mirror of
https://github.com/optim-enterprises-bv/vault.git
synced 2025-11-02 11:38:02 +00:00
Backend plugin system (#2874)
* Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs
This commit is contained in:
Calvin Leung Huang
committed by
GitHub
GitHub
parent
987616895d
commit
2b0f80b981
@@ -82,6 +82,12 @@ type Backend struct {
|
||||
// See the built-in AuthRenew helpers in lease.go for common callbacks.
|
||||
AuthRenew OperationFunc
|
||||
|
||||
// LicenseRegistration is called to register the license for a backend.
|
||||
LicenseRegistration LicenseRegistrationFunc
|
||||
|
||||
// Type is the logical.BackendType for the backend implementation
|
||||
BackendType logical.BackendType
|
||||
|
||||
logger log.Logger
|
||||
system logical.SystemView
|
||||
once sync.Once
|
||||
@@ -107,6 +113,10 @@ type InitializeFunc func() error
|
||||
// InvalidateFunc is the callback for backend key invalidation.
|
||||
type InvalidateFunc func(string)
|
||||
|
||||
// LicenseRegistrationFunc is the callback for backend license registration.
|
||||
type LicenseRegistrationFunc func(interface{}) error
|
||||
|
||||
// HandleExistenceCheck is the logical.Backend implementation.
|
||||
func (b *Backend) HandleExistenceCheck(req *logical.Request) (checkFound bool, exists bool, err error) {
|
||||
b.once.Do(b.init)
|
||||
|
||||
@@ -154,7 +164,7 @@ func (b *Backend) HandleExistenceCheck(req *logical.Request) (checkFound bool, e
|
||||
return
|
||||
}
|
||||
|
||||
// logical.Backend impl.
|
||||
// HandleRequest is the logical.Backend implementation.
|
||||
func (b *Backend) HandleRequest(req *logical.Request) (*logical.Response, error) {
|
||||
b.once.Do(b.init)
|
||||
|
||||
@@ -221,18 +231,11 @@ func (b *Backend) HandleRequest(req *logical.Request) (*logical.Response, error)
|
||||
return callback(req, &fd)
|
||||
}
|
||||
|
||||
// logical.Backend impl.
|
||||
// SpecialPaths is the logical.Backend implementation.
|
||||
func (b *Backend) SpecialPaths() *logical.Paths {
|
||||
return b.PathsSpecial
|
||||
}
|
||||
|
||||
// Setup is used to initialize the backend with the initial backend configuration
|
||||
func (b *Backend) Setup(config *logical.BackendConfig) (logical.Backend, error) {
|
||||
b.logger = config.Logger
|
||||
b.system = config.System
|
||||
return b, nil
|
||||
}
|
||||
|
||||
// Cleanup is used to release resources and prepare to stop the backend
|
||||
func (b *Backend) Cleanup() {
|
||||
if b.Clean != nil {
|
||||
@@ -240,6 +243,7 @@ func (b *Backend) Cleanup() {
|
||||
}
|
||||
}
|
||||
|
||||
// Initialize calls the backend's Init func if set.
|
||||
func (b *Backend) Initialize() error {
|
||||
if b.Init != nil {
|
||||
return b.Init()
|
||||
@@ -255,6 +259,13 @@ func (b *Backend) InvalidateKey(key string) {
|
||||
}
|
||||
}
|
||||
|
||||
// Setup is used to initialize the backend with the initial backend configuration
|
||||
func (b *Backend) Setup(config *logical.BackendConfig) error {
|
||||
b.logger = config.Logger
|
||||
b.system = config.System
|
||||
return nil
|
||||
}
|
||||
|
||||
// Logger can be used to get the logger. If no logger has been set,
|
||||
// the logs will be discarded.
|
||||
func (b *Backend) Logger() log.Logger {
|
||||
@@ -265,11 +276,25 @@ func (b *Backend) Logger() log.Logger {
|
||||
return logformat.NewVaultLoggerWithWriter(ioutil.Discard, log.LevelOff)
|
||||
}
|
||||
|
||||
// System returns the backend's system view.
|
||||
func (b *Backend) System() logical.SystemView {
|
||||
return b.system
|
||||
}
|
||||
|
||||
// This method takes in the TTL and MaxTTL values provided by the user,
|
||||
// Type returns the backend type
|
||||
func (b *Backend) Type() logical.BackendType {
|
||||
return b.BackendType
|
||||
}
|
||||
|
||||
// RegisterLicense performs backend license registration.
|
||||
func (b *Backend) RegisterLicense(license interface{}) error {
|
||||
if b.LicenseRegistration == nil {
|
||||
return nil
|
||||
}
|
||||
return b.LicenseRegistration(license)
|
||||
}
|
||||
|
||||
// SanitizeTTLStr takes in the TTL and MaxTTL values provided by the user,
|
||||
// compares those with the SystemView values. If they are empty a value of 0 is
|
||||
// set, which will cause initial secret or LeaseExtend operations to use the
|
||||
// mount/system defaults. If they are set, their boundaries are validated.
|
||||
@@ -297,7 +322,8 @@ func (b *Backend) SanitizeTTLStr(ttlStr, maxTTLStr string) (ttl, maxTTL time.Dur
|
||||
return
|
||||
}
|
||||
|
||||
// Caps the boundaries of ttl and max_ttl values to the backend mount's max_ttl value.
|
||||
// SanitizeTTL caps the boundaries of ttl and max_ttl values to the
|
||||
// backend mount's max_ttl value.
|
||||
func (b *Backend) SanitizeTTL(ttl, maxTTL time.Duration) (time.Duration, time.Duration, error) {
|
||||
sysMaxTTL := b.System().MaxLeaseTTL()
|
||||
if ttl > sysMaxTTL {
|
||||
@@ -575,6 +601,7 @@ func (s *FieldSchema) DefaultOrZero() interface{} {
|
||||
return s.Type.Zero()
|
||||
}
|
||||
|
||||
// Zero returns the correct zero-value for a specific FieldType
|
||||
func (t FieldType) Zero() interface{} {
|
||||
switch t {
|
||||
case TypeString:
|
||||
|
||||
Reference in New Issue
Block a user