mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-25 16:41:08 +02:00
Code Issues Projects Releases Wiki Activity
9,692 Commits 2,840 Branches 445 Tags
Commit Graph

9692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Hoffman
16e2edf389 Merge remote-tracking branch 'oss/master' into f-nomad 
* oss/master:
  Defer reader.Close that is used to determine sha256
  changelog++
  Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686)
  Add logic for using Auth.Period when handling auth login/renew requests (#3677)
  plugins/database: use context with plugins that use database/sql package (#3691)
  changelog++
  Fix plaintext backup in transit (#3692)
  Database gRPC plugins (#3666)
 2017-12-15 17:05:42 -05:00
Calvin Leung Huang
ddfe767772 Update logic on renew paths 2017-12-15 16:26:42 -05:00
Calvin Leung Huang
327c28c77d Update login logic for aws creds backend 2017-12-15 16:18:19 -05:00
Calvin Leung Huang
fff0d199bd Update login logic for aws creds backend 2017-12-15 16:01:40 -05:00
Calvin Leung Huang
df653b68a9 Defer reader.Close that is used to determine sha256 2017-12-15 14:04:09 -05:00
Jeff Mitchell
38a4bb8544 changelog++ 2017-12-15 13:32:30 -05:00
Calvin Leung Huang
9dc7bc7fd2 Avoid unseal failure if plugin backends fail to setup during postUnseal (#3686) 2017-12-15 13:31:57 -05:00
Calvin Leung Huang
895cffa4cf
Add logic for using Auth.Period when handling auth login/renew requests (#3677) 
* Add logic for using Auth.Period when handling auth login/renew requests

* Set auth.TTL if not set in handleLoginRequest

* Always set auth.TTL = te.TTL on handleLoginRequest, check TTL and period against sys values on RenewToken

* Get sysView from le.Path, revert tests

* Add back auth.Policies

* Fix TokenStore tests, add resp warning when capping values

* Use switch for ttl/period check on RenewToken

* Move comments around
 2017-12-15 13:30:05 -05:00
Brian Kassouf
1eec51abff
plugins/database: use context with plugins that use database/sql package (#3691) 2017-12-15 10:26:17 -08:00
Jeff Mitchell
d1b12356d8 changelog++ 2017-12-15 09:56:06 -05:00
Brian Kassouf
13b776e8e6 Fix plaintext backup in transit (#3692) 2017-12-15 09:08:28 -05:00
Brian Kassouf
a401cc7cb5
Database gRPC plugins (#3666) 
* Start work on context aware backends

* Start work on moving the database plugins to gRPC in order to pass context

* Add context to builtin database plugins

* use byte slice instead of string

* Context all the things

* Move proto messages to the dbplugin package

* Add a grpc mechanism for running backend plugins

* Serve the GRPC plugin

* Add backwards compatibility to the database plugins

* Remove backend plugin changes

* Remove backend plugin changes

* Cleanup the transport implementations

* If grpc connection is in an unexpected state restart the plugin

* Fix tests

* Fix tests

* Remove context from the request object, replace it with context.TODO

* Add a test to verify netRPC plugins still work

* Remove unused mapstructure call

* Code review fixes

* Code review fixes

* Code review fixes
 2017-12-14 14:03:11 -08:00
Jeff Mitchell
96b0c31de5
Merge branch 'master' into f-nomad 2017-12-14 16:44:28 -05:00
Jeff Mitchell
2ce0984e00 changelog++ 2017-12-14 13:31:58 -05:00
Jeff Mitchell
2146f88052
Update Consul to use the role's configured lease on renew. (#3684) 2017-12-14 13:28:19 -05:00
Vishal Nayak
c38f9884ce Transit: backup/restore (#3637) 2017-12-14 12:51:50 -05:00
Brian Kassouf
2b7c90310e
Fix leaking connections on cluster port (#3680) 2017-12-12 17:18:04 -08:00
Chris Hoffman
2931148d09
adding ability to override temp dir in dev cluster (#3673) 2017-12-11 18:02:35 -05:00
Jeff Mitchell
bc9b97e2ea changelog++ 2017-12-11 16:57:40 -05:00
Jeff Mitchell
e49aaa491f changelog++ 2017-12-11 16:52:17 -05:00
lemondrank
ea8428447c Non-recursive DFS token tree revoke (#2478) 2017-12-11 16:51:37 -05:00
Jeff Mitchell
9a400130aa changelog++ 2017-12-11 16:44:17 -05:00
Vishal Nayak
aef8a1893f Fix the casing problem in approle (#3665) 2017-12-11 16:41:17 -05:00
Jeff Mitchell
ee1b505300 changelog++ 2017-12-11 14:06:12 -05:00
Jeff Mitchell
a341dcc3e0 changelog++ 2017-12-11 13:45:45 -05:00
Florent H. CARRÉ
c1c052f0c1 Hardening RSA keys for PKI and SSH (#3593) 2017-12-11 13:43:56 -05:00
Brian Shumate
6395252068 Docs: fix typo in libtool ltdl name and link to avoid confusion and note about arch (#3644) 2017-12-11 13:42:19 -05:00
Chris Hoffman
326e1e3ea4 changelog++ 2017-12-11 13:29:12 -05:00
Brian Shumate
912ec80ad8 Docs: Update PKI URL config examples to FQDN — addresses #3606 (#3647) 2017-12-11 13:25:59 -05:00
Chris Hoffman
628153979a
Converting key_usage and allowed_domains in PKI to CommaStringSlice (#3621) 2017-12-11 13:13:35 -05:00
Paulo Ribeiro
a179a1804d Remove duplicate link in ToC (#3671) 2017-12-11 12:52:58 -05:00
Brian Shumate
62097160e5 Docs: Update PKI output examples - addresses #3606 (#3628) 2017-12-11 11:57:07 -05:00
Jeff Mitchell
32a7503b89
Cross reference pki/cert in a few places. 2017-12-11 11:10:28 -05:00
Jeff Mitchell
dc72fec4e0 changelog++ 2017-12-09 10:47:35 -05:00
Jeff Mitchell
0a1fe8c0fc changelog++ 2017-12-09 10:45:48 -05:00
Jeff Mitchell
3386e8d770
Update go-ldap with our patch for control packets. (#3670) 
Fixes #3656
Fixes #3625
Fixes #3402
 2017-12-09 10:45:03 -05:00
Jeff Mitchell
c48636d0b2 changelog++ 2017-12-07 14:19:40 -05:00
Brad Sickles
dc70b1c21f Adding mfa support to okta auth backend. (#3653) 2017-12-07 14:17:42 -05:00
Brian Shumate
c767dc4ed6 Conditionally set file audit log mode (#3649) 2017-12-07 11:44:15 -05:00
Mohsen
77fc89088d Small typo relating to no_store in pki secret backend (#3662) 
* Removed typo :)

* Corrected typo in the website related to no_store
 2017-12-07 10:40:21 -05:00
Vishal Nayak
f44a451ad3
remove unused function (#3657) 2017-12-06 18:55:43 -05:00
Vishal Nayak
18311d253d
Transit: Refactor internal representation of key entry map (#3652) 
* convert internal map to index by string

* Add upgrade test for internal key entry map

* address review feedback
 2017-12-06 18:24:00 -05:00
Jeff Mitchell
a71b3c31e1 changelog++ 2017-12-06 16:51:08 -05:00
Dominik Müller
534ea1771d add allowed_names to cert-response (#3654) 2017-12-06 16:50:02 -05:00
Brian Kassouf
f700c64551 Remove the note about GKE from the Kubernetes docs (#3658) 2017-12-06 13:38:00 -05:00
Chris Hoffman
7b318c33b3 changelog++ 2017-12-06 12:32:00 -05:00
Chris Hoffman
5e1228eb09
Adding ability to cache core values, cache transaction improvements (#3640) 2017-12-06 12:25:17 -05:00
Calvin Leung Huang
f4b2e52692 changelog++ 2017-12-05 15:44:08 -05:00
Calvin Leung Huang
a9e7dbb7b4
Support MongoDB session-wide write concern (#3646) 
* Initial work on write concern support, set for the lifetime of the session

* Add base64 encoded value support, include docs and tests

* Handle error from json.Unmarshal, fix test and docs

* Remove writeConcern struct, move JSON unmarshal to Initialize

* Return error on empty mapping of write_concern into mgo.Safe struct
 2017-12-05 15:31:01 -05:00
Calvin Leung Huang
208dc55830
Clarify api_addr related errors on VaultPluginTLSProvider (#3620) 
* Mention api_addr on VaultPluginTLSProvider logs, update docs

* Clarify message and mention automatic api_address detection

* Change error message to use api_addr

* Change error messages to use api_addr
 2017-12-05 12:01:35 -05:00