vault

mirror of https://github.com/hashicorp/vault.git synced 2025-08-27 09:31:10 +02:00

Author	SHA1	Message	Date
vishalnayak	4b44d06894	Test ConfigClient	2016-04-26 10:22:28 -04:00
vishalnayak	e886d5aab9	AWS EC2 instances authentication backend	2016-04-26 10:22:28 -04:00
Jeff Mitchell	6851d58762	Better handle nil responses in S3 backend, also a case where error wasn't checked	2016-04-26 08:11:56 -04:00
leon	2d31a064f3	- fixed merge with upstream master	2016-04-26 13:23:43 +03:00
leon	ea2efb6531	Merge remote-tracking branch 'upstream/master' Conflicts: builtin/credential/ldap/backend.go	2016-04-26 13:16:42 +03:00
Sean Chittenden	30443a7e05	Merge pull request #1351 from hashicorp/f-backend-logger Logger objects for all the physical backends	2016-04-25 20:47:10 -07:00
Sean Chittenden	eaa60eec64	Make use of logger interface inside of the Consul BE	2016-04-25 20:10:55 -07:00
Sean Chittenden	455b76828f	Add a *log.Logger argument to physical.Factory Logging in the backend is a good thing. This is a noisy interface change but should be a functional noop.	2016-04-25 20:10:32 -07:00
Sean Chittenden	27f5b96411	changelog++	2016-04-25 18:19:38 -07:00
Sean Chittenden	4100a420ce	Merge pull request #1349 from hashicorp/f-vault-service Vault-driven Consul service registration and TTL checks.	2016-04-25 18:12:06 -07:00
Sean Chittenden	4db16355ec	Rewriting history before it gets away from me	2016-04-25 18:05:50 -07:00
Sean Chittenden	00d1e5abd7	Change to the pre-0.6.4 Consul Check API Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.	2016-04-25 18:01:13 -07:00
Sean Chittenden	341abcae3a	Change to the pre-0.6.4 Consul Check API Consul is never going to pass in more than 1K of output. This mitigates the pre-0.6.4 concern.	2016-04-25 18:01:13 -07:00
Sean Chittenden	9647f2e067	Collapse UpdateAdvertiseAddr() into RunServiceDiscovery()	2016-04-25 18:01:13 -07:00
Sean Chittenden	85ca7b32ca	Update tests to chase sealed -> unsealed transition	2016-04-25 18:01:13 -07:00
Sean Chittenden	f4e1594ae9	Persistently retry to update service registration If the local Consul agent is not available while attempting to step down from active or up to active, retry once a second. Allow for concurrent changes to the state with a single registration updater. Fix standby initialization.	2016-04-25 18:01:13 -07:00
Sean Chittenden	f1c170e003	Add a small bit of wording re: `disable_registration` Consul service registration for Vault requires Consul 0.6.4.	2016-04-25 18:01:13 -07:00
Sean Chittenden	38a3ea3978	Disable service registration for consul HA tests	2016-04-25 18:01:13 -07:00
Sean Chittenden	529f3e50c4	Provide documentation and example output	2016-04-25 18:01:13 -07:00
Sean Chittenden	1601508e52	Consistently skip Consul checks Hide all Consul checks behind `CONSUL_HTTP_ADDR` env vs `CONSUL_ADDR` which is non-standard.	2016-04-25 18:01:13 -07:00
Sean Chittenden	3e43da258a	Use spaces in tests to be consistent The rest of the tests here use spaces, not tabs	2016-04-25 18:01:13 -07:00
Sean Chittenden	53dd43650e	Various refactoring to clean up code organization Brought to you by: Dept of 2nd thoughts before pushing enter on `git push`	2016-04-25 18:01:13 -07:00
Sean Chittenden	40a3c534f4	Compare the correct values when validating check_timeout	2016-04-25 18:01:13 -07:00
Sean Chittenden	9a2115181b	Improve error handling re: homedir expansion Useful if the HOME envvar is not set because `vault` was launched in a clean environment (e.g. `env -i vault ...`).	2016-04-25 18:01:13 -07:00
Sean Chittenden	e54c990f50	Detect type conversion failure	2016-04-25 18:01:13 -07:00
Sean Chittenden	c92f9cb9ab	Don't export the builtin backends	2016-04-25 18:01:13 -07:00
Sean Chittenden	afa6c22fec	`go fmt` the PostgreSQL backend	2016-04-25 18:01:13 -07:00
Sean Chittenden	c0bbeba5ad	Teach Vault how to register with Consul Vault will now register itself with Consul. The active node can be found using `active.vault.service.consul`. All standby vaults are available via `standby.vault.service.consul`. All unsealed vaults are considered healthy and available via `vault.service.consul`. Change in status and registration is event driven and should happen at the speed of a write to Consul (~network RTT + ~1x fsync(2)). Healthy/active: ``` curl -X GET 'http://127.0.0.1:8500/v1/health/service/vault?pretty' && echo; [ { "Node": { "Node": "vm1", "Address": "127.0.0.1", "TaggedAddresses": { "wan": "127.0.0.1" }, "CreateIndex": 3, "ModifyIndex": 20 }, "Service": { "ID": "vault:127.0.0.1:8200", "Service": "vault", "Tags": [ "active" ], "Address": "127.0.0.1", "Port": 8200, "EnableTagOverride": false, "CreateIndex": 17, "ModifyIndex": 20 }, "Checks": [ { "Node": "vm1", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm1", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "passing", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "", "ServiceID": "vault:127.0.0.1:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 19 } ] } ] ``` Healthy/standby: ``` [snip] "Service": { "ID": "vault:127.0.0.2:8200", "Service": "vault", "Tags": [ "standby" ], "Address": "127.0.0.2", "Port": 8200, "EnableTagOverride": false, "CreateIndex": 17, "ModifyIndex": 20 }, "Checks": [ { "Node": "vm2", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm2", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "passing", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "", "ServiceID": "vault:127.0.0.2:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 19 } ] } ] ``` Sealed: ``` "Checks": [ { "Node": "vm2", "CheckID": "serfHealth", "Name": "Serf Health Status", "Status": "passing", "Notes": "", "Output": "Agent alive and reachable", "ServiceID": "", "ServiceName": "", "CreateIndex": 3, "ModifyIndex": 3 }, { "Node": "vm2", "CheckID": "vault-sealed-check", "Name": "Vault Sealed Status", "Status": "critical", "Notes": "Vault service is healthy when Vault is in an unsealed status and can become an active Vault server", "Output": "Vault Sealed", "ServiceID": "vault:127.0.0.2:8200", "ServiceName": "vault", "CreateIndex": 19, "ModifyIndex": 38 } ] ```	2016-04-25 18:01:13 -07:00
Sean Chittenden	0d3ce59542	Update vendor'ed version of hashicorp/consul/lib Note: Godeps.json not updated	2016-04-25 18:00:54 -07:00
Sean Chittenden	bd5305e470	Stub out service discovery functionality Hook asynchronous notifications into Core to change the status of vault based on its active/standby, and sealed/unsealed status.	2016-04-25 18:00:54 -07:00
Sean Chittenden	f2dc2f636e	Comment nits	2016-04-25 18:00:54 -07:00
Jeff Mitchell	97810148f3	Update vendoring	2016-04-26 00:18:04 +00:00
Jeff Mitchell	c26838e6da	Split out TestSeal	2016-04-26 00:14:16 +00:00
Jeff Mitchell	4c509ba162	Change seal test name in command package	2016-04-26 00:12:14 +00:00
Jeff Mitchell	9392c2f7aa	Update azure backend for newer sdk	2016-04-26 00:08:07 +00:00
Jeff Mitchell	d1994f4290	changelog++	2016-04-25 19:56:18 +00:00
Jeff Mitchell	8064e34694	Fix commenting S3 -> Azure	2016-04-25 19:53:07 +00:00
Jeff Mitchell	a036704426	Merge pull request #1266 from sepiroth887/azure_backend added Azure Blobstore backend support	2016-04-25 15:53:09 -04:00
Jeff Mitchell	6e1288d23f	Merge pull request #1282 from rileytg/patch-1 change github example team to admins	2016-04-25 15:45:01 -04:00
Jeff Mitchell	28272ca629	Merge pull request #1326 from hashicorp/sethvargo/hint_noreauth Hint that you don't need to run auth twice	2016-04-25 15:43:55 -04:00
Jeff Mitchell	ea592a3c1d	Merge pull request #1350 from hashicorp/sealtests Add seal tests and update generate-root and others to handle dualseal.	2016-04-25 15:40:46 -04:00
Jeff Mitchell	99772d3cff	Add seal tests and update generate-root and others to handle dualseal.	2016-04-25 19:39:04 +00:00
Jeff Mitchell	77a2afa922	Merge pull request #1291 from mmickan/ssh-keyinstall-perms Ensure authorized_keys file is readable when uninstalling an ssh key	2016-04-25 14:00:37 -04:00
Jeff Mitchell	1754d84944	Merge pull request #1328 from hashicorp/sethvargo/path-help Add missing path-helps and clarify subpaths in tables	2016-04-25 13:53:06 -04:00
Jeff Mitchell	8b781645cb	Merge pull request #1348 from hashicorp/sethvargo/referrer Do not allow referrer to modify the parent	2016-04-23 09:45:19 -04:00
Seth Vargo	c3a5bf11d4	Do not allow referrer to modify the parent http://mathiasbynens.github.io/rel-noopener/	2016-04-22 23:41:09 -04:00
Vishal Nayak	25bc14b344	Merge pull request #1343 from hashicorp/b-doc-wordsmith Wordsmith the docs around the `list` command.	2016-04-20 19:09:38 -04:00
Sean Chittenden	8611270e58	Wordsmith the docs around the `list` command. Prompted by: feedback from conference attendees at PGConf '16	2016-04-20 18:13:58 -04:00
Jeff Mitchell	812da703a2	Next version will likely not be 0.6.0	2016-04-20 20:24:17 +00:00
Jeff Mitchell	e193d589d6	changelog++	2016-04-20 20:23:08 +00:00

... 125 126 127 128 129 ...

9692 Commits