scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-12-25 23:07:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,495 Commits 2,630 Branches 341 Tags
98fada78e46cdebeb80098ea44aae7b62ce937f3
Commit Graph

111 Commits

Author SHA1 Message Date
Jeff Mitchell
2667f08f97 Only allow listing on folders and enforce this. Also remove string sorting from Consul backend as it's not a requirement and other backends don't do it. 2016-01-22 10:07:32 -05:00
Paul Seiffert
02b9e2debe Add recovery option to DynamoDB backend 
When Vault is killed without the chance to clean up the lock
entry in DynamoDB, no further Vault nodes can become leaders after
that.

To recover from this situation, this commit adds an environment
variable and a configuration flag that when set to "1" causes Vault
to delete the lock entry from DynamoDB.
 2016-01-08 17:31:37 +01:00
Paul Seiffert
4384afb99d Explicitly read AWS credentials from environment 2016-01-08 17:31:37 +01:00
Paul Seiffert
8d4e9507b7 Add tests for DynamoDB backend 2016-01-08 17:31:37 +01:00
Paul Seiffert
eef866f60f Implement DynamoDB physical HA backend 2016-01-08 17:31:37 +01:00
Jeff Mitchell
1706d90da2 Replace physical cache with TwoQueue instead of LRU. 2016-01-07 09:21:33 -05:00
Jeff Mitchell
b38394e456 Use cleanhttp.DefaultTransport rather than instantiating directly to avoid leaked FDs 2015-12-17 15:23:13 -05:00
Jeff Mitchell
3fe1fe4927 Make S3 act like other parts of vault by prioritizing environment 
variables over configuration values.
 2015-12-17 10:19:42 -05:00
Chi Vinh Le
ef5bc3e4cb Basic Auth support for Etcd. 
Fixes #859
 2015-12-17 12:50:10 +01:00
Jeff Mitchell
ff8f27d981 Merge pull request #857 from hashicorp/issue-836 
Use an initialized client when using IAM roles with S3 physical backend
 2015-12-14 21:25:41 -05:00
Jeff Mitchell
de0963cf16 Add test to ensure the right backend was used with separate HA 2015-12-14 20:48:22 -05:00
Jeff Mitchell
741c2c9c34 Pass in an initialized client into EC2RoleProvider. 
Fixes #836
 2015-12-14 11:14:09 -05:00
Vicki Cheung
f453d022ef fixing etcd missing key error 2015-12-07 02:29:20 -05:00
Jeff Mitchell
6800d5185b Remove datacenter from Consul configuration, as it cannot actually do 
anything

Fixes #816
 2015-12-03 15:16:37 -05:00
Jeff Mitchell
4cdb7e9f44 Add new Consul API client MonitorRetries option 2015-12-01 00:08:14 -05:00
Jeff Mitchell
7d6fec95f8 Merge pull request #780 from vicki-c/master 
Port to new etcd client with TLS support
 2015-11-18 10:33:09 -05:00
Vicki Cheung
ba663824bd rejecting etcd addresses without url scheme 2015-11-17 15:18:50 -08:00
Vicki Cheung
180b27f915 adding check in etcd backend to validate machine urls 2015-11-16 14:35:04 -08:00
Vicki Cheung
444d073096 adding PermitPool to etcd backend 2015-11-15 22:38:21 -08:00
Vicki Cheung
ef32831927 porting to new etcd client 2015-11-15 22:12:06 -08:00
Yannick
f8d6f40670 Allow s3 bucket to come from config vars 2015-11-06 14:05:29 +01:00
Greg Brockman
944bbef6af Correct typo in comment 2015-11-06 00:41:14 -08:00
Greg Brockman
99f4d40fe0 Add support for etcd over TLS 2015-11-06 00:41:14 -08:00
Jeff Mitchell
dafecff414 Switch etcd default port to 2379, in line with 2.x. 
Fixes #753
 2015-11-05 09:47:50 -05:00
Jeff Mitchell
4d2d42d171 Don't use the semaphore library as it's racy; instead use a simple 
buffered channel. Passes all tests, including inmem, which uses it.
 2015-11-04 12:27:13 -05:00
Sander van Harmelen
8f17567774 Add a line to the documentation to describe the new feature 2015-11-04 15:36:24 +01:00
Sander van Harmelen
3e22536d83 Add an option to configure the S3 endpoint 
This enables the use of other (AWS S3 compatible) S3 endpoints.
 2015-11-04 15:04:36 +01:00
Jeff Mitchell
e0d2b1af78 Add configuration parameter for max parallel connections to Consul 2015-11-03 15:26:07 -05:00
Jeff Mitchell
05810ae786 Address review feedback 2015-11-03 14:48:05 -05:00
Jeff Mitchell
867563de0d Add a PermitPool to physical and consul/inmem 
The permit pool controls the number of outstanding operations that can
be queued for Consul (and inmem, for testing purposes). This prevents
possible situations where Vault launches thousands of concurrent
connections to Consul if e.g. a huge number of leases need to be
expired.

Fixes #677
 2015-11-03 11:49:20 -05:00
Seth Vargo
3e2c4ffb7b Fix breaking API changes 2015-10-30 18:22:48 -04:00
Jeff Mitchell
0dbbef1ac0 Don't use http.DefaultClient 
This strips out http.DefaultClient everywhere I could immediately find
it. Too many things use it and then modify it in incompatible ways.

Fixes #700, I believe.
 2015-10-15 17:54:00 -04:00
Tuomas Silen
82a04398a3 Rename error return var 2015-09-15 11:18:43 +03:00
Tuomas Silen
e92001ca69 Further cleanup, use named return vals 2015-09-14 13:30:15 +03:00
Tuomas Silen
154aada606 Cleanup defer func 2015-09-11 16:30:12 +03:00
Tuomas Silen
0f8bbb753a Use defer to close the channel in case of error 2015-09-11 16:17:23 +03:00
Tuomas Silen
8d9eaca39a Renew the semaphore key periodically 
The semaphore key is used to determine whether we are the leader or not and is set to expire after TTL of 15 seconds. There was no logic implemented to renew the key before it expired, which caused the leader to step down and change every 15 seconds. A periodic timer is now added to update the key every 5 seconds to renew the TTL of the key.
 2015-09-09 19:33:07 +03:00
Jeff Mitchell
83678064d0 Fix tests with AWS changes. 2015-08-18 19:22:17 -07:00
Armon Dadgar
88204449af physical/s3: update for new AWS API 2015-08-17 12:19:55 -07:00
Daniel Rampelt
4993415b60 Use varbinary instead of varchar for mysql, fixes #512 2015-08-11 15:03:10 -04:00
Paul Hinze
0d4aa51855 Update vault code to match latest aws-sdk-go APIs 2015-08-06 11:37:08 -05:00
Armon Dadgar
5058582e98 Merge pull request #439 from geckoboard/feature-tls-mysql 
Using SSL to encrypt connections to MYSQL
 2015-08-05 14:52:43 -07:00
Vivien Schilis
35db9bed6a Naming cleanup 2015-07-29 20:19:21 +00:00
Daniel Kaffee
cf0ac18577 only use NewCertPool if there is a ca cert otherwise use host's certificates 2015-07-28 15:31:30 +03:00
Daniel Kaffee
2aadddd8f2 fix potential insecure skip verification bug 2015-07-28 15:15:31 +03:00
Daniel Kaffee
08feed86af fix identification to go formatting 2015-07-28 15:06:56 +03:00
Daniel Kaffee
68e340a285 refactor code 2015-07-28 14:55:33 +03:00
Lauro Balderas
04bc1c0ae1 Granting S3 backend temporary access 2015-07-18 16:48:23 +10:00
Vivien Schilis
7e54fd2d1a Add tls.Config if sslca is provided 2015-07-17 22:33:06 +00:00
Armon Dadgar
fce7c43b98 physical/zk: Fixing node representation. Fixes #416 2015-07-13 19:33:23 +10:00