Jeff Mitchell
676b302dbf
Add a sysview call to determine if a mount is local. ( #3899 )
...
This is useful for deciding when to run upgrade logic, e.g. if on a
performance secondary but local it's fine to run.
2018-02-02 18:17:12 -05:00
Brian Kassouf
2f19de0305
Add context to storage backends and wire it through a lot of places ( #3817 )
2018-01-19 01:44:44 -05:00
Brian Kassouf
29bfc0a0d4
PR comments
2017-05-04 10:41:59 -07:00
Brian Kassouf
ce9688ce8c
Change MlockDisabled to MlockEnabled
2017-04-24 12:21:49 -07:00
Brian Kassouf
657d433330
Update the ResponseWrapData function to return a wrapping.ResponseWrapInfo object
2017-04-24 12:15:01 -07:00
Brian Kassouf
128f25c13d
Update help text and comments
2017-04-11 11:50:34 -07:00
Brian Kassouf
8071aed758
Mlock the plugin process
2017-04-10 17:12:52 -07:00
Brian Kassouf
e8781b6a2b
Plugin catalog
2017-04-03 17:52:29 -07:00
Brian Kassouf
eb6117cbb2
Work on TLS communication over plugins
2017-03-15 17:14:48 -07:00
Jeff Mitchell
0a9a6d3343
Move ReplicationState to consts
2017-02-16 13:37:21 -05:00
Jeff Mitchell
252e1f1e84
Port over some work to make the system views a bit nicer
2017-01-13 14:51:27 -05:00
Armon Dadgar
c37d17ed47
Adding interface methods to logical.Backend for parity ( #2242 )
2017-01-07 18:18:22 -05:00
Jeff Mitchell
fe1f56de40
Make a non-caching but still locking variant of transit for when caches are disabled
2016-05-02 22:36:44 -04:00
Jeff Mitchell
8572190b64
Plumb disabling caches through the policy store
2016-05-02 22:36:44 -04:00
Jeff Mitchell
12c00b97ef
Allow backends to see taint status.
...
This can be seen via System(). In the PKI backend, if the CA is
reconfigured but not fully (e.g. an intermediate CSR is generated but no
corresponding cert set) and there are already leases (issued certs), the
CRL is unable to be built. As a result revocation fails. But in this
case we don't actually need revocation to be successful since the CRL is
useless after unmounting. By checking taint status we know if we can
simply fast-path out of revocation with a success in this case.
Fixes #946
2016-01-22 17:01:22 -05:00
vishalnayak
1a01ab3608
Take ClientToken instead of Policies
2015-09-21 10:04:03 -04:00
vishalnayak
02485e7175
Abstraced SudoPrivilege to take list of policies
2015-09-19 18:23:44 -04:00
vishalnayak
a2799b235e
Using acl.RootPrivilege and rewrote mockTokenStore
2015-09-19 17:53:24 -04:00
vishalnayak
b6d47dd784
fix broken tests
2015-09-19 12:33:52 -04:00
vishalnayak
fb77ec3623
TokenStore: Provide access based on sudo permissions and not policy name
2015-09-19 11:14:51 -04:00
Jeff Mitchell
39cfcccdac
Remove error returns from sysview TTL calls
2015-09-10 15:09:54 -04:00
Jeff Mitchell
488d33c70a
Rejig how dynamic values are represented in system view and location of some functions in various packages; create mount-tune command and API analogues; update documentation
2015-09-10 15:09:54 -04:00
Jeff Mitchell
4239f9d243
Add DynamicSystemView. This uses a pointer to a pointer to always have
...
up-to-date information. This allows remount to be implemented with the
same source and dest, allowing mount options to be changed on the fly.
If/when Vault gains the ability to HUP its configuration, this should
just work for the global values as well.
Need specific unit tests for this functionality.
2015-09-10 15:09:54 -04:00
Jeff Mitchell
d435048d9e
Switch StaticSystemView values to pointers, to support updating
2015-09-10 15:09:54 -04:00
Jeff Mitchell
9e5e8a8a4d
Whitespace fix
2015-08-27 12:14:51 -07:00
Jeff Mitchell
cdabe6350e
SystemConfig -> SystemView
2015-08-27 11:38:05 -07:00