Make compile
This commit is contained in:
Jeff Mitchell
parent
8e271dcbdc
commit
d38a699c32
|
|
@ -117,10 +117,6 @@ type Request struct {
|
|||
// token supplied
|
||||
ClientTokenRemainingUses int `json:"client_token_remaining_uses" structs:"client_token_remaining_uses" mapstructure:"client_token_remaining_uses"`
|
||||
|
||||
// MFACreds holds the parsed MFA information supplied over the API as part of
|
||||
// X-Vault-MFA header
|
||||
MFACreds MFACreds `json:"mfa_creds" structs:"mfa_creds" mapstructure:"mfa_creds" sentinel:""`
|
||||
|
||||
// EntityID is the identity of the caller extracted out of the token used
|
||||
// to make this request
|
||||
EntityID string `json:"entity_id" structs:"entity_id" mapstructure:"entity_id" sentinel:""`
|
||||
|
|
|
|||
|
|
@ -1,11 +1,14 @@
|
|||
package vault
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"reflect"
|
||||
"strings"
|
||||
|
||||
"github.com/armon/go-radix"
|
||||
"github.com/hashicorp/errwrap"
|
||||
multierror "github.com/hashicorp/go-multierror"
|
||||
"github.com/hashicorp/vault/helper/identity"
|
||||
"github.com/hashicorp/vault/helper/strutil"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
)
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/errwrap"
|
||||
"github.com/hashicorp/go-uuid"
|
||||
"github.com/hashicorp/vault/helper/consts"
|
||||
"github.com/hashicorp/vault/helper/jsonutil"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
)
|
||||
|
|
@ -162,6 +163,11 @@ func (c *Core) disableCredential(path string) error {
|
|||
return fmt.Errorf("no matching backend %s", fullPath)
|
||||
}
|
||||
|
||||
// Get the backend/mount entry for this path, used to remove ignored
|
||||
// replication prefixes
|
||||
backend := c.router.MatchingBackend(fullPath)
|
||||
entry := c.router.MatchingMountEntry(fullPath)
|
||||
|
||||
// Mark the entry as tainted
|
||||
if err := c.taintCredEntry(path); err != nil {
|
||||
return err
|
||||
|
|
@ -426,6 +432,7 @@ func (c *Core) setupCredentials() error {
|
|||
var err error
|
||||
var persistNeeded bool
|
||||
var view *BarrierView
|
||||
var backendType logical.BackendType
|
||||
|
||||
c.authLock.Lock()
|
||||
defer c.authLock.Unlock()
|
||||
|
|
@ -464,7 +471,7 @@ func (c *Core) setupCredentials() error {
|
|||
}
|
||||
|
||||
// Check for the correct backend type
|
||||
backendType := backend.Type()
|
||||
backendType = backend.Type()
|
||||
if entry.Type == "plugin" && backendType != logical.TypeCredential {
|
||||
return fmt.Errorf("cannot mount '%s' of type '%s' as an auth backend", entry.Config.PluginName, backendType)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1521,12 +1521,6 @@ func (b *SystemBackend) handleUnmount(
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
_, prefix, found := b.Core.router.MatchingStoragePrefixByAPIPath(path)
|
||||
if !found {
|
||||
b.Backend.Logger().Error("sys: unable to find storage for path", "path", path)
|
||||
return handleError(fmt.Errorf("unable to find storage for path: %s", path))
|
||||
}
|
||||
|
||||
// Attempt unmount
|
||||
if err := b.Core.unmount(path); err != nil {
|
||||
b.Backend.Logger().Error("sys: unmount failed", "path", path, "error", err)
|
||||
|
|
@ -2117,8 +2111,6 @@ func (b *SystemBackend) handlePoliciesSet(policyType PolicyType) func(*logical.R
|
|||
policy.Raw = string(polBytes)
|
||||
}
|
||||
|
||||
var enforcementLevel string
|
||||
|
||||
switch policyType {
|
||||
case PolicyTypeACL:
|
||||
p, err := ParseACLPolicy(policy.Raw)
|
||||
|
|
|
|||
|
|
@ -15,6 +15,7 @@ import (
|
|||
"github.com/hashicorp/vault/helper/jsonutil"
|
||||
"github.com/hashicorp/vault/helper/strutil"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
"github.com/mitchellh/copystructure"
|
||||
)
|
||||
|
||||
const (
|
||||
|
|
@ -739,7 +740,7 @@ func (c *Core) setupMounts() error {
|
|||
defer c.mountsLock.Unlock()
|
||||
|
||||
var view *BarrierView
|
||||
var err error
|
||||
var backendType logical.BackendType
|
||||
|
||||
for _, entry := range c.mounts.Entries {
|
||||
|
||||
|
|
@ -777,7 +778,7 @@ func (c *Core) setupMounts() error {
|
|||
}
|
||||
|
||||
// Check for the correct backend type
|
||||
backendType := backend.Type()
|
||||
backendType = backend.Type()
|
||||
if entry.Type == "plugin" && backendType != logical.TypeLogical {
|
||||
return fmt.Errorf("cannot mount '%s' of type '%s' as a logical backend", entry.Config.PluginName, backendType)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -232,7 +232,7 @@ func (ps *PolicyStore) invalidate(name string, policyType PolicyType) {
|
|||
}
|
||||
|
||||
// Force a reload
|
||||
p, err := ps.GetPolicy(name, policyType)
|
||||
_, err := ps.GetPolicy(name, policyType)
|
||||
if err != nil {
|
||||
vlogger.Error("policy: error fetching policy after invalidation", "name", saneName)
|
||||
}
|
||||
|
|
@ -270,13 +270,6 @@ func (ps *PolicyStore) setPolicyInternal(p *Policy) error {
|
|||
}
|
||||
switch p.Type {
|
||||
case PolicyTypeACL:
|
||||
rgp, err := ps.rgpView.Get(entry.Key)
|
||||
if err != nil {
|
||||
return errwrap.Wrapf("failed looking up conflicting policy: {{err}}", err)
|
||||
}
|
||||
if rgp != nil {
|
||||
return fmt.Errorf("cannot reuse policy names between ACLs and RGPs")
|
||||
}
|
||||
if err := ps.aclView.Put(entry); err != nil {
|
||||
return errwrap.Wrapf("failed to persist policy: {{err}}", err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -321,27 +321,3 @@ func (s *SealConfig) Clone() *SealConfig {
|
|||
}
|
||||
return ret
|
||||
}
|
||||
|
||||
type SealAccess struct {
|
||||
seal Seal
|
||||
}
|
||||
|
||||
func (s *SealAccess) SetSeal(seal Seal) {
|
||||
s.seal = seal
|
||||
}
|
||||
|
||||
func (s *SealAccess) StoredKeysSupported() bool {
|
||||
return s.seal.StoredKeysSupported()
|
||||
}
|
||||
|
||||
func (s *SealAccess) BarrierConfig() (*SealConfig, error) {
|
||||
return s.seal.BarrierConfig()
|
||||
}
|
||||
|
||||
func (s *SealAccess) RecoveryKeySupported() bool {
|
||||
return s.seal.RecoveryKeySupported()
|
||||
}
|
||||
|
||||
func (s *SealAccess) RecoveryConfig() (*SealConfig, error) {
|
||||
return s.seal.RecoveryConfig()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,39 @@
|
|||
package vault
|
||||
|
||||
// SealAccess is a wrapper around Seal that exposes accessor methods
|
||||
// through Core.SealAccess() while restricting the ability to modify
|
||||
// Core.seal itself.
|
||||
type SealAccess struct {
|
||||
seal Seal
|
||||
}
|
||||
|
||||
func NewSealAccess(seal Seal) *SealAccess {
|
||||
return &SealAccess{seal: seal}
|
||||
}
|
||||
|
||||
func (s *SealAccess) StoredKeysSupported() bool {
|
||||
return s.seal.StoredKeysSupported()
|
||||
}
|
||||
|
||||
func (s *SealAccess) BarrierConfig() (*SealConfig, error) {
|
||||
return s.seal.BarrierConfig()
|
||||
}
|
||||
|
||||
func (s *SealAccess) RecoveryKeySupported() bool {
|
||||
return s.seal.RecoveryKeySupported()
|
||||
}
|
||||
|
||||
func (s *SealAccess) RecoveryConfig() (*SealConfig, error) {
|
||||
return s.seal.RecoveryConfig()
|
||||
}
|
||||
|
||||
func (s *SealAccess) VerifyRecoveryKey(key []byte) error {
|
||||
return s.seal.VerifyRecoveryKey(key)
|
||||
}
|
||||
|
||||
func (s *SealAccess) ClearCaches() {
|
||||
s.seal.SetBarrierConfig(nil)
|
||||
if s.RecoveryKeySupported() {
|
||||
s.seal.SetRecoveryConfig(nil)
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue