7782 Commits

Author SHA1 Message Date
Jeff Mitchell
8c4f369e50 Revert grabbing lock in database Connection funcs 2017-12-19 12:53:21 -05:00
Jeff Mitchell
f9f64572f5 Clarify control group APIs are enterprise only.
Fixes #3702
2017-12-19 11:00:02 -05:00
Jeff Mitchell
7ef59df0b2 Add lock to sql connection as well 2017-12-19 10:38:26 -05:00
Jeff Mitchell
28e8fd1ca7 Add lock and close check on cassandra as well 2017-12-19 10:26:46 -05:00
Jeff Mitchell
3ba108f51e Ping the mongo session when the connection is retrieved.
This was in the deprecated backend where it fixed a similar issue a long
time ago but for some reason didn't make it over. Additionally the
function wasn't being locked properly.

Hopefully fixes #2973
2017-12-19 10:11:04 -05:00
Brian Kassouf
6a74c119f3
secret/database: Fix upgrading database backend (#3714) 2017-12-18 19:38:47 -08:00
Jeff Mitchell
13024cbf83 changelog++ 2017-12-18 15:31:40 -05:00
Calvin Leung Huang
40b8314c4d Add period and max_ttl to cert role creation (#3642) 2017-12-18 15:29:45 -05:00
Roger Berlind
b5b77d29dc Added example for Azure SQL Database (#3700) 2017-12-18 13:55:56 -05:00
Chris Hoffman
563edbe1f6
short circuit cert extensions check (#3712) 2017-12-18 13:19:05 -05:00
Jeff Mitchell
67d4d317d1 changelog++ 2017-12-18 13:07:05 -05:00
Jeff Mitchell
266d42eb95 changelog++ 2017-12-18 12:55:16 -05:00
Travis Cosgrave
95328e2fb4 Use Custom Cert Extensions as Cert Auth Constraint (#3634) 2017-12-18 12:53:44 -05:00
Jeff Mitchell
a572ed480c
Merge pull request #3695 from hashicorp/creds-period-logic 2017-12-18 12:40:03 -05:00
Jeff Mitchell
7fd6103fc5
Merge pull request #3401 from hashicorp/f-nomad 2017-12-18 12:24:10 -05:00
Jeff Mitchell
4f31ee7cc8
Merge branch 'master' into f-nomad 2017-12-18 12:23:39 -05:00
Ernest W. Durbin III
a6c0194b68 Correct documentation for Kubernetes Auth Plugin (#3708) 2017-12-18 12:12:08 -05:00
Calvin Leung Huang
469745e390 changelog++ 2017-12-18 11:42:03 -05:00
Calvin Leung Huang
733e5330cd changelog++ 2017-12-18 10:32:02 -05:00
Chris Hoffman
13ce9aca40 changelog++ 2017-12-18 10:15:29 -05:00
Jeff Mitchell
b80af5a993 Fix up comment 2017-12-18 10:11:24 -05:00
jaloren
8feb6e2c9d Support Incrementing Lease TTL in Renew api (#3688) 2017-12-18 10:09:59 -05:00
Jeff Mitchell
7c427957a1 changelog++ 2017-12-18 10:06:39 -05:00
Jeff Mitchell
4cc40105d3
Fix audited request header lookup (#3707)
The headers are stored lowercased but the lookup function wasn't
properly lowercasing when indexing in the header map.

Fixes #3701
2017-12-18 10:05:51 -05:00
Jeff Mitchell
7184a351d6 changelog++ 2017-12-18 10:00:04 -05:00
immutability
f8cdeec783 Add Duo MFA to the Github backend (#3696) 2017-12-18 09:59:17 -05:00
Chris Hoffman
288c932add
adding recovery info to seal status (#3706) 2017-12-18 09:58:14 -05:00
Jeff Mitchell
b0d33e3bc0 Pull in new go-cleanhttp to fix data race 2017-12-18 09:40:22 -05:00
James Nugent
7480287181 physical/dynamodb: Clarify ha_enabled type (#3703)
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.

While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
2017-12-18 09:30:29 -05:00
James Nugent
eb0cd8c29b docs: Add correct method for mlock on systemd (#3704)
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
2017-12-18 09:29:37 -05:00
Raja Nadar
bb667bf109 added the missing nonce and type fields (#3694) 2017-12-17 16:26:07 -05:00
Chris Hoffman
abbb1c623a use defaultconfig as base, adding env var test 2017-12-17 10:51:39 -05:00
Chris Hoffman
737dbca37a fixing up config to allow environment vars supported by api client 2017-12-17 09:10:56 -05:00
Calvin Leung Huang
d4f17b8f86 Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… (#3697) 2017-12-15 20:19:37 -05:00
Chris Hoffman
6c19fa3b78 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Add support for encrypted TLS key files (#3685)
2017-12-15 19:51:28 -05:00
Chris Hoffman
20aac4dc0a adding existence check for roles 2017-12-15 19:50:20 -05:00
Chris Hoffman
b82493f9de adding access config existence check and delete endpoint 2017-12-15 19:18:32 -05:00
Chris Hoffman
098c66a624
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Calvin Leung Huang
38df48654e Use shortMaxTTL on Ec2 paths 2017-12-15 17:29:40 -05:00
Chris Hoffman
152b6e4305 address some feedback 2017-12-15 17:06:56 -05:00
Chris Hoffman
16e2edf389 Merge remote-tracking branch 'oss/master' into f-nomad
* oss/master:
  Defer reader.Close that is used to determine sha256
  changelog++
  Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686)
  Add logic for using Auth.Period when handling auth login/renew requests (#3677)
  plugins/database: use context with plugins that use database/sql package (#3691)
  changelog++
  Fix plaintext backup in transit (#3692)
  Database gRPC plugins (#3666)
2017-12-15 17:05:42 -05:00
Calvin Leung Huang
ddfe767772 Update logic on renew paths 2017-12-15 16:26:42 -05:00
Calvin Leung Huang
327c28c77d Update login logic for aws creds backend 2017-12-15 16:18:19 -05:00
Calvin Leung Huang
fff0d199bd Update login logic for aws creds backend 2017-12-15 16:01:40 -05:00
Calvin Leung Huang
df653b68a9 Defer reader.Close that is used to determine sha256 2017-12-15 14:04:09 -05:00
Jeff Mitchell
38a4bb8544 changelog++ 2017-12-15 13:32:30 -05:00
Calvin Leung Huang
9dc7bc7fd2 Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686) 2017-12-15 13:31:57 -05:00
Calvin Leung Huang
895cffa4cf
Add logic for using Auth.Period when handling auth login/renew requests (#3677)
* Add logic for using Auth.Period when handling auth login/renew requests

* Set auth.TTL if not set in handleLoginRequest

* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken

* Get sysView from le.Path, revert tests

* Add back auth.Policies

* Fix TokenStore tests, add resp warning when capping values

* Use switch for ttl/period check on RenewToken

* Move comments around
2017-12-15 13:30:05 -05:00
Brian Kassouf
1eec51abff
plugins/database: use context with plugins that use database/sql package (#3691) 2017-12-15 10:26:17 -08:00
Jeff Mitchell
d1b12356d8 changelog++ 2017-12-15 09:56:06 -05:00