Add option to have dev mode generic backend return leases

2025-11-02 19:47:54 +00:00 · 2017-06-21 10:42:50 -04:00
parent ff319a680f
commit 5be95b01a1
3 changed files with 25 additions and 14 deletions
--- a/command/server.go
+++ b/command/server.go
@@ -64,7 +64,7 @@ type ServerCommand struct {
 }

 func (c *ServerCommand) Run(args []string) int {
-	var dev, verifyOnly, devHA, devTransactional bool
+	var dev, verifyOnly, devHA, devTransactional, devLeasedGeneric bool
 	var configPath []string
 	var logLevel, devRootTokenID, devListenAddress string
 	flags := c.Meta.FlagSet("server", meta.FlagSetDefault)
@@ -73,8 +73,9 @@ func (c *ServerCommand) Run(args []string) int {
 	flags.StringVar(&devListenAddress, "dev-listen-address", "", "")
 	flags.StringVar(&logLevel, "log-level", "info", "")
 	flags.BoolVar(&verifyOnly, "verify-only", false, "")
-	flags.BoolVar(&devHA, "ha", false, "")
-	flags.BoolVar(&devTransactional, "transactional", false, "")
+	flags.BoolVar(&devHA, "dev-ha", false, "")
+	flags.BoolVar(&devTransactional, "dev-transactional", false, "")
+	flags.BoolVar(&devLeasedGeneric, "dev-leased-generic", false, "")
 	flags.Usage = func() { c.Ui.Output(c.Help()) }
 	flags.Var((*sliceflag.StringFlag)(&configPath), "config", "config")
 	if err := flags.Parse(args); err != nil {
@@ -127,7 +128,7 @@ func (c *ServerCommand) Run(args []string) int {
 		devListenAddress = os.Getenv("VAULT_DEV_LISTEN_ADDRESS")
 	}

-	if devHA || devTransactional {
+	if devHA || devTransactional || devLeasedGeneric {
 		dev = true
 	}

@@ -243,6 +244,9 @@ func (c *ServerCommand) Run(args []string) int {
 	}
 	if dev {
 		coreConfig.DevToken = devRootTokenID
+		if devLeasedGeneric {
+			coreConfig.LogicalBackends["generic"] = vault.RenewableLeasedPassthroughBackendFactory
+		}
 	}

 	var disableClustering bool
--- a/http/logical.go
+++ b/http/logical.go
@@ -96,7 +96,7 @@ func buildLogicalRequest(core *vault.Core, w http.ResponseWriter, r *http.Reques
 	return req, 0, nil
 }

-func handleLogical(core *vault.Core, dataOnly bool, prepareRequestCallback PrepareRequestFunc) http.Handler {
+func handleLogical(core *vault.Core, injectDataIntoTopLevel bool, prepareRequestCallback PrepareRequestFunc) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		req, statusCode, err := buildLogicalRequest(core, w, r)
 		if err != nil || statusCode != 0 {
@@ -125,11 +125,11 @@ func handleLogical(core *vault.Core, dataOnly bool, prepareRequestCallback Prepa
 		}

 		// Build the proper response
-		respondLogical(w, r, req, dataOnly, resp)
+		respondLogical(w, r, req, injectDataIntoTopLevel, resp)
 	})
 }

-func respondLogical(w http.ResponseWriter, r *http.Request, req *logical.Request, dataOnly bool, resp *logical.Response) {
+func respondLogical(w http.ResponseWriter, r *http.Request, req *logical.Request, injectDataIntoTopLevel bool, resp *logical.Response) {
 	var httpResp *logical.HTTPResponse
 	var ret interface{}

@@ -163,7 +163,7 @@ func respondLogical(w http.ResponseWriter, r *http.Request, req *logical.Request

 		ret = httpResp

-		if dataOnly {
+		if injectDataIntoTopLevel {
 			injector := logical.HTTPSysInjector{
 				Response: httpResp,
 			}
--- a/vault/logical_passthrough.go
+++ b/vault/logical_passthrough.go
@@ -14,20 +14,26 @@ import (
 // PassthroughBackendFactory returns a PassthroughBackend
 // with leases switched off
 func PassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) {
-	return LeaseSwitchedPassthroughBackend(conf, false)
+	return LeaseSwitchedPassthroughBackend(conf, false, false)
 }

 // PassthroughBackendWithLeasesFactory returns a PassthroughBackend
 // with leases switched on
 func LeasedPassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) {
-	return LeaseSwitchedPassthroughBackend(conf, true)
+	return LeaseSwitchedPassthroughBackend(conf, true, false)
+}
+
+// Same as above but renewable
+func RenewableLeasedPassthroughBackendFactory(conf *logical.BackendConfig) (logical.Backend, error) {
+	return LeaseSwitchedPassthroughBackend(conf, true, true)
 }

 // LeaseSwitchedPassthroughBackendFactory returns a PassthroughBackend
 // with leases switched on or off
-func LeaseSwitchedPassthroughBackend(conf *logical.BackendConfig, leases bool) (logical.Backend, error) {
+func LeaseSwitchedPassthroughBackend(conf *logical.BackendConfig, leases, renewable bool) (logical.Backend, error) {
 	var b PassthroughBackend
 	b.generateLeases = leases
+	b.renewableLeases = renewable
 	b.Backend = &framework.Backend{
 		Help: strings.TrimSpace(passthroughHelp),

@@ -74,7 +80,8 @@ func LeaseSwitchedPassthroughBackend(conf *logical.BackendConfig, leases bool) (
 // fancy.
 type PassthroughBackend struct {
 	*framework.Backend
-	generateLeases bool
+	generateLeases  bool
+	renewableLeases bool
 }

 func (b *PassthroughBackend) handleRevoke(
@@ -117,7 +124,7 @@ func (b *PassthroughBackend) handleRead(
 	if b.generateLeases {
 		// Generate the response
 		resp = b.Secret("generic").Response(rawData, nil)
-		resp.Secret.Renewable = false
+		resp.Secret.Renewable = b.renewableLeases
 	} else {
 		resp = &logical.Response{
 			Secret: &logical.Secret{},
@@ -138,7 +145,7 @@ func (b *PassthroughBackend) handleRead(
 		}

 		if b.generateLeases {
-			resp.Secret.Renewable = true
+			resp.Secret.Renewable = b.renewableLeases
 		}
 	}