secrets/database: adds ability to manage alternative credential types and configuration (#15376)

builtin/logical/database/version_wrapper.go

@@ -2,12 +2,10 @@ package database
 
 import (
 	"context"
-	"crypto/rand"
 	"fmt"
 
 	log "github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/go-multierror"
-	"github.com/hashicorp/vault/helper/random"
 	v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
 	v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
 	"github.com/hashicorp/vault/sdk/helper/pluginutil"
@@ -229,39 +227,6 @@ func (d databaseVersionWrapper) Close() error {
 	return d.v4.Close()
 }
 
-// /////////////////////////////////////////////////////////////////////////////////
-// Password generation
-// /////////////////////////////////////////////////////////////////////////////////
-
-type passwordGenerator interface {
-	GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error)
-}
-
-var defaultPasswordGenerator = random.DefaultStringGenerator
-
-// GeneratePassword either from the v4 database or by using the provided password policy. If using a v5 database
-// and no password policy is specified, this will have a reasonable default password generator.
-func (d databaseVersionWrapper) GeneratePassword(ctx context.Context, generator passwordGenerator, passwordPolicy string) (password string, err error) {
-	if !d.isV5() && !d.isV4() {
-		return "", fmt.Errorf("no underlying database specified")
-	}
-
-	// If using the legacy database, use GenerateCredentials instead of password policies
-	// This will keep the existing behavior even though passwords can be generated with a policy
-	if d.isV4() {
-		password, err := d.v4.GenerateCredentials(ctx)
-		if err != nil {
-			return "", err
-		}
-		return password, nil
-	}
-
-	if passwordPolicy == "" {
-		return defaultPasswordGenerator.Generate(ctx, rand.Reader)
-	}
-	return generator.GeneratePasswordFromPolicy(ctx, passwordPolicy)
-}
-
 func (d databaseVersionWrapper) isV5() bool {
 	return d.v5 != nil
 }