plugin

package

v1.2.0 Latest Latest Go to latest Published: Oct 23, 2019 License: Apache-2.0 Imports: 2 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cyberark/secretless-broker

Links

Open Source Insights

README ¶

Secretless Plugins

Secretless plugins allow you to extend the functionality of Secretless beyond the currently supported built-in plugins.

Currently Supported Plugin Types

Secretless supports plugins for the following internal components:

Service Connectors

External Plugin Basics

Secretless uses Go plugins.

If you've never used Go plugins before, a good introduction to them is here. Essentially, to write a Secretless plugin you'll write normal Go functions but compile them using -buildmode=plugin. This produces a shared object library file (with a .so extension) instead of a normal executable.

Technically, a Secretless plugin is a Go shared library file that implements some predefined functions. For more information on what you need to implement to build a plugin, please see the README for the specific plugin type you are building.

Plugin Metadata

Regardless of plugin type, each plugin must supply Secretless with some essential metadata. To do this, each plugin must implement the PluginInfo function. This top level function is always required and it returns basic information about your plugin. Its signature is:

func PluginInfo() map[string]string

The returned map must have the following keys:

version: The version of the plugin itself. This allows plugin authors to version the plugins they write.
pluginAPIVersion: The version of the Secretless plugin API that your plugin is written for. This allows the Secretless plugin API to change over time without breaking plugins.
type: This must be a supported plugin type. Currently, it must be either the string "connector.tcp" or the string "connector.http".
id: A short, clear, unique name for use in logs and the secretless.yml config file. Allowed characters are: lowercase letters, _, :, -, and ~.
description: A short summary of the plugin, not to exceed 100 characters. This may be used in the future by the Secretless command line tool to list available plugins.

External Plugin Basics

When running Secretless with external plugins, you can leverage some special command-line flags when starting Secretless:

-p flag: Specifies the directory in which the external plugins shared library (".so") files live.. Defaults to /usr/local/lib/secretless. Sub-directory traversal is not supported at this time.
-s flag: Refers to a file that contains sha256sum plugin checksums for verifying the plugins.

When Secretless starts, it:

Checks for available external plugins (eg ".so" files) in the plugin directory.
Verifies external plugin checksums (if a checksum file was provided on start).
Loads the external plugin. For each plugin file Secretless:
- Opens the Go plugin file.
- Parses PluginInfo for plugin metadata.
- Verifies that the plugin type supplied in PluginInfo is supported.
- Loads the plugin into the list of plugins to run.

From there, the startup process continues and external plugins are treated the same as internal plugins.

Building the Shared Library File

To build your plugin's shared library (.so) file, follow the instructions for building Go plugins.

For example, to compile your plugin code into a .so file, run the following command:

go build -buildmode=plugin -o=/path/to/my-plugin.so my_plugin.go

Once you've done this, place the .so file in the /usr/local/lib/secretless directory in the container where Secretless will run (or in another directory you specify using the -p flag). That's all you have to do. The .so files are self-contained and include any dependencies that you've imported.

Note: .so plugin files must be placed directly in /usr/local/lib/secretless (or the directory you specify). Sub-directories of the plugin folder are not searched.

Plugin Checksum Verification

Plugins can be secured by a checksum file to prevent injection attacks. We recommend all production deployments use this feature. Find out more here.

Documentation ¶

Overview ¶

Package plugin allows you to extend the functionality of Secretless beyond the currently supported built-in plugins.

Currently, the plugin package supports the following types of plugins:

Service connector plugins

For more detailed information on the plugin architecture and how to get started building plugins, please refer to the README.md file in this directory in GitHub: https://github.com/cyberark/secretless-broker/tree/master/pkg/secretless/plugin/README.md.

Index ¶

type AvailablePlugins

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AvailablePlugins ¶

type AvailablePlugins interface {
	HTTPPlugins() map[string]http.Plugin
	TCPPlugins() map[string]tcp.Plugin
}

AvailablePlugins is an interface that provides a list of all the available plugins for each type that the broker supports.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
connector Package connector allows you to extend the functionality of Secretless beyond the currently supported built-in plugins.	Package connector allows you to extend the functionality of Secretless beyond the currently supported built-in plugins.
http
tcp
sharedobj

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL