Commit Graph

173 Commits

Author SHA1 Message Date
Armon Dadgar d5403d6673 vault: TODO cleanups 2015-04-01 22:13:08 -07:00
Armon Dadgar c3aed5589e vault: Adding intermediate taint step to unmount 2015-04-01 22:12:03 -07:00
Armon Dadgar 6933f94acd vault: Prevent UUID injection on sys mount path 2015-04-01 17:45:00 -07:00
Armon Dadgar 0a7df0b3d4 vault: Adding options to mount table 2015-03-31 13:14:08 -07:00
Armon Dadgar 5517910829 vault: Make audit/ a protected path 2015-03-27 14:00:57 -07:00
Armon Dadgar 421f73d332 vault: Removing mtype from router 2015-03-18 15:48:14 -07:00
Armon Dadgar b8da9c2ee2 vault: first pass at initializing credential backends 2015-03-18 15:46:07 -07:00
Armon Dadgar 21b9bdaf37 vault: Allow passing in credential backends 2015-03-18 15:21:41 -07:00
Armon Dadgar 10a67592cd vault: more protection of protected mount points 2015-03-18 15:16:52 -07:00
Mitchell Hashimoto abe0859aa5 vault: use RWMutex on MountTable itself 2015-03-17 20:39:45 -05:00
Mitchell Hashimoto d4f54be927 vault: can pass in the backends 2015-03-15 16:25:38 -07:00
Mitchell Hashimoto ece0be434e vault: rename SystemBackend2 to SystemBackend 2015-03-15 14:54:49 -07:00
Mitchell Hashimoto d1d1929192 vault: convert to logical.Request and friends 2015-03-15 14:53:41 -07:00
Mitchell Hashimoto 92910d18d1 vault: make mount functions private again, going to try something else 2015-03-14 18:31:31 -07:00
Mitchell Hashimoto b2af154fb4 vault: make Mount related core functions public
/cc @armon - So I know the conversation we had related to this about
auth, but I think we still need to export these and do auth only at the
external API layer. If you're writing to the internal API, then all bets
are off.

The reason is simply that if you have access to the code, you can
already work around it anyways (you can disable auth or w/e), so a
compromised Vault source/binary is already a failure, and that is the
only thing that our previous unexported methods were protecting against.

If you write an external tool to access a Vault, it still needs to be
unsealed so _that_ is the primary security mechanism from an API
perspective. Once it is unsealed then the core API has full access to
the Vault, and identity/auth is only done at the external API layer, not
at the internal API layer.

The benefits of this approach is that it lets us still treat the "sys"
mount specially but at least have sys adopt helper/backend and use that
machinery and it can still be the only backend which actually has a
reference to *vault.Core to do core things (a key difference). So, an
AWS backend still will never be able to muck with things it can't, but
we're explicitly giving Sys (via struct initialization in Go itself)
a reference to *vault.Core.
2015-03-14 17:26:59 -07:00
Armon Dadgar d0380e553d vault: Support a pre-seal teardown 2015-03-13 11:16:24 -07:00
Armon Dadgar 6c759416d0 vault: special view path for system 2015-03-12 12:44:30 -07:00
Armon Dadgar b17607e51f vault: support remount 2015-03-12 12:09:30 -07:00
Armon Dadgar 719eded495 vault: testing mount/unmount 2015-03-11 18:29:49 -07:00
Armon Dadgar 0ca093fb2d vault: First pass at mount/unmount 2015-03-11 18:19:45 -07:00
Armon Dadgar b212890043 vault: Setup the mount tables after load 2015-03-11 15:50:42 -07:00
Armon Dadgar c6009345d1 vault: Testing mount table setup 2015-03-11 15:33:25 -07:00
Armon Dadgar f54e4e0f6a vault: Loading mount tables on start 2015-03-11 15:19:41 -07:00