Skip to content

Commit

Permalink
Merge branch 'master' into grace-period-calc
Browse files Browse the repository at this point in the history
  • Loading branch information
jefferai authored Mar 15, 2018
2 parents 8f97444 + abd9033 commit 9a14905
Show file tree
Hide file tree
Showing 120 changed files with 12,458 additions and 533 deletions.
16 changes: 15 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,18 @@

DEPRECATIONS/CHANGES:

* The AWS authentication backend now allows binds for inputs, as either a
* The AWS authentication backend now allows binds for inputs as either a
comma-delimited string or a string array. However, to keep consistency with
input and output, when reading a role the binds will now be returned as
string arrays rather than strings.

IMPROVEMENTS:

* auth/approle: Allow array input for bound_cidr_list [4078]
* auth/aws: Allow using lists in role bind parameters [GH-3907]
* auth/aws: Allow binding by EC2 instance IDs [GH-3816]
* secret/transit: Allow selecting signature algorithm as well as hash
algorithm when signing/verifying [GH-4018]
* server: Make sure `tls_disable_client_cert` is actually a true value rather
than just set [GH-4049]
* storage/gcs: Allow specifying chunk size for transfers, which can reduce
Expand All @@ -19,8 +23,18 @@ IMPROVEMENTS:

BUG FIXES:

* auth/aws: Fix honoring `max_ttl` when a corresponding role `ttl` is not also
set [GH-4107]
* auth/okta: Fix honoring configured `max_ttl` value [GH-4110]
* auth/token: If a periodic token being issued has a period greater than the
max_lease_ttl configured on the token store mount, truncate it. This matches
renewal behavior; before it was inconsistent between issuance and renewal.
[GH-4112]
* cli: Improve error messages around `vault auth help` when there is no CLI
helper for a particular method [GH-4056]
* cli: Fix autocomplete installation when using Fish as the shell [GH-4094]
* secret/database: Properly honor mount-tuned max TTL [GH-4051]
* secret/ssh: Return `key_bits` value when reading a role [GH-4098]

## 0.9.5 (February 26th, 2018)

Expand Down
4 changes: 2 additions & 2 deletions api/renewer.go
Original file line number Diff line number Diff line change
Expand Up @@ -156,8 +156,8 @@ func (r *Renewer) Stop() {
}

// Renew starts a background process for renewing this secret. When the secret
// is has auth data, this attempts to renew the auth (token). When the secret
// has a lease, this attempts to renew the lease.
// has auth data, this attempts to renew the auth (token). When the secret has
// a lease, this attempts to renew the lease.
func (r *Renewer) Renew() {
var result error
if r.secret.Auth != nil {
Expand Down
16 changes: 10 additions & 6 deletions api/sys_auth.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,9 +91,11 @@ type EnableAuthOptions struct {
}

type AuthConfigInput struct {
DefaultLeaseTTL string `json:"default_lease_ttl" structs:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL string `json:"max_lease_ttl" structs:"max_lease_ttl" mapstructure:"max_lease_ttl"`
PluginName string `json:"plugin_name,omitempty" structs:"plugin_name,omitempty" mapstructure:"plugin_name"`
DefaultLeaseTTL string `json:"default_lease_ttl" structs:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL string `json:"max_lease_ttl" structs:"max_lease_ttl" mapstructure:"max_lease_ttl"`
PluginName string `json:"plugin_name,omitempty" structs:"plugin_name,omitempty" mapstructure:"plugin_name"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" structs:"audit_non_hmac_request_keys" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" structs:"audit_non_hmac_response_keys" mapstructure:"audit_non_hmac_response_keys"`
}

type AuthMount struct {
Expand All @@ -106,7 +108,9 @@ type AuthMount struct {
}

type AuthConfigOutput struct {
DefaultLeaseTTL int `json:"default_lease_ttl" structs:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL int `json:"max_lease_ttl" structs:"max_lease_ttl" mapstructure:"max_lease_ttl"`
PluginName string `json:"plugin_name,omitempty" structs:"plugin_name,omitempty" mapstructure:"plugin_name"`
DefaultLeaseTTL int `json:"default_lease_ttl" structs:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL int `json:"max_lease_ttl" structs:"max_lease_ttl" mapstructure:"max_lease_ttl"`
PluginName string `json:"plugin_name,omitempty" structs:"plugin_name,omitempty" mapstructure:"plugin_name"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" structs:"audit_non_hmac_request_keys" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" structs:"audit_non_hmac_response_keys" mapstructure:"audit_non_hmac_response_keys"`
}
2 changes: 1 addition & 1 deletion audit/audit.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ type Backend interface {
// GetHash is used to return the given data with the backend's hash,
// so that a caller can determine if a value in the audit log matches
// an expected plaintext value
GetHash(string) (string, error)
GetHash(context.Context, string) (string, error)

// Reload is called on SIGHUP for supporting backends.
Reload(context.Context) error
Expand Down
11 changes: 6 additions & 5 deletions audit/format.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package audit

import (
"context"
"fmt"
"io"
"strings"
Expand All @@ -16,7 +17,7 @@ import (
type AuditFormatWriter interface {
WriteRequest(io.Writer, *AuditRequestEntry) error
WriteResponse(io.Writer, *AuditResponseEntry) error
Salt() (*salt.Salt, error)
Salt(context.Context) (*salt.Salt, error)
}

// AuditFormatter implements the Formatter interface, and allows the underlying
Expand All @@ -27,7 +28,7 @@ type AuditFormatter struct {

var _ Formatter = (*AuditFormatter)(nil)

func (f *AuditFormatter) FormatRequest(w io.Writer, config FormatterConfig, in *LogInput) error {
func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config FormatterConfig, in *LogInput) error {
if in == nil || in.Request == nil {
return fmt.Errorf("request to request-audit a nil request")
}
Expand All @@ -40,7 +41,7 @@ func (f *AuditFormatter) FormatRequest(w io.Writer, config FormatterConfig, in *
return fmt.Errorf("no format writer specified")
}

salt, err := f.Salt()
salt, err := f.Salt(ctx)
if err != nil {
return errwrap.Wrapf("error fetching salt: {{err}}", err)
}
Expand Down Expand Up @@ -151,7 +152,7 @@ func (f *AuditFormatter) FormatRequest(w io.Writer, config FormatterConfig, in *
return f.AuditFormatWriter.WriteRequest(w, reqEntry)
}

func (f *AuditFormatter) FormatResponse(w io.Writer, config FormatterConfig, in *LogInput) error {
func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config FormatterConfig, in *LogInput) error {
if in == nil || in.Request == nil {
return fmt.Errorf("request to response-audit a nil request")
}
Expand All @@ -164,7 +165,7 @@ func (f *AuditFormatter) FormatResponse(w io.Writer, config FormatterConfig, in
return fmt.Errorf("no format writer specified")
}

salt, err := f.Salt()
salt, err := f.Salt(ctx)
if err != nil {
return errwrap.Wrapf("error fetching salt: {{err}}", err)
}
Expand Down
7 changes: 4 additions & 3 deletions audit/format_json.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package audit

import (
"context"
"encoding/json"
"fmt"
"io"
Expand All @@ -12,7 +13,7 @@ import (
// a JSON format.
type JSONFormatWriter struct {
Prefix string
SaltFunc func() (*salt.Salt, error)
SaltFunc func(context.Context) (*salt.Salt, error)
}

func (f *JSONFormatWriter) WriteRequest(w io.Writer, req *AuditRequestEntry) error {
Expand Down Expand Up @@ -47,6 +48,6 @@ func (f *JSONFormatWriter) WriteResponse(w io.Writer, resp *AuditResponseEntry)
return enc.Encode(resp)
}

func (f *JSONFormatWriter) Salt() (*salt.Salt, error) {
return f.SaltFunc()
func (f *JSONFormatWriter) Salt(ctx context.Context) (*salt.Salt, error) {
return f.SaltFunc(ctx)
}
7 changes: 4 additions & 3 deletions audit/format_json_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package audit

import (
"bytes"
"context"
"encoding/json"
"strings"
"testing"
Expand All @@ -17,11 +18,11 @@ import (
)

func TestFormatJSON_formatRequest(t *testing.T) {
salter, err := salt.NewSalt(nil, nil)
salter, err := salt.NewSalt(context.Background(), nil, nil)
if err != nil {
t.Fatal(err)
}
saltFunc := func() (*salt.Salt, error) {
saltFunc := func(context.Context) (*salt.Salt, error) {
return salter, nil
}

Expand Down Expand Up @@ -90,7 +91,7 @@ func TestFormatJSON_formatRequest(t *testing.T) {
Request: tc.Req,
OuterErr: tc.Err,
}
if err := formatter.FormatRequest(&buf, config, in); err != nil {
if err := formatter.FormatRequest(context.Background(), &buf, config, in); err != nil {
t.Fatalf("bad: %s\nerr: %s", name, err)
}

Expand Down
7 changes: 4 additions & 3 deletions audit/format_jsonx.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package audit

import (
"context"
"encoding/json"
"fmt"
"io"
Expand All @@ -13,7 +14,7 @@ import (
// a XML format.
type JSONxFormatWriter struct {
Prefix string
SaltFunc func() (*salt.Salt, error)
SaltFunc func(context.Context) (*salt.Salt, error)
}

func (f *JSONxFormatWriter) WriteRequest(w io.Writer, req *AuditRequestEntry) error {
Expand Down Expand Up @@ -68,6 +69,6 @@ func (f *JSONxFormatWriter) WriteResponse(w io.Writer, resp *AuditResponseEntry)
return err
}

func (f *JSONxFormatWriter) Salt() (*salt.Salt, error) {
return f.SaltFunc()
func (f *JSONxFormatWriter) Salt(ctx context.Context) (*salt.Salt, error) {
return f.SaltFunc(ctx)
}
7 changes: 4 additions & 3 deletions audit/format_jsonx_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package audit

import (
"bytes"
"context"
"strings"
"testing"
"time"
Expand All @@ -15,11 +16,11 @@ import (
)

func TestFormatJSONx_formatRequest(t *testing.T) {
salter, err := salt.NewSalt(nil, nil)
salter, err := salt.NewSalt(context.Background(), nil, nil)
if err != nil {
t.Fatal(err)
}
saltFunc := func() (*salt.Salt, error) {
saltFunc := func(context.Context) (*salt.Salt, error) {
return salter, nil
}

Expand Down Expand Up @@ -94,7 +95,7 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
Request: tc.Req,
OuterErr: tc.Err,
}
if err := formatter.FormatRequest(&buf, config, in); err != nil {
if err := formatter.FormatRequest(context.Background(), &buf, config, in); err != nil {
t.Fatalf("bad: %s\nerr: %s", name, err)
}

Expand Down
13 changes: 7 additions & 6 deletions audit/format_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package audit

import (
"context"
"io"
"io/ioutil"
"testing"
Expand All @@ -22,12 +23,12 @@ func (n *noopFormatWriter) WriteResponse(_ io.Writer, _ *AuditResponseEntry) err
return nil
}

func (n *noopFormatWriter) Salt() (*salt.Salt, error) {
func (n *noopFormatWriter) Salt(ctx context.Context) (*salt.Salt, error) {
if n.salt != nil {
return n.salt, nil
}
var err error
n.salt, err = salt.NewSalt(nil, nil)
n.salt, err = salt.NewSalt(ctx, nil, nil)
if err != nil {
return nil, err
}
Expand All @@ -40,14 +41,14 @@ func TestFormatRequestErrors(t *testing.T) {
AuditFormatWriter: &noopFormatWriter{},
}

if err := formatter.FormatRequest(ioutil.Discard, config, &LogInput{}); err == nil {
if err := formatter.FormatRequest(context.Background(), ioutil.Discard, config, &LogInput{}); err == nil {
t.Fatal("expected error due to nil request")
}

in := &LogInput{
Request: &logical.Request{},
}
if err := formatter.FormatRequest(nil, config, in); err == nil {
if err := formatter.FormatRequest(context.Background(), nil, config, in); err == nil {
t.Fatal("expected error due to nil writer")
}
}
Expand All @@ -58,14 +59,14 @@ func TestFormatResponseErrors(t *testing.T) {
AuditFormatWriter: &noopFormatWriter{},
}

if err := formatter.FormatResponse(ioutil.Discard, config, &LogInput{}); err == nil {
if err := formatter.FormatResponse(context.Background(), ioutil.Discard, config, &LogInput{}); err == nil {
t.Fatal("expected error due to nil request")
}

in := &LogInput{
Request: &logical.Request{},
}
if err := formatter.FormatResponse(nil, config, in); err == nil {
if err := formatter.FormatResponse(context.Background(), nil, config, in); err == nil {
t.Fatal("expected error due to nil writer")
}
}
5 changes: 3 additions & 2 deletions audit/formatter.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package audit

import (
"context"
"io"
)

Expand All @@ -10,8 +11,8 @@ import (
//
// It is recommended that you pass data through Hash prior to formatting it.
type Formatter interface {
FormatRequest(io.Writer, FormatterConfig, *LogInput) error
FormatResponse(io.Writer, FormatterConfig, *LogInput) error
FormatRequest(context.Context, io.Writer, FormatterConfig, *LogInput) error
FormatResponse(context.Context, io.Writer, FormatterConfig, *LogInput) error
}

type FormatterConfig struct {
Expand Down
4 changes: 2 additions & 2 deletions audit/hashstructure_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ func TestHashString(t *testing.T) {
Key: "salt",
Value: []byte("foo"),
})
localSalt, err := salt.NewSalt(inmemStorage, &salt.Config{
localSalt, err := salt.NewSalt(context.Background(), inmemStorage, &salt.Config{
HMAC: sha256.New,
HMACType: "hmac-sha256",
})
Expand Down Expand Up @@ -206,7 +206,7 @@ func TestHash(t *testing.T) {
Key: "salt",
Value: []byte("foo"),
})
localSalt, err := salt.NewSalt(inmemStorage, &salt.Config{
localSalt, err := salt.NewSalt(context.Background(), inmemStorage, &salt.Config{
HMAC: sha256.New,
HMACType: "hmac-sha256",
})
Expand Down
Loading

0 comments on commit 9a14905

Please sign in to comment.