scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-02 11:38:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Database Root Credential Rotation (#3976)

Browse Source 
* redoing connection handling

* a little more cleanup

* empty implementation of rotation

* updating rotate signature

* signature update

* updating interfaces again :(

* changing back to interface

* adding templated url support and rotation for postgres

* adding correct username

* return updates

* updating statements to be a list

* adding error sanitizing middleware

* fixing log sanitizier

* adding postgres rotate test

* removing conf from rotate

* adding rotate command

* adding mysql rotate

* finishing up the endpoint in the db backend for rotate

* no more structs, just store raw config

* fixing tests

* adding db instance lock

* adding support for statement list in cassandra

* wip redoing interface to support BC

* adding falllback for Initialize implementation

* adding backwards compat for statements

* fix tests

* fix more tests

* fixing up tests, switching to new fields in statements

* fixing more tests

* adding mssql and mysql

* wrapping all the things in middleware, implementing templating for mongodb

* wrapping all db servers with error santizer

* fixing test

* store the name with the db instance

* adding rotate to cassandra

* adding compatibility translation to both server and plugin

* reordering a few things

* store the name with the db instance

* reordering

* adding a few more tests

* switch secret values from slice to map

* addressing some feedback

* reinstate execute plugin after resetting connection

* set database connection to closed

* switching secret values func to map[string]interface for potential future uses

* addressing feedback
This commit is contained in:
Chris Hoffman
2018-03-21 15:05:56 -04:00
committed by GitHub
parent 1c443f22fe
commit 44aa151b78
33 changed files with 1974 additions and 777 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
builtin/logical/database/path_creds_create.go
View File

@@ -54,26 +54,15 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
return nil, logical.ErrPermissionDenied
}
// Grab the read lock
b.RLock()
unlockFunc := b.RUnlock
// Get the Database object
db, ok := b.getDBObj(role.DBName)
if !ok {
// Upgrade lock
b.RUnlock()
b.Lock()
unlockFunc = b.Unlock
// Create a new DB object
db, err = b.createDBObj(ctx, req.Storage, role.DBName)
if err != nil {
unlockFunc()
return nil, fmt.Errorf("could not retrieve db with name: %s, got error: %s", role.DBName, err)
}
db, err := b.GetConnection(ctx, req.Storage, role.DBName)
if err != nil {
return nil, err
}
db.RLock()
defer db.RUnlock()
ttl := b.System().DefaultLeaseTTL()
if role.DefaultTTL != 0 {
ttl = role.DefaultTTL
@@ -96,8 +85,7 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
// Create the user
username, password, err := db.CreateUser(ctx, role.Statements, usernameConfig, expiration)
if err != nil {
unlockFunc()
b.closeIfShutdown(role.DBName, err)
b.CloseIfShutdown(db, err)
return nil, err
}
@@ -109,8 +97,6 @@ func (b *databaseBackend) pathCredsCreateRead() framework.OperationFunc {
"role": name,
})
resp.Secret.TTL = ttl
unlockFunc()
return resp, nil
}
}