Commit Graph

70 Commits

Author SHA1 Message Date
Mitchell Hashimoto e9a3a34c27 vault: tests passing 2015-03-29 16:18:08 -07:00
Armon Dadgar 9a4946f115 vault: Testing core ACL enforcement 2015-03-24 15:55:27 -07:00
Armon Dadgar 23864839bb vault: testing root privilege restrictions 2015-03-24 15:52:07 -07:00
Armon Dadgar 49df1570d6 vault: test missing and invalid tokens 2015-03-24 11:57:08 -07:00
Armon Dadgar 20c2375352 vault: Adding ACL enforcement 2015-03-24 11:37:07 -07:00
Armon Dadgar 6481ff9e34 vault: Generate a root token when initializing 2015-03-23 17:31:30 -07:00
Armon Dadgar 192dcf7d39 vault: first pass at HandleLogin 2015-03-23 13:56:43 -07:00
Mitchell Hashimoto c349e97168 vault: clean up VaultID duplications, make secret responses clearer
/cc @armon - This is a reasonably major refactor that I think cleans up
a lot of the logic with secrets in responses. The reason for the
refactor is that while implementing Renew/Revoke in logical/framework I
found the existing API to be really awkward to work with.

Primarily, we needed a way to send down internal data for Vault core to
store since not all the data you need to revoke a key is always sent
down to the user (for example the user than AWS key belongs to).

At first, I was doing this manually in logical/framework with
req.Storage, but this is going to be such a common event that I think
its something core should assist with. Additionally, I think the added
context for secrets will be useful in the future when we have a Vault
API for returning orphaned out keys: we can also return the internal
data that might help an operator.

So this leads me to this refactor. I've removed most of the fields in
`logical.Response` and replaced it with a single `*Secret` pointer. If
this is non-nil, then the response represents a secret. The Secret
struct encapsulates all the lease info and such.

It also has some fields on it that are only populated at _request_ time
for Revoke/Renew operations. There is precedent for this sort of
behavior in the Go stdlib where http.Request/http.Response have fields
that differ based on client/server. I copied this style.

All core unit tests pass. The APIs fail for obvious reasons but I'll fix
that up in the next commit.
2015-03-19 23:11:42 +01:00
Armon Dadgar 15b7dc2d02 vault: integration expiration manager with core 2015-03-16 15:28:50 -07:00
Mitchell Hashimoto d1d1929192 vault: convert to logical.Request and friends 2015-03-15 14:53:41 -07:00
Mitchell Hashimoto 866b91d858 vault: public TestCoreUnsealed, don't modify key in Unseal
/cc @armon - I do a key copy within Unseal now. It tripped me up for
quite awhile that that method actually modifies the param in-place and I
can't think of any scenario that is good for the user. Do you see any
issues here?
2015-03-14 17:47:11 -07:00
Armon Dadgar d0380e553d vault: Support a pre-seal teardown 2015-03-13 11:16:24 -07:00
Armon Dadgar aa0ca02b8c vault: sanity check key length 2015-03-12 11:20:38 -07:00
Mitchell Hashimoto 718065c733 vault: the config has to be exported 2015-03-12 10:22:12 -07:00
Armon Dadgar c6009345d1 vault: Testing mount table setup 2015-03-11 15:33:25 -07:00
Armon Dadgar f54e4e0f6a vault: Loading mount tables on start 2015-03-11 15:19:41 -07:00
Armon Dadgar fdad9e9ce3 vault: Test routing while sealed 2015-03-11 14:31:55 -07:00
Armon Dadgar a6508b4010 vault: Testing core unseal 2015-03-11 14:25:16 -07:00
Armon Dadgar faa337dcbe vault: Testing initialization 2015-03-11 11:57:05 -07:00
Armon Dadgar 8fdac427a7 vault: Test initialization simple 2015-03-11 11:52:01 -07:00