Mitchell Hashimoto
866b91d858
vault: public TestCoreUnsealed, don't modify key in Unseal
...
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
captainill
c2bcd6092f
fix js
2015-03-14 17:37:22 -07:00
Mitchell Hashimoto
b2af154fb4
vault: make Mount related core functions public
...
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.
The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.
If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.
The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
Mitchell Hashimoto
857e00bcdc
helper/backend: start acceptance test framework
2015-03-14 17:18:19 -07:00
Mitchell Hashimoto
accd8c29ca
helper/backend: auto-generate help route
2015-03-14 10:12:50 -07:00
Mitchell Hashimoto
e8e55ef8b1
helper/backend: one callback per operation
2015-03-14 00:19:25 -07:00
Mitchell Hashimoto
7f87d9ea6f
helper/backend: HandleRequest works
2015-03-13 23:58:20 -07:00
Mitchell Hashimoto
d17c3d87d3
helper/backend: store captures for a path
2015-03-13 23:48:49 -07:00
Mitchell Hashimoto
c4e35ffb7d
helper/backend: cache route regexps (98% speedup)
...
benchmark old ns/op new ns/op delta
BenchmarkBackendRoute 49144 589 -98.80%
2015-03-13 23:25:17 -07:00
Mitchell Hashimoto
e5871abf77
helper/backend: benchmark route
2015-03-13 23:22:48 -07:00
Mitchell Hashimoto
0751c5db12
helper/backend: basic path routing (naive)
2015-03-13 23:17:25 -07:00
Mitchell Hashimoto
a68eb1a994
helper/backend: add default values
2015-03-13 21:15:20 -07:00
Mitchell Hashimoto
33a08fbfa0
helper/backend: start this thing
2015-03-13 21:11:19 -07:00
Mitchell Hashimoto
fd8f84e00e
command/unseal: tests
2015-03-13 20:17:55 -07:00
Mitchell Hashimoto
e473c655ac
website: imageoptim
2015-03-13 12:58:21 -07:00
Mitchell Hashimoto
c84a9bcaed
command/seal-status
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
5c2915ba52
command/init: tests
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
1bd0772986
http: make TestServer public
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
f43a0290cf
vault: public testing methods
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
5c8a2812fe
command/init: make the output a little nicer
2015-03-13 12:53:09 -07:00
Mitchell Hashimoto
3c3e96575f
command/init
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
c0ede206bb
api: use /v1 prefix
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
f71f29b801
command/server: initial working
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
cb3e91b338
command/sever: copy the TCP keep alive listener
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
393c6c6c20
command/server: support TLS
2015-03-13 12:53:08 -07:00
Mitchell Hashimoto
61224ce312
command/server: tcp listener
2015-03-13 12:53:08 -07:00
Armon Dadgar
9d5db1286d
vault: Track the renew time
2015-03-13 11:36:24 -07:00
Armon Dadgar
081358091a
vault: improve seal/unseal log messages
2015-03-13 11:34:40 -07:00
Armon Dadgar
f0d00e77ec
vault: Adding start/stop to expiration manager
2015-03-13 11:31:43 -07:00
Armon Dadgar
d744d4ee5e
vault: integrate expiration manager with core setup/teardown
2015-03-13 11:20:36 -07:00
Armon Dadgar
d0380e553d
vault: Support a pre-seal teardown
2015-03-13 11:16:24 -07:00
Armon Dadgar
5ce63ea7cd
vault: Adding lease registration
2015-03-13 10:56:03 -07:00
Armon Dadgar
affeefa7f8
vault: Validate lease values
2015-03-13 10:56:03 -07:00
Jack Pearkes
e6892ed5ae
Merge pull request #1 from hashicorp/add-website
...
Initial Website Import
2015-03-13 10:40:07 -07:00
Jack Pearkes
442ac631d8
website: initial import
2015-03-13 10:38:41 -07:00
Armon Dadgar
e77ce26d31
vault: spec out expiration manager API
2015-03-12 18:38:22 -07:00
Mitchell Hashimoto
86c7a4c155
command/server: load config from flags
2015-03-12 15:30:07 -07:00
Mitchell Hashimoto
d88c20e293
command/server: add config loading
2015-03-12 15:21:11 -07:00
Mitchell Hashimoto
39b42bb862
physical: fix failing test
2015-03-12 14:30:31 -07:00
Armon Dadgar
15de847389
vault: Setup expiration manager on unseal
2015-03-12 12:44:30 -07:00
Armon Dadgar
6c759416d0
vault: special view path for system
2015-03-12 12:44:30 -07:00
Armon Dadgar
ef82fe04c6
vault: Support sub-views
2015-03-12 12:44:30 -07:00
Mitchell Hashimoto
128c742a65
api: add init
2015-03-12 12:42:40 -07:00
Mitchell Hashimoto
d35b8eaa6f
http: init endpoints
2015-03-12 12:37:54 -07:00
Armon Dadgar
b17607e51f
vault: support remount
2015-03-12 12:09:30 -07:00
Armon Dadgar
3ed3e23d93
vault: Improve error when unseal key is wrong
2015-03-12 11:27:41 -07:00
Mitchell Hashimoto
319500748a
http: mask user error away from unseal since its not actionable
2015-03-12 11:26:59 -07:00
Armon Dadgar
aa0ca02b8c
vault: sanity check key length
2015-03-12 11:20:38 -07:00
Mitchell Hashimoto
1baf86b061
http: test all seal endpoints
2015-03-12 11:12:44 -07:00
Mitchell Hashimoto
352ad00e68
http: prefix with v1
2015-03-12 10:47:31 -07:00