open-vault/logical/system_view.go

package logical

import "time"

// SystemView exposes system configuration information in a safe way
// for logical backends to consume
type SystemView interface {
	// DefaultLeaseTTL returns the default lease TTL set in Vault configuration
	DefaultLeaseTTL() time.Duration

	// MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend
	// authors should take care not to issue credentials that last longer than
	// this value, as Vault will revoke them
	MaxLeaseTTL() time.Duration

	// SudoPrivilege returns true if given path has sudo privileges
	// for the given client token
	SudoPrivilege(path string, token string) bool
}

type StaticSystemView struct {
	DefaultLeaseTTLVal time.Duration
	MaxLeaseTTLVal     time.Duration
	SudoPrivilegeVal   bool
}

func (d StaticSystemView) DefaultLeaseTTL() time.Duration {
	return d.DefaultLeaseTTLVal
}

func (d StaticSystemView) MaxLeaseTTL() time.Duration {
	return d.MaxLeaseTTLVal
}

func (d StaticSystemView) SudoPrivilege(path string, token string) bool {
	return d.SudoPrivilegeVal
}
Add some plumbing to allow specified system configuration information to be retrieved by logical backends. First implemented is default/max TTL. 2015-08-27 15:51:35 +00:00			`package logical`

			`import "time"`

Use a SystemView interface and turn SystemConfig into DefaultSystemView 2015-08-27 17:36:44 +00:00			`// SystemView exposes system configuration information in a safe way`
			`// for logical backends to consume`
			`type SystemView interface {`
Add some documentation to SystemConfig 2015-08-27 16:14:03 +00:00			`// DefaultLeaseTTL returns the default lease TTL set in Vault configuration`
Remove error returns from sysview TTL calls 2015-09-10 19:09:34 +00:00			`DefaultLeaseTTL() time.Duration`
Add some documentation to SystemConfig 2015-08-27 16:14:03 +00:00
			`// MaxLeaseTTL returns the max lease TTL set in Vault configuration; backend`
			`// authors should take care not to issue credentials that last longer than`
			`// this value, as Vault will revoke them`
Remove error returns from sysview TTL calls 2015-09-10 19:09:34 +00:00			`MaxLeaseTTL() time.Duration`
TokenStore: Provide access based on sudo permissions and not policy name 2015-09-18 23:59:06 +00:00
Take ClientToken instead of Policies 2015-09-21 14:04:03 +00:00			`// SudoPrivilege returns true if given path has sudo privileges`
			`// for the given client token`
			`SudoPrivilege(path string, token string) bool`
Use a SystemView interface and turn SystemConfig into DefaultSystemView 2015-08-27 17:36:44 +00:00			`}`

Make DefaultSystemView StaticSystemView with statically-configured information. Export this from Framework to make it easy to override for testing. 2015-08-27 18:25:07 +00:00			`type StaticSystemView struct {`
Add DynamicSystemView. This uses a pointer to a pointer to always have up-to-date information. This allows remount to be implemented with the same source and dest, allowing mount options to be changed on the fly. If/when Vault gains the ability to HUP its configuration, this should just work for the global values as well. Need specific unit tests for this functionality. 2015-09-01 22:29:30 +00:00			`DefaultLeaseTTLVal time.Duration`
			`MaxLeaseTTLVal time.Duration`
Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 21:53:24 +00:00			`SudoPrivilegeVal bool`
Use a SystemView interface and turn SystemConfig into DefaultSystemView 2015-08-27 17:36:44 +00:00			`}`

Remove error returns from sysview TTL calls 2015-09-10 19:09:34 +00:00			`func (d StaticSystemView) DefaultLeaseTTL() time.Duration {`
			`return d.DefaultLeaseTTLVal`
Use a SystemView interface and turn SystemConfig into DefaultSystemView 2015-08-27 17:36:44 +00:00			`}`

Remove error returns from sysview TTL calls 2015-09-10 19:09:34 +00:00			`func (d StaticSystemView) MaxLeaseTTL() time.Duration {`
			`return d.MaxLeaseTTLVal`
Add some plumbing to allow specified system configuration information to be retrieved by logical backends. First implemented is default/max TTL. 2015-08-27 15:51:35 +00:00			`}`
TokenStore: Provide access based on sudo permissions and not policy name 2015-09-18 23:59:06 +00:00
Take ClientToken instead of Policies 2015-09-21 14:04:03 +00:00			`func (d StaticSystemView) SudoPrivilege(path string, token string) bool {`
Using acl.RootPrivilege and rewrote mockTokenStore 2015-09-19 21:53:24 +00:00			`return d.SudoPrivilegeVal`
TokenStore: Provide access based on sudo permissions and not policy name 2015-09-18 23:59:06 +00:00			`}`