From 33d66f3a67c41db9eb5770e41983dbf18f8918f8 Mon Sep 17 00:00:00 2001 From: Brian Kassouf Date: Wed, 12 Apr 2017 17:35:53 -0700 Subject: [PATCH] Add comments to the plugin runner --- helper/pluginutil/runner.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/helper/pluginutil/runner.go b/helper/pluginutil/runner.go index 4d66d8706b..a57abad0ed 100644 --- a/helper/pluginutil/runner.go +++ b/helper/pluginutil/runner.go @@ -17,20 +17,28 @@ var ( PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED" ) +// Looker defines the plugin Lookup function that looks into the plugin catalog +// for availible plugins and returns a PluginRunner type Looker interface { LookupPlugin(string) (*PluginRunner, error) } +// Wrapper interface defines the functions needed by the runner to wrap the +// metadata needed to run a plugin process. This includes looking up Mlock +// configuration and wrapping data in a respose wrapped token. type Wrapper interface { ResponseWrapData(data map[string]interface{}, ttl time.Duration, jwt bool) (string, error) MlockDisabled() bool } +// LookWrapper defines the functions for both Looker and Wrapper type LookWrapper interface { Looker Wrapper } +// PluginRunner defines the metadata needed to run a plugin securely with +// go-plugin. type PluginRunner struct { Name string `json:"name"` Command string `json:"command"` @@ -39,6 +47,8 @@ type PluginRunner struct { Builtin bool `json:"builtin"` } +// Run takes a wrapper instance, and the go-plugin paramaters and executes a +// plugin. func (r *PluginRunner) Run(wrapper Wrapper, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string) (*plugin.Client, error) { // Get a CA TLS Certificate CACertBytes, CACert, CAKey, err := GenerateCACert() @@ -87,6 +97,8 @@ func (r *PluginRunner) Run(wrapper Wrapper, pluginMap map[string]plugin.Plugin, return client, nil } +// OptionallyEnableMlock determines if mlock should be called, and if so enables +// mlock. func OptionallyEnableMlock() error { if os.Getenv(PluginMlockEnabled) == "true" { return mlock.LockMemory()