5fbe17e8df
logical/testing: acceptance testttttttt
2015-03-15 16:52:19 -07:00
11f8423b4f
logical/framework, logical/testing
2015-03-15 16:39:49 -07:00
d4f54be927
vault: can pass in the backends
2015-03-15 16:25:38 -07:00
a0232eedd7
helper/backend: use logical package
2015-03-15 14:57:19 -07:00
ece0be434e
vault: rename SystemBackend2 to SystemBackend
2015-03-15 14:54:49 -07:00
d1d1929192
vault: convert to logical.Request and friends
2015-03-15 14:53:41 -07:00
5ffcd02b7a
vault: convert system to logical.Backend
2015-03-15 14:42:05 -07:00
c3ae1b59a1
vault: Passthrough backend uses logical.Backend
2015-03-15 14:27:06 -07:00
c7e901ce45
vault: incremental change to get closer to logical structs
2015-03-15 14:27:06 -07:00
63a9eb321a
logical: put structs here, vault uses them
2015-03-15 14:27:06 -07:00
1837991454
update hero
2015-03-15 14:16:58 -07:00
92910d18d1
vault: make mount functions private again, going to try something else
2015-03-14 18:31:31 -07:00
9d84e7bacc
vault: don't copy the key so it can be zeroed, document, add helper
2015-03-14 18:25:55 -07:00
29adca9afa
Merge branch 'master' of github.com:hashicorp/vault
2015-03-14 18:17:18 -07:00
77bbbb18f3
docs sidebar new animation/cleanup
2015-03-14 18:16:58 -07:00
866b91d858
vault: public TestCoreUnsealed, don't modify key in Unseal
...
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
c2bcd6092f
fix js
2015-03-14 17:37:22 -07:00
b2af154fb4
vault: make Mount related core functions public
...
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.
The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.
If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.
The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
857e00bcdc
helper/backend: start acceptance test framework
2015-03-14 17:18:19 -07:00
accd8c29ca
helper/backend: auto-generate help route
2015-03-14 10:12:50 -07:00
e8e55ef8b1
helper/backend: one callback per operation
2015-03-14 00:19:25 -07:00
7f87d9ea6f
helper/backend: HandleRequest works
2015-03-13 23:58:20 -07:00
d17c3d87d3
helper/backend: store captures for a path
2015-03-13 23:48:49 -07:00
c4e35ffb7d
helper/backend: cache route regexps (98% speedup)
...
benchmark old ns/op new ns/op delta
BenchmarkBackendRoute 49144 589 -98.80%
2015-03-13 23:25:17 -07:00
e5871abf77
helper/backend: benchmark route
2015-03-13 23:22:48 -07:00
0751c5db12
helper/backend: basic path routing (naive)
2015-03-13 23:17:25 -07:00
a68eb1a994
helper/backend: add default values
2015-03-13 21:15:20 -07:00
33a08fbfa0
helper/backend: start this thing
2015-03-13 21:11:19 -07:00
fd8f84e00e
command/unseal: tests
2015-03-13 20:17:55 -07:00
e473c655ac
website: imageoptim
2015-03-13 12:58:21 -07:00
c84a9bcaed
command/seal-status
2015-03-13 12:53:09 -07:00
5c2915ba52
command/init: tests
2015-03-13 12:53:09 -07:00
1bd0772986
http: make TestServer public
2015-03-13 12:53:09 -07:00
f43a0290cf
vault: public testing methods
2015-03-13 12:53:09 -07:00
5c8a2812fe
command/init: make the output a little nicer
2015-03-13 12:53:09 -07:00
3c3e96575f
command/init
2015-03-13 12:53:08 -07:00
c0ede206bb
api: use /v1 prefix
2015-03-13 12:53:08 -07:00
f71f29b801
command/server: initial working
2015-03-13 12:53:08 -07:00
cb3e91b338
command/sever: copy the TCP keep alive listener
2015-03-13 12:53:08 -07:00
393c6c6c20
command/server: support TLS
2015-03-13 12:53:08 -07:00
61224ce312
command/server: tcp listener
2015-03-13 12:53:08 -07:00
9d5db1286d
vault: Track the renew time
2015-03-13 11:36:24 -07:00
081358091a
vault: improve seal/unseal log messages
2015-03-13 11:34:40 -07:00
f0d00e77ec
vault: Adding start/stop to expiration manager
2015-03-13 11:31:43 -07:00
d744d4ee5e
vault: integrate expiration manager with core setup/teardown
2015-03-13 11:20:36 -07:00
d0380e553d
vault: Support a pre-seal teardown
2015-03-13 11:16:24 -07:00
5ce63ea7cd
vault: Adding lease registration
2015-03-13 10:56:03 -07:00
affeefa7f8
vault: Validate lease values
2015-03-13 10:56:03 -07:00
e6892ed5ae
Merge pull request #1 from hashicorp/add-website
...
Initial Website Import
2015-03-13 10:40:07 -07:00
442ac631d8
website: initial import
2015-03-13 10:38:41 -07:00
Mitchell Hashimoto