vault: pass a logger around to logical backends

2025-10-30 02:02:43 +00:00 · 2015-04-04 11:39:58 -07:00
parent d9e38470a8
commit 0109031e63
4 changed files with 43 additions and 1 deletions
--- a/logical/framework/backend.go
+++ b/logical/framework/backend.go
@@ -2,6 +2,8 @@ package framework

 import (
 	"fmt"
+	"io/ioutil"
+	"log"
 	"regexp"
 	"sort"
 	"strings"
@@ -49,6 +51,7 @@ type Backend struct {
 	Rollback       RollbackFunc
 	RollbackMinAge time.Duration

+	logger  *log.Logger
 	once    sync.Once
 	pathsRe []*regexp.Regexp
 }
@@ -123,6 +126,21 @@ func (b *Backend) SpecialPaths() *logical.Paths {
 	return b.PathsSpecial
 }

+// logical.Backend impl.
+func (b *Backend) SetLogger(logger *log.Logger) {
+	b.logger = logger
+}
+
+// Logger can be used to get the logger. If no logger has been set,
+// the logs will be discarded.
+func (b *Backend) Logger() *log.Logger {
+	if b.logger != nil {
+		return b.logger
+	}
+
+	return log.New(ioutil.Discard, "", 0)
+}
+
 // Route looks up the path that would be used for a given path string.
 func (b *Backend) Route(path string) *Path {
 	result, _ := b.route(path)
--- a/logical/logical.go
+++ b/logical/logical.go
@@ -1,5 +1,9 @@
 package logical

+import (
+	"log"
+)
+
 // Backend interface must be implemented to be "mountable" at
 // a given path. Requests flow through a router which has various mount
 // points that flow to a logical backend. The logic of each backend is flexible,
@@ -20,6 +24,14 @@ type Backend interface {
 	// ends in '*' then it is a prefix-based match. The '*' can only appear
 	// at the end.
 	SpecialPaths() *Paths
+
+	// SetLogger is called to set the logger for the backend. The backend
+	// should use this logger. The log should not contain any secrets.
+	// It should not be assumed that this function will be called every time.
+	//
+	// SetLogger will not be called by Vault core in parallel, and
+	// therefore doesn't need any lock protection.
+	SetLogger(*log.Logger)
 }

 // Factory is the factory function to create a logical backend.
--- a/vault/mount.go
+++ b/vault/mount.go
@@ -460,7 +460,13 @@ func (c *Core) newLogicalBackend(t string, conf map[string]string) (logical.Back
 		return nil, fmt.Errorf("unknown backend type: %s", t)
 	}

-	return f(conf)
+	b, err := f(conf)
+	if err != nil {
+		return nil, err
+	}
+
+	b.SetLogger(c.logger)
+	return b, nil
 }

 // defaultMountTable creates a default mount table
--- a/vault/router_test.go
+++ b/vault/router_test.go
@@ -2,6 +2,7 @@ package vault

 import (
 	"fmt"
+	"log"
 	"strings"
 	"testing"

@@ -14,6 +15,7 @@ type NoopBackend struct {
 	Paths    []string
 	Requests []*logical.Request
 	Response *logical.Response
+	Logger   *log.Logger
 }

 func (n *NoopBackend) HandleRequest(req *logical.Request) (*logical.Response, error) {
@@ -34,6 +36,10 @@ func (n *NoopBackend) SpecialPaths() *logical.Paths {
 	}
 }

+func (n *NoopBackend) SetLogger(l *log.Logger) {
+	n.Logger = l
+}
+
 func TestRouter_Mount(t *testing.T) {
 	r := NewRouter()
 	_, barrier, _ := mockBarrier(t)