plugin

package
v1.7.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 29, 2022 License: Apache-2.0 Imports: 2 Imported by: 0

README

Secretless Plugins

Secretless plugins allow you to extend the functionality of Secretless beyond the currently supported built-in plugins.

Currently Supported Plugin Types

Secretless supports plugins for the following internal components:

External Plugin Basics

Secretless uses Go plugins.

If you've never used Go plugins before, a good introduction to them is here. Essentially, to write a Secretless plugin you'll write normal Go functions but compile them using -buildmode=plugin. This produces a shared object library file (with a .so extension) instead of a normal executable.

Technically, a Secretless plugin is a Go shared library file that implements some predefined functions. For more information on what you need to implement to build a plugin, please see the README for the specific plugin type you are building.

Plugin Metadata

Regardless of plugin type, each plugin must supply Secretless with some essential metadata. To do this, each plugin must implement the PluginInfo function. This top level function is always required and it returns basic information about your plugin. Its signature is:

func PluginInfo() map[string]string

The returned map must have the following keys:

  • version: The version of the plugin itself. This allows plugin authors to version the plugins they write.
  • pluginAPIVersion: The version of the Secretless plugin API that your plugin is written for. This allows the Secretless plugin API to change over time without breaking plugins.
  • type: This must be a supported plugin type. Currently, it must be either the string "connector.tcp" or the string "connector.http".
  • id: A short, clear, unique name for use in logs and the secretless.yml config file. Allowed characters are: lowercase letters, _, :, -, and ~.
  • description: A short summary of the plugin, not to exceed 100 characters. This may be used in the future by the Secretless command line tool to list available plugins.

External Plugin Basics

When running Secretless with external plugins, you can leverage some special command-line flags when starting Secretless:

  • -p flag: Specifies the directory in which the external plugins shared library (".so") files live.. Defaults to /usr/local/lib/secretless. Sub-directory traversal is not supported at this time.
  • -s flag: Refers to a file that contains sha256sum plugin checksums for verifying the plugins.

When Secretless starts, it:

  • Checks for available external plugins (eg ".so" files) in the plugin directory.
  • Verifies external plugin checksums (if a checksum file was provided on start).
  • Loads the external plugin. For each plugin file Secretless:
    • Opens the Go plugin file.
    • Parses PluginInfo for plugin metadata.
    • Verifies that the plugin type supplied in PluginInfo is supported.
    • Loads the plugin into the list of plugins to run.

From there, the startup process continues and external plugins are treated the same as internal plugins.

Building the Shared Library File

To build your plugin's shared library (.so) file, follow the instructions for building Go plugins.

For example, to compile your plugin code into a .so file, run the following command:

go build -buildmode=plugin -o=/path/to/my-plugin.so my_plugin.go

Once you've done this, place the .so file in the /usr/local/lib/secretless directory in the container where Secretless will run (or in another directory you specify using the -p flag). That's all you have to do. The .so files are self-contained and include any dependencies that you've imported.

Note: .so plugin files must be placed directly in /usr/local/lib/secretless (or the directory you specify). Sub-directories of the plugin folder are not searched.

Plugin Checksum Verification

Plugins can be secured by a checksum file to prevent injection attacks. We recommend all production deployments use this feature. Find out more here.

Documentation

Overview

Package plugin allows you to extend the functionality of Secretless beyond the currently supported built-in plugins.

Currently, the plugin package supports the following types of plugins:

  • Service connector plugins

For more detailed information on the plugin architecture and how to get started building plugins, please refer to the README.md file in this directory in GitHub: https://github.com/cyberark/secretless-broker/tree/main/pkg/secretless/plugin/README.md.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AvailableConnectorIDs added in v1.3.0 

func AvailableConnectorIDs(availPlugins AvailablePlugins) []string

AvailableConnectorIDs returns a list of all available connector IDs: for both builtin connectors and those provided by AvailablePlugins. In the case of AvailablePlugins, the connector ID and plugin ID are identical. For the builtin "connectors", the concept of plugin ID doesn't make sense. AvailableConnectorIDs is a pure function that depends only on the AvailablePlugins interface, which is why we define it here rather than in the implementation package "sharedobj".

Types

type AvailablePlugins 

type AvailablePlugins interface {
	HTTPPlugins() map[string]http.Plugin
	TCPPlugins() map[string]tcp.Plugin
}

AvailablePlugins is an interface that provides a list of all the available plugins for each type that the broker supports.

Source Files

View all Source files

Directories

Path Synopsis
Package connector allows you to extend the functionality of Secretless beyond the currently supported built-in plugins.
 Package connector allows you to extend the functionality of Secretless beyond the currently supported built-in plugins.
http
tcp
mock

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.