vault-kv-patch'

* improve comments
2019-07-03 09:03:35 -04:00
Jeff Mitchell d7cabc2174
Change regexes for reading entity/group names (#7055)
We don't restrict the name itself, so we shouldn't restrict lookup.

Fixes #7054
2019-07-03 08:56:01 -04:00
Michel Vocks 71e6be653b Changelog: Added new agent namespace config option 2019-07-03 09:37:13 +02:00
Michel Vocks 524c7517e9
Add namespace config option to agent auto-auth config (#6988)
* Added namespace option to vault agent auto-auth method

* Implemented review feedback
2019-07-03 09:33:20 +02:00
Lexman 439d773683
Refactor periodic func test in the OIDC backend to work with namespaces (#7050)
* adds allowed_roles field to identity token keys and updates tests

* removed a comment that was redundant

* allowed_roles uses role client_id s instead of role names

* renamed allowed_roles to allowed_clients

* renamed allowed_clients to allowed_clientIDs

* WIP

* Kinda working?

* Handle nil during rotation

* Update discovery document

* WIP

* removes some warning messages and checks on keys when creating a role

* Path issuer ns/specific

* Fix nspath handling

* Update issuer handling

* Add locking around key updates

* Cleanup

* Fix nextRun handling

* saving work

* Include namespace in token

* saving work

* saving work

* happy path

* saving work

* sharing debug msgs

* Merge branch 'master' into refactor_periodic_func_test

# Conflicts:
#	vault/identity_store_oidc.go
#	vault/identity_store_oidc_test.go

* use MatchingStorageByAPIPath instead of logical.InmemStorage
2019-07-02 22:23:18 -07:00
Jeff Mitchell b35aa24c7f Bump auth plugins 2019-07-03 00:47:07 -04:00
Jeff Mitchell 76216398da Bump api/sdk 2019-07-03 00:14:05 -04:00
Jeff Mitchell 6be11db56e Update api's sdk 2019-07-03 00:13:12 -04:00
Jeff Mitchell 16479c503d Fix another backwards compat issue 2019-07-03 00:11:51 -04:00
Jeff Mitchell fd856bdd24
Fix some compatibility (#7048) 2019-07-02 23:29:42 -04:00
Jim Kalafut 2721c3a629
Namespace support for identity tokens (#7045) 2019-07-02 20:15:43 -07:00
Jeff Mitchell ab453c0a37 Update api/sdk 2019-07-02 22:18:30 -04:00
Jeff Mitchell 28b5670d49 Bump api's sdk 2019-07-02 22:18:09 -04:00
Jeff Mitchell 94b235452c changelog++ 2019-07-02 22:17:35 -04:00
Jeff Mitchell a3fc497fec
Fix batch token test (#7047)
At the level of role config it doesn't mean anything to use
default-service or default-batch; that's for mount tuning. So disallow
it in tokenutil. This also fixes the fact that the switch statement
wasn't right.
2019-07-02 22:16:43 -04:00
Jeff Mitchell 924ec944b5 Add connection to test request 2019-07-02 21:04:54 -04:00
Jeff Mitchell 70ee688bbf Bump sdk 2019-07-02 21:02:07 -04:00
Jeff Mitchell e36f626e75 Fix import cycle 2019-07-02 21:01:34 -04:00
Jeff Mitchell 9ca8412add Bump sdk 2019-07-02 21:00:25 -04:00
Jeff Mitchell 4b85cb3098 Update sdk's testrequest with connection value 2019-07-02 20:59:48 -04:00
Matthew Irish cc60bc5e56
changelog++ 2019-07-02 17:48:01 -05:00
Matthew Irish 311cc49c61
UI - Vault API explorer engine (#7044)
* open-api-explorer engine with embedded swagger-ui

* move swagger config to a component, rely directly on swagger-ui

* filter operations by endpoint, hook up filter to query param, add namespace handling

* fix namespace handling

* update ember-engines so that we can app.import in a lazy engine

* use engine's included hook to move swagger-ui to engine-vendor.* files

* show flash message about this being a live vault server

* show a namespace reminder and override some styles from swagger-ui

* switch filter to use includes instead of startsWith

* move flash-message to alert-banner and fix namespace reminder with a block

* adds explore web-cli command to navigate to the api-explorer engine

* allow passing a preformatted string to flash messages

* add multi-line flash-message to api explorer

* invert control and trigger events on react app so we can control the layout more and use our components

* tweak styling some more and adjust message on the flash

* change web cli command from 'explore' to 'api'

* shorten namespace warning

* fix console

* fix comments
2019-07-02 17:41:23 -05:00
Jeff Mitchell 9baf59dcdc Update auth plugins 2019-07-02 18:40:41 -04:00
ncabatoff d2beeefe79
Add support for hashing time.Time within slices (#6767)
Add support for hashing time.Time within slices, which unbreaks auditing of requests returning the request counters.  

Break Hash into struct-specific func like HashAuth, HashRequest. Move all the copying/hashing logic from FormatRequest/FormatResponse into the new Hash* funcs.  HashStructure now modifies in place instead of copying.

Instead of returning an error when trying to hash map keys of type time.Time, ignore them, i.e. pass them through unhashed.

Enable auditing on test clusters by default if the caller didn't specify any audit backends.  If they do, they're responsible for setting it up.
2019-07-02 18:18:40 -04:00
Garrett T 8fc4a63796 Set MaxIdleConns to reduce connection churn (postgresql physical) (#6967)
* Set MaxIdleConns to reduce connection churn (postgresql physical)

* Make new  "max_idle_connection" config option for physical postgresql

* Add docs for "max_idle_connections" for postgresql storage

* Add minimum version to docs for max_idle_connections
2019-07-02 15:03:56 -07:00
Lexman b74591f934
adds allowed_client_ids field to identity token named keys (#6993)
* adds allowed_roles field to identity token keys and updates tests

* removed a comment that was redundant

* allowed_roles uses role client_id s instead of role names

* renamed allowed_roles to allowed_clients

* renamed allowed_clients to allowed_clientIDs

* removes some warning messages and checks on keys when creating a role

* removes name field being set unneededly
2019-07-02 14:46:22 -07:00
Jeff Mitchell 7b672fee99
Add bound cidr checking at login time for remaining auths (#7046) 2019-07-02 17:44:38 -04:00
Michael Gaffney 4044cff8f2
Merge branch 'master' into mgaffney/kv-delete-version-after 2019-07-02 17:27:36 -04:00
Matthew Irish ddf8c20219
UI - add delete for the various kmip models (#7015)
* add menu-loader component to show menu loading button when the model relationship isPending

* list what keys we've got in api-path error

* fix spacing issue on error flash

* add an action on list-controller that bubbles to the list-route mixin to refresh the route

* empty store when creating scopes

* don't delete _requestQuery in the loop, do it after

* add scope deletion from the scope list

* add deleteRecord to kmip adapters

* add model-wrap component

* delete role from detail page and list

* add revoke credentials functionality

* fix comment

* treat all operations fields specially on kmip roles

* adjust kmip role edit form for new fields

* fix api-path test

* update document blocks for menu-loader and model-wrap components
2019-07-02 16:23:07 -05:00
Jeff Mitchell ba29917e25 Fix github config path returning 500 instead of 404 2019-07-02 12:57:48 -04:00
Michael Gaffney 395e10957d
changelog++ 2019-07-02 10:59:14 -04:00
Jeff Mitchell 02120cfe5e Bump api/sdk 2019-07-02 10:25:04 -04:00
Jeff Mitchell 3168ae809b Bump sdk 2019-07-02 10:24:43 -04:00
Jeff Mitchell d7243f910a
Re-enable toggling renewable off for tokens (#7043)
Earlier in tokenutil's dev it seemed like there was no reason to allow
auth plugins to toggle renewability off. However, it turns out Centrify
makes use of this for sensible reasons. As a result, move the forcing-on
of renewability into tokenutil, but then allow overriding after
PopulateTokenAuth is called.
2019-07-02 10:23:46 -04:00
Jeff Mitchell 66431f37b0 Bump api/sdk 2019-07-02 09:53:02 -04:00
Jeff Mitchell 5217bb882f Bump API's sdk 2019-07-02 09:52:36 -04:00
Jeff Mitchell 126bdf2d02
Add UpgradeValue path to tokenutil (#7041)
This drastically reduces boilerplate for upgrading existing values
2019-07-02 09:52:05 -04:00
Jeff Mitchell 81770a4fe5 Fix some missing Period statements in recently tokenutilified auth method renewal funcs 2019-07-01 19:36:27 -04:00
Jeff Mitchell 3acf65ae12 Bump api/sdk 2019-07-01 18:29:44 -04:00
Jeff Mitchell fc4491890b Bump api's sdk import 2019-07-01 18:29:23 -04:00
emily 333d0425b9 fix permissions in GCP auth docs (#7035) 2019-07-01 15:13:36 -07:00
Madalyn 910f615bf5
UI: Clean up Dynamic UI for CRUD (#6994) 2019-07-01 16:35:18 -04:00
Jeff Mitchell 25f676b42e
Switch cert to tokenutil (#7037) 2019-07-01 16:31:37 -04:00
Jeff Mitchell 18a4ab1db5
Update github to tokenutil (#7031)
* Update github to tokenutil

* Update phrasing
2019-07-01 16:31:30 -04:00
Jeff Mitchell e8f9ea2857
Tokenutilize radius (#7034) 2019-07-01 16:30:39 -04:00
Jeff Mitchell 9c81f88623
Tokenutilize Okta (#7032) 2019-07-01 16:30:30 -04:00
Jeff Mitchell 2bca5f439f
AppRole TokenUtil conversion (#7020) 2019-07-01 16:30:08 -04:00
Jeff Mitchell d5d2414b4b
Tokenutilize the AWS auth backend (#7027) 2019-07-01 16:29:34 -04:00
Jeff Mitchell 4e226a7c0e
Tokenutilize ldap (#7036) 2019-07-01 16:16:23 -04:00