pluginutil

package
v1.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 12, 2019 License: MPL-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// PluginMlockEnabled is the ENV name used to pass the configuration for
	// enabling mlock
	PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"

	// PluginVaultVersionEnv is the ENV name used to pass the version of the
	// vault server to the plugin
	PluginVaultVersionEnv = "VAULT_VERSION"

	// PluginMetadataModeEnv is an ENV name used to disable TLS communication
	// to bootstrap mounting plugins.
	PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
)
View Source
var (
	// PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the
	// plugin.
	PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN"

	// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
	// string. Used for testing.
	PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"
)

Functions

func CtxCancelIfCanceled added in v0.9.2

func CtxCancelIfCanceled(f context.CancelFunc, ctxCanceler context.Context) chan struct{}

CtxCancelIfCanceled takes a context cancel func and a context. If the context is shutdown the cancelfunc is called. This is useful for merging two cancel functions.

func GRPCSupport added in v0.9.2

func GRPCSupport() bool

GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or it fails to meet the version constraint.

func InMetadataMode added in v0.10.0

func InMetadataMode() bool

InMetadataMode returns true if the plugin calling this function is running in metadata mode.

func OptionallyEnableMlock

func OptionallyEnableMlock() error

OptionallyEnableMlock determines if mlock should be called, and if so enables mlock.

func VaultPluginTLSProvider

func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, error)

VaultPluginTLSProvider is run inside a plugin and retrieves the response wrapped TLS certificate from vault. It returns a configured TLS Config.

Types

type APIClientMeta

type APIClientMeta struct {
	// contains filtered or unexported fields
}

APIClientMeta is a helper that plugins can use to configure TLS connections back to Vault.

func (*APIClientMeta) FlagSet

func (f *APIClientMeta) FlagSet() *flag.FlagSet

FlagSet returns the flag set for configuring the TLS connection

func (*APIClientMeta) GetTLSConfig

func (f *APIClientMeta) GetTLSConfig() *api.TLSConfig

GetTLSConfig will return a TLSConfig based off the values from the flags

type LookRunnerUtil

type LookRunnerUtil interface {
	Looker
	RunnerUtil
}

LookRunnerUtil defines the functions for both Looker and Wrapper

type Looker

type Looker interface {
	LookupPlugin(context.Context, string, consts.PluginType) (*PluginRunner, error)
}

Looker defines the plugin Lookup function that looks into the plugin catalog for available plugins and returns a PluginRunner

type PluginRunner

type PluginRunner struct {
	Name           string                      `json:"name" structs:"name"`
	Type           consts.PluginType           `json:"type" structs:"type"`
	Command        string                      `json:"command" structs:"command"`
	Args           []string                    `json:"args" structs:"args"`
	Env            []string                    `json:"env" structs:"env"`
	Sha256         []byte                      `json:"sha256" structs:"sha256"`
	Builtin        bool                        `json:"builtin" structs:"builtin"`
	BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"`
}

PluginRunner defines the metadata needed to run a plugin securely with go-plugin.

func (*PluginRunner) Run

func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)

Run takes a wrapper RunnerUtil instance along with the go-plugin parameters and returns a configured plugin.Client with TLS Configured and a wrapping token set on PluginUnwrapTokenEnv for plugin process consumption.

func (*PluginRunner) RunMetadataMode added in v0.8.2

func (r *PluginRunner) RunMetadataMode(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)

RunMetadataMode returns a configured plugin.Client that will dispense a plugin in metadata mode. The PluginMetadataModeEnv is passed in as part of the Cmd to plugin.Client, and consumed by the plugin process on pluginutil.VaultPluginTLSProvider.

type RunnerUtil

type RunnerUtil interface {
	ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error)
	MlockEnabled() bool
}

RunnerUtil interface defines the functions needed by the runner to wrap the metadata needed to run a plugin process. This includes looking up Mlock configuration and wrapping data in a response wrapped token. logical.SystemView implementations satisfy this interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL