scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-11-04 04:28:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add option to have dev mode generic backend return leases

Browse Source
This commit is contained in:
Jeff Mitchell
2017-06-21 10:42:50 -04:00
parent ff319a680f
commit 5be95b01a1
3 changed files with 25 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
command/server.go
View File

@@ -64,7 +64,7 @@ type ServerCommand struct {
} }
func (c *ServerCommand) Run(args []string) int { func (c *ServerCommand) Run(args []string) int {
var dev, verifyOnly, devHA, devTransactional bool var dev, verifyOnly, devHA, devTransactional, devLeasedGeneric bool
var configPath []string var configPath []string
var logLevel, devRootTokenID, devListenAddress string var logLevel, devRootTokenID, devListenAddress string
flags := c.Meta.FlagSet("server", meta.FlagSetDefault) flags := c.Meta.FlagSet("server", meta.FlagSetDefault)
@@ -73,8 +73,9 @@ func (c *ServerCommand) Run(args []string) int {
flags.StringVar(&devListenAddress, "dev-listen-address", "", "") flags.StringVar(&devListenAddress, "dev-listen-address", "", "")
flags.StringVar(&logLevel, "log-level", "info", "") flags.StringVar(&logLevel, "log-level", "info", "")
flags.BoolVar(&verifyOnly, "verify-only", false, "") flags.BoolVar(&verifyOnly, "verify-only", false, "")
flags.BoolVar(&devHA, "ha", false, "") flags.BoolVar(&devHA, "dev-ha", false, "")
flags.BoolVar(&devTransactional, "transactional", false, "") flags.BoolVar(&devTransactional, "dev-transactional", false, "")
flags.BoolVar(&devLeasedGeneric, "dev-leased-generic", false, "")
flags.Usage = func() { c.Ui.Output(c.Help()) } flags.Usage = func() { c.Ui.Output(c.Help()) }
flags.Var((*sliceflag.StringFlag)(&configPath), "config", "config") flags.Var((*sliceflag.StringFlag)(&configPath), "config", "config")
if err := flags.Parse(args); err != nil { if err := flags.Parse(args); err != nil {
@@ -127,7 +128,7 @@ func (c *ServerCommand) Run(args []string) int {
devListenAddress = os.Getenv("VAULT_DEV_LISTEN_ADDRESS") devListenAddress = os.Getenv("VAULT_DEV_LISTEN_ADDRESS")
} }
if devHA || devTransactional { if devHA || devTransactional || devLeasedGeneric {
dev = true dev = true
} }
@@ -243,6 +244,9 @@ func (c *ServerCommand) Run(args []string) int {
} }
if dev { if dev {
coreConfig.DevToken = devRootTokenID coreConfig.DevToken = devRootTokenID
if devLeasedGeneric {
coreConfig.LogicalBackends["generic"] = vault.RenewableLeasedPassthroughBackendFactory
}
} }
var disableClustering bool var disableClustering bool

8
http/logical.go
View File

@@ -96,7 +96,7 @@ func buildLogicalRequest(core *vault.Core, w http.ResponseWriter, r *http.Reques
return req, 0, nil return req, 0, nil
} }
func handleLogical(core *vault.Core, dataOnly bool, prepareRequestCallback PrepareRequestFunc) http.Handler { func handleLogical(core *vault.Core, injectDataIntoTopLevel bool, prepareRequestCallback PrepareRequestFunc) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
req, statusCode, err := buildLogicalRequest(core, w, r) req, statusCode, err := buildLogicalRequest(core, w, r)
if err != nil || statusCode != 0 { if err != nil || statusCode != 0 {
@@ -125,11 +125,11 @@ func handleLogical(core *vault.Core, dataOnly bool, prepareRequestCallback Prepa
} }
// Build the proper response // Build the proper response
respondLogical(w, r, req, dataOnly, resp) respondLogical(w, r, req, injectDataIntoTopLevel, resp)
}) })
} }
func respondLogical(w http.ResponseWriter, r *http.Request, req *logical.Request, dataOnly bool, resp *logical.Response) { func respondLogical(w http.ResponseWriter, r *http.Request, req *logical.Request, injectDataIntoTopLevel bool, resp *logical.Response) {
var httpResp *logical.HTTPResponse var httpResp *logical.HTTPResponse
var ret interface{} var ret interface{}
@@ -163,7 +163,7 @@ func respondLogical(w http.ResponseWriter, r *http.Request, req *logical.Request
ret = httpResp ret = httpResp
if dataOnly { if injectDataIntoTopLevel {
injector := logical.HTTPSysInjector{ injector := logical.HTTPSysInjector{
Response: httpResp, Response: httpResp,
} }

19
vault/logical_passthrough.go
View File

@@ -14,20 +14,26 @@ import (
// PassthroughBackendFactory returns a PassthroughBackend // PassthroughBackendFactory returns a PassthroughBackend
// with leases switched off // with leases switched off
func PassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) { func PassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) {
return LeaseSwitchedPassthroughBackend(conf, false) return LeaseSwitchedPassthroughBackend(conf, false, false)
} }
// PassthroughBackendWithLeasesFactory returns a PassthroughBackend // PassthroughBackendWithLeasesFactory returns a PassthroughBackend
// with leases switched on // with leases switched on
func LeasedPassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) { func LeasedPassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) {
return LeaseSwitchedPassthroughBackend(conf, true) return LeaseSwitchedPassthroughBackend(conf, true, false)
}
// Same as above but renewable
func RenewableLeasedPassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) {
return LeaseSwitchedPassthroughBackend(conf, true, true)
} }
// LeaseSwitchedPassthroughBackendFactory returns a PassthroughBackend // LeaseSwitchedPassthroughBackendFactory returns a PassthroughBackend
// with leases switched on or off // with leases switched on or off
func LeaseSwitchedPassthroughBackend(conf *logical.BackendConfig, leases bool) (logical.Backend, error) { func LeaseSwitchedPassthroughBackend(conf *logical.BackendConfig, leases, renewable bool) (logical.Backend, error) {
var b PassthroughBackend var b PassthroughBackend
b.generateLeases = leases b.generateLeases = leases
b.renewableLeases = renewable
b.Backend = &framework.Backend{ b.Backend = &framework.Backend{
Help: strings.TrimSpace(passthroughHelp), Help: strings.TrimSpace(passthroughHelp),
@@ -74,7 +80,8 @@ func LeaseSwitchedPassthroughBackend(conf *logical.BackendConfig, leases bool) (
// fancy. // fancy.
type PassthroughBackend struct { type PassthroughBackend struct {
*framework.Backend *framework.Backend
generateLeases bool generateLeases bool
renewableLeases bool
} }
func (b *PassthroughBackend) handleRevoke( func (b *PassthroughBackend) handleRevoke(
@@ -117,7 +124,7 @@ func (b *PassthroughBackend) handleRead(
if b.generateLeases { if b.generateLeases {
// Generate the response // Generate the response
resp = b.Secret("generic").Response(rawData, nil) resp = b.Secret("generic").Response(rawData, nil)
resp.Secret.Renewable = false resp.Secret.Renewable = b.renewableLeases
} else { } else {
resp = &logical.Response{ resp = &logical.Response{
Secret: &logical.Secret{}, Secret: &logical.Secret{},
@@ -138,7 +145,7 @@ func (b *PassthroughBackend) handleRead(
} }
if b.generateLeases { if b.generateLeases {
resp.Secret.Renewable = true resp.Secret.Renewable = b.renewableLeases
} }
} }