scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 18:17:55 +00:00
Code Issues Packages Projects Releases Wiki Activity

replace global vault handlers with newVaultHandlers() (#27515)

Browse Source
This commit is contained in:
Thy Ton
2024-06-18 22:17:40 +07:00
committed by GitHub
parent ff8442dff7
commit 28c2e94382
9 changed files with 111 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
command/command_stubs_oss.go
View File

@@ -35,3 +35,5 @@ func entGetFIPSInfoKey() string {
func entGetRequestLimiterStatus(coreConfig vault.CoreConfig) string { func entGetRequestLimiterStatus(coreConfig vault.CoreConfig) string {
return "" return ""
} }
func entExtendAddonHandlers(handlers *vaultHandlers) {}

7
command/command_test.go
View File

@@ -122,10 +122,11 @@ func testVaultServerWithKVVersion(tb testing.TB, kvVersion string) (*api.Client,
func testVaultServerAllBackends(tb testing.TB) (*api.Client, func()) { func testVaultServerAllBackends(tb testing.TB) (*api.Client, func()) {
tb.Helper() tb.Helper()
handlers := newVaultHandlers()
client, _, closer := testVaultServerCoreConfig(tb, &vault.CoreConfig{ client, _, closer := testVaultServerCoreConfig(tb, &vault.CoreConfig{
CredentialBackends: credentialBackends, CredentialBackends: handlers.credentialBackends,
AuditBackends: auditBackends, AuditBackends: handlers.auditBackends,
LogicalBackends: logicalBackends, LogicalBackends: handlers.logicalBackends,
BuiltinRegistry: builtinplugins.Registry, BuiltinRegistry: builtinplugins.Registry,
}) })
return client, closer return client, closer

109
command/commands.go
View File

@@ -129,50 +129,68 @@ const (
flagNameDelegatedAuthAccessors = "delegated-auth-accessors" flagNameDelegatedAuthAccessors = "delegated-auth-accessors"
) )
var ( // vaultHandlers contains the handlers for creating the various Vault backends.
physicalBackends = map[string]physical.Factory{ type vaultHandlers struct {
"inmem_ha": physInmem.NewInmemHA, physicalBackends map[string]physical.Factory
"inmem_transactional_ha": physInmem.NewTransactionalInmemHA, loginHandlers map[string]LoginHandler
"inmem_transactional": physInmem.NewTransactionalInmem, auditBackends map[string]audit.Factory
"inmem": physInmem.NewInmem, credentialBackends map[string]logical.Factory
"raft": physRaft.NewRaftBackend, logicalBackends map[string]logical.Factory
} serviceRegistrations map[string]sr.Factory
}
loginHandlers = map[string]LoginHandler{ // newMinimalVaultHandlers returns a new vaultHandlers that a minimal Vault would use.
"cert": &credCert.CLIHandler{}, func newMinimalVaultHandlers() *vaultHandlers {
"oidc": &credOIDC.CLIHandler{}, return &vaultHandlers{
"token": &credToken.CLIHandler{}, physicalBackends: map[string]physical.Factory{
"userpass": &credUserpass.CLIHandler{ "inmem_ha": physInmem.NewInmemHA,
DefaultMount: "userpass", "inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
"inmem_transactional": physInmem.NewTransactionalInmem,
"inmem": physInmem.NewInmem,
"raft": physRaft.NewRaftBackend,
},
loginHandlers: map[string]LoginHandler{
"cert": &credCert.CLIHandler{},
"oidc": &credOIDC.CLIHandler{},
"token": &credToken.CLIHandler{},
"userpass": &credUserpass.CLIHandler{
DefaultMount: "userpass",
},
},
auditBackends: map[string]audit.Factory{
"file": audit.NewFileBackend,
"socket": audit.NewSocketBackend,
"syslog": audit.NewSyslogBackend,
},
credentialBackends: map[string]logical.Factory{
"plugin": plugin.Factory,
},
logicalBackends: map[string]logical.Factory{
"plugin": plugin.Factory,
"database": logicalDb.Factory,
// This is also available in the plugin catalog, but is here due to the need to
// automatically mount it.
"kv": logicalKv.Factory,
},
serviceRegistrations: map[string]sr.Factory{
"consul": csr.NewServiceRegistration,
"kubernetes": ksr.NewServiceRegistration,
}, },
} }
}
auditBackends = map[string]audit.Factory{ // newVaultHandlers returns a new vaultHandlers composed of newMinimalVaultHandlers()
"file": audit.NewFileBackend, // and any addon handlers from Vault CE and Vault Enterprise selected by Go build tags.
"socket": audit.NewSocketBackend, func newVaultHandlers() *vaultHandlers {
"syslog": audit.NewSyslogBackend, handlers := newMinimalVaultHandlers()
} extendAddonHandlers(handlers)
entExtendAddonHandlers(handlers)
credentialBackends = map[string]logical.Factory{ return handlers
"plugin": plugin.Factory, }
}
logicalBackends = map[string]logical.Factory{
"plugin": plugin.Factory,
"database": logicalDb.Factory,
// This is also available in the plugin catalog, but is here due to the need to
// automatically mount it.
"kv": logicalKv.Factory,
}
serviceRegistrations = map[string]sr.Factory{
"consul": csr.NewServiceRegistration,
"kubernetes": ksr.NewServiceRegistration,
}
)
func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory { func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory {
extendAddonCommands() handlers := newVaultHandlers()
getBaseCommand := func() *BaseCommand { getBaseCommand := func() *BaseCommand {
return &BaseCommand{ return &BaseCommand{
@@ -243,7 +261,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
"auth help": func() (cli.Command, error) { "auth help": func() (cli.Command, error) {
return &AuthHelpCommand{ return &AuthHelpCommand{
BaseCommand: getBaseCommand(), BaseCommand: getBaseCommand(),
Handlers: loginHandlers, Handlers: handlers.loginHandlers,
}, nil }, nil
}, },
"auth list": func() (cli.Command, error) { "auth list": func() (cli.Command, error) {
@@ -300,7 +318,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
"login": func() (cli.Command, error) { "login": func() (cli.Command, error) {
return &LoginCommand{ return &LoginCommand{
BaseCommand: getBaseCommand(), BaseCommand: getBaseCommand(),
Handlers: loginHandlers, Handlers: handlers.loginHandlers,
}, nil }, nil
}, },
"namespace": func() (cli.Command, error) { "namespace": func() (cli.Command, error) {
@@ -371,7 +389,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
"operator migrate": func() (cli.Command, error) { "operator migrate": func() (cli.Command, error) {
return &OperatorMigrateCommand{ return &OperatorMigrateCommand{
BaseCommand: getBaseCommand(), BaseCommand: getBaseCommand(),
PhysicalBackends: physicalBackends, PhysicalBackends: handlers.physicalBackends,
ShutdownCh: MakeShutdownCh(), ShutdownCh: MakeShutdownCh(),
}, nil }, nil
}, },
@@ -662,12 +680,11 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co
tokenHelper: runOpts.TokenHelper, tokenHelper: runOpts.TokenHelper,
flagAddress: runOpts.Address, flagAddress: runOpts.Address,
}, },
AuditBackends: auditBackends, AuditBackends: handlers.auditBackends,
CredentialBackends: credentialBackends, CredentialBackends: handlers.credentialBackends,
LogicalBackends: logicalBackends, LogicalBackends: handlers.logicalBackends,
PhysicalBackends: physicalBackends, PhysicalBackends: handlers.physicalBackends,
ServiceRegistrations: handlers.serviceRegistrations,
ServiceRegistrations: serviceRegistrations,
ShutdownCh: MakeShutdownCh(), ShutdownCh: MakeShutdownCh(),
SighupCh: MakeSighupCh(), SighupCh: MakeSighupCh(),

10
command/commands_full.go
View File

@@ -43,7 +43,7 @@ import (
physFile "github.com/hashicorp/vault/sdk/physical/file" physFile "github.com/hashicorp/vault/sdk/physical/file"
) )
func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandler) { func newFullAddonHandlers() (map[string]physical.Factory, map[string]LoginHandler) {
addonPhysicalBackends := map[string]physical.Factory{ addonPhysicalBackends := map[string]physical.Factory{
"aerospike": physAerospike.NewAerospikeBackend, "aerospike": physAerospike.NewAerospikeBackend,
"alicloudoss": physAliCloudOSS.NewAliCloudOSSBackend, "alicloudoss": physAliCloudOSS.NewAliCloudOSSBackend,
@@ -88,9 +88,9 @@ func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandle
return addonPhysicalBackends, addonLoginHandlers return addonPhysicalBackends, addonLoginHandlers
} }
func extendAddonCommands() { func extendAddonHandlers(handlers *vaultHandlers) {
addonPhysicalBackends, addonLoginHandlers := newFullAddonCommands() addonPhysicalBackends, addonLoginHandlers := newFullAddonHandlers()
maps.Copy(physicalBackends, addonPhysicalBackends) maps.Copy(handlers.physicalBackends, addonPhysicalBackends)
maps.Copy(loginHandlers, addonLoginHandlers) maps.Copy(handlers.loginHandlers, addonLoginHandlers)
} }

27
command/commands_full_test.go
View File

@@ -12,34 +12,35 @@ import (
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
) )
// Test_extendAddonCommands tests extendAddonCommands() extends physical and logical backends with // Test_extendAddonHandlers tests extendAddonHandlers() extends the minimal Vault handlers with handlers
// those generated by newFullAddonCommands() // generated by newFullAddonHandlers()
func Test_extendAddonCommands(t *testing.T) { func Test_extendAddonHandlers(t *testing.T) {
expMinPhysicalBackends := maps.Clone(physicalBackends) handlers := newMinimalVaultHandlers()
expMinLoginHandlers := maps.Clone(loginHandlers) expMinPhysicalBackends := maps.Clone(handlers.physicalBackends)
expMinLoginHandlers := maps.Clone(handlers.loginHandlers)
expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonCommands() expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonHandlers()
extendAddonCommands() extendAddonHandlers(handlers)
require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(physicalBackends), require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(handlers.physicalBackends),
"extended total physical backends mismatch total of minimal and full addon physical backends") "extended total physical backends mismatch total of minimal and full addon physical backends")
require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(loginHandlers), require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(handlers.loginHandlers),
"extended total login handlers mismatch total of minimal and full addon login handlers") "extended total login handlers mismatch total of minimal and full addon login handlers")
for k := range expMinPhysicalBackends { for k := range expMinPhysicalBackends {
require.Contains(t, physicalBackends, k, "expected to contain minimal physical backend") require.Contains(t, handlers.physicalBackends, k, "expected to contain minimal physical backend")
} }
for k := range expAddonPhysicalBackends { for k := range expAddonPhysicalBackends {
require.Contains(t, physicalBackends, k, "expected to contain full addon physical backend") require.Contains(t, handlers.physicalBackends, k, "expected to contain full addon physical backend")
} }
for k := range expMinLoginHandlers { for k := range expMinLoginHandlers {
require.Contains(t, loginHandlers, k, "expected to contain minimal login handler") require.Contains(t, handlers.loginHandlers, k, "expected to contain minimal login handler")
} }
for k := range expAddonLoginHandlers { for k := range expAddonLoginHandlers {
require.Contains(t, loginHandlers, k, "expected to contain full addon login handler") require.Contains(t, handlers.loginHandlers, k, "expected to contain full addon login handler")
} }
} }

2
command/commands_min.go
View File

@@ -9,6 +9,6 @@ import (
_ "github.com/hashicorp/vault/helper/builtinplugins" _ "github.com/hashicorp/vault/helper/builtinplugins"
) )
func extendAddonCommands() { func extendAddonHandlers(*vaultHandlers) {
// No-op // No-op
} }

5
command/commands_test.go
View File

@@ -25,7 +25,12 @@ func Test_Commands_HCPInit(t *testing.T) {
} }
for n, tst := range tests { for n, tst := range tests {
n := n
tst := tst
t.Run(n, func(t *testing.T) { t.Run(n, func(t *testing.T) {
t.Parallel()
mockUi := cli.NewMockUi() mockUi := cli.NewMockUi()
commands := initCommands(mockUi, nil, nil) commands := initCommands(mockUi, nil, nil)
if tst.expectError { if tst.expectError {

12
command/operator_diagnose.go
View File

@@ -203,17 +203,19 @@ func (c *OperatorDiagnoseCommand) RunWithParsedFlags() int {
func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error { func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error {
rloadFuncs := make(map[string][]reloadutil.ReloadFunc) rloadFuncs := make(map[string][]reloadutil.ReloadFunc)
handlers := newVaultHandlers()
server := &ServerCommand{ server := &ServerCommand{
// TODO: set up a different one? // TODO: set up a different one?
// In particular, a UI instance that won't output? // In particular, a UI instance that won't output?
BaseCommand: c.BaseCommand, BaseCommand: c.BaseCommand,
// TODO: refactor to a common place? // TODO: refactor to a common place?
AuditBackends: auditBackends, AuditBackends: handlers.auditBackends,
CredentialBackends: credentialBackends, CredentialBackends: handlers.credentialBackends,
LogicalBackends: logicalBackends, LogicalBackends: handlers.logicalBackends,
PhysicalBackends: physicalBackends, PhysicalBackends: handlers.physicalBackends,
ServiceRegistrations: serviceRegistrations, ServiceRegistrations: handlers.serviceRegistrations,
// TODO: other ServerCommand options? // TODO: other ServerCommand options?

19
command/operator_migrate_test.go
View File

@@ -32,10 +32,11 @@ func init() {
} }
func TestMigration(t *testing.T) { func TestMigration(t *testing.T) {
handlers := newVaultHandlers()
t.Run("Default", func(t *testing.T) { t.Run("Default", func(t *testing.T) {
data := generateData() data := generateData()
fromFactory := physicalBackends["file"] fromFactory := handlers.physicalBackends["file"]
folder := t.TempDir() folder := t.TempDir()
@@ -51,7 +52,7 @@ func TestMigration(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
toFactory := physicalBackends["inmem"] toFactory := handlers.physicalBackends["inmem"]
confTo := map[string]string{} confTo := map[string]string{}
to, err := toFactory(confTo, nil) to, err := toFactory(confTo, nil)
if err != nil { if err != nil {
@@ -72,7 +73,7 @@ func TestMigration(t *testing.T) {
t.Run("Concurrent migration", func(t *testing.T) { t.Run("Concurrent migration", func(t *testing.T) {
data := generateData() data := generateData()
fromFactory := physicalBackends["file"] fromFactory := handlers.physicalBackends["file"]
folder := t.TempDir() folder := t.TempDir()
@@ -88,7 +89,7 @@ func TestMigration(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
toFactory := physicalBackends["inmem"] toFactory := handlers.physicalBackends["inmem"]
confTo := map[string]string{} confTo := map[string]string{}
to, err := toFactory(confTo, nil) to, err := toFactory(confTo, nil)
if err != nil { if err != nil {
@@ -110,7 +111,7 @@ func TestMigration(t *testing.T) {
t.Run("Start option", func(t *testing.T) { t.Run("Start option", func(t *testing.T) {
data := generateData() data := generateData()
fromFactory := physicalBackends["inmem"] fromFactory := handlers.physicalBackends["inmem"]
confFrom := map[string]string{} confFrom := map[string]string{}
from, err := fromFactory(confFrom, nil) from, err := fromFactory(confFrom, nil)
if err != nil { if err != nil {
@@ -120,7 +121,7 @@ func TestMigration(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
toFactory := physicalBackends["file"] toFactory := handlers.physicalBackends["file"]
folder := t.TempDir() folder := t.TempDir()
confTo := map[string]string{ confTo := map[string]string{
"path": folder, "path": folder,
@@ -149,7 +150,7 @@ func TestMigration(t *testing.T) {
t.Run("Start option (parallel)", func(t *testing.T) { t.Run("Start option (parallel)", func(t *testing.T) {
data := generateData() data := generateData()
fromFactory := physicalBackends["inmem"] fromFactory := handlers.physicalBackends["inmem"]
confFrom := map[string]string{} confFrom := map[string]string{}
from, err := fromFactory(confFrom, nil) from, err := fromFactory(confFrom, nil)
if err != nil { if err != nil {
@@ -159,7 +160,7 @@ func TestMigration(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
toFactory := physicalBackends["file"] toFactory := handlers.physicalBackends["file"]
folder := t.TempDir() folder := t.TempDir()
confTo := map[string]string{ confTo := map[string]string{
"path": folder, "path": folder,
@@ -269,7 +270,7 @@ storage_destination "dest_type2" {
}) })
t.Run("DFS Scan", func(t *testing.T) { t.Run("DFS Scan", func(t *testing.T) {
s, _ := physicalBackends["inmem"](map[string]string{}, nil) s, _ := handlers.physicalBackends["inmem"](map[string]string{}, nil)
data := generateData() data := generateData()
data["cc"] = []byte{} data["cc"] = []byte{}