mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-01 19:17:58 +00:00
Create sdk/ and api/ submodules (#6583)
This commit is contained in:
Jeff Mitchell
69
sdk/helper/pluginutil/env.go
Normal file
69
sdk/helper/pluginutil/env.go
Normal file
@@ -0,0 +1,69 @@
|
||||
package pluginutil
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
version "github.com/hashicorp/go-version"
|
||||
"github.com/hashicorp/vault/sdk/helper/mlock"
|
||||
)
|
||||
|
||||
var (
|
||||
// PluginMlockEnabled is the ENV name used to pass the configuration for
|
||||
// enabling mlock
|
||||
PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
|
||||
|
||||
// PluginVaultVersionEnv is the ENV name used to pass the version of the
|
||||
// vault server to the plugin
|
||||
PluginVaultVersionEnv = "VAULT_VERSION"
|
||||
|
||||
// PluginMetadataModeEnv is an ENV name used to disable TLS communication
|
||||
// to bootstrap mounting plugins.
|
||||
PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
|
||||
|
||||
// PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the
|
||||
// plugin.
|
||||
PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN"
|
||||
|
||||
// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
|
||||
// string. Used for testing.
|
||||
PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"
|
||||
)
|
||||
|
||||
// OptionallyEnableMlock determines if mlock should be called, and if so enables
|
||||
// mlock.
|
||||
func OptionallyEnableMlock() error {
|
||||
if os.Getenv(PluginMlockEnabled) == "true" {
|
||||
return mlock.LockMemory()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or
|
||||
// it fails to meet the version constraint.
|
||||
func GRPCSupport() bool {
|
||||
verString := os.Getenv(PluginVaultVersionEnv)
|
||||
// If the env var is empty, we fall back to netrpc for backward compatibility.
|
||||
if verString == "" {
|
||||
return false
|
||||
}
|
||||
if verString != "unknown" {
|
||||
ver, err := version.NewVersion(verString)
|
||||
if err != nil {
|
||||
return true
|
||||
}
|
||||
// Due to some regressions on 0.9.2 & 0.9.3 we now require version 0.9.4
|
||||
// to allow the plugin framework to default to gRPC.
|
||||
constraint, err := version.NewConstraint(">= 0.9.4")
|
||||
if err != nil {
|
||||
return true
|
||||
}
|
||||
return constraint.Check(ver)
|
||||
}
|
||||
return true
|
||||
}
|
||||
|
||||
// InMetadataMode returns true if the plugin calling this function is running in metadata mode.
|
||||
func InMetadataMode() bool {
|
||||
return os.Getenv(PluginMetadataModeEnv) == "true"
|
||||
}
|
||||
Reference in New Issue
Block a user