Commit graph

61 commits

Author SHA1 Message Date
Armon Dadgar 466c7575d3 Replace VaultID with LeaseID for terminology simplification 2015-04-08 13:35:32 -07:00
Armon Dadgar c54534875a vault: testing remount cleanup 2015-04-02 12:04:37 -07:00
Armon Dadgar bfe7a1e901 vault: testing unmount cleanup 2015-04-02 11:47:44 -07:00
Mitchell Hashimoto e9a3a34c27 vault: tests passing 2015-03-29 16:18:08 -07:00
Mitchell Hashimoto 92910d18d1 vault: make mount functions private again, going to try something else 2015-03-14 18:31:31 -07:00
Mitchell Hashimoto 866b91d858 vault: public TestCoreUnsealed, don't modify key in Unseal
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
Mitchell Hashimoto b2af154fb4 vault: make Mount related core functions public
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.

The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.

If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.

The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
Armon Dadgar b17607e51f vault: support remount 2015-03-12 12:09:30 -07:00
Mitchell Hashimoto 718065c733 vault: the config has to be exported 2015-03-12 10:22:12 -07:00
Armon Dadgar 719eded495 vault: testing mount/unmount 2015-03-11 18:29:49 -07:00
Armon Dadgar c6009345d1 vault: Testing mount table setup 2015-03-11 15:33:25 -07:00