scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-29 17:52:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

VAULT-32507: CE Changes (#29004)

Browse Source
This commit is contained in:
Violet Hynes
2024-11-25 14:08:15 -05:00
committed by GitHub
parent d23892d803
commit b20beaec66
3 changed files with 104 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
helper/builtinplugins/registry_full.go
View File

@@ -99,44 +99,44 @@ func newFullAddonRegistry() *registry {
"snowflake-database-plugin": {Factory: dbSnowflake.New},
},
logicalBackends: map[string]logicalBackend{
"ad": {
pluginconsts.SecretEngineAD: {
Factory: logicalAd.Factory,
DeprecationStatus: consts.Deprecated,
},
"alicloud": {Factory: logicalAlicloud.Factory},
"aws": {Factory: logicalAws.Factory},
"azure": {Factory: logicalAzure.Factory},
"cassandra": {
pluginconsts.SecretEngineAlicloud: {Factory: logicalAlicloud.Factory},
pluginconsts.SecretEngineAWS: {Factory: logicalAws.Factory},
pluginconsts.SecretEngineAzure: {Factory: logicalAzure.Factory},
pluginconsts.SecretEngineCassandra: {
Factory: removedFactory,
DeprecationStatus: consts.Removed,
},
"consul": {Factory: logicalConsul.Factory},
"gcp": {Factory: logicalGcp.Factory},
"gcpkms": {Factory: logicalGcpKms.Factory},
"kubernetes": {Factory: logicalKube.Factory},
"mongodb": {
pluginconsts.SecretEngineConsul: {Factory: logicalConsul.Factory},
pluginconsts.SecretEngineGCP: {Factory: logicalGcp.Factory},
pluginconsts.SecretEngineGCPKMS: {Factory: logicalGcpKms.Factory},
pluginconsts.SecretEngineKubernetes: {Factory: logicalKube.Factory},
pluginconsts.SecretEngineMongoDB: {
Factory: removedFactory,
DeprecationStatus: consts.Removed,
},
"mongodbatlas": {Factory: logicalMongoAtlas.Factory},
"mssql": {
pluginconsts.SecretEngineMongoDBAtlas: {Factory: logicalMongoAtlas.Factory},
pluginconsts.SecretEngineMSSQL: {
Factory: removedFactory,
DeprecationStatus: consts.Removed,
},
"mysql": {
pluginconsts.SecretEngineMySQL: {
Factory: removedFactory,
DeprecationStatus: consts.Removed,
},
"nomad": {Factory: logicalNomad.Factory},
"openldap": {Factory: logicalLDAP.Factory},
"ldap": {Factory: logicalLDAP.Factory},
"postgresql": {
pluginconsts.SecretEngineNomad: {Factory: logicalNomad.Factory},
pluginconsts.SecretEngineOpenLDAP: {Factory: logicalLDAP.Factory},
pluginconsts.SecretEngineLDAP: {Factory: logicalLDAP.Factory},
pluginconsts.SecretEnginePostgresql: {
Factory: removedFactory,
DeprecationStatus: consts.Removed,
},
"rabbitmq": {Factory: logicalRabbit.Factory},
"terraform": {Factory: logicalTerraform.Factory},
"totp": {Factory: logicalTotp.Factory},
pluginconsts.SecretEngineRabbitMQ: {Factory: logicalRabbit.Factory},
pluginconsts.SecretEngineTerraform: {Factory: logicalTerraform.Factory},
pluginconsts.SecretEngineTOTP: {Factory: logicalTotp.Factory},
},
}
}

36
helper/pluginconsts/plugin_consts.go
View File

@@ -26,4 +26,40 @@ const (
AuthTypeSAML = "saml"
AuthTypeApprole = "approle"
AuthTypeJWT = "jwt"
SecretEngineAD = "ad"
SecretEngineAlicloud = "alicloud"
SecretEngineAWS = "aws"
SecretEngineAzure = "azure"
SecretEngineCassandra = "cassandra"
SecretEngineConsul = "consul"
SecretEngineGCP = "gcp"
SecretEngineGCPKMS = "gcpkms"
SecretEngineKubernetes = "kubernetes"
SecretEngineMongoDB = "mongodb"
SecretEngineMongoDBAtlas = "mongodbatlas"
SecretEngineMSSQL = "mssql"
SecretEngineMySQL = "mysql"
SecretEngineNomad = "nomad"
SecretEngineOpenLDAP = "openldap"
SecretEngineLDAP = "ldap"
SecretEnginePostgresql = "postgresql"
SecretEngineRabbitMQ = "rabbitmq"
SecretEngineTerraform = "terraform"
SecretEngineTOTP = "totp"
SecretEngineKV = "kv"
SecretEngineTransform = "transform"
SecretEngineKMIP = "kmip"
SecretEngineKeymgmt = "keymgmt"
SecretEnginePki = "pki"
SecretEngineTransit = "transit"
SecretEngineSsh = "ssh"
SecretEngineCubbyhole = "cubbyhole"
SecretEngineIdentity = "identity"
SecretEngineSystem = "system"
// SecretEngineGeneric is a very old and deprecated version of KV, but is left
// for completeness.
SecretEngineGeneric = "generic"
// SecretEngineDatabase is the entry type for all databases, i.e. this is the combined
// database type for every database.
SecretEngineDatabase = "database"
)

28
vault/core_metrics.go
View File

@@ -14,6 +14,7 @@ import (
"github.com/armon/go-metrics"
"github.com/hashicorp/vault/helper/metricsutil"
"github.com/hashicorp/vault/helper/namespace"
"github.com/hashicorp/vault/helper/pluginconsts"
"github.com/hashicorp/vault/limits"
"github.com/hashicorp/vault/physical/raft"
"github.com/hashicorp/vault/sdk/helper/consts"
@@ -402,7 +403,7 @@ func (c *Core) findKvMounts() []*kvMount {
}
for _, entry := range c.mounts.Entries {
if entry.Type == "kv" || entry.Type == "generic" {
if entry.Type == pluginconsts.SecretEngineKV || entry.Type == pluginconsts.SecretEngineGeneric {
version, ok := entry.Options["version"]
if !ok || version == "" {
version = "1"
@@ -535,6 +536,31 @@ func getMeanNamespaceSecrets(mapOfNamespacesToSecrets map[string]int) int {
return getTotalSecretsAcrossAllNamespaces(mapOfNamespacesToSecrets) / length
}
// GetSecretEngineUsageMetrics returns a map of secret engine mount types to the number of those mounts that exist.
func (c *Core) GetSecretEngineUsageMetrics() map[string]int {
mounts := make(map[string]int)
c.authLock.RLock()
defer c.authLock.RUnlock()
// we don't grab the statelock, so this code might run during or after the seal process.
// Therefore, we need to check if c.auth is nil. If we do not, this will panic when
// run after seal.
if c.auth == nil {
return mounts
}
for _, entry := range c.mounts.Entries {
authType := entry.Type
if _, ok := mounts[authType]; !ok {
mounts[authType] = 1
} else {
mounts[authType] += 1
}
}
return mounts
}
// GetAuthMethodUsageMetrics returns a map of auth mount types to the number of those mounts that exist.
func (c *Core) GetAuthMethodUsageMetrics() map[string]int {
mounts := make(map[string]int)