Mitchell Hashimoto
5ffcd02b7a
vault: convert system to logical.Backend
2015-03-15 14:42:05 -07:00
Mitchell Hashimoto
c3ae1b59a1
vault: Passthrough backend uses logical.Backend
2015-03-15 14:27:06 -07:00
Mitchell Hashimoto
c7e901ce45
vault: incremental change to get closer to logical structs
2015-03-15 14:27:06 -07:00
Mitchell Hashimoto
63a9eb321a
logical: put structs here, vault uses them
2015-03-15 14:27:06 -07:00
JT
1837991454
update hero
2015-03-15 14:16:58 -07:00
Mitchell Hashimoto
92910d18d1
vault: make mount functions private again, going to try something else
2015-03-14 18:31:31 -07:00
Mitchell Hashimoto
9d84e7bacc
vault: don't copy the key so it can be zeroed, document, add helper
2015-03-14 18:25:55 -07:00
captainill
29adca9afa
Merge branch 'master' of github.com:hashicorp/vault
2015-03-14 18:17:18 -07:00
captainill
77bbbb18f3
docs sidebar new animation/cleanup
2015-03-14 18:16:58 -07:00
Mitchell Hashimoto
866b91d858
vault: public TestCoreUnsealed, don't modify key in Unseal
...
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
captainill
c2bcd6092f
fix js
2015-03-14 17:37:22 -07:00
Mitchell Hashimoto
b2af154fb4
vault: make Mount related core functions public
...
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.
The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.
If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.
The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
Mitchell Hashimoto
857e00bcdc
helper/backend: start acceptance test framework
2015-03-14 17:18:19 -07:00
Mitchell Hashimoto
accd8c29ca
helper/backend: auto-generate help route
2015-03-14 10:12:50 -07:00
Mitchell Hashimoto
e8e55ef8b1
helper/backend: one callback per operation
2015-03-14 00:19:25 -07:00
Mitchell Hashimoto
7f87d9ea6f
helper/backend: HandleRequest works
2015-03-13 23:58:20 -07:00
Mitchell Hashimoto
d17c3d87d3
helper/backend: store captures for a path
2015-03-13 23:48:49 -07:00
Mitchell Hashimoto
c4e35ffb7d
helper/backend: cache route regexps (98% speedup)
...
benchmark old ns/op new ns/op delta
BenchmarkBackendRoute 49144 589 -98.80%
2015-03-13 23:25:17 -07:00
Mitchell Hashimoto
e5871abf77
helper/backend: benchmark route
2015-03-13 23:22:48 -07:00
Mitchell Hashimoto
0751c5db12
helper/backend: basic path routing (naive)
2015-03-13 23:17:25 -07:00
Mitchell Hashimoto
a68eb1a994
helper/backend: add default values
2015-03-13 21:15:20 -07:00
Mitchell Hashimoto
33a08fbfa0
helper/backend: start this thing
2015-03-13 21:11:19 -07:00
Mitchell Hashimoto
fd8f84e00e
command/unseal: tests
2015-03-13 20:17:55 -07:00
Mitchell Hashimoto
e473c655ac
website: imageoptim
2015-03-13 12:58:21 -07:00
Mitchell Hashimoto
c84a9bcaed
command/seal-status
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
5c2915ba52
command/init: tests
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
1bd0772986
http: make TestServer public
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
f43a0290cf
vault: public testing methods
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
5c8a2812fe
command/init: make the output a little nicer
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
3c3e96575f
command/init
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
c0ede206bb
api: use /v1 prefix
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
f71f29b801
command/server: initial working
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
cb3e91b338
command/sever: copy the TCP keep alive listener
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
393c6c6c20
command/server: support TLS
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
61224ce312
command/server: tcp listener
2015-03-13 12:53:08 -07:00
Armon Dadgar
9d5db1286d
vault: Track the renew time
2015-03-13 11:36:24 -07:00
Armon Dadgar
081358091a
vault: improve seal/unseal log messages
2015-03-13 11:34:40 -07:00
Armon Dadgar
f0d00e77ec
vault: Adding start/stop to expiration manager
2015-03-13 11:31:43 -07:00
Armon Dadgar
d744d4ee5e
vault: integrate expiration manager with core setup/teardown
2015-03-13 11:20:36 -07:00
Armon Dadgar
d0380e553d
vault: Support a pre-seal teardown
2015-03-13 11:16:24 -07:00
Armon Dadgar
5ce63ea7cd
vault: Adding lease registration
2015-03-13 10:56:03 -07:00
Armon Dadgar
affeefa7f8
vault: Validate lease values
2015-03-13 10:56:03 -07:00
Jack Pearkes
e6892ed5ae
Merge pull request #1 from hashicorp/add-website
...
Initial Website Import
2015-03-13 10:40:07 -07:00
Jack Pearkes
442ac631d8
website: initial import
2015-03-13 10:38:41 -07:00
Armon Dadgar
e77ce26d31
vault: spec out expiration manager API
2015-03-12 18:38:22 -07:00
Mitchell Hashimoto
86c7a4c155
command/server: load config from flags
2015-03-12 15:30:07 -07:00
Mitchell Hashimoto
d88c20e293
command/server: add config loading
2015-03-12 15:21:11 -07:00
Mitchell Hashimoto
39b42bb862
physical: fix failing test
2015-03-12 14:30:31 -07:00
Armon Dadgar
15de847389
vault: Setup expiration manager on unseal
2015-03-12 12:44:30 -07:00
Armon Dadgar
6c759416d0
vault: special view path for system
2015-03-12 12:44:30 -07:00