Add comments to the plugin runner

helper/pluginutil/runner.go

@@ -17,20 +17,28 @@ var (
 	PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
 )
 
+// Looker defines the plugin Lookup function that looks into the plugin catalog
+// for availible plugins and returns a PluginRunner
 type Looker interface {
 	LookupPlugin(string) (*PluginRunner, error)
 }
 
+// Wrapper interface defines the functions needed by the runner to wrap the
+// metadata needed to run a plugin process. This includes looking up Mlock
+// configuration and wrapping data in a respose wrapped token.
 type Wrapper interface {
 	ResponseWrapData(data map[string]interface{}, ttl time.Duration, jwt bool) (string, error)
 	MlockDisabled() bool
 }
 
+// LookWrapper defines the functions for both Looker and Wrapper
 type LookWrapper interface {
 	Looker
 	Wrapper
 }
 
+// PluginRunner defines the metadata needed to run a plugin securely with
+// go-plugin.
 type PluginRunner struct {
 	Name    string   `json:"name"`
 	Command string   `json:"command"`
@@ -39,6 +47,8 @@ type PluginRunner struct {
 	Builtin bool     `json:"builtin"`
 }
 
+// Run takes a wrapper instance, and the go-plugin paramaters and executes a
+// plugin.
 func (r *PluginRunner) Run(wrapper Wrapper, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string) (*plugin.Client, error) {
 	// Get a CA TLS Certificate
 	CACertBytes, CACert, CAKey, err := GenerateCACert()
@@ -87,6 +97,8 @@ func (r *PluginRunner) Run(wrapper Wrapper, pluginMap map[string]plugin.Plugin,
 	return client, nil
 }
 
+// OptionallyEnableMlock determines if mlock should be called, and if so enables
+// mlock.
 func OptionallyEnableMlock() error {
 	if os.Getenv(PluginMlockEnabled) == "true" {
 		return mlock.LockMemory()