mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-01 19:17:58 +00:00
replace global vault handlers with newVaultHandlers() (#27515)
This commit is contained in:
Thy Ton
@@ -35,3 +35,5 @@ func entGetFIPSInfoKey() string {
|
||||
func entGetRequestLimiterStatus(coreConfig vault.CoreConfig) string {
|
||||
return ""
|
||||
}
|
||||
|
||||
func entExtendAddonHandlers(handlers *vaultHandlers) {}
|
||||
|
||||
@@ -122,10 +122,11 @@ func testVaultServerWithKVVersion(tb testing.TB, kvVersion string) (*api.Client,
|
||||
func testVaultServerAllBackends(tb testing.TB) (*api.Client, func()) {
|
||||
tb.Helper()
|
||||
|
||||
handlers := newVaultHandlers()
|
||||
client, _, closer := testVaultServerCoreConfig(tb, &vault.CoreConfig{
|
||||
CredentialBackends: credentialBackends,
|
||||
AuditBackends: auditBackends,
|
||||
LogicalBackends: logicalBackends,
|
||||
CredentialBackends: handlers.credentialBackends,
|
||||
AuditBackends: handlers.auditBackends,
|
||||
LogicalBackends: handlers.logicalBackends,
|
||||
BuiltinRegistry: builtinplugins.Registry,
|
||||
})
|
||||
return client, closer
|
||||
|
||||
@@ -129,50 +129,68 @@ const (
|
||||
flagNameDelegatedAuthAccessors = "delegated-auth-accessors"
|
||||
)
|
||||
|
||||
var (
|
||||
physicalBackends = map[string]physical.Factory{
|
||||
"inmem_ha": physInmem.NewInmemHA,
|
||||
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
|
||||
"inmem_transactional": physInmem.NewTransactionalInmem,
|
||||
"inmem": physInmem.NewInmem,
|
||||
"raft": physRaft.NewRaftBackend,
|
||||
}
|
||||
// vaultHandlers contains the handlers for creating the various Vault backends.
|
||||
type vaultHandlers struct {
|
||||
physicalBackends map[string]physical.Factory
|
||||
loginHandlers map[string]LoginHandler
|
||||
auditBackends map[string]audit.Factory
|
||||
credentialBackends map[string]logical.Factory
|
||||
logicalBackends map[string]logical.Factory
|
||||
serviceRegistrations map[string]sr.Factory
|
||||
}
|
||||
|
||||
loginHandlers = map[string]LoginHandler{
|
||||
"cert": &credCert.CLIHandler{},
|
||||
"oidc": &credOIDC.CLIHandler{},
|
||||
"token": &credToken.CLIHandler{},
|
||||
"userpass": &credUserpass.CLIHandler{
|
||||
DefaultMount: "userpass",
|
||||
// newMinimalVaultHandlers returns a new vaultHandlers that a minimal Vault would use.
|
||||
func newMinimalVaultHandlers() *vaultHandlers {
|
||||
return &vaultHandlers{
|
||||
physicalBackends: map[string]physical.Factory{
|
||||
"inmem_ha": physInmem.NewInmemHA,
|
||||
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
|
||||
"inmem_transactional": physInmem.NewTransactionalInmem,
|
||||
"inmem": physInmem.NewInmem,
|
||||
"raft": physRaft.NewRaftBackend,
|
||||
},
|
||||
loginHandlers: map[string]LoginHandler{
|
||||
"cert": &credCert.CLIHandler{},
|
||||
"oidc": &credOIDC.CLIHandler{},
|
||||
"token": &credToken.CLIHandler{},
|
||||
"userpass": &credUserpass.CLIHandler{
|
||||
DefaultMount: "userpass",
|
||||
},
|
||||
},
|
||||
auditBackends: map[string]audit.Factory{
|
||||
"file": audit.NewFileBackend,
|
||||
"socket": audit.NewSocketBackend,
|
||||
"syslog": audit.NewSyslogBackend,
|
||||
},
|
||||
credentialBackends: map[string]logical.Factory{
|
||||
"plugin": plugin.Factory,
|
||||
},
|
||||
logicalBackends: map[string]logical.Factory{
|
||||
"plugin": plugin.Factory,
|
||||
"database": logicalDb.Factory,
|
||||
// This is also available in the plugin catalog, but is here due to the need to
|
||||
// automatically mount it.
|
||||
"kv": logicalKv.Factory,
|
||||
},
|
||||
serviceRegistrations: map[string]sr.Factory{
|
||||
"consul": csr.NewServiceRegistration,
|
||||
"kubernetes": ksr.NewServiceRegistration,
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
auditBackends = map[string]audit.Factory{
|
||||
"file": audit.NewFileBackend,
|
||||
"socket": audit.NewSocketBackend,
|
||||
"syslog": audit.NewSyslogBackend,
|
||||
}
|
||||
// newVaultHandlers returns a new vaultHandlers composed of newMinimalVaultHandlers()
|
||||
// and any addon handlers from Vault CE and Vault Enterprise selected by Go build tags.
|
||||
func newVaultHandlers() *vaultHandlers {
|
||||
handlers := newMinimalVaultHandlers()
|
||||
extendAddonHandlers(handlers)
|
||||
entExtendAddonHandlers(handlers)
|
||||
|
||||
credentialBackends = map[string]logical.Factory{
|
||||
"plugin": plugin.Factory,
|
||||
}
|
||||
|
||||
logicalBackends = map[string]logical.Factory{
|
||||
"plugin": plugin.Factory,
|
||||
"database": logicalDb.Factory,
|
||||
// This is also available in the plugin catalog, but is here due to the need to
|
||||
// automatically mount it.
|
||||
"kv": logicalKv.Factory,
|
||||
}
|
||||
|
||||
serviceRegistrations = map[string]sr.Factory{
|
||||
"consul": csr.NewServiceRegistration,
|
||||
"kubernetes": ksr.NewServiceRegistration,
|
||||
}
|
||||
)
|
||||
return handlers
|
||||
}
|
||||
|
||||
func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory {
|
||||
extendAddonCommands()
|
||||
handlers := newVaultHandlers()
|
||||
|
||||
getBaseCommand := func() *BaseCommand {
|
||||
return &BaseCommand{
|
||||
@@ -243,7 +261,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
|
||||
"auth help": func() (cli.Command, error) {
|
||||
return &AuthHelpCommand{
|
||||
BaseCommand: getBaseCommand(),
|
||||
Handlers: loginHandlers,
|
||||
Handlers: handlers.loginHandlers,
|
||||
}, nil
|
||||
},
|
||||
"auth list": func() (cli.Command, error) {
|
||||
@@ -300,7 +318,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
|
||||
"login": func() (cli.Command, error) {
|
||||
return &LoginCommand{
|
||||
BaseCommand: getBaseCommand(),
|
||||
Handlers: loginHandlers,
|
||||
Handlers: handlers.loginHandlers,
|
||||
}, nil
|
||||
},
|
||||
"namespace": func() (cli.Command, error) {
|
||||
@@ -371,7 +389,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
|
||||
"operator migrate": func() (cli.Command, error) {
|
||||
return &OperatorMigrateCommand{
|
||||
BaseCommand: getBaseCommand(),
|
||||
PhysicalBackends: physicalBackends,
|
||||
PhysicalBackends: handlers.physicalBackends,
|
||||
ShutdownCh: MakeShutdownCh(),
|
||||
}, nil
|
||||
},
|
||||
@@ -662,12 +680,11 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
|
||||
tokenHelper: runOpts.TokenHelper,
|
||||
flagAddress: runOpts.Address,
|
||||
},
|
||||
AuditBackends: auditBackends,
|
||||
CredentialBackends: credentialBackends,
|
||||
LogicalBackends: logicalBackends,
|
||||
PhysicalBackends: physicalBackends,
|
||||
|
||||
ServiceRegistrations: serviceRegistrations,
|
||||
AuditBackends: handlers.auditBackends,
|
||||
CredentialBackends: handlers.credentialBackends,
|
||||
LogicalBackends: handlers.logicalBackends,
|
||||
PhysicalBackends: handlers.physicalBackends,
|
||||
ServiceRegistrations: handlers.serviceRegistrations,
|
||||
|
||||
ShutdownCh: MakeShutdownCh(),
|
||||
SighupCh: MakeSighupCh(),
|
||||
|
||||
@@ -43,7 +43,7 @@ import (
|
||||
physFile "github.com/hashicorp/vault/sdk/physical/file"
|
||||
)
|
||||
|
||||
func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandler) {
|
||||
func newFullAddonHandlers() (map[string]physical.Factory, map[string]LoginHandler) {
|
||||
addonPhysicalBackends := map[string]physical.Factory{
|
||||
"aerospike": physAerospike.NewAerospikeBackend,
|
||||
"alicloudoss": physAliCloudOSS.NewAliCloudOSSBackend,
|
||||
@@ -88,9 +88,9 @@ func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandle
|
||||
return addonPhysicalBackends, addonLoginHandlers
|
||||
}
|
||||
|
||||
func extendAddonCommands() {
|
||||
addonPhysicalBackends, addonLoginHandlers := newFullAddonCommands()
|
||||
func extendAddonHandlers(handlers *vaultHandlers) {
|
||||
addonPhysicalBackends, addonLoginHandlers := newFullAddonHandlers()
|
||||
|
||||
maps.Copy(physicalBackends, addonPhysicalBackends)
|
||||
maps.Copy(loginHandlers, addonLoginHandlers)
|
||||
maps.Copy(handlers.physicalBackends, addonPhysicalBackends)
|
||||
maps.Copy(handlers.loginHandlers, addonLoginHandlers)
|
||||
}
|
||||
|
||||
@@ -12,34 +12,35 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
// Test_extendAddonCommands tests extendAddonCommands() extends physical and logical backends with
|
||||
// those generated by newFullAddonCommands()
|
||||
func Test_extendAddonCommands(t *testing.T) {
|
||||
expMinPhysicalBackends := maps.Clone(physicalBackends)
|
||||
expMinLoginHandlers := maps.Clone(loginHandlers)
|
||||
// Test_extendAddonHandlers tests extendAddonHandlers() extends the minimal Vault handlers with handlers
|
||||
// generated by newFullAddonHandlers()
|
||||
func Test_extendAddonHandlers(t *testing.T) {
|
||||
handlers := newMinimalVaultHandlers()
|
||||
expMinPhysicalBackends := maps.Clone(handlers.physicalBackends)
|
||||
expMinLoginHandlers := maps.Clone(handlers.loginHandlers)
|
||||
|
||||
expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonCommands()
|
||||
expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonHandlers()
|
||||
|
||||
extendAddonCommands()
|
||||
extendAddonHandlers(handlers)
|
||||
|
||||
require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(physicalBackends),
|
||||
require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(handlers.physicalBackends),
|
||||
"extended total physical backends mismatch total of minimal and full addon physical backends")
|
||||
require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(loginHandlers),
|
||||
require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(handlers.loginHandlers),
|
||||
"extended total login handlers mismatch total of minimal and full addon login handlers")
|
||||
|
||||
for k := range expMinPhysicalBackends {
|
||||
require.Contains(t, physicalBackends, k, "expected to contain minimal physical backend")
|
||||
require.Contains(t, handlers.physicalBackends, k, "expected to contain minimal physical backend")
|
||||
}
|
||||
|
||||
for k := range expAddonPhysicalBackends {
|
||||
require.Contains(t, physicalBackends, k, "expected to contain full addon physical backend")
|
||||
require.Contains(t, handlers.physicalBackends, k, "expected to contain full addon physical backend")
|
||||
}
|
||||
|
||||
for k := range expMinLoginHandlers {
|
||||
require.Contains(t, loginHandlers, k, "expected to contain minimal login handler")
|
||||
require.Contains(t, handlers.loginHandlers, k, "expected to contain minimal login handler")
|
||||
}
|
||||
|
||||
for k := range expAddonLoginHandlers {
|
||||
require.Contains(t, loginHandlers, k, "expected to contain full addon login handler")
|
||||
require.Contains(t, handlers.loginHandlers, k, "expected to contain full addon login handler")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,6 +9,6 @@ import (
|
||||
_ "github.com/hashicorp/vault/helper/builtinplugins"
|
||||
)
|
||||
|
||||
func extendAddonCommands() {
|
||||
func extendAddonHandlers(*vaultHandlers) {
|
||||
// No-op
|
||||
}
|
||||
|
||||
@@ -25,7 +25,12 @@ func Test_Commands_HCPInit(t *testing.T) {
|
||||
}
|
||||
|
||||
for n, tst := range tests {
|
||||
n := n
|
||||
tst := tst
|
||||
|
||||
t.Run(n, func(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
mockUi := cli.NewMockUi()
|
||||
commands := initCommands(mockUi, nil, nil)
|
||||
if tst.expectError {
|
||||
|
||||
@@ -203,17 +203,19 @@ func (c *OperatorDiagnoseCommand) RunWithParsedFlags() int {
|
||||
|
||||
func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error {
|
||||
rloadFuncs := make(map[string][]reloadutil.ReloadFunc)
|
||||
handlers := newVaultHandlers()
|
||||
|
||||
server := &ServerCommand{
|
||||
// TODO: set up a different one?
|
||||
// In particular, a UI instance that won't output?
|
||||
BaseCommand: c.BaseCommand,
|
||||
|
||||
// TODO: refactor to a common place?
|
||||
AuditBackends: auditBackends,
|
||||
CredentialBackends: credentialBackends,
|
||||
LogicalBackends: logicalBackends,
|
||||
PhysicalBackends: physicalBackends,
|
||||
ServiceRegistrations: serviceRegistrations,
|
||||
AuditBackends: handlers.auditBackends,
|
||||
CredentialBackends: handlers.credentialBackends,
|
||||
LogicalBackends: handlers.logicalBackends,
|
||||
PhysicalBackends: handlers.physicalBackends,
|
||||
ServiceRegistrations: handlers.serviceRegistrations,
|
||||
|
||||
// TODO: other ServerCommand options?
|
||||
|
||||
|
||||
@@ -32,10 +32,11 @@ func init() {
|
||||
}
|
||||
|
||||
func TestMigration(t *testing.T) {
|
||||
handlers := newVaultHandlers()
|
||||
t.Run("Default", func(t *testing.T) {
|
||||
data := generateData()
|
||||
|
||||
fromFactory := physicalBackends["file"]
|
||||
fromFactory := handlers.physicalBackends["file"]
|
||||
|
||||
folder := t.TempDir()
|
||||
|
||||
@@ -51,7 +52,7 @@ func TestMigration(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
toFactory := physicalBackends["inmem"]
|
||||
toFactory := handlers.physicalBackends["inmem"]
|
||||
confTo := map[string]string{}
|
||||
to, err := toFactory(confTo, nil)
|
||||
if err != nil {
|
||||
@@ -72,7 +73,7 @@ func TestMigration(t *testing.T) {
|
||||
t.Run("Concurrent migration", func(t *testing.T) {
|
||||
data := generateData()
|
||||
|
||||
fromFactory := physicalBackends["file"]
|
||||
fromFactory := handlers.physicalBackends["file"]
|
||||
|
||||
folder := t.TempDir()
|
||||
|
||||
@@ -88,7 +89,7 @@ func TestMigration(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
toFactory := physicalBackends["inmem"]
|
||||
toFactory := handlers.physicalBackends["inmem"]
|
||||
confTo := map[string]string{}
|
||||
to, err := toFactory(confTo, nil)
|
||||
if err != nil {
|
||||
@@ -110,7 +111,7 @@ func TestMigration(t *testing.T) {
|
||||
t.Run("Start option", func(t *testing.T) {
|
||||
data := generateData()
|
||||
|
||||
fromFactory := physicalBackends["inmem"]
|
||||
fromFactory := handlers.physicalBackends["inmem"]
|
||||
confFrom := map[string]string{}
|
||||
from, err := fromFactory(confFrom, nil)
|
||||
if err != nil {
|
||||
@@ -120,7 +121,7 @@ func TestMigration(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
toFactory := physicalBackends["file"]
|
||||
toFactory := handlers.physicalBackends["file"]
|
||||
folder := t.TempDir()
|
||||
confTo := map[string]string{
|
||||
"path": folder,
|
||||
@@ -149,7 +150,7 @@ func TestMigration(t *testing.T) {
|
||||
t.Run("Start option (parallel)", func(t *testing.T) {
|
||||
data := generateData()
|
||||
|
||||
fromFactory := physicalBackends["inmem"]
|
||||
fromFactory := handlers.physicalBackends["inmem"]
|
||||
confFrom := map[string]string{}
|
||||
from, err := fromFactory(confFrom, nil)
|
||||
if err != nil {
|
||||
@@ -159,7 +160,7 @@ func TestMigration(t *testing.T) {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
toFactory := physicalBackends["file"]
|
||||
toFactory := handlers.physicalBackends["file"]
|
||||
folder := t.TempDir()
|
||||
confTo := map[string]string{
|
||||
"path": folder,
|
||||
@@ -269,7 +270,7 @@ storage_destination "dest_type2" {
|
||||
})
|
||||
|
||||
t.Run("DFS Scan", func(t *testing.T) {
|
||||
s, _ := physicalBackends["inmem"](map[string]string{}, nil)
|
||||
s, _ := handlers.physicalBackends["inmem"](map[string]string{}, nil)
|
||||
|
||||
data := generateData()
|
||||
data["cc"] = []byte{}
|
||||
|
||||
Reference in New Issue
Block a user