scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

DBPW - Copy newdbplugin package to dbplugin/v5 (#10151)

Browse Source 
This is part 1 of 4 for renaming the `newdbplugin` package. This copies the existing package to the new location but keeps the current one in place so we can migrate the existing references over more easily.
This commit is contained in:
Michael Golowka
2020-10-15 13:20:12 -06:00
committed by GitHub
parent 4ed4550d93
commit a69ee0f65a
73 changed files with 5539 additions and 894 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
plugins/database/postgresql/postgresql.go
View File

@@ -10,10 +10,10 @@ import (
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/vault/api"
dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
"github.com/hashicorp/vault/sdk/database/helper/connutil"
"github.com/hashicorp/vault/sdk/database/helper/credsutil"
"github.com/hashicorp/vault/sdk/database/helper/dbutil"
"github.com/hashicorp/vault/sdk/database/newdbplugin"
"github.com/hashicorp/vault/sdk/helper/dbtxn"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/lib/pq"
@@ -32,7 +32,7 @@ ALTER ROLE "{{username}}" WITH PASSWORD '{{password}}';
)
var (
_ newdbplugin.Database = &PostgreSQL{}
_ dbplugin.Database = &PostgreSQL{}
// postgresEndStatement is basically the word "END" but
// surrounded by a word boundary to differentiate it from
@@ -52,7 +52,7 @@ var (
func New() (interface{}, error) {
db := new()
// Wrap the plugin with middleware to sanitize errors
dbType := newdbplugin.NewDatabaseErrorSanitizerMiddleware(db, db.secretValues)
dbType := dbplugin.NewDatabaseErrorSanitizerMiddleware(db, db.secretValues)
return dbType, nil
}
@@ -74,7 +74,7 @@ func Run(apiTLSConfig *api.TLSConfig) error {
return err
}
newdbplugin.Serve(dbType.(newdbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig))
dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig))
return nil
}
@@ -83,12 +83,12 @@ type PostgreSQL struct {
*connutil.SQLConnectionProducer
}
func (p *PostgreSQL) Initialize(ctx context.Context, req newdbplugin.InitializeRequest) (newdbplugin.InitializeResponse, error) {
func (p *PostgreSQL) Initialize(ctx context.Context, req dbplugin.InitializeRequest) (dbplugin.InitializeResponse, error) {
newConf, err := p.SQLConnectionProducer.Init(ctx, req.Config, req.VerifyConnection)
if err != nil {
return newdbplugin.InitializeResponse{}, err
return dbplugin.InitializeResponse{}, err
}
resp := newdbplugin.InitializeResponse{
resp := dbplugin.InitializeResponse{
Config: newConf,
}
return resp, nil
@@ -107,12 +107,12 @@ func (p *PostgreSQL) getConnection(ctx context.Context) (*sql.DB, error) {
return db.(*sql.DB), nil
}
func (p *PostgreSQL) UpdateUser(ctx context.Context, req newdbplugin.UpdateUserRequest) (newdbplugin.UpdateUserResponse, error) {
func (p *PostgreSQL) UpdateUser(ctx context.Context, req dbplugin.UpdateUserRequest) (dbplugin.UpdateUserResponse, error) {
if req.Username == "" {
return newdbplugin.UpdateUserResponse{}, fmt.Errorf("missing username")
return dbplugin.UpdateUserResponse{}, fmt.Errorf("missing username")
}
if req.Password == nil && req.Expiration == nil {
return newdbplugin.UpdateUserResponse{}, fmt.Errorf("no changes requested")
return dbplugin.UpdateUserResponse{}, fmt.Errorf("no changes requested")
}
merr := &multierror.Error{}
@@ -124,10 +124,10 @@ func (p *PostgreSQL) UpdateUser(ctx context.Context, req newdbplugin.UpdateUserR
err := p.changeUserExpiration(ctx, req.Username, req.Expiration)
merr = multierror.Append(merr, err)
}
return newdbplugin.UpdateUserResponse{}, merr.ErrorOrNil()
return dbplugin.UpdateUserResponse{}, merr.ErrorOrNil()
}
func (p *PostgreSQL) changeUserPassword(ctx context.Context, username string, changePass *newdbplugin.ChangePassword) error {
func (p *PostgreSQL) changeUserPassword(ctx context.Context, username string, changePass *dbplugin.ChangePassword) error {
stmts := changePass.Statements.Commands
if len(stmts) == 0 {
stmts = []string{defaultChangePasswordStatement}
@@ -184,7 +184,7 @@ func (p *PostgreSQL) changeUserPassword(ctx context.Context, username string, ch
return nil
}
func (p *PostgreSQL) changeUserExpiration(ctx context.Context, username string, changeExp *newdbplugin.ChangeExpiration) error {
func (p *PostgreSQL) changeUserExpiration(ctx context.Context, username string, changeExp *dbplugin.ChangeExpiration) error {
p.Lock()
defer p.Unlock()
@@ -229,9 +229,9 @@ func (p *PostgreSQL) changeUserExpiration(ctx context.Context, username string,
return tx.Commit()
}
func (p *PostgreSQL) NewUser(ctx context.Context, req newdbplugin.NewUserRequest) (newdbplugin.NewUserResponse, error) {
func (p *PostgreSQL) NewUser(ctx context.Context, req dbplugin.NewUserRequest) (dbplugin.NewUserResponse, error) {
if len(req.Statements.Commands) == 0 {
return newdbplugin.NewUserResponse{}, dbutil.ErrEmptyCreationStatement
return dbplugin.NewUserResponse{}, dbutil.ErrEmptyCreationStatement
}
p.Lock()
@@ -244,19 +244,19 @@ func (p *PostgreSQL) NewUser(ctx context.Context, req newdbplugin.NewUserRequest
credsutil.MaxLength(63),
)
if err != nil {
return newdbplugin.NewUserResponse{}, err
return dbplugin.NewUserResponse{}, err
}
expirationStr := req.Expiration.Format(expirationFormat)
db, err := p.getConnection(ctx)
if err != nil {
return newdbplugin.NewUserResponse{}, fmt.Errorf("unable to get connection: %w", err)
return dbplugin.NewUserResponse{}, fmt.Errorf("unable to get connection: %w", err)
}
tx, err := db.BeginTx(ctx, nil)
if err != nil {
return newdbplugin.NewUserResponse{}, fmt.Errorf("unable to start transaction: %w", err)
return dbplugin.NewUserResponse{}, fmt.Errorf("unable to start transaction: %w", err)
}
defer tx.Rollback()
@@ -271,7 +271,7 @@ func (p *PostgreSQL) NewUser(ctx context.Context, req newdbplugin.NewUserRequest
"expiration": expirationStr,
}
if err := dbtxn.ExecuteTxQuery(ctx, tx, m, stmt); err != nil {
return newdbplugin.NewUserResponse{}, fmt.Errorf("failed to execute query: %w", err)
return dbplugin.NewUserResponse{}, fmt.Errorf("failed to execute query: %w", err)
}
continue
}
@@ -289,30 +289,30 @@ func (p *PostgreSQL) NewUser(ctx context.Context, req newdbplugin.NewUserRequest
"expiration": expirationStr,
}
if err := dbtxn.ExecuteTxQuery(ctx, tx, m, query); err != nil {
return newdbplugin.NewUserResponse{}, fmt.Errorf("failed to execute query: %w", err)
return dbplugin.NewUserResponse{}, fmt.Errorf("failed to execute query: %w", err)
}
}
}
if err := tx.Commit(); err != nil {
return newdbplugin.NewUserResponse{}, err
return dbplugin.NewUserResponse{}, err
}
resp := newdbplugin.NewUserResponse{
resp := dbplugin.NewUserResponse{
Username: username,
}
return resp, nil
}
func (p *PostgreSQL) DeleteUser(ctx context.Context, req newdbplugin.DeleteUserRequest) (newdbplugin.DeleteUserResponse, error) {
func (p *PostgreSQL) DeleteUser(ctx context.Context, req dbplugin.DeleteUserRequest) (dbplugin.DeleteUserResponse, error) {
p.Lock()
defer p.Unlock()
if len(req.Statements.Commands) == 0 {
return newdbplugin.DeleteUserResponse{}, p.defaultDeleteUser(ctx, req.Username)
return dbplugin.DeleteUserResponse{}, p.defaultDeleteUser(ctx, req.Username)
}
return newdbplugin.DeleteUserResponse{}, p.customDeleteUser(ctx, req.Username, req.Statements.Commands)
return dbplugin.DeleteUserResponse{}, p.customDeleteUser(ctx, req.Username, req.Statements.Commands)
}
func (p *PostgreSQL) customDeleteUser(ctx context.Context, username string, revocationStmts []string) error {

94
plugins/database/postgresql/postgresql_test.go
View File

@@ -9,8 +9,8 @@ import (
"time"
"github.com/hashicorp/vault/helper/testhelpers/postgresql"
"github.com/hashicorp/vault/sdk/database/newdbplugin"
dbtesting "github.com/hashicorp/vault/sdk/database/newdbplugin/testing"
dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
dbtesting "github.com/hashicorp/vault/sdk/database/dbplugin/v5/testing"
)
func getPostgreSQL(t *testing.T, options map[string]interface{}) (*PostgreSQL, func()) {
@@ -23,7 +23,7 @@ func getPostgreSQL(t *testing.T, options map[string]interface{}) (*PostgreSQL, f
connectionDetails[k] = v
}
req := newdbplugin.InitializeRequest{
req := dbplugin.InitializeRequest{
Config: connectionDetails,
VerifyConnection: true,
}
@@ -61,15 +61,15 @@ func TestPostgreSQL_InitializeWithStringVals(t *testing.T) {
func TestPostgreSQL_NewUser(t *testing.T) {
type testCase struct {
req newdbplugin.NewUserRequest
req dbplugin.NewUserRequest
expectErr bool
credsAssertion credsAssertion
}
tests := map[string]testCase{
"no creation statements": {
req: newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
req: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
@@ -81,12 +81,12 @@ func TestPostgreSQL_NewUser(t *testing.T) {
credsAssertion: assertCredsDoNotExist,
},
"admin name": {
req: newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
req: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{`
CREATE ROLE "{{name}}" WITH
LOGIN
@@ -102,12 +102,12 @@ func TestPostgreSQL_NewUser(t *testing.T) {
credsAssertion: assertCredsExist,
},
"admin username": {
req: newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
req: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{`
CREATE ROLE "{{username}}" WITH
LOGIN
@@ -123,12 +123,12 @@ func TestPostgreSQL_NewUser(t *testing.T) {
credsAssertion: assertCredsExist,
},
"read only name": {
req: newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
req: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{`
CREATE ROLE "{{name}}" WITH
LOGIN
@@ -145,12 +145,12 @@ func TestPostgreSQL_NewUser(t *testing.T) {
credsAssertion: assertCredsExist,
},
"read only username": {
req: newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
req: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{`
CREATE ROLE "{{username}}" WITH
LOGIN
@@ -168,12 +168,12 @@ func TestPostgreSQL_NewUser(t *testing.T) {
},
// https://github.com/hashicorp/vault/issues/6098
"reproduce GH-6098": {
req: newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
req: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{
// NOTE: "rolname" in the following line is not a typo.
"DO $$ BEGIN IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname='my_role') THEN CREATE ROLE my_role; END IF; END $$",
@@ -186,12 +186,12 @@ func TestPostgreSQL_NewUser(t *testing.T) {
credsAssertion: assertCredsDoNotExist,
},
"reproduce issue with template": {
req: newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
req: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{
`DO $$ BEGIN IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname='my_role') THEN CREATE ROLE "{{username}}"; END IF; END $$`,
},
@@ -203,12 +203,12 @@ func TestPostgreSQL_NewUser(t *testing.T) {
credsAssertion: assertCredsDoNotExist,
},
"large block statements": {
req: newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
req: dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: newUserLargeBlockStatements,
},
Password: "somesecurepassword",
@@ -284,12 +284,12 @@ func TestUpdateUser_Password(t *testing.T) {
for name, test := range tests {
t.Run(name, func(t *testing.T) {
initialPass := "myreallysecurepassword"
createReq := newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
createReq := dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{createAdminUser},
},
Password: initialPass,
@@ -300,11 +300,11 @@ func TestUpdateUser_Password(t *testing.T) {
assertCredsExist(t, db.ConnectionURL, createResp.Username, initialPass)
newPass := "somenewpassword"
updateReq := newdbplugin.UpdateUserRequest{
updateReq := dbplugin.UpdateUserRequest{
Username: createResp.Username,
Password: &newdbplugin.ChangePassword{
Password: &dbplugin.ChangePassword{
NewPassword: newPass,
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: test.statements,
},
},
@@ -326,11 +326,11 @@ func TestUpdateUser_Password(t *testing.T) {
t.Run("user does not exist", func(t *testing.T) {
newPass := "somenewpassword"
updateReq := newdbplugin.UpdateUserRequest{
updateReq := dbplugin.UpdateUserRequest{
Username: "missing-user",
Password: &newdbplugin.ChangePassword{
Password: &dbplugin.ChangePassword{
NewPassword: newPass,
Statements: newdbplugin.Statements{},
Statements: dbplugin.Statements{},
},
}
@@ -394,12 +394,12 @@ func TestUpdateUser_Expiration(t *testing.T) {
t.Run(name, func(t *testing.T) {
password := "myreallysecurepassword"
initialExpiration := test.initialExpiration.Truncate(time.Second)
createReq := newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
createReq := dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{createAdminUser},
},
Password: password,
@@ -418,11 +418,11 @@ func TestUpdateUser_Expiration(t *testing.T) {
}
newExpiration := test.newExpiration.Truncate(time.Second)
updateReq := newdbplugin.UpdateUserRequest{
updateReq := dbplugin.UpdateUserRequest{
Username: createResp.Username,
Expiration: &newdbplugin.ChangeExpiration{
Expiration: &dbplugin.ChangeExpiration{
NewExpiration: newExpiration,
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: test.statements,
},
},
@@ -538,12 +538,12 @@ func TestDeleteUser(t *testing.T) {
for name, test := range tests {
t.Run(name, func(t *testing.T) {
password := "myreallysecurepassword"
createReq := newdbplugin.NewUserRequest{
UsernameConfig: newdbplugin.UsernameMetadata{
createReq := dbplugin.NewUserRequest{
UsernameConfig: dbplugin.UsernameMetadata{
DisplayName: "test",
RoleName: "test",
},
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: []string{createAdminUser},
},
Password: password,
@@ -553,9 +553,9 @@ func TestDeleteUser(t *testing.T) {
assertCredsExist(t, db.ConnectionURL, createResp.Username, password)
deleteReq := newdbplugin.DeleteUserRequest{
deleteReq := dbplugin.DeleteUserRequest{
Username: createResp.Username,
Statements: newdbplugin.Statements{
Statements: dbplugin.Statements{
Commands: test.revokeStmts,
},
}