Documentation
¶
Index ¶
- Constants
- Variables
- func CtxCancelIfCanceled(f context.CancelFunc, ctxCanceler context.Context) chan struct{}
- func GRPCSupport() bool
- func InMetadataMode() bool
- func MultiplexingSupported(ctx context.Context, cc grpc.ClientConnInterface) (bool, error)
- func OptionallyEnableMlock() error
- func RegisterPluginMultiplexingServer(s grpc.ServiceRegistrar, srv PluginMultiplexingServer)
- type LookRunnerUtil
- type Looker
- type MultiplexingSupportRequest
- type MultiplexingSupportResponse
- func (*MultiplexingSupportResponse) Descriptor() ([]byte, []int)deprecated
- func (x *MultiplexingSupportResponse) GetSupported() bool
- func (*MultiplexingSupportResponse) ProtoMessage()
- func (x *MultiplexingSupportResponse) ProtoReflect() protoreflect.Message
- func (x *MultiplexingSupportResponse) Reset()
- func (x *MultiplexingSupportResponse) String() string
- type PluginClient
- type PluginClientConfig
- type PluginMultiplexingClient
- type PluginMultiplexingServer
- type PluginMultiplexingServerImpl
- type PluginRunner
- func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, ...) (*plugin.Client, error)
- func (r *PluginRunner) RunConfig(ctx context.Context, opts ...RunOpt) (*plugin.Client, error)
- func (r *PluginRunner) RunMetadataMode(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, ...) (*plugin.Client, error)
- type RunOpt
- func AutoMTLS(autoMTLS bool) RunOpt
- func Env(env ...string) RunOpt
- func HandshakeConfig(hs plugin.HandshakeConfig) RunOpt
- func Logger(logger log.Logger) RunOpt
- func MLock(mlock bool) RunOpt
- func MetadataMode(isMetadataMode bool) RunOpt
- func PluginSets(pluginSets map[int]plugin.PluginSet) RunOpt
- func Runner(wrapper RunnerUtil) RunOpt
- type RunnerUtil
- type UnimplementedPluginMultiplexingServer
- type UnsafePluginMultiplexingServer
Constants ¶
const MultiplexingCtxKey string = "multiplex_id"
Variables ¶
var ( // PluginMlockEnabled is the ENV name used to pass the configuration for // enabling mlock PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED" // PluginVaultVersionEnv is the ENV name used to pass the version of the // vault server to the plugin PluginVaultVersionEnv = "VAULT_VERSION" // PluginMetadataModeEnv is an ENV name used to disable TLS communication // to bootstrap mounting plugins. PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE" // PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the // plugin. PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN" // PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded // string. Used for testing. PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM" )
var File_sdk_helper_pluginutil_multiplexing_proto protoreflect.FileDescriptor
var PluginMultiplexing_ServiceDesc = grpc.ServiceDesc{ ServiceName: "pluginutil.multiplexing.PluginMultiplexing", HandlerType: (*PluginMultiplexingServer)(nil), Methods: []grpc.MethodDesc{ { MethodName: "MultiplexingSupport", Handler: _PluginMultiplexing_MultiplexingSupport_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "sdk/helper/pluginutil/multiplexing.proto", }
PluginMultiplexing_ServiceDesc is the grpc.ServiceDesc for PluginMultiplexing service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
Functions ¶
func CtxCancelIfCanceled ¶
func CtxCancelIfCanceled(f context.CancelFunc, ctxCanceler context.Context) chan struct{}
CtxCancelIfCanceled takes a context cancel func and a context. If the context is shutdown the cancelfunc is called. This is useful for merging two cancel functions.
func GRPCSupport ¶
func GRPCSupport() bool
GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or it fails to meet the version constraint.
func InMetadataMode ¶
func InMetadataMode() bool
InMetadataMode returns true if the plugin calling this function is running in metadata mode.
func MultiplexingSupported ¶ added in v0.4.0
func OptionallyEnableMlock ¶
func OptionallyEnableMlock() error
OptionallyEnableMlock determines if mlock should be called, and if so enables mlock.
func RegisterPluginMultiplexingServer ¶ added in v0.4.0
func RegisterPluginMultiplexingServer(s grpc.ServiceRegistrar, srv PluginMultiplexingServer)
Types ¶
type LookRunnerUtil ¶
type LookRunnerUtil interface { Looker RunnerUtil }
LookRunnerUtil defines the functions for both Looker and Wrapper
type Looker ¶
type Looker interface {
LookupPlugin(context.Context, string, consts.PluginType) (*PluginRunner, error)
}
Looker defines the plugin Lookup function that looks into the plugin catalog for available plugins and returns a PluginRunner
type MultiplexingSupportRequest ¶ added in v0.4.0
type MultiplexingSupportRequest struct {
// contains filtered or unexported fields
}
func (*MultiplexingSupportRequest) Descriptor
deprecated
added in
v0.4.0
func (*MultiplexingSupportRequest) Descriptor() ([]byte, []int)
Deprecated: Use MultiplexingSupportRequest.ProtoReflect.Descriptor instead.
func (*MultiplexingSupportRequest) ProtoMessage ¶ added in v0.4.0
func (*MultiplexingSupportRequest) ProtoMessage()
func (*MultiplexingSupportRequest) ProtoReflect ¶ added in v0.4.0
func (x *MultiplexingSupportRequest) ProtoReflect() protoreflect.Message
func (*MultiplexingSupportRequest) Reset ¶ added in v0.4.0
func (x *MultiplexingSupportRequest) Reset()
func (*MultiplexingSupportRequest) String ¶ added in v0.4.0
func (x *MultiplexingSupportRequest) String() string
type MultiplexingSupportResponse ¶ added in v0.4.0
type MultiplexingSupportResponse struct { Supported bool `protobuf:"varint,1,opt,name=supported,proto3" json:"supported,omitempty"` // contains filtered or unexported fields }
func (*MultiplexingSupportResponse) Descriptor
deprecated
added in
v0.4.0
func (*MultiplexingSupportResponse) Descriptor() ([]byte, []int)
Deprecated: Use MultiplexingSupportResponse.ProtoReflect.Descriptor instead.
func (*MultiplexingSupportResponse) GetSupported ¶ added in v0.4.0
func (x *MultiplexingSupportResponse) GetSupported() bool
func (*MultiplexingSupportResponse) ProtoMessage ¶ added in v0.4.0
func (*MultiplexingSupportResponse) ProtoMessage()
func (*MultiplexingSupportResponse) ProtoReflect ¶ added in v0.4.0
func (x *MultiplexingSupportResponse) ProtoReflect() protoreflect.Message
func (*MultiplexingSupportResponse) Reset ¶ added in v0.4.0
func (x *MultiplexingSupportResponse) Reset()
func (*MultiplexingSupportResponse) String ¶ added in v0.4.0
func (x *MultiplexingSupportResponse) String() string
type PluginClient ¶ added in v0.4.0
type PluginClient interface { Conn() grpc.ClientConnInterface plugin.ClientProtocol }
type PluginClientConfig ¶ added in v0.4.0
type PluginMultiplexingClient ¶ added in v0.4.0
type PluginMultiplexingClient interface {
MultiplexingSupport(ctx context.Context, in *MultiplexingSupportRequest, opts ...grpc.CallOption) (*MultiplexingSupportResponse, error)
}
PluginMultiplexingClient is the client API for PluginMultiplexing service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewPluginMultiplexingClient ¶ added in v0.4.0
func NewPluginMultiplexingClient(cc grpc.ClientConnInterface) PluginMultiplexingClient
type PluginMultiplexingServer ¶ added in v0.4.0
type PluginMultiplexingServer interface { MultiplexingSupport(context.Context, *MultiplexingSupportRequest) (*MultiplexingSupportResponse, error) // contains filtered or unexported methods }
PluginMultiplexingServer is the server API for PluginMultiplexing service. All implementations must embed UnimplementedPluginMultiplexingServer for forward compatibility
type PluginMultiplexingServerImpl ¶ added in v0.4.0
type PluginMultiplexingServerImpl struct { UnimplementedPluginMultiplexingServer Supported bool }
func (PluginMultiplexingServerImpl) MultiplexingSupport ¶ added in v0.4.0
func (pm PluginMultiplexingServerImpl) MultiplexingSupport(ctx context.Context, req *MultiplexingSupportRequest) (*MultiplexingSupportResponse, error)
type PluginRunner ¶
type PluginRunner struct { Name string `json:"name" structs:"name"` Type consts.PluginType `json:"type" structs:"type"` Command string `json:"command" structs:"command"` Args []string `json:"args" structs:"args"` Env []string `json:"env" structs:"env"` Sha256 []byte `json:"sha256" structs:"sha256"` Builtin bool `json:"builtin" structs:"builtin"` BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"` }
PluginRunner defines the metadata needed to run a plugin securely with go-plugin.
func (*PluginRunner) Run ¶
func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)
Run takes a wrapper RunnerUtil instance along with the go-plugin parameters and returns a configured plugin.Client with TLS Configured and a wrapping token set on PluginUnwrapTokenEnv for plugin process consumption.
func (*PluginRunner) RunConfig ¶ added in v0.2.0
func (r *PluginRunner) RunConfig(ctx context.Context, opts ...RunOpt) (*plugin.Client, error)
func (*PluginRunner) RunMetadataMode ¶
func (r *PluginRunner) RunMetadataMode(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)
RunMetadataMode returns a configured plugin.Client that will dispense a plugin in metadata mode. The PluginMetadataModeEnv is passed in as part of the Cmd to plugin.Client, and consumed by the plugin process on api.VaultPluginTLSProvider.
type RunOpt ¶ added in v0.2.0
type RunOpt func(*runConfig)
func HandshakeConfig ¶ added in v0.2.0
func HandshakeConfig(hs plugin.HandshakeConfig) RunOpt
func MetadataMode ¶ added in v0.2.0
func PluginSets ¶ added in v0.2.0
func Runner ¶ added in v0.2.0
func Runner(wrapper RunnerUtil) RunOpt
type RunnerUtil ¶
type RunnerUtil interface { NewPluginClient(ctx context.Context, config PluginClientConfig) (PluginClient, error) ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error) MlockEnabled() bool }
RunnerUtil interface defines the functions needed by the runner to wrap the metadata needed to run a plugin process. This includes looking up Mlock configuration and wrapping data in a response wrapped token. logical.SystemView implementations satisfy this interface.
type UnimplementedPluginMultiplexingServer ¶ added in v0.4.0
type UnimplementedPluginMultiplexingServer struct { }
UnimplementedPluginMultiplexingServer must be embedded to have forward compatible implementations.
func (UnimplementedPluginMultiplexingServer) MultiplexingSupport ¶ added in v0.4.0
func (UnimplementedPluginMultiplexingServer) MultiplexingSupport(context.Context, *MultiplexingSupportRequest) (*MultiplexingSupportResponse, error)
type UnsafePluginMultiplexingServer ¶ added in v0.4.0
type UnsafePluginMultiplexingServer interface {
// contains filtered or unexported methods
}
UnsafePluginMultiplexingServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to PluginMultiplexingServer will result in compilation errors.