Update the api for serving plugins and provide a utility to pass TLS data for commuinicating with the vault process

2025-11-02 11:38:02 +00:00 · 2017-05-02 14:40:11 -07:00
parent 7f92c5f47f
commit 1df8ec9ef7
15 changed files with 310 additions and 153 deletions
--- a/plugins/serve.go
+++ b/plugins/serve.go
@@ -0,0 +1,31 @@
+package plugins
+
+import (
+	"fmt"
+
+	"github.com/hashicorp/vault/api"
+	"github.com/hashicorp/vault/builtin/logical/database/dbplugin"
+	"github.com/hashicorp/vault/helper/pluginutil"
+)
+
+// Serve is used to start a plugin's RPC server. It takes an interface that must
+// implement a known plugin interface to vault and an optional api.TLSConfig for
+// use during the inital unwrap request to vault. The api config is particulary
+// useful when vault is setup to require client cert checking.
+func Serve(plugin interface{}, tlsConfig *api.TLSConfig) {
+	tlsProvider := pluginutil.VaultPluginTLSProvider(tlsConfig)
+
+	err := pluginutil.OptionallyEnableMlock()
+	if err != nil {
+		fmt.Println(err)
+		return
+	}
+
+	switch p := plugin.(type) {
+	case dbplugin.Database:
+		dbplugin.Serve(p, tlsProvider)
+	default:
+		fmt.Println("Unsuported plugin type")
+	}
+
+}