mirrors/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2025-08-19 21:51:09 +02:00
Code Issues Projects Releases Wiki Activity
9,692 Commits 2,844 Branches 445 Tags
Commit Graph

9692 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Mitchell Hashimoto
07f8e262fe logical/consul 2015-03-21 17:19:37 +01:00
Mitchell Hashimoto
26583fb05f logical/framework: auto-extend leases if requested 2015-03-21 16:20:30 +01:00
Mitchell Hashimoto
c3342cd344 logical/aws: refactor access key create to the secret file 2015-03-21 11:49:56 +01:00
Mitchell Hashimoto
f08879971e logical/aws: remove debug I was using to test rollback :) 2015-03-21 11:20:22 +01:00
Mitchell Hashimoto
f99f6c910e logical/aws: WAL entry for users, rollback 2015-03-21 11:18:46 +01:00
Mitchell Hashimoto
a04df95177 logical/testing: immediate rollback, ignore RollbackMinAge 2015-03-21 11:18:33 +01:00
Mitchell Hashimoto
c872e0f788 logical/framework: rollback should return error, easier API 2015-03-21 11:08:13 +01:00
Mitchell Hashimoto
c9e64725d7 logical/framework: rollback needs to have access to request for storage 2015-03-21 11:03:59 +01:00
Armon Dadgar
e7648877c5 vault: playing with credential store interface 2015-03-20 13:54:57 -07:00
Armon Dadgar
972fc8238b vault: implement the sys/auth* endpoints 2015-03-20 12:48:19 -07:00
Mitchell Hashimoto
ac8570c809 main: enable AWS backend 2015-03-20 19:32:18 +01:00
Mitchell Hashimoto
3456d9276c logical/aws 2015-03-20 19:03:20 +01:00
Mitchell Hashimoto
2ce92edd0f logical/framework: can specify InternalData for secret 2015-03-20 17:59:48 +01:00
Mitchell Hashimoto
92e200f150 logical/testing: rollback/revoke secrets, error dangling secrets 2015-03-20 17:20:55 +01:00
Mitchell Hashimoto
2c7343854f http: passing tests 2015-03-19 23:28:49 +01:00
Mitchell Hashimoto
e6ab3a3771 vault: clean up VaultID duplications, make secret responses clearer 
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
 2015-03-19 23:11:42 +01:00
Mitchell Hashimoto
163bfa62a6 logical/framework: support renew 2015-03-19 20:20:57 +01:00
Mitchell Hashimoto
b54dc20aff logical/framework: revoke support 2015-03-19 19:41:41 +01:00
Armon Dadgar
9fcd6a8d04 vault: testing credential enable/disable 2015-03-19 10:39:47 -07:00
Armon Dadgar
8e29253c2b vault: Change constant name 2015-03-19 09:56:39 -07:00
Armon Dadgar
0c7a4982b5 vault: Switch AuthTable to using MountTable 2015-03-19 09:54:57 -07:00
Mitchell Hashimoto
6c1ecc8a15 logical/framework: can specify renew/revoke functins for secret 2015-03-19 15:07:45 +01:00
Mitchell Hashimoto
813873b115 vault: convert to new callback style 2015-03-19 15:05:22 +01:00
Mitchell Hashimoto
b5757ae49a logical/framework: add methods to look up secret and gen response 2015-03-19 14:59:01 +01:00
Mitchell Hashimoto
ef56daa3bc logical/framework: use custom request wrapper 2015-03-19 14:39:25 +01:00
Armon Dadgar
6b621caea0 vault: first pass at enable/disable auth backends 2015-03-18 19:36:17 -07:00
Armon Dadgar
1478fa8359 vault: token store is a credential implementation 2015-03-18 19:11:52 -07:00
Armon Dadgar
cae7c3adf1 vault: Removing mtype from router 2015-03-18 15:48:14 -07:00
Armon Dadgar
ca919e6a15 vault: first pass at initializing credential backends 2015-03-18 15:46:07 -07:00
Armon Dadgar
22897d7840 vault: Adding hooks for auth loading 2015-03-18 15:30:31 -07:00
Armon Dadgar
c7f0d38e1a vault: Allow passing in credential backends 2015-03-18 15:21:41 -07:00
Armon Dadgar
a324bb6f46 credential: Base interface 2015-03-18 15:21:25 -07:00
Armon Dadgar
7198dd6271 vault: more protection of protected mount points 2015-03-18 15:16:52 -07:00
Armon Dadgar
ddbc1c5258 vault: integrate policy and token store into core 2015-03-18 14:00:42 -07:00
Armon Dadgar
9a0fbe9d0b vault: testing token revocation 2015-03-18 13:50:36 -07:00
Armon Dadgar
ea578306d5 vault: Guard against blank tokens 2015-03-18 13:21:16 -07:00
Armon Dadgar
ae8de95e0f vault: First pass token store 2015-03-18 13:19:19 -07:00
Armon Dadgar
73c498160c vault: Adding PolicyStore 2015-03-18 12:17:03 -07:00
Armon Dadgar
9780e5c6e4 vault: Refactor to use CollectKeys 2015-03-18 12:06:18 -07:00
Mitchell Hashimoto
801260bf0f vault: TODOs 2015-03-17 20:54:38 -05:00
Mitchell Hashimoto
e377869766 vault: comment mounts mapping in rollback manager 2015-03-17 20:53:28 -05:00
Mitchell Hashimoto
5c1a8f297f vault: put uint32 at top of struct to avoid alignment issues 2015-03-17 20:46:10 -05:00
Mitchell Hashimoto
f4cc32e126 logical/framework: test for minimum age 2015-03-17 20:42:35 -05:00
Mitchell Hashimoto
56fb620b2d logical/framework: only rollback old enough WAL entries 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
93f828ec0d logical/framework: WAL entry supports "kind" 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
e77f79b317 logical/framework: rollback support 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto
79af0e5d9e logical/framework: WAL should live here 2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
2a4a58732d logical: WAL methods 2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
99c9f1a5d7 vault: ignore backends that don't support rollback 2015-03-17 20:39:45 -05:00
Mitchell Hashimoto
4ba99024ae vault: start/stop rollback manager post/pre seal 2015-03-17 20:39:45 -05:00