vault: Allow passing in credential backends

logical/testing/testing.go

@@ -95,7 +95,7 @@ func Test(t TestT, c TestCase) {
 	// Create an in-memory Vault core
 	core, err := vault.NewCore(&vault.CoreConfig{
 		Physical: physical.NewInmem(),
-		Backends: map[string]logical.Factory{
+		LogicalBackends: map[string]logical.Factory{
 			"test": func(map[string]string) (logical.Backend, error) {
 				return c.Backend, nil
 			},

vault/core.go

@@ -9,6 +9,7 @@ import (
 	"os"
 	"sync"
 
+	"github.com/hashicorp/vault/credential"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/physical"
 	"github.com/hashicorp/vault/shamir"
@@ -100,8 +101,11 @@ type Core struct {
 	// router is responsible for managing the mount points for logical backends.
 	router *Router
 
-	// backends is the mapping of backends to use for this core
-	backends map[string]logical.Factory
+	// logicalBackends is the mapping of backends to use for this core
+	logicalBackends map[string]logical.Factory
+
+	// credentialBackends is the mapping of backends to use for this core
+	credentialBackends map[string]credential.Factory
 
 	// stateLock protects mutable state
 	stateLock sync.RWMutex
@@ -136,9 +140,10 @@ type Core struct {
 
 // CoreConfig is used to parameterize a core
 type CoreConfig struct {
-	Backends map[string]logical.Factory
-	Physical physical.Backend
-	Logger   *log.Logger
+	LogicalBackends    map[string]logical.Factory
+	CredentialBackends map[string]credential.Factory
+	Physical           physical.Backend
+	Logger             *log.Logger
 }
 
 // NewCore isk used to construct a new core
@@ -164,16 +169,21 @@ func NewCore(conf *CoreConfig) (*Core, error) {
 	}
 
 	// Setup the backends
-	backends := make(map[string]logical.Factory)
-	for k, f := range conf.Backends {
-		backends[k] = f
+	logicalBackends := make(map[string]logical.Factory)
+	for k, f := range conf.LogicalBackends {
+		logicalBackends[k] = f
 	}
-	backends["generic"] = PassthroughBackendFactory
-	backends["system"] = func(map[string]string) (logical.Backend, error) {
+	logicalBackends["generic"] = PassthroughBackendFactory
+	logicalBackends["system"] = func(map[string]string) (logical.Backend, error) {
 		return NewSystemBackend(c), nil
 	}
+	c.logicalBackends = logicalBackends
 
-	c.backends = backends
+	credentialBackends := make(map[string]credential.Factory)
+	for k, f := range conf.CredentialBackends {
+		credentialBackends[k] = f
+	}
+	c.credentialBackends = credentialBackends
 	return c, nil
 }
 

vault/mount.go

@@ -96,7 +96,7 @@ func (c *Core) mount(me *MountEntry) error {
 	}
 
 	// Lookup the new backend
-	backend, err := c.newBackend(me.Type, nil)
+	backend, err := c.newLogicalBackend(me.Type, nil)
 	if err != nil {
 		return err
 	}
@@ -293,7 +293,7 @@ func (c *Core) setupMounts() error {
 			barrierPrefix = systemBarrierPrefix
 		}
 
-		backend, err = c.newBackend(entry.Type, nil)
+		backend, err = c.newLogicalBackend(entry.Type, nil)
 		if err != nil {
 			c.logger.Printf(
 				"[ERR] core: failed to create mount entry %#v: %v",
@@ -327,8 +327,8 @@ func (c *Core) unloadMounts() error {
 	return nil
 }
 
-func (c *Core) newBackend(t string, conf map[string]string) (logical.Backend, error) {
-	f, ok := c.backends[t]
+func (c *Core) newLogicalBackend(t string, conf map[string]string) (logical.Backend, error) {
+	f, ok := c.logicalBackends[t]
 	if !ok {
 		return nil, fmt.Errorf("unknown backend type: %s", t)
 	}