Commit graph

8555 commits

Author SHA1 Message Date
Matthew Irish 5b00b4b10a
UI - add JWT auth, remove alias metadata (#4986)
* remove the ability to edit metadata on entity aliases
* add JWT auth method in the UI
2018-07-24 17:35:31 -05:00
Jeff Mitchell 4261618d10 Add request timeouts in normal request path and to expirations (#4971)
* Add request timeouts in normal request path and to expirations

* Add ability to adjust default max request duration

* Some test fixes

* Ensure tests have defaults set for max request duration

* Add context cancel checking to inmem/file

* Fix tests

* Fix tests

* Set default max request duration to basically infinity for this release for BC

* Address feedback
2018-07-24 14:50:49 -07:00
Jeff Mitchell 9bfd73bfc6 Modify approle tidy to validate dangling accessors (#4981) 2018-07-24 14:00:53 -07:00
Jeff Mitchell 9687ccc8fa Tackle #4929 a different way (#4932)
* Tackle #4929 a different way

This turns c.sealed into an atomic, which allows us to call sealInternal
without a lock. By doing so we can better control lock grabbing when a
condition causing the standby loop to get out of active happens. This
encapsulates that logic into two distinct pieces (although they could
be combined into one), and makes lock guarding more understandable.

* Re-add context canceling to the non-HA version of sealInternal

* Return explicitly after stopCh triggered
2018-07-24 13:57:25 -07:00
Jeff Mitchell d144f2935e Two-pronged fix for renew policy checking (#4960)
1) In backends, ensure they are now using TokenPolicies
2) Don't reassign auth.Policies until after expmgr registration as we
don't need them at that point

Fixes #4829
2018-07-24 12:03:11 -07:00
Chris Hoffman da1704e0a0
changelog++ 2018-07-24 14:27:01 -04:00
Chris Hoffman 45be1ee3e1
Read all pages when list results are paged (#4983) 2018-07-24 14:24:32 -04:00
Jeff Mitchell e6ca29d96d changelog++ 2018-07-24 10:10:31 -04:00
andrejvanderzee c1c9e23fc5 Fixed writing config attribute 'max_retries' for existing client configs for aws auth method. (#4980) 2018-07-24 10:09:44 -04:00
Jim Kalafut ca8dd26374
Update Azure auth plugin (#4978) 2018-07-23 15:00:46 -07:00
Matthew Irish 5896af60e6
changelog++ 2018-07-23 16:58:50 -05:00
Matthew Irish 756056a9be
UI - fix kv object so that falsey values don't get coerced to empty strings (#4977)
* fix kv object so that falsey values don't get coerced to empty strings
* equal for string compare
2018-07-23 16:57:35 -05:00
Jeff Mitchell 9775340547 Log nil secret IDs instead of swallowing error 2018-07-23 17:46:20 -04:00
Jeff Mitchell 73f442ce86 changelog++ 2018-07-23 12:45:49 -04:00
Jeff Mitchell caa5661031
Pass identity metadata through to plugins (#4967)
It's not obvious why this should be secret, and if it were considered
secret, when and what anything would ever be allowed to access it.
Likely the right way to tie secret values to particular
entities/aliases/groups would be to use the upcoming templated ACL
feature.
2018-07-23 12:45:06 -04:00
Chris Hoffman 0c87e69486
changelog++ 2018-07-23 10:02:22 -04:00
Chris Hoffman b37c05cf64
updating azure auth plugin and docs (#4975) 2018-07-23 10:00:44 -04:00
Jim Kalafut a16300e593
Add FoundationDB link to sidebar 2018-07-20 20:10:52 -07:00
Matthew Irish 4de7e4806b
UI unauthenticated auth method login (#4972)
* fix unauthenticated auth form
* make sure to redirect if you're already authed
* add the ability to build in a welcome message at build time
2018-07-20 16:48:25 -05:00
Jeff Mitchell 1d99b7fd05
Properly watch quit context in expireID instead of locking first (#4970) 2018-07-20 17:00:09 -04:00
Yoko 3cd55dc26d
Git repo folder name changed (#4969) 2018-07-20 11:46:12 -07:00
Jeff Mitchell e1c1315393 changelog++ 2018-07-20 14:11:31 -04:00
Brian Kassouf a2fecd6c49 plugins: Allow the server to receive large messages (#4958) 2018-07-20 14:11:00 -04:00
Olivier Lemasle 4604c00018 State in docs that FoundationDB backend is community supported (#4964) 2018-07-20 09:59:13 -04:00
Peter Vandenabeele db2970623d Fix small typo in Vault website documentation (#4962) 2018-07-20 09:57:16 -04:00
Jeff Mitchell 5400a5e4da changelog++ 2018-07-20 00:48:59 -04:00
Brian Shumate e2dd0864c4 Add missing telemetry metrics (#4785)
* Add missing telemetry metrics

- Add merkle related telemetry
- Add WAL related telemetry

* additional wal metrics

* Use correct metrics naming
2018-07-19 18:36:55 -04:00
Chris Hoffman 712652c318
Fixing formatting 2018-07-19 10:36:09 -04:00
Chris Hoffman 6a169ab00d
Adding information on required azure permissions (#4956) 2018-07-19 10:24:55 -04:00
Jeff Mitchell bb057dd1df Update go-retryablehttp and affected deps 2018-07-19 08:50:18 -04:00
John Naulty Jr 498a8d9456 fix Issue #4952 static-secrets small typo (#4953) 2018-07-18 22:36:47 -07:00
Matthew Irish 2ea9775f6b
changelog++ 2018-07-18 21:14:07 -05:00
Matthew Irish 9953eb76aa
UI - control groups (#4947)
* add routes for control groups in tools, settings, access (#4718)
* UI control group - storage, request, authorization, and unwrapping (#4899)
* UI control groups config (#4927)
2018-07-18 20:59:04 -05:00
Matthew Irish 3e5731a7b8
UI: ember-auto-import (#4933)
* add auto-import
* remove imports that we can and get rid of autosize shim
* remove items from eslinrc
* import base64js in shamir key
2018-07-18 09:13:39 -05:00
Tomohisa Oda 9ff2081e8b add sequelize-vault to third-party tools (#4945) 2018-07-17 21:45:37 -07:00
Michael Russell c66544381a Make the SSH executable path configurable (#4937)
Making this configurable is useful for windows users which may not be
using the default `ssh` executable. It also means that users can point to a
specify SSH executable if multiple are available.
2018-07-17 17:47:07 -07:00
Becca Petrin 0918c8246a Disallow negative TypeDurationSecond (#4910)
* add mount ttl helper

* disallow negative TypeDurationSecond values
2018-07-17 17:46:03 -07:00
Yoko b41a1c6134
Updated - Secure Introduction to Vault Clients guide (#4944)
* Incorporated Armon's feedback

* Added a diagram
2018-07-17 15:54:48 -07:00
Jeff Mitchell 50ea7f3825 Fix context shadowing during radius login (#4941)
Fixes #4938
2018-07-17 11:17:07 -07:00
Becca Petrin ba39deb411 fix possible panic (#4942) 2018-07-17 11:15:28 -07:00
Jeff Mitchell 8b0561aad8
Two small items: (#4934)
1) Disable MaxRetries in test cluster clients. We generally want to fail
as fast as possible in tests so adding unpredictable timing in doesn't
help things, especially if we're timing sensitive in the test.

2) EquivalentPolicies is supposed to return true if only one set
contains `default` and the other is empty, but if one set was nil
instead of simply a zero length slice it would always return false. This
means that renewing against, say, `userpass` when not actually
specifying any user policies would always fail.
2018-07-17 01:23:26 -04:00
Yoko 67b349a107
Secure Introduction to Vault Clients Guide (#4871)
* WIP

* WIP - Secure Intro Guide

* WIP secure intro guide

* WIP Secure Intro Guide

* WIP Secure Intro Guide

* WIP Secure Intro Guide
2018-07-16 15:17:52 -07:00
Jeff Mitchell 75547fcac3 Remove defer of atomic add to see if that fixes data race 2018-07-16 11:34:47 -04:00
Jeff Mitchell c420eb01c5 changelog++ 2018-07-16 10:56:19 -04:00
Julien Blache c8fb9ed6a8 FoundationDB physical backend (#4900) 2018-07-16 10:18:09 -04:00
Ram Nadella 493752334a Fix environment mismatch in MySQL cert step (#4835) 2018-07-16 10:13:44 -04:00
Jeff Mitchell a3ebf4840f changelog++ 2018-07-16 10:12:40 -04:00
Michael Russell b6dfe372fd Allow vault ssh to work with single ssh args like -v (#4825) 2018-07-16 10:11:56 -04:00
Richie Yeung 8fb804ecce Fix empty string check for password (#4923) 2018-07-13 12:35:06 -07:00
Brian Kassouf 57d9c335d8
Don't shutdown if we lose leadership during lease restoration (#4924)
* Don't shutdown if we lose leadership during lease restoration

* Update comment
2018-07-13 11:30:08 -07:00