logical/postgresql: creating roles

builtin/logical/postgresql/backend.go

@@ -1,7 +1,10 @@
 package postgresql
 
 import (
+	"database/sql"
+	"fmt"
 	"strings"
+	"sync"
 
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
@@ -23,7 +26,8 @@ func Backend() *framework.Backend {
 		},
 
 		Paths: []*framework.Path{
-			pathConfigConnection(),
+			pathConfigConnection(&b),
+			pathRoles(&b),
 		},
 	}
 
@@ -32,6 +36,58 @@ func Backend() *framework.Backend {
 
 type backend struct {
 	*framework.Backend
+
+	db   *sql.DB
+	lock sync.Mutex
+}
+
+// DB returns the database connection.
+func (b *backend) DB(s logical.Storage) (*sql.DB, error) {
+	b.lock.Lock()
+	defer b.lock.Unlock()
+
+	// If we already have a DB, we got it!
+	if b.db != nil {
+		return b.db, nil
+	}
+
+	// Otherwise, attempt to make connection
+	entry, err := s.Get("config/connection")
+	if err != nil {
+		return nil, err
+	}
+	if entry == nil {
+		return nil,
+			fmt.Errorf("configure the DB connection with config/connection first")
+	}
+
+	var conn string
+	if err := entry.DecodeJSON(&conn); err != nil {
+		return nil, err
+	}
+
+	b.db, err = sql.Open("postgres", conn)
+	if err != nil {
+		return nil, err
+	}
+
+	// Set some connection pool settings. We don't need much of this,
+	// since the request rate shouldn't be high.
+	b.db.SetMaxOpenConns(2)
+
+	return b.db, nil
+}
+
+// ResetDB forces a connection next time DB() is called.
+func (b *backend) ResetDB() {
+	b.lock.Lock()
+	defer b.lock.Unlock()
+
+	if b.db != nil {
+		b.db.Close()
+	}
+
+	b.db = nil
 }
 
 const backendHelp = `