pluginutil

package
v2.0.0-...-e8682ef Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 3, 2024 License: MPL-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PluginAutoMTLSEnv is used to ensure AutoMTLS is used. This will override
	// setting a TLSProviderFunc for a plugin.
	PluginAutoMTLSEnv = "BAO_PLUGIN_AUTOMTLS_ENABLED"

	// PluginMlockEnabled is the ENV name used to pass the configuration for
	// enabling mlock
	PluginMlockEnabled = "BAO_PLUGIN_MLOCK_ENABLED"

	// PluginVaultVersionEnv is the ENV name used to pass the version of the
	// vault server to the plugin
	PluginVaultVersionEnv = "BAO_VERSION"

	// PluginMetadataModeEnv is an ENV name used to disable TLS communication
	// to bootstrap mounting plugins.
	PluginMetadataModeEnv = "BAO_PLUGIN_METADATA_MODE"

	// PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the
	// plugin.
	PluginUnwrapTokenEnv = "BAO_UNWRAP_TOKEN"

	// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
	// string. Used for testing.
	PluginCACertPEMEnv = "BAO_TESTING_PLUGIN_CA_PEM"

	// PluginMultiplexingOptOut is an ENV name used to define a comma separated list of plugin names
	// opted-out of the multiplexing feature; for emergencies if multiplexing ever causes issues
	PluginMultiplexingOptOut = "BAO_PLUGIN_MULTIPLEXING_OPT_OUT"
)
View Source 
const MultiplexingCtxKey string = "multiplex_id"

Variables

View Source 
var ErrNoMultiplexingIDFound = errors.New("no multiplexing ID found")
View Source 
var File_sdk_helper_pluginutil_multiplexing_proto protoreflect.FileDescriptor
View Source 
var PluginMultiplexing_ServiceDesc = grpc.ServiceDesc{
	ServiceName: "pluginutil.multiplexing.PluginMultiplexing",
	HandlerType: (*PluginMultiplexingServer)(nil),
	Methods: []grpc.MethodDesc{
		{
			MethodName: "MultiplexingSupport",
			Handler:    _PluginMultiplexing_MultiplexingSupport_Handler,
		},
	},
	Streams:  []grpc.StreamDesc{},
	Metadata: "sdk/helper/pluginutil/multiplexing.proto",
}

PluginMultiplexing_ServiceDesc is the grpc.ServiceDesc for PluginMultiplexing service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)

Functions

func CtxCancelIfCanceled 

func CtxCancelIfCanceled(f context.CancelFunc, ctxCanceler context.Context) chan struct{}

CtxCancelIfCanceled takes a context cancel func and a context. If the context is shutdown the cancelfunc is called. This is useful for merging two cancel functions.

func GRPCSupport 

func GRPCSupport() bool

GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or it fails to meet the version constraint.

func GetMultiplexIDFromContext 

func GetMultiplexIDFromContext(ctx context.Context) (string, error)

func InMetadataMode 

func InMetadataMode() bool

InMetadataMode returns true if the plugin calling this function is running in metadata mode.

func MultiplexingSupported 

func MultiplexingSupported(ctx context.Context, cc grpc.ClientConnInterface, name string) (bool, error)

func OptionallyEnableMlock 

func OptionallyEnableMlock() error

OptionallyEnableMlock determines if mlock should be called, and if so enables mlock.

func RegisterPluginMultiplexingServer 

func RegisterPluginMultiplexingServer(s grpc.ServiceRegistrar, srv PluginMultiplexingServer)

Types

type LookRunnerUtil 

type LookRunnerUtil interface {
	Looker
	RunnerUtil
}

LookRunnerUtil defines the functions for both Looker and Wrapper

type Looker 

type Looker interface {
	LookupPlugin(ctx context.Context, pluginName string, pluginType consts.PluginType) (*PluginRunner, error)
	LookupPluginVersion(ctx context.Context, pluginName string, pluginType consts.PluginType, version string) (*PluginRunner, error)
}

Looker defines the plugin Lookup function that looks into the plugin catalog for available plugins and returns a PluginRunner

type MultiplexingSupportRequest 

type MultiplexingSupportRequest struct {
	// contains filtered or unexported fields
}

func (*MultiplexingSupportRequest) Descriptor deprecated 

func (*MultiplexingSupportRequest) Descriptor() ([]byte, []int)

Deprecated: Use MultiplexingSupportRequest.ProtoReflect.Descriptor instead.

func (*MultiplexingSupportRequest) ProtoMessage 

func (*MultiplexingSupportRequest) ProtoMessage()

func (*MultiplexingSupportRequest) ProtoReflect 

func (x *MultiplexingSupportRequest) ProtoReflect() protoreflect.Message

func (*MultiplexingSupportRequest) Reset 

func (x *MultiplexingSupportRequest) Reset()

func (*MultiplexingSupportRequest) String 

func (x *MultiplexingSupportRequest) String() string

type MultiplexingSupportResponse 

type MultiplexingSupportResponse struct {
	Supported bool `protobuf:"varint,1,opt,name=supported,proto3" json:"supported,omitempty"`
	// contains filtered or unexported fields
}

func (*MultiplexingSupportResponse) Descriptor deprecated 

func (*MultiplexingSupportResponse) Descriptor() ([]byte, []int)

Deprecated: Use MultiplexingSupportResponse.ProtoReflect.Descriptor instead.

func (*MultiplexingSupportResponse) GetSupported 

func (x *MultiplexingSupportResponse) GetSupported() bool

func (*MultiplexingSupportResponse) ProtoMessage 

func (*MultiplexingSupportResponse) ProtoMessage()

func (*MultiplexingSupportResponse) ProtoReflect 

func (x *MultiplexingSupportResponse) ProtoReflect() protoreflect.Message

func (*MultiplexingSupportResponse) Reset 

func (x *MultiplexingSupportResponse) Reset()

func (*MultiplexingSupportResponse) String 

func (x *MultiplexingSupportResponse) String() string

type PluginClient 

type PluginClient interface {
	Conn() grpc.ClientConnInterface
	Reload() error
	plugin.ClientProtocol
}

type PluginClientConfig 

type PluginClientConfig struct {
	Name            string
	PluginType      consts.PluginType
	Version         string
	PluginSets      map[int]plugin.PluginSet
	HandshakeConfig plugin.HandshakeConfig
	Logger          log.Logger
	IsMetadataMode  bool
	AutoMTLS        bool
	MLock           bool
	Wrapper         RunnerUtil
}

type PluginMultiplexingClient 

type PluginMultiplexingClient interface {
	MultiplexingSupport(ctx context.Context, in *MultiplexingSupportRequest, opts ...grpc.CallOption) (*MultiplexingSupportResponse, error)
}

PluginMultiplexingClient is the client API for PluginMultiplexing service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.

func NewPluginMultiplexingClient 

func NewPluginMultiplexingClient(cc grpc.ClientConnInterface) PluginMultiplexingClient

type PluginMultiplexingServer 

type PluginMultiplexingServer interface {
	MultiplexingSupport(context.Context, *MultiplexingSupportRequest) (*MultiplexingSupportResponse, error)
	// contains filtered or unexported methods
}

PluginMultiplexingServer is the server API for PluginMultiplexing service. All implementations must embed UnimplementedPluginMultiplexingServer for forward compatibility

type PluginMultiplexingServerImpl 

type PluginMultiplexingServerImpl struct {
	UnimplementedPluginMultiplexingServer

	Supported bool
}

func (PluginMultiplexingServerImpl) MultiplexingSupport 

func (pm PluginMultiplexingServerImpl) MultiplexingSupport(_ context.Context, _ *MultiplexingSupportRequest) (*MultiplexingSupportResponse, error)

type PluginRunner 

type PluginRunner struct {
	Name           string                      `json:"name" structs:"name"`
	Type           consts.PluginType           `json:"type" structs:"type"`
	Version        string                      `json:"version" structs:"version"`
	Command        string                      `json:"command" structs:"command"`
	Args           []string                    `json:"args" structs:"args"`
	Env            []string                    `json:"env" structs:"env"`
	Sha256         []byte                      `json:"sha256" structs:"sha256"`
	Builtin        bool                        `json:"builtin" structs:"builtin"`
	BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"`
}

PluginRunner defines the metadata needed to run a plugin securely with go-plugin.

func (*PluginRunner) Run 

func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)

Run takes a wrapper RunnerUtil instance along with the go-plugin parameters and returns a configured plugin.Client with TLS Configured and a wrapping token set on PluginUnwrapTokenEnv for plugin process consumption.

func (*PluginRunner) RunConfig 

func (r *PluginRunner) RunConfig(ctx context.Context, opts ...RunOpt) (*plugin.Client, error)

func (*PluginRunner) RunMetadataMode 

func (r *PluginRunner) RunMetadataMode(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)

RunMetadataMode returns a configured plugin.Client that will dispense a plugin in metadata mode. The PluginMetadataModeEnv is passed in as part of the Cmd to plugin.Client, and consumed by the plugin process on api.VaultPluginTLSProvider.

type RunOpt 

type RunOpt func(*runConfig)

func AutoMTLS 

func AutoMTLS(autoMTLS bool) RunOpt

func Env 

func Env(env ...string) RunOpt

func HandshakeConfig 

func HandshakeConfig(hs plugin.HandshakeConfig) RunOpt

func Logger 

func Logger(logger log.Logger) RunOpt

func MLock 

func MLock(mlock bool) RunOpt

func MetadataMode 

func MetadataMode(isMetadataMode bool) RunOpt

func PluginSets 

func PluginSets(pluginSets map[int]plugin.PluginSet) RunOpt

func Runner 

func Runner(wrapper RunnerUtil) RunOpt

type RunnerUtil 

type RunnerUtil interface {
	NewPluginClient(ctx context.Context, config PluginClientConfig) (PluginClient, error)
	ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error)
	MlockEnabled() bool
	VaultVersion(ctx context.Context) (string, error)
}

RunnerUtil interface defines the functions needed by the runner to wrap the metadata needed to run a plugin process. This includes looking up Mlock configuration and wrapping data in a response wrapped token. logical.SystemView implementations satisfy this interface.

type UnimplementedPluginMultiplexingServer 

type UnimplementedPluginMultiplexingServer struct {
}

UnimplementedPluginMultiplexingServer must be embedded to have forward compatible implementations.

func (UnimplementedPluginMultiplexingServer) MultiplexingSupport 

func (UnimplementedPluginMultiplexingServer) MultiplexingSupport(context.Context, *MultiplexingSupportRequest) (*MultiplexingSupportResponse, error)

type UnsafePluginMultiplexingServer 

type UnsafePluginMultiplexingServer interface {
	// contains filtered or unexported methods
}

UnsafePluginMultiplexingServer may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to PluginMultiplexingServer will result in compilation errors.

type VersionedPlugin 

type VersionedPlugin struct {
	Type              string `json:"type"` // string instead of consts.PluginType so that we get the string form in API responses.
	Name              string `json:"name"`
	Version           string `json:"version"`
	SHA256            string `json:"sha256,omitempty"`
	Builtin           bool   `json:"builtin"`
	DeprecationStatus string `json:"deprecation_status,omitempty"`

	// Pre-parsed semver struct of the Version field
	SemanticVersion *version.Version `json:"-"`
}

VersionedPlugin holds any versioning information stored about a plugin in the plugin catalog.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.