Documentation ¶
Index ¶
- Variables
- func CtxCancelIfCanceled(f context.CancelFunc, ctxCanceler context.Context) chan struct{}
- func GRPCSupport() bool
- func InMetadataMode() bool
- func OptionallyEnableMlock() error
- func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, error)
- type APIClientMeta
- type LookRunnerUtil
- type Looker
- type PluginRunner
- type RunnerUtil
Constants ¶
This section is empty.
Variables ¶
var ( // PluginMlockEnabled is the ENV name used to pass the configuration for // enabling mlock PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED" // PluginVaultVersionEnv is the ENV name used to pass the version of the // vault server to the plugin PluginVaultVersionEnv = "VAULT_VERSION" // PluginMetadataModeEnv is an ENV name used to disable TLS communication // to bootstrap mounting plugins. PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE" )
var ( // PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the // plugin. PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN" // PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded // string. Used for testing. PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM" )
Functions ¶
func CtxCancelIfCanceled ¶ added in v0.9.2
func CtxCancelIfCanceled(f context.CancelFunc, ctxCanceler context.Context) chan struct{}
CtxCancelIfCanceled takes a context cancel func and a context. If the context is shutdown the cancelfunc is called. This is useful for merging two cancel functions.
func GRPCSupport ¶ added in v0.9.2
func GRPCSupport() bool
GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or it fails to meet the version constraint.
func InMetadataMode ¶ added in v0.10.0
func InMetadataMode() bool
InMetadataMode returns true if the plugin calling this function is running in metadata mode.
func OptionallyEnableMlock ¶
func OptionallyEnableMlock() error
OptionallyEnableMlock determines if mlock should be called, and if so enables mlock.
Types ¶
type APIClientMeta ¶
type APIClientMeta struct {
// contains filtered or unexported fields
}
APIClientMeta is a helper that plugins can use to configure TLS connections back to Vault.
func (*APIClientMeta) FlagSet ¶
func (f *APIClientMeta) FlagSet() *flag.FlagSet
FlagSet returns the flag set for configuring the TLS connection
func (*APIClientMeta) GetTLSConfig ¶
func (f *APIClientMeta) GetTLSConfig() *api.TLSConfig
GetTLSConfig will return a TLSConfig based off the values from the flags
type LookRunnerUtil ¶
type LookRunnerUtil interface { Looker RunnerUtil }
LookRunnerUtil defines the functions for both Looker and Wrapper
type Looker ¶
type Looker interface {
LookupPlugin(context.Context, string, consts.PluginType) (*PluginRunner, error)
}
Looker defines the plugin Lookup function that looks into the plugin catalog for available plugins and returns a PluginRunner
type PluginRunner ¶
type PluginRunner struct { Name string `json:"name" structs:"name"` Type consts.PluginType `json:"type" structs:"type"` Command string `json:"command" structs:"command"` Args []string `json:"args" structs:"args"` Env []string `json:"env" structs:"env"` Sha256 []byte `json:"sha256" structs:"sha256"` Builtin bool `json:"builtin" structs:"builtin"` BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"` }
PluginRunner defines the metadata needed to run a plugin securely with go-plugin.
func (*PluginRunner) Run ¶
func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)
Run takes a wrapper RunnerUtil instance along with the go-plugin parameters and returns a configured plugin.Client with TLS Configured and a wrapping token set on PluginUnwrapTokenEnv for plugin process consumption.
func (*PluginRunner) RunMetadataMode ¶ added in v0.8.2
func (r *PluginRunner) RunMetadataMode(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)
RunMetadataMode returns a configured plugin.Client that will dispense a plugin in metadata mode. The PluginMetadataModeEnv is passed in as part of the Cmd to plugin.Client, and consumed by the plugin process on pluginutil.VaultPluginTLSProvider.
type RunnerUtil ¶
type RunnerUtil interface { ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error) MlockEnabled() bool }
RunnerUtil interface defines the functions needed by the runner to wrap the metadata needed to run a plugin process. This includes looking up Mlock configuration and wrapping data in a response wrapped token. logical.SystemView implementations satisfy this interface.