Commit graph

83 commits

Author SHA1 Message Date
Mitchell Hashimoto 2c3657f4fe logical: add credential info to logical backend structures 2015-03-30 14:23:32 -07:00
Armon Dadgar cb563b881c logical: Special error for permission denied 2015-03-24 11:23:59 -07:00
Armon Dadgar 4598e43140 vault: Adding ClientToken 2015-03-24 11:09:25 -07:00
Mitchell Hashimoto 27d33ad9f7 logical/framework: auto-extend leases if requested 2015-03-21 16:20:30 +01:00
Mitchell Hashimoto f6d5e3f0f4 logical/testing: immediate rollback, ignore RollbackMinAge 2015-03-21 11:18:33 +01:00
Mitchell Hashimoto 17c58633d6 logical/framework: rollback should return error, easier API 2015-03-21 11:08:13 +01:00
Mitchell Hashimoto a54d90ac1f logical/framework: rollback needs to have access to request for storage 2015-03-21 11:03:59 +01:00
Mitchell Hashimoto 62d9bec8be logical/aws 2015-03-20 19:03:20 +01:00
Mitchell Hashimoto a0f59f682b logical/framework: can specify InternalData for secret 2015-03-20 17:59:48 +01:00
Mitchell Hashimoto d43f395050 logical/testing: rollback/revoke secrets, error dangling secrets 2015-03-20 17:20:55 +01:00
Mitchell Hashimoto c349e97168 vault: clean up VaultID duplications, make secret responses clearer
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Mitchell Hashimoto 8039fc5c63 logical/framework: support renew 2015-03-19 20:20:57 +01:00
Mitchell Hashimoto d4b284fba4 logical/framework: revoke support 2015-03-19 19:41:41 +01:00
Mitchell Hashimoto b655a78b78 logical/framework: can specify renew/revoke functins for secret 2015-03-19 15:07:45 +01:00
Mitchell Hashimoto c7ed24282b logical/framework: add methods to look up secret and gen response 2015-03-19 14:59:01 +01:00
Mitchell Hashimoto c21bc26731 logical/framework: use custom request wrapper 2015-03-19 14:39:25 +01:00
Armon Dadgar 21b9bdaf37 vault: Allow passing in credential backends 2015-03-18 15:21:41 -07:00
Mitchell Hashimoto 7d03852f7c logical/framework: test for minimum age 2015-03-17 20:42:35 -05:00
Mitchell Hashimoto 14a48f6e92 logical/framework: only rollback old enough WAL entries 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto 378968d56e logical/framework: WAL entry supports "kind" 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto b8e2272421 logical/framework: rollback support 2015-03-17 20:39:46 -05:00
Mitchell Hashimoto 4016aba7ad logical/framework: WAL should live here 2015-03-17 20:39:45 -05:00
Mitchell Hashimoto 4e905d2850 logical: WAL methods 2015-03-17 20:39:45 -05:00
Mitchell Hashimoto c7b9148841 vault: RollbackManager
There are some major TODO items here, and it isn't hooked into the core
yet, but the basic functionality is there.
2015-03-17 20:39:45 -05:00
Armon Dadgar e85cd66b30 all: Removing fields from Lease 2015-03-16 13:29:51 -07:00
Mitchell Hashimoto 9f0d59d03f vault: system using the framework 2015-03-15 17:35:59 -07:00
Mitchell Hashimoto 5fbe17e8df logical/testing: acceptance testttttttt 2015-03-15 16:52:19 -07:00
Mitchell Hashimoto 11f8423b4f logical/framework, logical/testing 2015-03-15 16:39:49 -07:00
Mitchell Hashimoto d1d1929192 vault: convert to logical.Request and friends 2015-03-15 14:53:41 -07:00
Mitchell Hashimoto c3ae1b59a1 vault: Passthrough backend uses logical.Backend 2015-03-15 14:27:06 -07:00
Mitchell Hashimoto 63a9eb321a logical: put structs here, vault uses them 2015-03-15 14:27:06 -07:00
Armon Dadgar 10afebabdd vault: Moving generic backend into package 2015-03-11 15:50:42 -07:00
Armon Dadgar 51cc19e92f logical: Adding generic backend 2015-03-05 16:35:09 -08:00