Commit graph

123 commits

Author SHA1 Message Date
Seth Vargo
7af2bdc5a4 Add support for Google Cloud Spanner (#3977) 2018-02-14 20:31:20 -05:00
Paul Stack
7181749031 Adding Manta Storage Backend (#3720)
This PR adds a new Storage Backend for Triton's Object Storage - Manta

```
make testacc TEST=./physical/manta
==> Checking that code complies with gofmt requirements...
==> Checking that build is using go version >= 1.9.1...
go generate
VAULT_ACC=1 go test -tags='vault' ./physical/manta -v  -timeout 45m
=== RUN   TestMantaBackend
--- PASS: TestMantaBackend (61.18s)
PASS
ok  	github.com/hashicorp/vault/physical/manta	61.210s
```

Manta behaves differently to how S3 works - it has no such concepts of Buckets - it is merely a filesystem style object store

Therefore, we have chosen the approach of when writing a secret `foo` it will actually map (on disk) as foo/.vault_value

The reason for this is because if we write the secret `foo/bar` and then try and Delete a key using the name `foo` then Manta
will complain that the folder is not empty because `foo/bar` exists. Therefore, `foo/bar` is written as `foo/bar/.vault_value`

The value of the key is *always* written to a directory tree of the name and put in a `.vault_value` file.
2018-02-12 18:22:41 -05:00
Jeff Mitchell
22aeac2e8e Add a space before the MFA super 2018-02-05 12:32:25 -05:00
Jeff Mitchell
d719a6c067 Move MFA to deprecated section, mark with a super 2018-02-05 12:32:21 -05:00
Jeff Mitchell
ca9aed63bb Mark old MFA as legacy/unsupported in sidebar 2018-02-05 11:47:59 -05:00
Jeff Mitchell
d6552a11cc Merge branch 'master-oss' into sethvargo/cli-magic 2018-01-03 14:02:31 -05:00
Nicolas Corrarello
a3df394134
Pull master into f-nomad
Signed-off-by: Nicolas Corrarello <nicolas@corrarello.com>
2017-11-29 15:56:37 +00:00
Seth Vargo
09366b573c
Add an auto-unseal page to the docs
This helps with SEO and also is where I'd expect auto unsealing to be referenced.
2017-11-14 13:12:20 -05:00
Seth Vargo
249417481f
Use super to show enterprise 2017-11-14 13:11:55 -05:00
Jeff Mitchell
f056cf9119 Sync docs 2017-11-14 06:13:11 -05:00
Jason Antman
ee438809d6 Add third party tools list to website (#3488) 2017-11-06 12:11:02 -05:00
Nicolas Corrarello
482d73aebe Minor/Cosmetic fixes 2017-10-31 19:11:24 +00:00
AJ Bourg
e26573cb78 Add a doc for the token helper (#3411)
* Add token helper docs.

* Update it so the new token helpers page appears in the navigation.
2017-10-27 09:42:33 -05:00
Seth Vargo
23d1d9a1ac
Resolve the most painful merge conflict known on earth 2017-10-24 09:34:12 -04:00
Seth Vargo
b8e4b0d515
Standardize on "auth method"
This removes all references I could find to:

- credential provider
- authentication backend
- authentication provider
- auth provider
- auth backend

in favor of the unified:

- auth method
2017-10-24 09:32:15 -04:00
Seth Vargo
965b8809e3
Audit backend -> device 2017-10-24 09:30:52 -04:00
Seth Vargo
fc0ba28051
Add new commands to the sidebar 2017-10-24 09:30:52 -04:00
Nicolas Corrarello
72b0a2fcdb Adding Nomad docs to the nav. Minor cosmetics fixes 2017-10-06 16:03:06 +01:00
Brian Kassouf
4fb3f163ee Kubernetes auth (#3350)
* Import the kubernetes credential backend

* Add kubernetes docs

* Escape * characters

* Revert "Import the kubernetes credential backend"

This reverts commit f12627a942.

* Update the vendored directory
2017-09-19 09:27:26 -05:00
Chris Hoffman
010575cb60 Rename "generic" secret backend to "kv" (#3292) 2017-09-15 09:02:29 -04:00
Chris Hoffman
ca74cdbc23 update enterprise urls /docs/vault-enterprise -> /docs/enterprise (#3333) 2017-09-13 15:37:40 -04:00
Seth Vargo
aa1591cd3b
Remove fake news about custom plugins
This also adds a redirect from the old page to the new one
2017-08-30 12:57:45 -04:00
emily
376bd88479 Initial GCP auth backend documentation (#3167) 2017-08-15 22:03:04 -04:00
Jeff Mitchell
443df65ae5 Add PingID MFA docs (#3182) 2017-08-15 22:01:34 -04:00
Brian Kassouf
1691a3756a Oracle plugin docs (#3131)
* Add oracle database docs

* Add oracle database docs

* Fix commas in json output

* Update oracle.html.md
2017-08-15 17:24:01 -07:00
Tony Cai
003bf92000 Add missing link to sidebar menu (#3153)
* Add missing link to sidebar menu

* Add missing link to sidebar menu
2017-08-14 12:33:47 -04:00
Seth Vargo
8581a7879c Break SSH types into their own pages (#3157)
@jefferai and I discussed this on Friday. With three fully-documented
SSH backends, the page is lengthy, ungreppable, and intimidating. This
commit separates the SSH backends into their own pages with as little
text changes as possible.
2017-08-14 10:49:41 -04:00
Seth Vargo
32c94e1a8c Remove references to VSI (#3143)
Andy approved
2017-08-10 20:47:59 -04:00
vishalnayak
22beec9ec0 docs: Added identity concepts 2017-08-09 13:08:05 -04:00
Vishal Nayak
d2b3f42936 docs: MFA usage details (#3133) 2017-08-08 23:48:31 -04:00
Chris Hoffman
d60dd42c81 API Docs updates (#3101) 2017-08-08 12:28:17 -04:00
Oliver Beattie
c5222319e9 Fix docs to use new style 2017-07-31 15:24:08 +01:00
Vishal Nayak
96e8ffea5a docs: Identity Store (#3055) 2017-07-25 18:33:17 -04:00
Chris Hoffman
317ae32ca7 CockroachDB Physical Backend (#2713) 2017-07-23 08:54:33 -04:00
Calvin Leung Huang
2b0f80b981 Backend plugin system (#2874)
* Add backend plugin changes

* Fix totp backend plugin tests

* Fix logical/plugin InvalidateKey test

* Fix plugin catalog CRUD test, fix NoopBackend

* Clean up commented code block

* Fix system backend mount test

* Set plugin_name to omitempty, fix handleMountTable config parsing

* Clean up comments, keep shim connections alive until cleanup

* Include pluginClient, disallow LookupPlugin call from within a plugin

* Add wrapper around backendPluginClient for proper cleanup

* Add logger shim tests

* Add logger, storage, and system shim tests

* Use pointer receivers for system view shim

* Use plugin name if no path is provided on mount

* Enable plugins for auth backends

* Add backend type attribute, move builtin/plugin/package

* Fix merge conflict

* Fix missing plugin name in mount config

* Add integration tests on enabling auth backend plugins

* Remove dependency cycle on mock-plugin

* Add passthrough backend plugin, use logical.BackendType to determine lease generation

* Remove vault package dependency on passthrough package

* Add basic impl test for passthrough plugin

* Incorporate feedback; set b.backend after shims creation on backendPluginServer

* Fix totp plugin test

* Add plugin backends docs

* Fix tests

* Fix builtin/plugin tests

* Remove flatten from PluginRunner fields

* Move mock plugin to logical/plugin, remove totp and passthrough plugins

* Move pluginMap into newPluginClient

* Do not create storage RPC connection on HandleRequest and HandleExistenceCheck

* Change shim logger's Fatal to no-op

* Change BackendType to uint32, match UX backend types

* Change framework.Backend Setup signature

* Add Setup func to logical.Backend interface

* Move OptionallyEnableMlock call into plugin.Serve, update docs and comments

* Remove commented var in plugin package

* RegisterLicense on logical.Backend interface (#3017)

* Add RegisterLicense to logical.Backend interface

* Update RegisterLicense to use callback func on framework.Backend

* Refactor framework.Backend.RegisterLicense

* plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs

* plugin: Revert BackendType to remove TypePassthrough and related references

* Fix typo in plugin backends docs
2017-07-20 13:28:40 -04:00
Seth Vargo
31e8349197 Update Policies and Auth concepts pages (#3011) 2017-07-14 11:15:22 -04:00
Seth Vargo
49fe772e0c Add rekeying guide & move guides to top-level (#2935) 2017-06-29 14:43:43 +01:00
Armon Dadgar
629cc49ae9 website: adding production hardening guide 2017-06-20 17:44:54 -07:00
Seth Vargo
76b11dfd91 Add callouts for deprecations and beta (#2854)
This makes the sidebar emphasize the deprecated database backends more.
2017-06-14 16:11:16 +01:00
Cameron Stokes
9fa289e9f6 [docs] Fix Mongodb link in sidebar. 2017-06-07 20:36:36 -07:00
Calvin Leung Huang
a4c652cbb3 Mongodb plugin (#2698)
* WIP on mongodb plugin

* Add mongodb plugin

* Add tests

* Update mongodb.CreateUser() comment

* Update docs

* Add missing docs

* Fix mongodb docs

* Minor comment and test updates

* Fix imports

* Fix dockertest import

* Set c.Initialized at the end, check for empty CreationStmts first on CreateUser

* Remove Initialized check on Connection()

* Add back Initialized check

* Update docs

* Move connProducer and credsProducer into pkg for  mongodb and cassandra

* Chage parseMongoURL to be a private func

* Default to admin if no db is provided in creation_statements

* Update comments and docs
2017-05-11 17:38:54 -04:00
Brian Kassouf
fcd4f903c3 Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 12:40:00 -07:00
mymercurialsky
461d658e88 Implemented TOTP Secret Backend (#2492)
* Initialized basic outline of TOTP backend using Postgresql backend as template

* Updated TOTP backend.go's structure and help string

* Updated TOTP path_roles.go's structure and help strings

* Updated TOTP path_role_create.go's structure and help strings

* Fixed typo in path_roles.go

* Fixed errors in path_role_create.go and path_roles.go

* Added TOTP secret backend information to cli commands

* Fixed build errors in path_roles.go and path_role_create.go

* Changed field values of period and digits from uint to int, added uint conversion of period when generating passwords

* Initialized TOTP test file based on structure of postgresql test file

* Added enforcement of input values

* Added otp library to vendor folder

* Added test steps and cleaned up errors

* Modified read credential test step, not working yet

* Use of vendored package not allowed - Test error

* Removed vendor files for TOTP library

* Revert "Removed vendor files for TOTP library"

This reverts commit fcd030994b.

* Hopefully fixed vendor folder issue with TOTP Library

* Added additional tests for TOTP backend

* Cleaned up comments in TOTP backend_test.go

* Added default values of period, algorithm and digits to field schema

* Changed account_name and issuer fields to optional

* Removed MD5 as a hash algorithm option

* Implemented requested pull request changes

* Added ability to validate TOTP codes

* Added ability to have a key generated

* Added skew, qr size and key size parameters

* Reset vendor.json prior to merge

* Readded otp and barcode libraries to vendor.json

* Modified help strings for path_role_create.go

* Fixed test issue in testAccStepReadRole

* Cleaned up error formatting, variable names and path names. Also added some additional documentation

* Moveed barcode and url output to key creation function and did some additional cleanup based on requested changes

* Added ability to pass in TOTP urls

* Added additional tests for TOTP server functions

* Removed unused QRSize, URL and Generate members of keyEntry struct

* Removed unnecessary urlstring variable from pathKeyCreate

* Added website documentation for TOTP secret backend

* Added errors if generate is true and url or key is passed, removed logger from backend, and revised parameter documentation.

* Updated website documentation and added QR example

* Added exported variable and ability to disable QR generation, cleaned up error reporting, changed default skew value, updated documentation and added additional tests

* Updated API documentation to inlude to exported variable and qr size option

* Cleaned up return statements in path_code, added error handling while validating codes and clarified documentation for generate parameters in path_keys
2017-05-04 10:49:42 -07:00
Brian Kassouf
55f1f5116a Merge remote-tracking branch 'oss/master' into database-refactor 2017-05-04 10:45:18 -07:00
Brian Kassouf
85967cb5a8 Add custom plugins docs page 2017-05-03 00:01:28 -07:00
Jeff Mitchell
d300c23597 Add website skeleton 2017-05-02 16:26:32 -04:00
Brian Kassouf
31541b7fdd Add plugins interal page to the sidebar: 2017-05-02 02:00:04 -07:00
Seth Vargo
bf9ef7c302 Add UI docs (#2664) 2017-05-01 17:36:37 -04:00
Joel Thompson
5a934e6b2f Create unified aws auth backend (#2441)
* Rename builtin/credential/aws-ec2 to aws

The aws-ec2 authentication backend is being expanded and will become the
generic aws backend. This is a small rename commit to keep the commit
history clean.

* Expand aws-ec2 backend to more generic aws

This adds the ability to authenticate arbitrary AWS IAM principals using
AWS's sts:GetCallerIdentity method. The AWS-EC2 auth backend is being to
just AWS with the expansion.

* Add missing aws auth handler to CLI

This was omitted from the previous commit

* aws auth backend general variable name cleanup

Also fixed a bug where allowed auth types weren't being checked upon
login, and added tests for it.

* Update docs for the aws auth backend

* Refactor aws bind validation

* Fix env var override in aws backend test

Intent is to override the AWS environment variables with the TEST_*
versions if they are set, but the reverse was happening.

* Update docs on use of IAM authentication profile

AWS now allows you to change the instance profile of a running instance,
so the use case of "a long-lived instance that's not in an instance
profile" no longer means you have to use the the EC2 auth method. You
can now just change the instance profile on the fly.

* Fix typo in aws auth cli help

* Respond to PR feedback

* More PR feedback

* Respond to additional PR feedback

* Address more feedback on aws auth PR

* Make aws auth_type immutable per role

* Address more aws auth PR feedback

* Address more iam auth PR feedback

* Rename aws-ec2.html.md to aws.html.md

Per PR feedback, to go along with new backend name.

* Add MountType to logical.Request

* Make default aws auth_type dependent upon MountType

When MountType is aws-ec2, default to ec2 auth_type for backwards
compatibility with legacy roles. Otherwise, default to iam.

* Pass MountPoint and MountType back up to the core

Previously the request router reset the MountPoint and MountType back to
the empty string before returning to the core. This ensures they get set
back to the correct values.
2017-04-24 15:15:50 -04:00
Seth Vargo
354da36a6f
Cleanup CSS 2017-03-26 16:04:21 -04:00