open-vault/builtin/logical/mongodb/backend.go

package mongodb

import (
	"context"
	"fmt"
	"strings"
	"sync"
	"time"

	"github.com/hashicorp/vault/sdk/framework"
	"github.com/hashicorp/vault/sdk/logical"
	mgo "gopkg.in/mgo.v2"
)

func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
	b := Backend()
	if err := b.Setup(ctx, conf); err != nil {
		return nil, err
	}
	return b, nil
}

func Backend() *framework.Backend {
	var b backend
	b.Backend = &framework.Backend{
		Help: strings.TrimSpace(backendHelp),

		PathsSpecial: &logical.Paths{
			SealWrapStorage: []string{
				"config/connection",
			},
		},

		Paths: []*framework.Path{
			pathConfigConnection(&b),
			pathConfigLease(&b),
			pathListRoles(&b),
			pathRoles(&b),
			pathCredsCreate(&b),
		},

		Secrets: []*framework.Secret{
			secretCreds(&b),
		},

		Clean: b.ResetSession,

		Invalidate:  b.invalidate,
		BackendType: logical.TypeLogical,
	}

	return b.Backend
}

type backend struct {
	*framework.Backend

	session *mgo.Session
	lock    sync.Mutex
}

// Session returns the database connection.
func (b *backend) Session(ctx context.Context, s logical.Storage) (*mgo.Session, error) {
	b.lock.Lock()
	defer b.lock.Unlock()

	if b.session != nil {
		if err := b.session.Ping(); err == nil {
			return b.session, nil
		}
		b.session.Close()
	}

	connConfigJSON, err := s.Get(ctx, "config/connection")
	if err != nil {
		return nil, err
	}
	if connConfigJSON == nil {
		return nil, fmt.Errorf("configure the MongoDB connection with config/connection first")
	}

	var connConfig connectionConfig
	if err := connConfigJSON.DecodeJSON(&connConfig); err != nil {
		return nil, err
	}

	dialInfo, err := parseMongoURI(connConfig.URI)
	if err != nil {
		return nil, err
	}

	b.session, err = mgo.DialWithInfo(dialInfo)
	if err != nil {
		return nil, err
	}
	b.session.SetSyncTimeout(1 * time.Minute)
	b.session.SetSocketTimeout(1 * time.Minute)

	return b.session, nil
}

// ResetSession forces creation of a new connection next time Session() is called.
func (b *backend) ResetSession(_ context.Context) {
	b.lock.Lock()
	defer b.lock.Unlock()

	if b.session != nil {
		b.session.Close()
	}

	b.session = nil
}

func (b *backend) invalidate(ctx context.Context, key string) {
	switch key {
	case "config/connection":
		b.ResetSession(ctx)
	}
}

// LeaseConfig returns the lease configuration
func (b *backend) LeaseConfig(ctx context.Context, s logical.Storage) (*configLease, error) {
	entry, err := s.Get(ctx, "config/lease")
	if err != nil {
		return nil, err
	}
	if entry == nil {
		return nil, nil
	}

	var result configLease
	if err := entry.DecodeJSON(&result); err != nil {
		return nil, err
	}

	return &result, nil
}

const backendHelp = `
The mongodb backend dynamically generates MongoDB credentials.

After mounting this backend, configure it using the endpoints within
the "config/" path.
`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`package mongodb`

			`import (`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`"context"`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`"fmt"`
			`"strings"`
			`"sync"`
			`"time"`

Create sdk/ and api/ submodules (#6583) 2019-04-12 21:54:35 +00:00			`"github.com/hashicorp/vault/sdk/framework"`
Switch to go modules (#6585) * Switch to go modules * Make fmt 2019-04-13 07:44:06 +00:00			`"github.com/hashicorp/vault/sdk/logical"`
Run goimports across the repository (#6010) The result will still pass gofmtcheck and won't trigger additional changes if someone isn't using goimports, but it will avoid the piecemeal imports changes we've been seeing. 2019-01-09 00:48:57 +00:00			`mgo "gopkg.in/mgo.v2"`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`)`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {`
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs 2017-07-20 17:28:40 +00:00			`b := Backend()`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`if err := b.Setup(ctx, conf); err != nil {`
Backend plugin system (#2874) * Add backend plugin changes * Fix totp backend plugin tests * Fix logical/plugin InvalidateKey test * Fix plugin catalog CRUD test, fix NoopBackend * Clean up commented code block * Fix system backend mount test * Set plugin_name to omitempty, fix handleMountTable config parsing * Clean up comments, keep shim connections alive until cleanup * Include pluginClient, disallow LookupPlugin call from within a plugin * Add wrapper around backendPluginClient for proper cleanup * Add logger shim tests * Add logger, storage, and system shim tests * Use pointer receivers for system view shim * Use plugin name if no path is provided on mount * Enable plugins for auth backends * Add backend type attribute, move builtin/plugin/package * Fix merge conflict * Fix missing plugin name in mount config * Add integration tests on enabling auth backend plugins * Remove dependency cycle on mock-plugin * Add passthrough backend plugin, use logical.BackendType to determine lease generation * Remove vault package dependency on passthrough package * Add basic impl test for passthrough plugin * Incorporate feedback; set b.backend after shims creation on backendPluginServer * Fix totp plugin test * Add plugin backends docs * Fix tests * Fix builtin/plugin tests * Remove flatten from PluginRunner fields * Move mock plugin to logical/plugin, remove totp and passthrough plugins * Move pluginMap into newPluginClient * Do not create storage RPC connection on HandleRequest and HandleExistenceCheck * Change shim logger's Fatal to no-op * Change BackendType to uint32, match UX backend types * Change framework.Backend Setup signature * Add Setup func to logical.Backend interface * Move OptionallyEnableMlock call into plugin.Serve, update docs and comments * Remove commented var in plugin package * RegisterLicense on logical.Backend interface (#3017) * Add RegisterLicense to logical.Backend interface * Update RegisterLicense to use callback func on framework.Backend * Refactor framework.Backend.RegisterLicense * plugin: Prevent plugin.SystemViewClient.ResponseWrapData from getting JWTs * plugin: Revert BackendType to remove TypePassthrough and related references * Fix typo in plugin backends docs 2017-07-20 17:28:40 +00:00			`return nil, err`
			`}`
			`return b, nil`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`}`

			`func Backend() *framework.Backend {`
			`var b backend`
			`b.Backend = &framework.Backend{`
			`Help: strings.TrimSpace(backendHelp),`

Add some more SealWrap declarations (#3531) 2017-11-03 15:43:31 +00:00			`PathsSpecial: &logical.Paths{`
			`SealWrapStorage: []string{`
			`"config/connection",`
			`},`
			`},`

Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`Paths: []*framework.Path{`
			`pathConfigConnection(&b),`
			`pathConfigLease(&b),`
			`pathListRoles(&b),`
			`pathRoles(&b),`
			`pathCredsCreate(&b),`
			`},`

			`Secrets: []*framework.Secret{`
			`secretCreds(&b),`
			`},`

			`Clean: b.ResetSession,`
More porting from rep (#2388) * More porting from rep * Address review feedback 2017-02-16 21:29:30 +00:00
Add BackendType to existing backends (#3078) 2017-07-28 18:04:46 +00:00			`Invalidate: b.invalidate,`
			`BackendType: logical.TypeLogical,`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`}`

			`return b.Backend`
			`}`

			`type backend struct {`
			`*framework.Backend`

			`session *mgo.Session`
			`lock sync.Mutex`
			`}`

			`// Session returns the database connection.`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (b backend) Session(ctx context.Context, s logical.Storage) (mgo.Session, error) {`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`b.lock.Lock()`
			`defer b.lock.Unlock()`

			`if b.session != nil {`
mongodb secret backend: Verify existing Session is still working before reusing it 2016-07-08 01:37:44 +00:00			`if err := b.session.Ping(); err == nil {`
			`return b.session, nil`
			`}`
			`b.session.Close()`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`connConfigJSON, err := s.Get(ctx, "config/connection")`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`if connConfigJSON == nil {`
			`return nil, fmt.Errorf("configure the MongoDB connection with config/connection first")`
			`}`

			`var connConfig connectionConfig`
			`if err := connConfigJSON.DecodeJSON(&connConfig); err != nil {`
			`return nil, err`
			`}`

			`dialInfo, err := parseMongoURI(connConfig.URI)`
			`if err != nil {`
			`return nil, err`
			`}`

			`b.session, err = mgo.DialWithInfo(dialInfo)`
			`if err != nil {`
			`return nil, err`
			`}`
			`b.session.SetSyncTimeout(1 * time.Minute)`
			`b.session.SetSocketTimeout(1 * time.Minute)`

			`return b.session, nil`
			`}`

mongodb secret backend: Verify existing Session is still working before reusing it 2016-07-08 01:37:44 +00:00			`// ResetSession forces creation of a new connection next time Session() is called.`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (b *backend) ResetSession(_ context.Context) {`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`b.lock.Lock()`
			`defer b.lock.Unlock()`

			`if b.session != nil {`
			`b.session.Close()`
			`}`

			`b.session = nil`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (b *backend) invalidate(ctx context.Context, key string) {`
More porting from rep (#2388) * More porting from rep * Address review feedback 2017-02-16 21:29:30 +00:00			`switch key {`
			`case "config/connection":`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`b.ResetSession(ctx)`
More porting from rep (#2388) * More porting from rep * Address review feedback 2017-02-16 21:29:30 +00:00			`}`
			`}`

Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`// LeaseConfig returns the lease configuration`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (b backend) LeaseConfig(ctx context.Context, s logical.Storage) (configLease, error) {`
			`entry, err := s.Get(ctx, "config/lease")`
Add mongodb secret backend 2016-05-13 20:42:09 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`if entry == nil {`
			`return nil, nil`
			`}`

			`var result configLease`
			`if err := entry.DecodeJSON(&result); err != nil {`
			`return nil, err`
			`}`

			`return &result, nil`
			`}`

			const backendHelp = `
			`The mongodb backend dynamically generates MongoDB credentials.`

			`After mounting this backend, configure it using the endpoints within`
			`the "config/" path.`
			`