Skip to content

Commit

Permalink
Merge branch 'master' into cdcr
Browse files Browse the repository at this point in the history 
* master: (94 commits)
  Add type to documentation for create in token auth API (#6622)
  Merge multiple functions for creating consul containers into one. (#6612)
  Update deep to pull in default full-level-diff behavior
  Update base64 decrypt command documentation (#6614)
  Add some missing default values (#6611)
  Typo fixes (#6610)
  UI - no ember cli eslint (#6613)
  Update githook to work with go mod workflows (#6604)
  Cut version 1.1.2
  Prep for 1.1.2
  changelog++
  Add a get handler function (#6603)
  Move cluster logic out of vault package (#6601)
  Adding common prefix known issue to upgrade guide (#6575)
  changelog++
  UI - write without read for kv (#6570)
  Add known issue section to the upgrade guide (#6593)
  Update pre-push hook
  changelog++
  Fix a dropped Okta error (#6592)
  ...
  • Loading branch information
@catsby
catsby committed Apr 22, 2019
2 parents 1e1c600 + 5800646 commit 0b706a9
Show file tree
Hide file tree
Showing 3,277 changed files with 270,211 additions and 220,171 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,7 @@ ui/connect.lock
ui/coverage/*
ui/libpeerconnection.log
ui/npm-debug.log
ui/test-reports/*
ui/testem.log

# used for JS acceptance tests
Expand Down
7 changes: 6 additions & 1 deletion .hooks/pre-push
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
#!/bin/sh

remote="$1"
remote_url=$(git remote get-url $remote)

if [[ $remote_url == *"vault-enterprise"* ]]; then
exit 0
fi

if [ "$remote" = "enterprise" ]; then
exit 0
Expand All @@ -10,7 +15,7 @@ if [ "$remote" = "ent" ]; then
exit 0
fi

if [ -f version/version_ent.go ]; then
if [ -f command/version_ent.go ]; then
echo "Found enterprise version file while pushing to oss remote"
exit 1
fi
Expand Down
4 changes: 2 additions & 2 deletions .travis.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ services:
- docker

go:
- "1.11.1"
- "1.12"

go_import_path: github.com/hashicorp/vault

Expand All @@ -41,7 +41,7 @@ env:
- TEST_COMMAND='make dev test-ember'
- TEST_COMMAND='travis_wait 75 make testtravis'
- TEST_COMMAND='travis_wait 75 make testracetravis'

- GO111MODULE=on

script:
- make bootstrap
Expand Down
69 changes: 67 additions & 2 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,64 @@
## 1.1.1 (unreleased)
## Next

CHANGES:

* autoseal/aws: The user-configured regions on the AWSKMS seal stanza
will now be preferred over regions set in the enclosing environment.
This is a _breaking_ change.

IMPROVEMENTS:

* ui: KV v1 and v2 will now gracefully degrade allowing a write without read
workflow in the UI [GH-6570]

BUG FIXES:

* ui: fix an issue where sensitive input values weren't being saved to the
server [GH-6586]

## 1.1.2 (April 18th, 2019)

This is a bug fix release containing the two items below. It is otherwise
unchanged from 1.1.1.

BUG FIXES:

* auth/okta: Fix a potential dropped error [GH-6592]
* secrets/kv: Fix a regression on upgrade where a KVv2 mount could fail to be
mounted on unseal if it had previously been mounted but not written to
[KV-31]

## 1.1.1 (April 11th, 2019)

SECURITY:

* Given: (a) performance replication is enabled; (b) performance standbys are
in use on the performance replication secondary cluster; and (c) mount
filters are in use, if a mount that was previously available to a secondary
is updated to be filtered out, although the data would be removed from the
secondary cluster, the in-memory cache of the data would not be purged on
the performance standby nodes. As a result, the previously-available data
could still be read from memory if it was ever read from disk, and if this
included mount configuration data this could result in token or lease
issuance. The issue is fixed in this release; in prior releases either an
active node changeover (such as a step-down) or a restart of the standby
nodes is sufficient to cause the performance standby nodes to clear their
cache. A CVE is in the process of being issued; the number is
CVE-2019-11075.
* Roles in the JWT Auth backend using the OIDC login flow (i.e. role_type of
“oidc”) were not enforcing bound_cidrs restrictions, if any were configured
for the role. This issue did not affect roles of type “jwt”.

CHANGES:

* auth/jwt: Disallow logins of role_type "oidc" via the `/login` path [JWT-38]
* core/acl: New ordering defines which policy wins when there are multiple
inexact matches and at least one path contains `+`. `+*` is now illegal in
policy paths. The previous behavior simply selected any matching
segment-wildcard path that matched. [GH-6532]
* replication: Due to technical limitations, mounting and unmounting was not
previously possible from a performance secondary. These have been resolved,
and these operations may now be run from a performance secondary.

IMPROVEMENTS:

Expand All @@ -11,6 +67,8 @@ IMPROVEMENTS:
* auth/jwt: Bounds claims validiation will now allow matching the received
claims against a list of expected values [JWT-41]
* secret/gcp: Cache clients to improve performance and reduce open file usage
* replication: Mounting/unmounting/remounting/mount-tuning is now supported
from a performance secondary cluster
* ui: Suport for authentication via the RADIUS auth method [GH-6488]
* ui: Navigating away from secret list view will clear any page-specific
filter that was applied [GH-6511]
Expand All @@ -32,7 +90,12 @@ BUG FIXES:
* core: Fix unwrapping when using namespaced wrapping tokens [GH-6536]
* core: Fix incorrect representation of required properties in OpenAPI output
[GH-6490]
* core: Fix deadlock that could happen when using the UI [GH-6560]
* identity: Fix updating groups removing existing members [GH-6527]
* identity: Properly invalidate group alias in performance secondary [GH-6564]
* identity: Use namespace context when loading entities and groups to ensure
merging of duplicate entries works properly [GH-6563]
* replication: Fix performance standby election failure [GH-6561]
* replication: Fix mount filter invalidation on performance standby nodes
* replication: Fix license reloading on performance standby nodes
* replication: Fix handling of control groups on performance standby nodes
Expand All @@ -47,7 +110,9 @@ BUG FIXES:
* ui: Fix issue nav-hiding when moving between namespaces [GH-6473]
* ui: Secrets will always show in the nav regardless of access to cubbyhole [GH-6477]
* ui: fix SSH OTP generation [GH-6540]

* ui: add polyfill to load UI in IE11 [GH-6567]
* ui: Fix issue where some elements would fail to work properly if using ACLs
with segment-wildcard paths (`/+/` segments) [GH-6525]

## 1.1.0 (March 18th, 2019)

Expand Down
22 changes: 11 additions & 11 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,17 +147,17 @@ static-dist: ember-dist static-assets
static-dist-dev: ember-dist-dev static-assets

proto:
protoc vault/*.proto --go_out=plugins=grpc:../../..
protoc helper/storagepacker/types.proto --go_out=plugins=grpc:../../..
protoc helper/forwarding/types.proto --go_out=plugins=grpc:../../..
protoc logical/*.proto --go_out=plugins=grpc:../../..
protoc physical/types.proto --go_out=plugins=grpc:../../..
protoc helper/identity/mfa/types.proto --go_out=plugins=grpc:../../..
protoc helper/identity/types.proto --go_out=plugins=grpc:../../..
protoc builtin/logical/database/dbplugin/*.proto --go_out=plugins=grpc:../../..
protoc logical/plugin/pb/*.proto --go_out=plugins=grpc:../../..
sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/protobuf:"/sentinel:"" protobuf:"/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/identity/mfa/types.pb.go helper/storagepacker/types.pb.go logical/plugin/pb/backend.pb.go logical/identity.pb.go
sed -i -e 's/Iv/IV/' -e 's/Hmac/HMAC/' physical/types.pb.go
protoc vault/*.proto --go_out=plugins=grpc,paths=source_relative:.
protoc helper/storagepacker/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc helper/forwarding/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc sdk/logical/*.proto --go_out=plugins=grpc,paths=source_relative:.
protoc sdk/physical/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc helper/identity/mfa/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc helper/identity/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc sdk/database/dbplugin/*.proto --go_out=plugins=grpc,paths=source_relative:.
protoc sdk/plugin/pb/*.proto --go_out=plugins=grpc,paths=source_relative:.
sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/protobuf:"/sentinel:"" protobuf:"/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/identity/mfa/types.pb.go helper/storagepacker/types.pb.go sdk/plugin/pb/backend.pb.go sdk/logical/identity.pb.go
sed -i -e 's/Iv/IV/' -e 's/Hmac/HMAC/' sdk/physical/types.pb.go

fmtcheck:
@true
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ Developing Vault

If you wish to work on Vault itself or any of its built-in systems, you'll
first need [Go](https://www.golang.org) installed on your machine (version
1.11+ is *required*).
1.12.1+ is *required*).

For local dev first make sure Go is properly installed, including setting up a
[GOPATH](https://golang.org/doc/code.html#GOPATH). Next, clone this repository
Expand Down
4 changes: 2 additions & 2 deletions api/client.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ import (
cleanhttp "github.com/hashicorp/go-cleanhttp"
retryablehttp "github.com/hashicorp/go-retryablehttp"
rootcerts "github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/vault/helper/consts"
"github.com/hashicorp/vault/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"golang.org/x/net/http2"
"golang.org/x/time/rate"
)
Expand Down
2 changes: 1 addition & 1 deletion api/client_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ package api

import (
"bytes"
"github.com/hashicorp/vault/helper/consts"
"github.com/hashicorp/vault/sdk/helper/consts"
"io"
"net/http"
"os"
Expand Down
19 changes: 19 additions & 0 deletions api/go.mod
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
module github.com/hashicorp/vault/api

go 1.12

replace github.com/hashicorp/vault/sdk => ../sdk

require (
github.com/hashicorp/errwrap v1.0.0
github.com/hashicorp/go-cleanhttp v0.5.1
github.com/hashicorp/go-multierror v1.0.0
github.com/hashicorp/go-retryablehttp v0.5.3
github.com/hashicorp/go-rootcerts v1.0.0
github.com/hashicorp/hcl v1.0.0
github.com/hashicorp/vault/sdk v0.1.8
github.com/mitchellh/mapstructure v1.1.2
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
gopkg.in/square/go-jose.v2 v2.3.1
)
Loading

0 comments on commit 0b706a9

Please sign in to comment.