Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the // plugin. PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN" // PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded // string. Used for testing. PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM" // PluginMetadaModeEnv is an ENV name used to disable TLS communication // to bootstrap mounting plugins. PluginMetadaModeEnv = "VAULT_PLUGIN_METADATA_MODE" )
var ( // PluginMlockEnabled is the ENV name used to pass the configuration for // enabling mlock PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED" )
Functions ¶
func OptionallyEnableMlock ¶
func OptionallyEnableMlock() error
OptionallyEnableMlock determines if mlock should be called, and if so enables mlock.
Types ¶
type APIClientMeta ¶
type APIClientMeta struct {
// contains filtered or unexported fields
}
func (*APIClientMeta) FlagSet ¶
func (f *APIClientMeta) FlagSet() *flag.FlagSet
func (*APIClientMeta) GetTLSConfig ¶
func (f *APIClientMeta) GetTLSConfig() *api.TLSConfig
type LookRunnerUtil ¶
type LookRunnerUtil interface {
Looker
RunnerUtil
}
LookWrapper defines the functions for both Looker and Wrapper
type Looker ¶
type Looker interface {
LookupPlugin(string) (*PluginRunner, error)
}
Looker defines the plugin Lookup function that looks into the plugin catalog for availible plugins and returns a PluginRunner
type PluginRunner ¶
type PluginRunner struct {
Name string `json:"name" structs:"name"`
Command string `json:"command" structs:"command"`
Args []string `json:"args" structs:"args"`
Sha256 []byte `json:"sha256" structs:"sha256"`
Builtin bool `json:"builtin" structs:"builtin"`
BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"`
}
PluginRunner defines the metadata needed to run a plugin securely with go-plugin.
func (*PluginRunner) Run ¶
func (r *PluginRunner) Run(wrapper RunnerUtil, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)
Run takes a wrapper RunnerUtil instance along with the go-plugin paramaters and returns a configured plugin.Client with TLS Configured and a wrapping token set on PluginUnwrapTokenEnv for plugin process consumption.
func (*PluginRunner) RunMetadataMode ¶ added in v0.8.2
func (r *PluginRunner) RunMetadataMode(wrapper RunnerUtil, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)
RunMetadataMode returns a configured plugin.Client that will dispense a plugin in metadata mode. The PluginMetadaModeEnv is passed in as part of the Cmd to plugin.Client, and consumed by the plugin process on pluginutil.VaultPluginTLSProvider.
type RunnerUtil ¶
type RunnerUtil interface {
ResponseWrapData(data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error)
MlockEnabled() bool
}
Wrapper interface defines the functions needed by the runner to wrap the metadata needed to run a plugin process. This includes looking up Mlock configuration and wrapping data in a respose wrapped token. logical.SystemView implementataions satisfy this interface.
Source Files