Jeff Mitchell
8c4f369e50
Revert grabbing lock in database Connection funcs
2017-12-19 12:53:21 -05:00
Jeff Mitchell
f9f64572f5
Clarify control group APIs are enterprise only.
...
Fixes #3702
2017-12-19 11:00:02 -05:00
Jeff Mitchell
7ef59df0b2
Add lock to sql connection as well
2017-12-19 10:38:26 -05:00
Jeff Mitchell
28e8fd1ca7
Add lock and close check on cassandra as well
2017-12-19 10:26:46 -05:00
Jeff Mitchell
3ba108f51e
Ping the mongo session when the connection is retrieved.
...
This was in the deprecated backend where it fixed a similar issue a long
time ago but for some reason didn't make it over. Additionally the
function wasn't being locked properly.
Hopefully fixes #2973
2017-12-19 10:11:04 -05:00
Brian Kassouf
6a74c119f3
secret/database: Fix upgrading database backend ( #3714 )
2017-12-18 19:38:47 -08:00
Jeff Mitchell
13024cbf83
changelog++
2017-12-18 15:31:40 -05:00
Calvin Leung Huang
40b8314c4d
Add period and max_ttl to cert role creation ( #3642 )
2017-12-18 15:29:45 -05:00
Roger Berlind
b5b77d29dc
Added example for Azure SQL Database ( #3700 )
2017-12-18 13:55:56 -05:00
Chris Hoffman
563edbe1f6
short circuit cert extensions check ( #3712 )
2017-12-18 13:19:05 -05:00
Jeff Mitchell
67d4d317d1
changelog++
2017-12-18 13:07:05 -05:00
Jeff Mitchell
266d42eb95
changelog++
2017-12-18 12:55:16 -05:00
Travis Cosgrave
95328e2fb4
Use Custom Cert Extensions as Cert Auth Constraint ( #3634 )
2017-12-18 12:53:44 -05:00
Jeff Mitchell
a572ed480c
Merge pull request #3695 from hashicorp/creds-period-logic
2017-12-18 12:40:03 -05:00
Jeff Mitchell
7fd6103fc5
Merge pull request #3401 from hashicorp/f-nomad
2017-12-18 12:24:10 -05:00
Jeff Mitchell
4f31ee7cc8
Merge branch 'master' into f-nomad
2017-12-18 12:23:39 -05:00
Ernest W. Durbin III
a6c0194b68
Correct documentation for Kubernetes Auth Plugin ( #3708 )
2017-12-18 12:12:08 -05:00
Calvin Leung Huang
469745e390
changelog++
2017-12-18 11:42:03 -05:00
Calvin Leung Huang
733e5330cd
changelog++
2017-12-18 10:32:02 -05:00
Chris Hoffman
13ce9aca40
changelog++
2017-12-18 10:15:29 -05:00
Jeff Mitchell
b80af5a993
Fix up comment
2017-12-18 10:11:24 -05:00
jaloren
8feb6e2c9d
Support Incrementing Lease TTL in Renew api ( #3688 )
2017-12-18 10:09:59 -05:00
Jeff Mitchell
7c427957a1
changelog++
2017-12-18 10:06:39 -05:00
Jeff Mitchell
4cc40105d3
Fix audited request header lookup ( #3707 )
...
The headers are stored lowercased but the lookup function wasn't
properly lowercasing when indexing in the header map.
Fixes #3701
2017-12-18 10:05:51 -05:00
Jeff Mitchell
7184a351d6
changelog++
2017-12-18 10:00:04 -05:00
immutability
f8cdeec783
Add Duo MFA to the Github backend ( #3696 )
2017-12-18 09:59:17 -05:00
Chris Hoffman
288c932add
adding recovery info to seal status ( #3706 )
2017-12-18 09:58:14 -05:00
Jeff Mitchell
b0d33e3bc0
Pull in new go-cleanhttp to fix data race
2017-12-18 09:40:22 -05:00
James Nugent
7480287181
physical/dynamodb: Clarify ha_enabled type ( #3703 )
...
The example in the documentation correctly passes a quoted boolean (i.e.
true or false as a string) instead of a "real" HCL boolean. This commit
corrects the parameter list to document that fact.
While it would be more desirable to change the implementation to accept
an unquoted boolean, it seems that the use of `hcl.DecodeObject` for
parameters which are not common to all storage back ends would make this
a rather more involved change than this necessarily warrants.
2017-12-18 09:30:29 -05:00
James Nugent
eb0cd8c29b
docs: Add correct method for mlock on systemd ( #3704 )
...
Although the previously described method of running setcap works if
setcap is available, the built-in LimitMEMLOCK directive is better.
2017-12-18 09:29:37 -05:00
Raja Nadar
bb667bf109
added the missing nonce and type fields ( #3694 )
2017-12-17 16:26:07 -05:00
Chris Hoffman
abbb1c623a
use defaultconfig as base, adding env var test
2017-12-17 10:51:39 -05:00
Chris Hoffman
737dbca37a
fixing up config to allow environment vars supported by api client
2017-12-17 09:10:56 -05:00
Calvin Leung Huang
d4f17b8f86
Use cleanhttp.PrintablePathCheckHandler to handle non-printable chara… ( #3697 )
2017-12-15 20:19:37 -05:00
Chris Hoffman
6c19fa3b78
Merge remote-tracking branch 'oss/master' into f-nomad
...
* oss/master:
Add support for encrypted TLS key files (#3685 )
2017-12-15 19:51:28 -05:00
Chris Hoffman
20aac4dc0a
adding existence check for roles
2017-12-15 19:50:20 -05:00
Chris Hoffman
b82493f9de
adding access config existence check and delete endpoint
2017-12-15 19:18:32 -05:00
Chris Hoffman
098c66a624
Add support for encrypted TLS key files ( #3685 )
2017-12-15 17:33:55 -05:00
Calvin Leung Huang
38df48654e
Use shortMaxTTL on Ec2 paths
2017-12-15 17:29:40 -05:00
Chris Hoffman
152b6e4305
address some feedback
2017-12-15 17:06:56 -05:00
Chris Hoffman
16e2edf389
Merge remote-tracking branch 'oss/master' into f-nomad
...
* oss/master:
Defer reader.Close that is used to determine sha256
changelog++
Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686 )
Add logic for using Auth.Period when handling auth login/renew requests (#3677 )
plugins/database: use context with plugins that use database/sql package (#3691 )
changelog++
Fix plaintext backup in transit (#3692 )
Database gRPC plugins (#3666 )
2017-12-15 17:05:42 -05:00
Calvin Leung Huang
ddfe767772
Update logic on renew paths
2017-12-15 16:26:42 -05:00
Calvin Leung Huang
327c28c77d
Update login logic for aws creds backend
2017-12-15 16:18:19 -05:00
Calvin Leung Huang
fff0d199bd
Update login logic for aws creds backend
2017-12-15 16:01:40 -05:00
Calvin Leung Huang
df653b68a9
Defer reader.Close that is used to determine sha256
2017-12-15 14:04:09 -05:00
Jeff Mitchell
38a4bb8544
changelog++
2017-12-15 13:32:30 -05:00
Calvin Leung Huang
9dc7bc7fd2
Avoid unseal failure if plugin backends fail to setup during postUnseal ( #3686 )
2017-12-15 13:31:57 -05:00
Calvin Leung Huang
895cffa4cf
Add logic for using Auth.Period when handling auth login/renew requests ( #3677 )
...
* Add logic for using Auth.Period when handling auth login/renew requests
* Set auth.TTL if not set in handleLoginRequest
* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken
* Get sysView from le.Path, revert tests
* Add back auth.Policies
* Fix TokenStore tests, add resp warning when capping values
* Use switch for ttl/period check on RenewToken
* Move comments around
2017-12-15 13:30:05 -05:00
Brian Kassouf
1eec51abff
plugins/database: use context with plugins that use database/sql package ( #3691 )
2017-12-15 10:26:17 -08:00
Jeff Mitchell
d1b12356d8
changelog++
2017-12-15 09:56:06 -05:00