pluginutil

package
v0.8.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 5, 2017 License: MPL-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the
	// plugin.
	PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN"

	// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
	// string. Used for testing.
	PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"

	// PluginMetadaModeEnv is an ENV name used to disable TLS communication
	// to bootstrap mounting plugins.
	PluginMetadaModeEnv = "VAULT_PLUGIN_METADATA_MODE"
)
View Source
var (
	// PluginMlockEnabled is the ENV name used to pass the configuration for
	// enabling mlock
	PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
)

Functions

func OptionallyEnableMlock

func OptionallyEnableMlock() error

OptionallyEnableMlock determines if mlock should be called, and if so enables mlock.

func VaultPluginTLSProvider

func VaultPluginTLSProvider(apiTLSConfig *api.TLSConfig) func() (*tls.Config, error)

VaultPluginTLSProvider is run inside a plugin and retrives the response wrapped TLS certificate from vault. It returns a configured TLS Config.

Types

type APIClientMeta

type APIClientMeta struct {
	// contains filtered or unexported fields
}

func (*APIClientMeta) FlagSet

func (f *APIClientMeta) FlagSet() *flag.FlagSet

func (*APIClientMeta) GetTLSConfig

func (f *APIClientMeta) GetTLSConfig() *api.TLSConfig

type LookRunnerUtil

type LookRunnerUtil interface {
	Looker
	RunnerUtil
}

LookWrapper defines the functions for both Looker and Wrapper

type Looker

type Looker interface {
	LookupPlugin(string) (*PluginRunner, error)
}

Looker defines the plugin Lookup function that looks into the plugin catalog for availible plugins and returns a PluginRunner

type PluginRunner

type PluginRunner struct {
	Name           string                      `json:"name" structs:"name"`
	Command        string                      `json:"command" structs:"command"`
	Args           []string                    `json:"args" structs:"args"`
	Sha256         []byte                      `json:"sha256" structs:"sha256"`
	Builtin        bool                        `json:"builtin" structs:"builtin"`
	BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"`
}

PluginRunner defines the metadata needed to run a plugin securely with go-plugin.

func (*PluginRunner) Run

func (r *PluginRunner) Run(wrapper RunnerUtil, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)

Run takes a wrapper RunnerUtil instance along with the go-plugin paramaters and returns a configured plugin.Client with TLS Configured and a wrapping token set on PluginUnwrapTokenEnv for plugin process consumption.

func (*PluginRunner) RunMetadataMode added in v0.8.2

func (r *PluginRunner) RunMetadataMode(wrapper RunnerUtil, pluginMap map[string]plugin.Plugin, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)

RunMetadataMode returns a configured plugin.Client that will dispense a plugin in metadata mode. The PluginMetadaModeEnv is passed in as part of the Cmd to plugin.Client, and consumed by the plugin process on pluginutil.VaultPluginTLSProvider.

type RunnerUtil

type RunnerUtil interface {
	ResponseWrapData(data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error)
	MlockEnabled() bool
}

Wrapper interface defines the functions needed by the runner to wrap the metadata needed to run a plugin process. This includes looking up Mlock configuration and wrapping data in a respose wrapped token. logical.SystemView implementataions satisfy this interface.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL