mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-15 11:07:00 +02:00
Code Issues Projects Releases Wiki Activity
10,305 Commits 2,843 Branches 445 Tags 454 MiB
9be1128201
Commit Graph

1096 Commits

Author SHA1 Message Date
Bharath B
06524611cd Config parameter "tls_disable_client_certs" is wrongly evaluated. (#4049) 2018-02-28 10:07:23 -05:00
Jeff Mitchell
1a6debb115
Use atomic values in seal to avoid some data races (#4040) 2018-02-23 17:18:48 -05:00
Calvin Leung Huang
45454eb82e
Add TTL related config options on auth enable (#4019) 2018-02-22 10:26:29 -05:00
Jeff Mitchell
ce885ac9c9 Force trace mode in three-node 2018-02-22 01:44:19 -05:00
Jeff Mitchell
a7cde35285 Add four cluster flag 2018-02-22 00:23:37 -05:00
Max Walther
1c9f1736fb Fix bug with vault cli when reading an individual field containing a Printf formatting verb (#4005) 2018-02-19 09:29:45 -05:00
Jeff Mitchell
9c88c9ddac
Handle missed error case in seal status output format (#4001) 
Fixes #3998
 2018-02-17 20:52:42 -05:00
Jeff Mitchell
324422162a Also exclude init command from race detector 2018-02-16 11:09:36 -05:00
Jeff Mitchell
b24cf9a8af
Allow formatted data when using -field and -format together. (#3987) 
* Allow formatted data when using -field and -format together.

As a special case, allows "data" to be passed in to get the entire data
struct output.

* If data exists in the output map use that instead when special casing
 2018-02-15 09:11:56 -05:00
Seth Vargo
7af2bdc5a4 Add support for Google Cloud Spanner (#3977) 2018-02-14 20:31:20 -05:00
Jeff Mitchell
7ddc025dee
Re-add lost stored-shares parameter to operator rekey command. (#3974) 
Also change the rekey API to not require explicitly setting values to 1.

Fixes #3969
 2018-02-14 16:10:45 -05:00
Seth Vargo
ee4327d71b Remove mlock warning when mlock is explicitly disabled (#3979) 2018-02-14 15:11:33 -05:00
Jeff Mitchell
89dbe2deff
Add newline on non-ttl output (#3967) 
Output is formatted with newlines in mind, so without this those get
lost and things get funky due to multiple outputs running together.
 2018-02-13 14:46:57 -05:00
Jeff Mitchell
effb396185 Make fmt 2018-02-12 21:01:14 -05:00
Paul Stack
7181749031 Adding Manta Storage Backend (#3720) 
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
 2018-02-12 18:22:41 -05:00
Calvin Leung Huang
3189278c84
CLI Enhancements (#3897) 
* Use Colored UI if stdout is a tty

* Add format options to operator unseal

* Add format test on operator unseal

* Add -no-color output flag, and use BasicUi if no-color flag is provided

* Move seal status formatting logic to OutputSealStatus

* Apply no-color to warnings from DeprecatedCommands as well

* Add OutputWithFormat to support arbitrary data, add format option to auth list

* Add ability to output arbitrary list data on TableFormatter

* Clear up switch logic on format

* Add format option for list-related commands

* Add format option to rest of commands that returns a client API response

* Remove initOutputYAML and initOutputJSON, and use OutputWithFormat instead

* Remove outputAsYAML and outputAsJSON, and use OutputWithFormat instead

* Remove -no-color flag, use env var exclusively to toggle colored output

* Fix compile

* Remove -no-color flag in main.go

* Add missing FlagSetOutputFormat

* Fix generate-root/decode test

* Migrate init functions to main.go

* Add no-color flag back as hidden

* Handle non-supported data types for TableFormatter.OutputList

* Pull formatting much further up to remove the need to use c.flagFormat (#3950)

* Pull formatting much further up to remove the need to use c.flagFormat

Also remove OutputWithFormat as the logic can cause issues.

* Use const for env var

* Minor updates

* Remove unnecessary check

* Fix SSH output and some tests

* Fix tests

* Make race detector not run on generate root since it kills Travis these days

* Update docs

* Update docs

* Address review feedback

* Handle --format as well as -format
 2018-02-12 18:12:16 -05:00
rmbrad
51a2aaee4c Fixes for SSH command CA mode (#3922) 
* Add `valid-principals` flag to SSH command CA mode options

* Fix SSH command CA mode host certificate validation
 2018-02-12 17:53:34 -05:00
Jeff Mitchell
65328e9c12 Fix race in approle integ test 2018-02-09 17:01:10 -05:00
Vishal Nayak
5bb8fa2469
AppRole/Identity: Fix for race when creating an entity during login (#3932) 
* possible fix for race in approle login while creating entity

* Add a test that hits the login request concurrently

* address review comments
 2018-02-09 10:40:56 -05:00
Jeff Mitchell
dd9f17ef7d Exclude rekey command tests from race detector 2018-02-08 13:34:45 -05:00
Jed
b020d310e4 Lil typo fixes (#3925) 
Read through the initial docs and noticed a few typos
 2018-02-07 09:38:11 -05:00
Vishal Nayak
67cc60fbb6
command/ssh: create and reuse the api client (#3909) 
* pass around the api client

* reuse the client object in the base command
 2018-02-06 13:06:17 -05:00
Jeff Mitchell
7d73ac4c96 go vet fixes 2018-02-05 14:26:31 -05:00
Jeff Mitchell
359c7cdffa Add centrify CLI handler support 2018-02-05 10:56:57 -05:00
Chris Hoffman
7cc193d666
Adding tests to ensure all backends are mountable (#3861) 2018-02-01 11:30:04 -05:00
Jeff Mitchell
d9030a3c71 (Re...)Add Nomad secrets engine. 
Fixes #3858
 2018-01-28 14:38:19 -05:00
Vishal Nayak
cc0c0dfaf9
Redirect server output warnings to stdout (#3831) 2018-01-22 20:58:27 -05:00
Chris Hoffman
3f97410fe4 adding back -dr-token flag to generate-root command (#3818) 2018-01-19 19:25:45 -05:00
Jeff Mitchell
e1028c644f Add centrify plugin as builtin 2018-01-19 06:03:33 -05:00
Jeff Mitchell
07893b2659 Add gcp and kubernetes back now that they're updated 2018-01-19 05:56:34 -05:00
Jeff Mitchell
cfc788f60e Remove context from a few extraneous places 2018-01-19 03:44:06 -05:00
Brian Kassouf
8142b42d95 Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 01:44:44 -05:00
Vishal Nayak
d552102457
SHA2-256 salting for AppID (#3806) 
* Use SHA2-256 hash with prefix to upgrade the paths

* test the SHA1 upgrade to SHA256

* Remove hash identifier and the delimiter; use 's' instead

* Added API test to verify the correctness of the fix

* Fix broken test

* remove unneeded test
 2018-01-17 19:48:32 -05:00
Jeff Mitchell
9a7c7a88a3 Change next major release of Vault to 0.11 or later to make it less scary 2018-01-17 19:31:52 -05:00
Jeff Mitchell
665058ee84 Fix outdated test 2018-01-10 11:33:53 -05:00
Jeff Mitchell
d6552a11cc Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Jeff Mitchell
706591e750
Allow log level to be specified in an env var (#3721) 2017-12-19 17:12:23 -05:00
Chris Hoffman
288c932add
adding recovery info to seal status (#3706) 2017-12-18 09:58:14 -05:00
Chris Hoffman
098c66a624
Add support for encrypted TLS key files (#3685) 2017-12-15 17:33:55 -05:00
Chris Hoffman
2931148d09
adding ability to override temp dir in dev cluster (#3673) 2017-12-11 18:02:35 -05:00
Jeff Mitchell
c2cef877f4 Port over some changes 2017-11-30 09:43:07 -05:00
Jeff Mitchell
3bc512bd8d Use Seal Type instead of Type in status output for less confusion 2017-11-21 12:14:00 -05:00
Chris Hoffman
def7b5c510
generate token functions to share common names (#3576) 2017-11-13 15:44:26 -05:00
Jeff Mitchell
5be2e8e3b3 grpclogfaker should use or, not and, to check whether to log 2017-11-13 15:37:00 -05:00
Jeff Mitchell
c77196cea2
Port over bits (#3575) 2017-11-13 15:31:32 -05:00
Calvin Leung Huang
56b5c8e8bd
Docs update related to new top-level config values (#3556) 
* Add new top level config value docs, add VAULT_API_ADDR, purge old references

* Fix indentation

* Update wording on ha.html

* Add section on split data/HA mode

* Fix grammar
 2017-11-10 20:06:07 -05:00
Jeff Mitchell
b445783d65 Don't output log level twice in three node mode 2017-11-10 16:33:16 -05:00
Jeff Mitchell
547e18f9ed Add core numbers to output in dev three node 2017-11-10 16:21:46 -05:00
Brian Kassouf
6fc21d88e2
Add API methods for creating a DR Operation Token and make generate root accept strategy types (#3565) 
* Add API and Command code for generating a DR Operation Token

* Update generate root to accept different token strategies
 2017-11-10 10:19:42 -08:00
Calvin Leung Huang
faccf38997 Move HA-related config values to top level (#3550) 
* Move HA-related config values to top level

* Add config2.hcl test-fixture
 2017-11-08 14:19:41 -05:00
Calvin Leung Huang
c7b5b8b0b4 aws_region->region on awskms config 2017-11-02 16:31:16 -04:00
Vishal Nayak
66642a0935
External identity groups (#3447) 
* external identity groups

* add local LDAP groups as well to group aliases

* add group aliases for okta credential backend

* Fix panic in tests

* fix build failure

* remove duplicated struct tag

* add test steps to test out removal of group member during renewals

* Add comment for having a prefix check in router

* fix tests

* s/parent_id/canonical_id

* s/parent/canonical in comments and errors
 2017-11-02 16:05:48 -04:00
Jeff Mitchell
41568317e0
Redo API locking (#3508) 
* Redo the API client quite a bit to make the behavior of NewClient more
predictable and add locking to make it safer to use with Clone() and if
multiple goroutines for some reason decide to change things.

Along the way I discovered that currently, the x/net/http2 package is
broke with the built-in h2 support in released Go. For those using
DefaultConfig (the vast majority of cases) this will be a non-event.
Others can manually call http2.ConfigureTransport as needed. We should
keep an eye on commits on that repo and consider more updates before
release. Alternately we could go back revisions but miss out on bug
fixes; my theory is that this is not a purposeful break and I'll be
following up on this in the Go issue tracker.

In a few tests that don't use NewTestCluster, either for legacy or other
reasons, ensure that http2.ConfigureTransport is called.

* Use tls config cloning

* Don't http2.ConfigureServer anymore as current Go seems to work properly without requiring the http2 package

* Address feedback
 2017-11-02 09:30:04 -05:00
Jeff Mitchell
962ef74cb2
Add seal type to seal-status output. (#3516) 2017-11-01 21:00:41 -05:00
Seth Vargo
661fac88a4
Use renamed method 2017-10-24 09:39:51 -04:00
Jeff Mitchell
5256da0fab
Don't swallow errors on token functions. 2017-10-24 09:39:35 -04:00
Seth Vargo
b2f0c0d92d
Update to use hidden commands 2017-10-24 09:39:34 -04:00
Seth Vargo
be7c31f695
Fix bad rebase 
Apparently I can't git...
 2017-10-24 09:39:34 -04:00
Seth Vargo
80e757c3b2
More consistent output 2017-10-24 09:34:30 -04:00
Seth Vargo
9c76f0b2e5
Use a unified helper for seal output 2017-10-24 09:34:12 -04:00
Seth Vargo
23d1d9a1ac
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo
3da398de34
Use vault login instead of vault list in example 2017-10-24 09:32:15 -04:00
Seth Vargo
b8e4b0d515
Standardize on "auth method" 
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
 2017-10-24 09:32:15 -04:00
Seth Vargo
bd703adacd
Write all the deprecated commands together 2017-10-24 09:30:48 -04:00
Seth Vargo
3a84897213
Add a custom flag for specifying "system" ttls 2017-10-24 09:30:48 -04:00
Seth Vargo
b4d9d1517b
Move more formatting into base_helpers 2017-10-24 09:30:48 -04:00
Seth Vargo
d4e46e97f2
Update write command 2017-10-24 09:30:48 -04:00
Seth Vargo
54b6254763
Update unwrap command 2017-10-24 09:30:48 -04:00
Seth Vargo
f8b71c9baa
Update version command 2017-10-24 09:30:48 -04:00
Seth Vargo
cf0c219668
Update status command 2017-10-24 09:30:48 -04:00
Seth Vargo
6b5685a91f
Update ssh command 2017-10-24 09:30:48 -04:00
Seth Vargo
22dd8a23d7
Update server command 2017-10-24 09:30:48 -04:00
Seth Vargo
ef86e95eff
Add "operator" subcommand 2017-10-24 09:30:48 -04:00
Seth Vargo
387cce957e
Rename mounts to secrets engines and add the subcommand 2017-10-24 09:30:48 -04:00
Seth Vargo
d4b68970f3
Update read command 2017-10-24 09:30:48 -04:00
Seth Vargo
a34b2dae9f
Add "policy" subcommand 2017-10-24 09:30:48 -04:00
Seth Vargo
d695dbf111
Update path-help command 2017-10-24 09:30:48 -04:00
Seth Vargo
67611bfcd3
Update list command 2017-10-24 09:30:47 -04:00
Seth Vargo
9a80d9a8f8
Add lease subcommand 2017-10-24 09:30:47 -04:00
Seth Vargo
6b75e6e2bf
Update delete command 2017-10-24 09:30:47 -04:00
Seth Vargo
36eccfb424
Predict "generic" as a secrets engine 2017-10-24 09:30:47 -04:00
Seth Vargo
b50d7d69bd
Add token as a subcommand 2017-10-24 09:30:47 -04:00
Seth Vargo
98b356d7f1
Make audit a subcommand 2017-10-24 09:30:47 -04:00
Seth Vargo
5c5d06ecd7
Add login subcommand 
This replaces the "auth" part of "vault auth"
 2017-10-24 09:30:47 -04:00
Seth Vargo
fc535647fc
Introduce auth as a subcommand 2017-10-24 09:30:47 -04:00
Seth Vargo
b96015a386
Wire all commands together 2017-10-24 09:30:47 -04:00
Seth Vargo
9d1b0e640f
Update write command 2017-10-24 09:30:47 -04:00
Seth Vargo
f161584f0d
Update version command 2017-10-24 09:30:47 -04:00
Seth Vargo
01d4b5dd09
Update unwrap command 2017-10-24 09:30:47 -04:00
Seth Vargo
80c3d4f319
update unseal command 2017-10-24 09:30:47 -04:00
Seth Vargo
a84b6e4173
Update unmount command 2017-10-24 09:30:46 -04:00
Seth Vargo
621774e425
Update token-revoke command 2017-10-24 09:30:46 -04:00
Seth Vargo
c2a78c6cfe
Update token-renew command 2017-10-24 09:30:46 -04:00
Seth Vargo
618665bf8d
Update token-lookup command 2017-10-24 09:30:46 -04:00
Seth Vargo
eee5edb102
Update token-create command 2017-10-24 09:30:46 -04:00
Seth Vargo
ba5712ef4f
Update step-down command 2017-10-24 09:30:46 -04:00
Seth Vargo
bd33fe3c73
Update status command 2017-10-24 09:30:46 -04:00
Seth Vargo
9eb5978d1d
Update ssh command 2017-10-24 09:30:46 -04:00
Seth Vargo
f5b791108b
Update seal command 2017-10-24 09:30:46 -04:00
Seth Vargo
0380caedd9
Update rotate command 2017-10-24 09:30:46 -04:00
Seth Vargo
8df5905c34
Update revoke command 2017-10-24 09:30:46 -04:00
Seth Vargo
c6380da6ce
Update renew command 2017-10-24 09:30:46 -04:00
Seth Vargo
02dd8b975e
Update remount command 2017-10-24 09:30:46 -04:00
Seth Vargo
ec1677f3e7
Update rekey command 2017-10-24 09:30:46 -04:00
Seth Vargo
ad1482e123
Update read command 2017-10-24 09:29:37 -04:00
Seth Vargo
0d598a7f1e
Update policy-write command 2017-10-24 09:29:37 -04:00
Seth Vargo
cfd378187a
Update policy-list command 2017-10-24 09:29:37 -04:00
Seth Vargo
eece6eea4a
Update policy-delete command 2017-10-24 09:29:36 -04:00
Seth Vargo
f244e03fda
Update path-help command 2017-10-24 09:29:36 -04:00
Seth Vargo
3a0af6b8eb
Update mounts command 2017-10-24 09:29:36 -04:00
Seth Vargo
8f6a5c4a45
Update mount-tune command 2017-10-24 09:28:07 -04:00
Seth Vargo
5cc5b6c6a6
Update mount command 2017-10-24 09:28:07 -04:00
Seth Vargo
1047792f2d
Update list command 2017-10-24 09:28:07 -04:00
Seth Vargo
f93e3e3e70
Update key-status command 2017-10-24 09:28:07 -04:00
Seth Vargo
a3c4e35848
Update init command 2017-10-24 09:28:07 -04:00
Seth Vargo
6028c84a02
Update generate-root command 2017-10-24 09:28:07 -04:00
Seth Vargo
9d4e8c3529
Update format to not use colored UI for json/yaml 2017-10-24 09:28:07 -04:00
Seth Vargo
d38abb665b
Update delete command 2017-10-24 09:28:07 -04:00
Seth Vargo
a7589f7613
Update capabilities command 2017-10-24 09:28:06 -04:00
Seth Vargo
ae4bf4eec7
Add new auth-list command 2017-10-24 09:28:06 -04:00
Seth Vargo
4e55d014f5
Add new auth-help command 2017-10-24 09:28:06 -04:00
Seth Vargo
5988dfc436
Update auth-enable command 2017-10-24 09:28:06 -04:00
Seth Vargo
fb5fc77209
Update auth-disable command 2017-10-24 09:28:06 -04:00
Seth Vargo
9ff68fffa2
Update auth command 2017-10-24 09:28:06 -04:00
Seth Vargo
ca28cde14b
Update audit-list command 2017-10-24 09:28:06 -04:00
Seth Vargo
78160740f0
Update audit-enable command 2017-10-24 09:28:06 -04:00
Seth Vargo
3186d0d562
Update audit-disable command 2017-10-24 09:28:06 -04:00
Seth Vargo
738e4ea286
Add more testing helper functions 2017-10-24 09:28:06 -04:00
Seth Vargo
c81fc5b013
Remove wrapping tests 
There are no dedicated tests for this, but ttl wrapping is littered throughout other tests
 2017-10-24 09:28:06 -04:00
Seth Vargo
94df25dbf7
Detect terminal and use the output writer for raw fields 
If the value is being "piped", we don't print colors or the newline character at the end. If it's not, we still give users pretty when selecting a raw field/value.
 2017-10-24 09:28:06 -04:00
Seth Vargo
48ab42c32f
Add helper for decrypting via PGP in tests 2017-10-24 09:28:06 -04:00
Seth Vargo
fc58acbd7e
Remove unused file for tests 2017-10-24 09:28:06 -04:00
Seth Vargo
0cfb558f0b
Add more predictors 2017-10-24 09:28:06 -04:00
Seth Vargo
e3fff2a788
Read env config for predictions 2017-10-24 09:28:05 -04:00
Seth Vargo
2a4404c20a
Expand and centralize helpers 2017-10-24 09:28:05 -04:00
Seth Vargo
125f055903
Cleanup base flags a bit 2017-10-24 09:28:05 -04:00
Seth Vargo
4bd867c56a
Use a TokenHelper method 
It's weird to have two different helper funcs that can return different errors
 2017-10-24 09:28:05 -04:00
Seth Vargo
fceddbe724
Allow hiding flags 2017-10-24 09:28:05 -04:00
Seth Vargo
4d9a42aa20
Add an in-mem token helper for testing 2017-10-24 09:27:19 -04:00
Seth Vargo
1552436a12
Add interface assertions for token helpers 
This will ensure they meet the right API
 2017-10-24 09:27:19 -04:00
Seth Vargo
47a633b83e
Drop cli and meta packages 
This centralizes all command-related things in the command package
 2017-10-24 09:27:19 -04:00
Seth Vargo
792527bb83
Unwrap cli.Ui to get to the underlying writer 
This allows us to write without a newline character, since the Ui
interface doesn't expose a direct Write() method.
 2017-10-24 09:26:45 -04:00
Seth Vargo
b67f9404a8
Only print default values if they are non-zero 2017-10-24 09:26:44 -04:00
Seth Vargo
eacb3de759
More arbitrary function for wrapping at a length 2017-10-24 09:26:44 -04:00
Seth Vargo
eb4ab6840d
Delegate usage to the UI 2017-10-24 09:26:44 -04:00
Seth Vargo
3a1479bc8c
Make predict it's own struct 
The previous architecture would create an API client many times, slowing down the CLI exponentially for each new command added.
 2017-10-24 09:26:44 -04:00
Seth Vargo
fb81547a3a
Separate "files" and "folders" in predictor 2017-10-24 09:26:44 -04:00
Seth Vargo
c9132068fa
Remove coupling between Raw() and UI 2017-10-24 09:26:44 -04:00
Seth Vargo
ba685f8f86
Add testing harness for a vault cluster 2017-10-24 09:26:44 -04:00
Seth Vargo
ac63ed573b
Output JSON with spaces not tabs 2017-10-24 09:26:44 -04:00
Seth Vargo
7f6aa892a4
Add start of base command, flags, prediction 2017-10-24 09:26:44 -04:00
Jeff Mitchell
e869d65fb7 Make compile 2017-10-23 17:41:44 -04:00
Jeff Mitchell
cd6d67d84b Final sync 2017-10-23 17:39:21 -04:00
Jeff Mitchell
f6c277cd2d Sync up server.go a bit 2017-10-10 12:27:51 -04:00
Jeff Mitchell
6faf8365e9 Add option to disable client certificate requesting. (#3373) 
Fixes #3372
 2017-09-25 14:41:46 -04:00
Calvin Leung Huang
b7413325dd Add support for stored shares and skip-init in dev mode (#3364) 2017-09-21 15:23:29 -04:00
Vishal Nayak
de7ac83df6 Add 'pid_file' config option (#3321) 
* add pid_file config option

* address review feedback

* address review comments
 2017-09-16 17:09:37 -04:00
Chris Hoffman
010575cb60 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman
4a8c33cca3 Disable the sys/raw endpoint by default (#3329) 
* disable raw endpoint by default

* adding docs

* config option raw -> raw_storage_endpoint

* docs updates

* adding listing on raw endpoint

* reworking tests for enabled raw endpoints

* root protecting base raw endpoint
 2017-09-15 00:21:35 -04:00
Chris Hoffman
09f272510f Adding latency injector option to -dev mode for storage operations (#3289) 2017-09-11 14:49:08 -04:00
Jeff Mitchell
79b63deaf5 Change auth helper interface to api.Secret. (#3263) 
This allows us to properly handle wrapped responses.

Fixes #3217
 2017-08-31 16:57:00 -04:00
Calvin Leung Huang
d10075e0fd Normalize plugin_name option for mount and enable-auth (#3202) 2017-08-31 12:16:59 -04:00
Jeff Mitchell
3f31ed733f Add option to set cluster TLS cipher suites. (#3228) 
* Add option to set cluster TLS cipher suites.

Fixes #3227
 2017-08-30 16:28:23 -04:00
Brian Kassouf
41db07530a Add basic autocompletion (#3223) 
* Add basic autocompletion

* Add autocomplete to some common commands

* Autocomplete the generate-root flags

* Add information about autocomplete to the docs
 2017-08-24 15:23:40 -07:00
Doyoon Kim
f855da7a89 Moved PROXY protocol wrap to execute before the TLS wrap (#3195) 2017-08-23 12:00:09 -04:00
Seth Vargo
be57fd0594 Thread stderr through too (#3211) 
* Thread stderr through too

* Small docs typo
 2017-08-21 17:23:29 -04:00
Jeff Mitchell
88e9d194fd Properly lowercase policy names. (#3210) 
Previously we lowercased names on ingress but not on lookup or delete
which could cause unexpected results. Now, just unilaterally lowercase
policy names on write and delete. On get, to avoid the performance hit
of always lowercasing when not necessary since it's in the critical
path, we have a minor optimization -- we check the LRU first before
normalizing. For tokens, because they're already normalized when adding
policies during creation, this should always work; it might just be
slower for API calls.

Fixes #3187
 2017-08-18 19:47:23 -04:00
Seth Vargo
dcd2de395d Do not revoke SSH key (#3208) 
There is no secret to revoke - this produces an error on the CLI
 2017-08-18 15:44:20 -04:00
Seth Vargo
edd447461a
Add host key checking for SSH CA 2017-08-18 12:59:09 -04:00
Seth Vargo
b5fd472cc1
Revoke temporary cred after creation, update warning 
/cc @vishalnayak
 2017-08-18 12:59:09 -04:00
Seth Vargo
72f66559eb
Initial pass at SSH CLI CA type authentication 
1. The current implementation of the SSH command is heavily tied to the
assumptions of OTP/dynamic key types. The SSH CA backend is
fundamentally a different approach to login and authentication. As a
result, there was some restructuring of existing methods to share more
code and state.

2. Each authentication method (ca, otp, dynamic) are now fully-contained
in their own handle* function.

3. -mode and -role are going to be required for SSH CA, and I don't
think the magical UX (and overhead) of guessing them is a good UX. It's
confusing as to which role and how Vault guesses. We can reduce 66% of
the API calls and add more declaration to the CLI by making -mode and
-role required. This commit adds warnings for that deprecation, but
these values are both required for CA type authentication.

4. The principal and extensions are currently fixed, and I personally
believe that's good enough for the first pass at this. Until we
understand what configuration options users will want, I think we should
ship with all the local extensions enabled. Users who don't want that
can generate the key themselves directly (current behavior) or submit
PRs to make the map of extensions customizable.

5. Host key checking for the CA backend is not currently implemented.
It's not strictly required at setup, so I need to think about whether it
belongs here.

This is not ready for merge, but it's ready for early review.
 2017-08-18 12:59:08 -04:00
Calvin Leung Huang
82c5118500 Improve auth-enable output for plugin backends (#3189) 
* Improve auth-enable output for plugin backends

* Unquote authType on final output
 2017-08-16 14:31:16 -04:00
Jeff Mitchell
a7f3f40f9e * Add ability to specify a plugin dir in dev mode (#3184) 
* Change (with backwards compatibility) sha_256 to sha256 for plugin
registration
 2017-08-16 11:17:50 -04:00
Seth Vargo
bf50130335 Update help output (spaces instead of tabs) (#3178) 2017-08-15 21:21:30 -04:00
Seth Vargo
d82f59cdba Use SSHPASS envvar instead of -p for sshpass (#3177) 
From the sshpass manpage:

> The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.

This PR changes the sshpass behavior to execute a subprocess with the
SSHPASS envvar (which is generally regarded as more secure) than using
the -p option.
 2017-08-15 19:43:39 -04:00
Jeff Mitchell
0ac531d3f4 Migrate physical backends into separate packages (#3106) 2017-08-03 13:24:27 -04:00
Gobin Sougrakpam
f166016ae8 tls_client_ca_file option for verifying client (#3034) 2017-08-03 07:33:06 -04:00
Calvin Leung Huang
15634f3b6e Store original request path in WrapInfo (#3100) 
* Store original request path in WrapInfo as CreationPath

* Add wrapping_token_creation_path to CLI output

* Add CreationPath to AuditResponseWrapInfo

* Fix tests

* Add and fix tests, update API docs with new sample responses
 2017-08-02 18:28:58 -04:00
Jeff Mitchell
608322b546 Add PROXY protocol support (#3098) 2017-08-02 18:24:12 -04:00
Brian Kassouf
dd9cf42ba6 Add Testing Interface to test helpers (#3091) 
* Add testing interface

* Add vendored files
 2017-08-01 11:07:08 -07:00
Jeff Mitchell
0c3e14f047 Add some useful variable output to three node dev startup 2017-08-01 11:50:41 -04:00
Jeff Mitchell
4a64062daa Use 1-based indexing for unseal keys in three node dev cluster 2017-08-01 11:12:45 -04:00
Jeff Mitchell
95ce578842 Add leader cluster address to status/leader output. (#3061) 
* Add leader cluster address to status/leader output. This helps in
identifying a particular node when all share the same redirect address.

Fixes #3042
 2017-07-31 18:25:27 -04:00
Jeff Mitchell
c6615e1b51 Add a -dev-three-node option for devs. (#3081) 2017-07-31 11:28:06 -04:00
Calvin Leung Huang
2b0f80b981 Backend plugin system (#2874) 
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
 2017-07-20 13:28:40 -04:00
Jeff Mitchell
ef0108853e Add token-only. (#2971) 2017-07-12 15:04:34 -04:00
Jeff Mitchell
997da9ae39 Create and persist human-friendly-ish mount accessors (#2918) 2017-06-26 18:14:36 +01:00
Jeff Mitchell
22e06c05e8 Convert listener arguments to map[string]interface{} (#2905) 
This allows people to use more natural constructs, e.g. for tls_disable
it can be a bool, int, or string.
 2017-06-22 20:29:53 +01:00
Jeff Mitchell
5939c526ac Fix tests 2017-06-21 11:19:38 -04:00
Jeff Mitchell
5be95b01a1 Add option to have dev mode generic backend return leases 2017-06-21 10:42:50 -04:00
Chris Hoffman
31579fc5d1 Exclude /sys/leases/renew from registering with expiration manager (#2891) 
* exclude /sys/leases/renew from registering with expiration manager

* adding sys/leases/renew to return full secret object, adding tests to catch renew errors
 2017-06-20 12:34:00 -04:00
Jeff Mitchell
27e584c2ce Fix up CORS. 
Ref #2021
 2017-06-17 01:26:25 -04:00
Jeff Mitchell
f5de93f1bf Add DogStatsD metrics output. (#2883) 
Fixes #2490
 2017-06-16 23:51:46 -04:00
Jeff Mitchell
6b0ca941a6 Add a no-store option to vault auth (#2809) 
Fixes #2746
 2017-06-05 16:36:28 -04:00
Jeff Mitchell
1fc803ab2c Fix tests 2017-05-25 09:00:49 -04:00
Jeff Mitchell
6c8c42b990 Revert grpc back a version (they introduced a panic) and clean up a bunch of old request forwarding stuff 2017-05-24 10:38:48 -04:00
emily
38ffde5a9d add gofmt checks to Vault and format existing code (#2745) 2017-05-19 08:34:17 -04:00
Brian Kassouf
55f1f5116a Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Jeff Mitchell
b54ea7b956 Write always needs a path, even with force. (#2675) 
Fixes #2674
 2017-05-04 06:40:58 -04:00
Jeff Mitchell
d026b6816a Further Sethisize loglevel inputz 2017-04-25 11:14:25 -04:00
Jeff Mitchell
00beeeba2f Sethisize log level 2017-04-25 11:12:38 -04:00
Brian Kassouf
f4ef3df4bd Update the builtin keys; move catalog to core; protect against unset plugin directory 2017-04-24 10:30:33 -07:00
Brian Kassouf
f1fa617e03 Calls to builtin plugins now go directly to the implementation instead of go-plugin 2017-04-20 18:46:41 -07:00
Brian Kassouf
afc5be1c67 Merge remote-tracking branch 'oss/master' into database-refactor 2017-04-19 15:16:00 -07:00
Christoph Blecker
377640d75c Add -self flag to token-revoke (#2596) 2017-04-17 12:40:51 -04:00
Brian Kassouf
07f3f4fc26 Update the plugin directory logic 2017-04-13 11:22:53 -07:00
Brian Kassouf
4c75326aad Cleanup path files 2017-04-12 17:35:02 -07:00
Brian Kassouf
f2401c0128 Merge branch 'master' into database-refactor 2017-04-12 14:29:10 -07:00
Brian Kassouf
9ae5a2aede Add backend test 2017-04-07 15:50:03 -07:00
Brian Kassouf
8a2e29c607 Refactor to use builtin plugins from an external repo 2017-04-05 16:20:31 -07:00
Brian Kassouf
8f88452fc0 move builtin plugins list to the pluginutil 2017-04-05 11:00:13 -07:00
Brian Kassouf
485b331d6a Add a cli command to run builtin plugins 2017-04-04 17:12:02 -07:00
Brian Kassouf
f6b45bdcfb Execute builtin plugins 2017-04-04 14:43:39 -07:00
Jeff Mitchell
6699bd4a44 Add some minor tweaks to the PR 2017-04-04 12:22:14 -04:00
Brian Kassouf
ac519abecf Plugin catalog 2017-04-03 17:52:29 -07:00
Greg Parris
a705e5e783 Typo corrections and tweaks to commands' help info 
* Normalize "X arguments expected" messages
* Use "Vault" when referring to the product and "vault" when referring to an instance of the product
* Various minor tweaks to improve readability and/or provide clarity
 2017-03-25 12:51:12 -05:00
Jeff Mitchell
317c664370 Add option to require valid client certificates (#2457) 2017-03-08 10:21:31 -05:00
Jeff Mitchell
8681311b7c Add option to disable caching per-backend. (#2455) 2017-03-08 09:20:09 -05:00
Jeff Mitchell
b1ed578f3d Rename physical backend to storage and alias old value (#2456) 2017-03-08 09:17:00 -05:00
Jeff Mitchell
df575f0b3a Rename helper 'duration' to 'parseutil'. (#2449) 
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.

Have config use ParseBool for UI and disabling mlock/cache.
 2017-03-07 11:21:22 -05:00
Jeff Mitchell
7c4e5a775c Fix breakage for HTTP2 support due to changes in wrapping introduced in 1.8 (#2412) 2017-02-27 12:49:35 -05:00
Sean Chittenden
f075d7a3cd
Change the default DisplayName for a Circonus check to be Vault instead of the InstanceID. 
Trivial defaults change, committing direct to `master`.
 2017-02-26 15:18:46 -08:00
Jeff Mitchell
9533d3d8a6 Don't try synthesizing cluster when not in dev mode 2017-02-24 12:50:26 -05:00
Jeff Mitchell
bfaf9022fa Do some porting to make diffing easier 2017-02-24 10:45:29 -05:00
Jeff Mitchell
78269445a8 Fix missing newline in status output 2017-02-17 11:23:20 -05:00
Jeff Mitchell
8acbdefdf2 More porting from rep (#2388) 
* More porting from rep

* Address review feedback
 2017-02-16 16:29:30 -05:00
Jeff Mitchell
513f8b918d Add WithOptions methods to audit/auth enabling (#2383) 2017-02-16 11:37:27 -05:00
Jeff Mitchell
b505b3b81c Correct port parsing. (#2354) 
* Correct port parsing.

Fixes #2351

* use strings.Contains instead of strings.HasSuffix

* Make the error message point to the wrong input
 2017-02-08 13:50:17 -05:00
Roman Vynar
51bb8bc544 Added tls_cipher_suites, tls_prefer_server_ciphers config options to listener (#2293) 2017-01-23 13:48:35 -05:00
Vishal Nayak
0645606f84 Merge pull request #2202 from fcantournet/fix_govet_fatalf 
all: test: Fix govet warnings
 2017-01-17 16:45:35 -05:00
Jeff Mitchell
d51b13fca6 Multi value test seal (#2281) 2017-01-17 15:43:10 -05:00
Jeff Mitchell
ac0f45e45c Add nonce to unseal to allow seeing if the operation has reset (#2276) 2017-01-17 11:47:06 -05:00
vishalnayak
089cb4f9c0 init: pgp-keys input validations 2017-01-11 23:32:38 -05:00
Jeff Mitchell
0dd5a2a6ba JWT wrapping tokens (#2172) 2017-01-04 16:44:03 -05:00
Cameron Stokes
eb8343625f Fix generate-root help and progress output. 2017-01-04 09:01:17 -08:00
Félix Cantournet
0d6d4211b8 all: test: Fix govet warnings 
Fix calls to t.Fatal() with formatting.
Fixed some calls to Fatalf() with wrong formatting
 2016-12-21 19:44:07 +01:00
Jeff Mitchell
192b9f361e Change an output to an error 2016-12-06 07:56:45 -05:00
Jeff Mitchell
fb9acace54 Minor ports 2016-12-05 12:28:12 -05:00
Vishal Nayak
20fabef08b Use Vault client's scheme for auto discovery (#2146) 2016-12-02 11:24:57 -05:00
Jeff Mitchell
b7c655f45c Fix panic when unwrapping if the server EOFs 2016-11-29 16:50:07 -05:00
Jeff Mitchell
c88c8c27a1 Add cgo info to vault version output 2016-11-27 19:32:57 -05:00
Jeff Mitchell
c91a7c51a2 Print the revision, if known, separately from the version. 
Also, indicate whether the build is dynamic or not.
 2016-11-27 19:28:35 -05:00
Jeff Mitchell
2b5fb353f3 Only add version sha if known 2016-11-27 19:16:44 -05:00
Jeff Mitchell
2a84f795f7 Add version sha to server startup output 2016-11-22 16:43:05 -05:00
Jeff Mitchell
24d2f39a7f Don't say mlock is supported on OSX when it isn't. (#2120) 
Fixes #2119
 2016-11-22 12:56:36 -05:00
Kyle McCullough
9571df6bc6 cli: fix bug with 'vault read -field=...' when the field value contains a printf formatting verb (#2109) 2016-11-22 12:30:23 -05:00
Chris Lundquist
61411f2f4f prevent binding 0.0.0.0 -> ::0 (#2094) 2016-11-15 12:00:57 -05:00
matt maier
2cd3cfd83e Vendor circonus (#2082) 2016-11-10 16:17:55 -05:00
vishalnayak
b408c95e0d ssh: Use temporary file to store the identity file 2016-10-18 12:50:12 -04:00
Jeff Mitchell
601b1b6958 Make listener shutdown more synchronous (#1985) 2016-10-10 13:18:19 -04:00
Jeff Mitchell
80281c16fc Split HA server command tests from reload tests 2016-10-07 11:06:01 -04:00
Jeff Mitchell
0765d8e938 Switch default case of disable cluster. (#1959) 2016-10-02 14:54:01 -04:00
Jeff Mitchell
81cdd76a5c Adds HUP support for audit log files to close and reopen. (#1953) 
Adds HUP support for audit log files to close and reopen. This makes it
much easier to deal with normal log rotation methods.

As part of testing this I noticed that HUP and other items that come out
of command/server.go are going to stderr, which is where our normal log
lines go. This isn't so much problematic with our normal output but as
we officially move to supporting other formats this can cause
interleaving issues, so I moved those to stdout instead.
 2016-09-30 12:04:50 -07:00
Jeff Mitchell
ad62b32ff0 Rejig where the reload functions live 2016-09-30 00:07:22 -04:00
Jeff Mitchell
60deff1bad Wrapping enhancements (#1927) 2016-09-28 21:01:28 -07:00
Jeff Mitchell
c748ff322f Change default TTL from 30 to 32 to accommodate monthly operations (#1942) 2016-09-28 18:32:49 -04:00
Jeff Mitchell
721d103f68 Fix parsing env var, needed to be in the helper too 2016-09-23 13:20:26 -04:00
Evan Phoenix
d5038f34b0 Advertise the cluster_(id|name) in the Scada handshake (#1906) 2016-09-23 10:55:51 -04:00
Jeff Mitchell
0358a4b161 Use VAULT_LOG_FORMAT as an analogue to LOGXI_FORMAT 2016-09-22 17:22:02 -04:00
Jeff Mitchell
ce7680022b Force tls_disable on scada connection inside outer TLS connection as it's not currently supported anyways 2016-09-20 14:56:16 -04:00
Jeff Mitchell
01ffc31c88 Follow Vault convention on DELETE being idempotent (#1903) 
* Follow Vault convention on `DELETE` being idempotent with
audit/auth/mounts deletes (a.k.a. disabling/unmounting).
 2016-09-19 13:02:25 -04:00
vishalnayak
a7408e4dd5 Add yml alias for yaml 2016-09-16 10:43:23 -04:00
Jeff Mitchell
941b066780 Add support for PGP encrypting the initial root token. (#1883) 2016-09-13 18:42:24 -04:00
Jeff Mitchell
54347da422 Update text of init/rekey around recovery values 2016-09-12 16:20:21 -04:00
Jeff Mitchell
3fc14e5662 Don't panic on bad auth path 
Fixes #1860
 2016-09-08 11:14:47 -04:00
Jeff Mitchell
75f792b27e Add response wrapping to list operations (#1814) 2016-09-02 01:13:14 -04:00
Vishal Nayak
30e199cccf Merge pull request #1836 from hashicorp/truncate-version-string 
Remove the string 'Vault' from version information
 2016-09-01 20:23:26 -04:00
Seth Vargo
41addfe768 Update audit-enable to show more examples (#1842) 
* Update audit-enable to show more examples

* Update audit_enable.go
 2016-09-01 20:14:29 -04:00
Seth Vargo
638a8bead9 Add more examples and cleanup docs for auth (#1841) 2016-09-01 19:56:30 -04:00
vishalnayak
618949ae0b Update atlas listener factory to use version with pre-release info. 2016-09-01 17:21:11 -04:00
vishalnayak
111a945fb3 Avoid commas while printing policies 2016-09-01 16:32:27 -04:00
Jeff Mitchell
7f0b68862e Don't output key/value header if there are no values to display. (#1838) 
Fixes #1835
 2016-09-01 15:58:16 -04:00
vishalnayak
ee26c7e7b6 Remove the string 'Vault' from version information 2016-09-01 14:54:04 -04:00
Jeff Mitchell
392565fe01 Remove hex output from keys; standardize on B64 for CLI output. This (#1831) 
aligns with all other interactions which use B64 encoding for bytes.
 2016-09-01 12:59:15 -04:00
Jeff Mitchell
65ae080c82 Add a separator to list output 2016-08-30 16:48:55 -04:00
Jeff Mitchell
d40277a18f Plumb through the ability to set the storage read cache size. (#1784) 
Plumb through the ability to set the storage read cache size.

Fixes #1772
 2016-08-26 10:27:06 -04:00
Jeff Mitchell
f8c657a80a Strip trailing whitespace in token from file. 
Fixes #1774
 2016-08-23 20:22:45 -04:00
Jeff Mitchell
d5fcc1b74f Don't validate a dev listen address as that makes a proper Docker 
entrypoint difficult.

Fixes #1762
 2016-08-23 08:34:43 -04:00
Jeff Mitchell
68345eb770 Convert to logxi 2016-08-21 18:13:37 -04:00
Jeff Mitchell
edd6379466 Clustering enhancements (#1747) 2016-08-19 11:03:53 -04:00
Jeff Mitchell
e20eaea59f Force dev on when dev-ha is on 2016-08-19 08:29:34 -04:00
Jeff Mitchell
ed48b008ce Provide base64 keys in addition to hex encoded. (#1734) 
* Provide base64 keys in addition to hex encoded.

Accept these at unseal/rekey time.

Also fix a bug where backup would not be honored when doing a rekey with
no operation currently ongoing.
 2016-08-15 16:01:15 -04:00
Jeff Mitchell
645540012f Request forwarding (#1721) 
Add request forwarding.
 2016-08-15 09:42:42 -04:00
Jeff Mitchell
146cdc69eb Add periodic support for root/sudo tokens to auth/token/create 2016-08-12 21:14:12 -04:00
Jeff Mitchell
5a149c0573 Add some info about -f to the "expects two arguments" error. 
Ping #1722
 2016-08-12 15:47:16 -04:00
Jeff Mitchell
3eba24de39 Change to keybase openpgp fork as it has important fixes 2016-08-11 08:31:43 -04:00
Jeff Mitchell
bf63d3a7c0 Add HTTP test for renew and fix muxing 2016-08-08 20:01:08 -04:00
Jeff Mitchell
78bbc22fec Rename mounttune.go 2016-08-08 16:22:28 -04:00
Jeff Mitchell
001f02b211 Fix generate-root synopsis 2016-08-05 16:35:03 -04:00
vishalnayak
e4a20c0dcd Support execution of remote commands using 'vault ssh' 2016-08-01 14:53:00 -04:00
Jeff Mitchell
32b39e808b Close the shutdown channel instead of sending a value down 2016-08-01 11:58:45 -04:00
vishalnayak
577cd9de35 Address review feedback 2016-08-01 11:15:25 -04:00
vishalnayak
5318130ba2 Make the defer statement of waitgroup to execute last 2016-08-01 10:24:27 -04:00
vishalnayak
461c30969e Sharing shutdown message with physical consul backend 2016-07-31 10:09:16 -04:00
vishalnayak
13c4bbf9d7 Add waitgroup wait to allow physical consul to deregister checks 2016-07-30 13:17:29 -04:00
vishalnayak
8f1ccc6eff Add cluster information to 'vault status' 2016-07-29 14:13:53 -04:00
vishalnayak
5c38276598 Added Vault version informationto the 'status' command 2016-07-28 17:37:35 -04:00
Vishal Nayak
8d0bce03be Merge pull request #1655 from hashicorp/cluster-id 
Vault cluster name and ID
 2016-07-26 14:12:48 -04:00
Evan Phoenix
6135e246e3 Report the simple version string 2016-07-26 10:21:24 -07:00
vishalnayak
f76c926b0a Added cluster_name for existing config tests 2016-07-26 11:38:24 -04:00
vishalnayak
46b94d8612 Update cluster name during config merge 2016-07-26 11:11:12 -04:00
vishalnayak
e5c61509d6 Remove global name/id. Make only cluster name configurable. 2016-07-26 10:01:35 -04:00
vishalnayak
55cf44bc91 Storing local and global cluster name/id to storage and returning them in health status 2016-07-26 02:32:42 -04:00
matt maier
a1b50427f2 Circonus integration for telemetry metrics 2016-07-22 15:49:23 -04:00
vishalnayak
8f8b421c07 Address review feedback 2016-07-22 11:31:55 -04:00
vishalnayak
26ea86a100 Update docs on the init command 2016-07-22 11:22:10 -04:00
Vishal Nayak
2511231c64 Merge pull request #1642 from hashicorp/init-service-discovery 
Add service discovery to init command
 2016-07-21 20:47:32 -04:00
vishalnayak
201ea85fea Address review feedback by @jefferai 2016-07-21 20:46:31 -04:00
vishalnayak
cd719d9123 Address review feedback from @sean 2016-07-21 19:04:43 -04:00
vishalnayak
08b6740139 Added documentation for init service discovery 2016-07-21 17:27:56 -04:00
vishalnayak
f1ad3595a5 Added a separate flag consul-service to receive Consul service name 2016-07-21 16:51:38 -04:00
vishalnayak
d22204914d Add service discovery to init command 2016-07-21 16:17:29 -04:00
Jeff Mitchell
fda9473681 Trim leading/trailing space around PEM bundles. 
Fixes #1634
 2016-07-20 13:57:49 -04:00
Jeff Mitchell
4f27886641 Have human-oriented token duration and secret duration output display a more human-friendly format 2016-07-19 12:15:00 -04:00
Jeff Mitchell
a347917044 Turn off DynamoDB HA by default. 
The semantics are wonky and have caused issues from people not reading
docs. It can be enabled but by default is off.
 2016-07-18 13:19:58 -04:00
vishalnayak
5b458db104 Merge branch 'master-oss' into json-use-number 
Conflicts:
	http/handler.go
	logical/framework/field_data.go
	logical/framework/wal.go
	vault/logical_passthrough.go
 2016-07-15 19:21:55 -04:00
vishalnayak
ee6ba1e85e Make 'tls_min_version' configurable 2016-07-12 19:32:47 -04:00
vishalnayak
ef97199360 Added JSON Decode and Encode helpers. 
Changed all the occurances of Unmarshal to use the helpers.
Fixed http/ package tests.
 2016-07-06 12:25:40 -04:00
Jeff Mitchell
6bdda578ac Don't panic on an empty configuration during merge 2016-07-05 16:49:15 -04:00
Jeff Mitchell
409b9f9b0f Add aliases for field flag to allow printing auth results. 
Also fix the write command to use the shared function with aliases.

Fixes #1566
 2016-06-27 23:19:09 -04:00
Jeff Mitchell
6f0f46deb6 Up sleep time during reload test to not fail under certain test conditions 2016-06-27 15:37:25 -04:00
Jeff Mitchell
6a29f77544 Fix up external token helper tests 2016-06-22 10:04:43 -04:00
Tom Maher
ee7850cff3 Correctly check for existence of external token_helper binaries 2016-06-21 19:32:19 -07:00
Vishal Nayak
3558eca73c Merge pull request #1531 from hashicorp/auth-mount-tune-params 
Auth tune endpoints and config settings output from CLI
 2016-06-20 20:24:47 -04:00
Vishal Nayak
9cfc0106fc Merge pull request #1532 from hashicorp/vault-auth-path 
Added -path option to 'vault auth' command
 2016-06-20 16:43:26 -04:00
vishalnayak
78665752aa Added -path option to help output 2016-06-20 16:24:49 -04:00
vishalnayak
e6a91d891a Concatenating the output instead of printing twice 2016-06-20 15:26:33 -04:00
vishalnayak
56ae3530fb Fix the output format when warnings are present 2016-06-15 17:13:14 -04:00
vishalnayak
7672d69495 Added '-path' option to 'vault auth' command 2016-06-15 16:54:27 -04:00
vishalnayak
efaffa8f55 Added 'sys/auth/<path>/tune' endpoints. 
Displaying 'Default TTL' and 'Max TTL' in the output of 'vault auth -methods'
 2016-06-15 13:58:24 -04:00
Jeff Mitchell
47dc1ccd25 Add token accessor to wrap information if one exists 2016-06-13 23:58:17 +00:00
Jeff Mitchell
15a40fdde5 Add explicit max TTL capability to token creation API 2016-06-08 14:49:48 -04:00
Jeff Mitchell
4d53c5f6b6 Remove unneeded else 2016-06-08 13:55:31 -04:00
Jeff Mitchell
517571c04a Add renewable flag and API setting for token creation 2016-06-08 11:14:30 -04:00
Jeff Mitchell
8b675cbbed Make token renewable status work properly on lookup 2016-06-08 09:19:39 -04:00
Jeff Mitchell
8dffc64388 Use time.Time which does RFC3339 across the wire to handle time zones. Arguably we should change the API to always do this... 2016-06-07 16:01:09 -04:00
Jeff Mitchell
91053b7471 Add creation time to returned wrapped token info 
This makes it easier to understand the expected lifetime without a
lookup call that uses the single use left on the token.

This also adds a couple of safety checks and for JSON uses int, rather
than int64, for the TTL for the wrapped token.
 2016-06-07 15:00:35 -04:00
Bill Monkman
64d72672ff #1486 : Fixed sealed and leader checks for consul backend 2016-06-03 16:00:31 -07:00
Jeff Mitchell
6f5fa23386 Merge pull request #1470 from hashicorp/unwrap-in-api 
Make Unwrap a first-party API command and refactor UnwrapCommand to u…
 2016-06-03 13:25:10 -04:00
Jeff Mitchell
32b4f48e66 Add a metadata node_id field for Atlas usage and fix tests 2016-06-02 18:19:51 -04:00
Jeff Mitchell
d32283ba49 Initial Atlas listener implementation 2016-06-02 14:05:47 -04:00
vishalnayak
cbf7ccb73d Prioritize dev flags over its env vars 2016-06-01 12:21:29 -04:00
vishalnayak
ff01f8f437 Address review feedback 2016-06-01 11:39:48 -04:00
vishalnayak
ea65ffd451 Supplying strictHostKeyChecking and userKnownHostsFile from env vars 2016-06-01 11:08:24 -04:00
vishalnayak
ab017967e4 Provide option to disable host key checking 2016-06-01 11:08:24 -04:00
Jeff Mitchell
6a2ad76035 Make Unwrap a first-party API command and refactor UnwrapCommand to use it 2016-05-27 21:04:30 +00:00
vishalnayak
8678c5e779 Add a non-nil check for 'port' field to be present in the response 2016-05-25 21:26:32 +00:00
Jeff Mitchell
86094cce6a Decode json.Number before handing to mapstructure 2016-05-25 19:02:31 +00:00
Jeff Mitchell
810e914730 Add unwrap test function and some robustness around paths for the wrap lookup function 2016-05-19 11:49:46 -04:00
Jeff Mitchell
0b59a54837 Add unwrap command, and change how the response is embedded (as a string, not an object) 2016-05-19 11:25:15 -04:00