2019-04-15 15:36:10 +00:00
// Code generated by protoc-gen-go. DO NOT EDIT.
2019-04-15 16:14:20 +00:00
// source: sdk/database/dbplugin/database.proto
2019-04-15 15:36:10 +00:00
package dbplugin
import (
context "context"
fmt "fmt"
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
grpc "google.golang.org/grpc"
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
codes "google.golang.org/grpc/codes"
status "google.golang.org/grpc/status"
2019-04-15 17:38:08 +00:00
math "math"
2019-04-15 15:36:10 +00:00
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto . Marshal
var _ = fmt . Errorf
var _ = math . Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto . ProtoPackageIsVersion3 // please upgrade the proto package
// Deprecated: Do not use.
type InitializeRequest struct {
Config [ ] byte ` protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty" `
VerifyConnection bool ` protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * InitializeRequest ) Reset ( ) { * m = InitializeRequest { } }
func ( m * InitializeRequest ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * InitializeRequest ) ProtoMessage ( ) { }
func ( * InitializeRequest ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 0 }
2019-04-15 15:36:10 +00:00
}
func ( m * InitializeRequest ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_InitializeRequest . Unmarshal ( m , b )
}
func ( m * InitializeRequest ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_InitializeRequest . Marshal ( b , m , deterministic )
}
func ( m * InitializeRequest ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_InitializeRequest . Merge ( m , src )
}
func ( m * InitializeRequest ) XXX_Size ( ) int {
return xxx_messageInfo_InitializeRequest . Size ( m )
}
func ( m * InitializeRequest ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_InitializeRequest . DiscardUnknown ( m )
}
var xxx_messageInfo_InitializeRequest proto . InternalMessageInfo
func ( m * InitializeRequest ) GetConfig ( ) [ ] byte {
if m != nil {
return m . Config
}
return nil
}
func ( m * InitializeRequest ) GetVerifyConnection ( ) bool {
if m != nil {
return m . VerifyConnection
}
return false
}
type InitRequest struct {
Config [ ] byte ` protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty" `
VerifyConnection bool ` protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * InitRequest ) Reset ( ) { * m = InitRequest { } }
func ( m * InitRequest ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * InitRequest ) ProtoMessage ( ) { }
func ( * InitRequest ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 1 }
2019-04-15 15:36:10 +00:00
}
func ( m * InitRequest ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_InitRequest . Unmarshal ( m , b )
}
func ( m * InitRequest ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_InitRequest . Marshal ( b , m , deterministic )
}
func ( m * InitRequest ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_InitRequest . Merge ( m , src )
}
func ( m * InitRequest ) XXX_Size ( ) int {
return xxx_messageInfo_InitRequest . Size ( m )
}
func ( m * InitRequest ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_InitRequest . DiscardUnknown ( m )
}
var xxx_messageInfo_InitRequest proto . InternalMessageInfo
func ( m * InitRequest ) GetConfig ( ) [ ] byte {
if m != nil {
return m . Config
}
return nil
}
func ( m * InitRequest ) GetVerifyConnection ( ) bool {
if m != nil {
return m . VerifyConnection
}
return false
}
type CreateUserRequest struct {
Statements * Statements ` protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty" `
UsernameConfig * UsernameConfig ` protobuf:"bytes,2,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty" `
Expiration * timestamp . Timestamp ` protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * CreateUserRequest ) Reset ( ) { * m = CreateUserRequest { } }
func ( m * CreateUserRequest ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * CreateUserRequest ) ProtoMessage ( ) { }
func ( * CreateUserRequest ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 2 }
2019-04-15 15:36:10 +00:00
}
func ( m * CreateUserRequest ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_CreateUserRequest . Unmarshal ( m , b )
}
func ( m * CreateUserRequest ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_CreateUserRequest . Marshal ( b , m , deterministic )
}
func ( m * CreateUserRequest ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_CreateUserRequest . Merge ( m , src )
}
func ( m * CreateUserRequest ) XXX_Size ( ) int {
return xxx_messageInfo_CreateUserRequest . Size ( m )
}
func ( m * CreateUserRequest ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_CreateUserRequest . DiscardUnknown ( m )
}
var xxx_messageInfo_CreateUserRequest proto . InternalMessageInfo
func ( m * CreateUserRequest ) GetStatements ( ) * Statements {
if m != nil {
return m . Statements
}
return nil
}
func ( m * CreateUserRequest ) GetUsernameConfig ( ) * UsernameConfig {
if m != nil {
return m . UsernameConfig
}
return nil
}
func ( m * CreateUserRequest ) GetExpiration ( ) * timestamp . Timestamp {
if m != nil {
return m . Expiration
}
return nil
}
type RenewUserRequest struct {
Statements * Statements ` protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty" `
Username string ` protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty" `
Expiration * timestamp . Timestamp ` protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * RenewUserRequest ) Reset ( ) { * m = RenewUserRequest { } }
func ( m * RenewUserRequest ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * RenewUserRequest ) ProtoMessage ( ) { }
func ( * RenewUserRequest ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 3 }
2019-04-15 15:36:10 +00:00
}
func ( m * RenewUserRequest ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_RenewUserRequest . Unmarshal ( m , b )
}
func ( m * RenewUserRequest ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_RenewUserRequest . Marshal ( b , m , deterministic )
}
func ( m * RenewUserRequest ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_RenewUserRequest . Merge ( m , src )
}
func ( m * RenewUserRequest ) XXX_Size ( ) int {
return xxx_messageInfo_RenewUserRequest . Size ( m )
}
func ( m * RenewUserRequest ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_RenewUserRequest . DiscardUnknown ( m )
}
var xxx_messageInfo_RenewUserRequest proto . InternalMessageInfo
func ( m * RenewUserRequest ) GetStatements ( ) * Statements {
if m != nil {
return m . Statements
}
return nil
}
func ( m * RenewUserRequest ) GetUsername ( ) string {
if m != nil {
return m . Username
}
return ""
}
func ( m * RenewUserRequest ) GetExpiration ( ) * timestamp . Timestamp {
if m != nil {
return m . Expiration
}
return nil
}
type RevokeUserRequest struct {
Statements * Statements ` protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty" `
Username string ` protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * RevokeUserRequest ) Reset ( ) { * m = RevokeUserRequest { } }
func ( m * RevokeUserRequest ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * RevokeUserRequest ) ProtoMessage ( ) { }
func ( * RevokeUserRequest ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 4 }
2019-04-15 15:36:10 +00:00
}
func ( m * RevokeUserRequest ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_RevokeUserRequest . Unmarshal ( m , b )
}
func ( m * RevokeUserRequest ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_RevokeUserRequest . Marshal ( b , m , deterministic )
}
func ( m * RevokeUserRequest ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_RevokeUserRequest . Merge ( m , src )
}
func ( m * RevokeUserRequest ) XXX_Size ( ) int {
return xxx_messageInfo_RevokeUserRequest . Size ( m )
}
func ( m * RevokeUserRequest ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_RevokeUserRequest . DiscardUnknown ( m )
}
var xxx_messageInfo_RevokeUserRequest proto . InternalMessageInfo
func ( m * RevokeUserRequest ) GetStatements ( ) * Statements {
if m != nil {
return m . Statements
}
return nil
}
func ( m * RevokeUserRequest ) GetUsername ( ) string {
if m != nil {
return m . Username
}
return ""
}
type RotateRootCredentialsRequest struct {
Statements [ ] string ` protobuf:"bytes,1,rep,name=statements,proto3" json:"statements,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * RotateRootCredentialsRequest ) Reset ( ) { * m = RotateRootCredentialsRequest { } }
func ( m * RotateRootCredentialsRequest ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * RotateRootCredentialsRequest ) ProtoMessage ( ) { }
func ( * RotateRootCredentialsRequest ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 5 }
2019-04-15 15:36:10 +00:00
}
func ( m * RotateRootCredentialsRequest ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_RotateRootCredentialsRequest . Unmarshal ( m , b )
}
func ( m * RotateRootCredentialsRequest ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_RotateRootCredentialsRequest . Marshal ( b , m , deterministic )
}
func ( m * RotateRootCredentialsRequest ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_RotateRootCredentialsRequest . Merge ( m , src )
}
func ( m * RotateRootCredentialsRequest ) XXX_Size ( ) int {
return xxx_messageInfo_RotateRootCredentialsRequest . Size ( m )
}
func ( m * RotateRootCredentialsRequest ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_RotateRootCredentialsRequest . DiscardUnknown ( m )
}
var xxx_messageInfo_RotateRootCredentialsRequest proto . InternalMessageInfo
func ( m * RotateRootCredentialsRequest ) GetStatements ( ) [ ] string {
if m != nil {
return m . Statements
}
return nil
}
type Statements struct {
// DEPRECATED, will be removed in 0.12
CreationStatements string ` protobuf:"bytes,1,opt,name=creation_statements,json=creationStatements,proto3" json:"creation_statements,omitempty" ` // Deprecated: Do not use.
// DEPRECATED, will be removed in 0.12
RevocationStatements string ` protobuf:"bytes,2,opt,name=revocation_statements,json=revocationStatements,proto3" json:"revocation_statements,omitempty" ` // Deprecated: Do not use.
// DEPRECATED, will be removed in 0.12
RollbackStatements string ` protobuf:"bytes,3,opt,name=rollback_statements,json=rollbackStatements,proto3" json:"rollback_statements,omitempty" ` // Deprecated: Do not use.
// DEPRECATED, will be removed in 0.12
RenewStatements string ` protobuf:"bytes,4,opt,name=renew_statements,json=renewStatements,proto3" json:"renew_statements,omitempty" ` // Deprecated: Do not use.
Creation [ ] string ` protobuf:"bytes,5,rep,name=creation,proto3" json:"creation,omitempty" `
Revocation [ ] string ` protobuf:"bytes,6,rep,name=revocation,proto3" json:"revocation,omitempty" `
Rollback [ ] string ` protobuf:"bytes,7,rep,name=rollback,proto3" json:"rollback,omitempty" `
Renewal [ ] string ` protobuf:"bytes,8,rep,name=renewal,proto3" json:"renewal,omitempty" `
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
Rotation [ ] string ` protobuf:"bytes,9,rep,name=rotation,proto3" json:"rotation,omitempty" `
2019-04-15 15:36:10 +00:00
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * Statements ) Reset ( ) { * m = Statements { } }
func ( m * Statements ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * Statements ) ProtoMessage ( ) { }
func ( * Statements ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 6 }
2019-04-15 15:36:10 +00:00
}
func ( m * Statements ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_Statements . Unmarshal ( m , b )
}
func ( m * Statements ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_Statements . Marshal ( b , m , deterministic )
}
func ( m * Statements ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_Statements . Merge ( m , src )
}
func ( m * Statements ) XXX_Size ( ) int {
return xxx_messageInfo_Statements . Size ( m )
}
func ( m * Statements ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_Statements . DiscardUnknown ( m )
}
var xxx_messageInfo_Statements proto . InternalMessageInfo
// Deprecated: Do not use.
func ( m * Statements ) GetCreationStatements ( ) string {
if m != nil {
return m . CreationStatements
}
return ""
}
// Deprecated: Do not use.
func ( m * Statements ) GetRevocationStatements ( ) string {
if m != nil {
return m . RevocationStatements
}
return ""
}
// Deprecated: Do not use.
func ( m * Statements ) GetRollbackStatements ( ) string {
if m != nil {
return m . RollbackStatements
}
return ""
}
// Deprecated: Do not use.
func ( m * Statements ) GetRenewStatements ( ) string {
if m != nil {
return m . RenewStatements
}
return ""
}
func ( m * Statements ) GetCreation ( ) [ ] string {
if m != nil {
return m . Creation
}
return nil
}
func ( m * Statements ) GetRevocation ( ) [ ] string {
if m != nil {
return m . Revocation
}
return nil
}
func ( m * Statements ) GetRollback ( ) [ ] string {
if m != nil {
return m . Rollback
}
return nil
}
func ( m * Statements ) GetRenewal ( ) [ ] string {
if m != nil {
return m . Renewal
}
return nil
}
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
func ( m * Statements ) GetRotation ( ) [ ] string {
if m != nil {
return m . Rotation
}
return nil
}
2019-04-15 15:36:10 +00:00
type UsernameConfig struct {
DisplayName string ` protobuf:"bytes,1,opt,name=DisplayName,proto3" json:"DisplayName,omitempty" `
RoleName string ` protobuf:"bytes,2,opt,name=RoleName,proto3" json:"RoleName,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * UsernameConfig ) Reset ( ) { * m = UsernameConfig { } }
func ( m * UsernameConfig ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * UsernameConfig ) ProtoMessage ( ) { }
func ( * UsernameConfig ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 7 }
2019-04-15 15:36:10 +00:00
}
func ( m * UsernameConfig ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_UsernameConfig . Unmarshal ( m , b )
}
func ( m * UsernameConfig ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_UsernameConfig . Marshal ( b , m , deterministic )
}
func ( m * UsernameConfig ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_UsernameConfig . Merge ( m , src )
}
func ( m * UsernameConfig ) XXX_Size ( ) int {
return xxx_messageInfo_UsernameConfig . Size ( m )
}
func ( m * UsernameConfig ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_UsernameConfig . DiscardUnknown ( m )
}
var xxx_messageInfo_UsernameConfig proto . InternalMessageInfo
func ( m * UsernameConfig ) GetDisplayName ( ) string {
if m != nil {
return m . DisplayName
}
return ""
}
func ( m * UsernameConfig ) GetRoleName ( ) string {
if m != nil {
return m . RoleName
}
return ""
}
type InitResponse struct {
Config [ ] byte ` protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * InitResponse ) Reset ( ) { * m = InitResponse { } }
func ( m * InitResponse ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * InitResponse ) ProtoMessage ( ) { }
func ( * InitResponse ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 8 }
2019-04-15 15:36:10 +00:00
}
func ( m * InitResponse ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_InitResponse . Unmarshal ( m , b )
}
func ( m * InitResponse ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_InitResponse . Marshal ( b , m , deterministic )
}
func ( m * InitResponse ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_InitResponse . Merge ( m , src )
}
func ( m * InitResponse ) XXX_Size ( ) int {
return xxx_messageInfo_InitResponse . Size ( m )
}
func ( m * InitResponse ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_InitResponse . DiscardUnknown ( m )
}
var xxx_messageInfo_InitResponse proto . InternalMessageInfo
func ( m * InitResponse ) GetConfig ( ) [ ] byte {
if m != nil {
return m . Config
}
return nil
}
type CreateUserResponse struct {
Username string ` protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty" `
Password string ` protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * CreateUserResponse ) Reset ( ) { * m = CreateUserResponse { } }
func ( m * CreateUserResponse ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * CreateUserResponse ) ProtoMessage ( ) { }
func ( * CreateUserResponse ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 9 }
2019-04-15 15:36:10 +00:00
}
func ( m * CreateUserResponse ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_CreateUserResponse . Unmarshal ( m , b )
}
func ( m * CreateUserResponse ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_CreateUserResponse . Marshal ( b , m , deterministic )
}
func ( m * CreateUserResponse ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_CreateUserResponse . Merge ( m , src )
}
func ( m * CreateUserResponse ) XXX_Size ( ) int {
return xxx_messageInfo_CreateUserResponse . Size ( m )
}
func ( m * CreateUserResponse ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_CreateUserResponse . DiscardUnknown ( m )
}
var xxx_messageInfo_CreateUserResponse proto . InternalMessageInfo
func ( m * CreateUserResponse ) GetUsername ( ) string {
if m != nil {
return m . Username
}
return ""
}
func ( m * CreateUserResponse ) GetPassword ( ) string {
if m != nil {
return m . Password
}
return ""
}
type TypeResponse struct {
Type string ` protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * TypeResponse ) Reset ( ) { * m = TypeResponse { } }
func ( m * TypeResponse ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * TypeResponse ) ProtoMessage ( ) { }
func ( * TypeResponse ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 10 }
2019-04-15 15:36:10 +00:00
}
func ( m * TypeResponse ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_TypeResponse . Unmarshal ( m , b )
}
func ( m * TypeResponse ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_TypeResponse . Marshal ( b , m , deterministic )
}
func ( m * TypeResponse ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_TypeResponse . Merge ( m , src )
}
func ( m * TypeResponse ) XXX_Size ( ) int {
return xxx_messageInfo_TypeResponse . Size ( m )
}
func ( m * TypeResponse ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_TypeResponse . DiscardUnknown ( m )
}
var xxx_messageInfo_TypeResponse proto . InternalMessageInfo
func ( m * TypeResponse ) GetType ( ) string {
if m != nil {
return m . Type
}
return ""
}
type RotateRootCredentialsResponse struct {
Config [ ] byte ` protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * RotateRootCredentialsResponse ) Reset ( ) { * m = RotateRootCredentialsResponse { } }
func ( m * RotateRootCredentialsResponse ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * RotateRootCredentialsResponse ) ProtoMessage ( ) { }
func ( * RotateRootCredentialsResponse ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 11 }
2019-04-15 15:36:10 +00:00
}
func ( m * RotateRootCredentialsResponse ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_RotateRootCredentialsResponse . Unmarshal ( m , b )
}
func ( m * RotateRootCredentialsResponse ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_RotateRootCredentialsResponse . Marshal ( b , m , deterministic )
}
func ( m * RotateRootCredentialsResponse ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_RotateRootCredentialsResponse . Merge ( m , src )
}
func ( m * RotateRootCredentialsResponse ) XXX_Size ( ) int {
return xxx_messageInfo_RotateRootCredentialsResponse . Size ( m )
}
func ( m * RotateRootCredentialsResponse ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_RotateRootCredentialsResponse . DiscardUnknown ( m )
}
var xxx_messageInfo_RotateRootCredentialsResponse proto . InternalMessageInfo
func ( m * RotateRootCredentialsResponse ) GetConfig ( ) [ ] byte {
if m != nil {
return m . Config
}
return nil
}
type Empty struct {
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * Empty ) Reset ( ) { * m = Empty { } }
func ( m * Empty ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * Empty ) ProtoMessage ( ) { }
func ( * Empty ) Descriptor ( ) ( [ ] byte , [ ] int ) {
2019-04-15 17:38:08 +00:00
return fileDescriptor_cfa445f4444c6876 , [ ] int { 12 }
2019-04-15 15:36:10 +00:00
}
func ( m * Empty ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_Empty . Unmarshal ( m , b )
}
func ( m * Empty ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_Empty . Marshal ( b , m , deterministic )
}
func ( m * Empty ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_Empty . Merge ( m , src )
}
func ( m * Empty ) XXX_Size ( ) int {
return xxx_messageInfo_Empty . Size ( m )
}
func ( m * Empty ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_Empty . DiscardUnknown ( m )
}
var xxx_messageInfo_Empty proto . InternalMessageInfo
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
type GenerateCredentialsResponse struct {
Password string ` protobuf:"bytes,1,opt,name=password,proto3" json:"password,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * GenerateCredentialsResponse ) Reset ( ) { * m = GenerateCredentialsResponse { } }
func ( m * GenerateCredentialsResponse ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * GenerateCredentialsResponse ) ProtoMessage ( ) { }
func ( * GenerateCredentialsResponse ) Descriptor ( ) ( [ ] byte , [ ] int ) {
return fileDescriptor_cfa445f4444c6876 , [ ] int { 13 }
}
func ( m * GenerateCredentialsResponse ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_GenerateCredentialsResponse . Unmarshal ( m , b )
}
func ( m * GenerateCredentialsResponse ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_GenerateCredentialsResponse . Marshal ( b , m , deterministic )
}
func ( m * GenerateCredentialsResponse ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_GenerateCredentialsResponse . Merge ( m , src )
}
func ( m * GenerateCredentialsResponse ) XXX_Size ( ) int {
return xxx_messageInfo_GenerateCredentialsResponse . Size ( m )
}
func ( m * GenerateCredentialsResponse ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_GenerateCredentialsResponse . DiscardUnknown ( m )
}
var xxx_messageInfo_GenerateCredentialsResponse proto . InternalMessageInfo
func ( m * GenerateCredentialsResponse ) GetPassword ( ) string {
if m != nil {
return m . Password
}
return ""
}
type StaticUserConfig struct {
Username string ` protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty" `
Password string ` protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty" `
Create bool ` protobuf:"varint,3,opt,name=create,proto3" json:"create,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * StaticUserConfig ) Reset ( ) { * m = StaticUserConfig { } }
func ( m * StaticUserConfig ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * StaticUserConfig ) ProtoMessage ( ) { }
func ( * StaticUserConfig ) Descriptor ( ) ( [ ] byte , [ ] int ) {
return fileDescriptor_cfa445f4444c6876 , [ ] int { 14 }
}
func ( m * StaticUserConfig ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_StaticUserConfig . Unmarshal ( m , b )
}
func ( m * StaticUserConfig ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_StaticUserConfig . Marshal ( b , m , deterministic )
}
func ( m * StaticUserConfig ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_StaticUserConfig . Merge ( m , src )
}
func ( m * StaticUserConfig ) XXX_Size ( ) int {
return xxx_messageInfo_StaticUserConfig . Size ( m )
}
func ( m * StaticUserConfig ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_StaticUserConfig . DiscardUnknown ( m )
}
var xxx_messageInfo_StaticUserConfig proto . InternalMessageInfo
func ( m * StaticUserConfig ) GetUsername ( ) string {
if m != nil {
return m . Username
}
return ""
}
func ( m * StaticUserConfig ) GetPassword ( ) string {
if m != nil {
return m . Password
}
return ""
}
func ( m * StaticUserConfig ) GetCreate ( ) bool {
if m != nil {
return m . Create
}
return false
}
type SetCredentialsRequest struct {
Statements * Statements ` protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty" `
StaticUserConfig * StaticUserConfig ` protobuf:"bytes,2,opt,name=static_user_config,json=staticUserConfig,proto3" json:"static_user_config,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * SetCredentialsRequest ) Reset ( ) { * m = SetCredentialsRequest { } }
func ( m * SetCredentialsRequest ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * SetCredentialsRequest ) ProtoMessage ( ) { }
func ( * SetCredentialsRequest ) Descriptor ( ) ( [ ] byte , [ ] int ) {
return fileDescriptor_cfa445f4444c6876 , [ ] int { 15 }
}
func ( m * SetCredentialsRequest ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_SetCredentialsRequest . Unmarshal ( m , b )
}
func ( m * SetCredentialsRequest ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_SetCredentialsRequest . Marshal ( b , m , deterministic )
}
func ( m * SetCredentialsRequest ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_SetCredentialsRequest . Merge ( m , src )
}
func ( m * SetCredentialsRequest ) XXX_Size ( ) int {
return xxx_messageInfo_SetCredentialsRequest . Size ( m )
}
func ( m * SetCredentialsRequest ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_SetCredentialsRequest . DiscardUnknown ( m )
}
var xxx_messageInfo_SetCredentialsRequest proto . InternalMessageInfo
func ( m * SetCredentialsRequest ) GetStatements ( ) * Statements {
if m != nil {
return m . Statements
}
return nil
}
func ( m * SetCredentialsRequest ) GetStaticUserConfig ( ) * StaticUserConfig {
if m != nil {
return m . StaticUserConfig
}
return nil
}
type SetCredentialsResponse struct {
Username string ` protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty" `
Password string ` protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty" `
XXX_NoUnkeyedLiteral struct { } ` json:"-" `
XXX_unrecognized [ ] byte ` json:"-" `
XXX_sizecache int32 ` json:"-" `
}
func ( m * SetCredentialsResponse ) Reset ( ) { * m = SetCredentialsResponse { } }
func ( m * SetCredentialsResponse ) String ( ) string { return proto . CompactTextString ( m ) }
func ( * SetCredentialsResponse ) ProtoMessage ( ) { }
func ( * SetCredentialsResponse ) Descriptor ( ) ( [ ] byte , [ ] int ) {
return fileDescriptor_cfa445f4444c6876 , [ ] int { 16 }
}
func ( m * SetCredentialsResponse ) XXX_Unmarshal ( b [ ] byte ) error {
return xxx_messageInfo_SetCredentialsResponse . Unmarshal ( m , b )
}
func ( m * SetCredentialsResponse ) XXX_Marshal ( b [ ] byte , deterministic bool ) ( [ ] byte , error ) {
return xxx_messageInfo_SetCredentialsResponse . Marshal ( b , m , deterministic )
}
func ( m * SetCredentialsResponse ) XXX_Merge ( src proto . Message ) {
xxx_messageInfo_SetCredentialsResponse . Merge ( m , src )
}
func ( m * SetCredentialsResponse ) XXX_Size ( ) int {
return xxx_messageInfo_SetCredentialsResponse . Size ( m )
}
func ( m * SetCredentialsResponse ) XXX_DiscardUnknown ( ) {
xxx_messageInfo_SetCredentialsResponse . DiscardUnknown ( m )
}
var xxx_messageInfo_SetCredentialsResponse proto . InternalMessageInfo
func ( m * SetCredentialsResponse ) GetUsername ( ) string {
if m != nil {
return m . Username
}
return ""
}
func ( m * SetCredentialsResponse ) GetPassword ( ) string {
if m != nil {
return m . Password
}
return ""
}
2019-04-15 15:36:10 +00:00
func init ( ) {
proto . RegisterType ( ( * InitializeRequest ) ( nil ) , "dbplugin.InitializeRequest" )
proto . RegisterType ( ( * InitRequest ) ( nil ) , "dbplugin.InitRequest" )
proto . RegisterType ( ( * CreateUserRequest ) ( nil ) , "dbplugin.CreateUserRequest" )
proto . RegisterType ( ( * RenewUserRequest ) ( nil ) , "dbplugin.RenewUserRequest" )
proto . RegisterType ( ( * RevokeUserRequest ) ( nil ) , "dbplugin.RevokeUserRequest" )
proto . RegisterType ( ( * RotateRootCredentialsRequest ) ( nil ) , "dbplugin.RotateRootCredentialsRequest" )
proto . RegisterType ( ( * Statements ) ( nil ) , "dbplugin.Statements" )
proto . RegisterType ( ( * UsernameConfig ) ( nil ) , "dbplugin.UsernameConfig" )
proto . RegisterType ( ( * InitResponse ) ( nil ) , "dbplugin.InitResponse" )
proto . RegisterType ( ( * CreateUserResponse ) ( nil ) , "dbplugin.CreateUserResponse" )
proto . RegisterType ( ( * TypeResponse ) ( nil ) , "dbplugin.TypeResponse" )
proto . RegisterType ( ( * RotateRootCredentialsResponse ) ( nil ) , "dbplugin.RotateRootCredentialsResponse" )
proto . RegisterType ( ( * Empty ) ( nil ) , "dbplugin.Empty" )
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
proto . RegisterType ( ( * GenerateCredentialsResponse ) ( nil ) , "dbplugin.GenerateCredentialsResponse" )
proto . RegisterType ( ( * StaticUserConfig ) ( nil ) , "dbplugin.StaticUserConfig" )
proto . RegisterType ( ( * SetCredentialsRequest ) ( nil ) , "dbplugin.SetCredentialsRequest" )
proto . RegisterType ( ( * SetCredentialsResponse ) ( nil ) , "dbplugin.SetCredentialsResponse" )
2019-04-15 15:36:10 +00:00
}
2019-04-15 17:38:08 +00:00
func init ( ) {
proto . RegisterFile ( "sdk/database/dbplugin/database.proto" , fileDescriptor_cfa445f4444c6876 )
}
var fileDescriptor_cfa445f4444c6876 = [ ] byte {
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
// 839 bytes of a gzipped FileDescriptorProto
0x1f , 0x8b , 0x08 , 0x00 , 0x00 , 0x00 , 0x00 , 0x00 , 0x02 , 0xff , 0xb4 , 0x56 , 0xdd , 0x8e , 0xdb , 0x44 ,
0x14 , 0x96 , 0xf3 , 0xb3 , 0x9b , 0x9c , 0x5d , 0xed , 0x26 , 0xd3 , 0x66 , 0x65 , 0xb9 , 0x85 , 0x46 , 0x23 ,
0x28 , 0x8b , 0x10 , 0x31 , 0xda , 0x82 , 0x0a , 0xbd , 0x00 , 0xd1 , 0x14 , 0x15 , 0x24 , 0x58 , 0xa1 , 0x49 ,
0x7b , 0x83 , 0x90 , 0xa2 , 0x89 , 0x33 , 0x9b , 0x58 , 0xeb , 0x78 , 0x8c , 0x67 , 0x92 , 0x12 , 0x9e , 0x80 ,
0x37 , 0xe0 , 0x96 , 0x7b , 0x5e , 0x84 , 0x87 , 0xe1 , 0x21 , 0x90 , 0xc7 , 0x1e , 0x7b , 0xfc , 0xb3 , 0xad ,
0xd4 , 0x85 , 0x3b , 0x9f , 0x39 , 0xe7 , 0x3b , 0xf3 , 0x9d , 0x5f , 0x0f , 0xbc , 0x27 , 0x96 , 0xd7 , 0xee ,
0x92 , 0x4a , 0xba , 0xa0 , 0x82 , 0xb9 , 0xcb , 0x45 , 0x14 , 0x6c , 0x57 , 0x7e , 0x98 , 0x9f , 0x4c , 0xa2 ,
0x98 , 0x4b , 0x8e , 0x7a , 0x5a , 0xe1 , 0x3c , 0x58 , 0x71 , 0xbe , 0x0a , 0x98 , 0xab , 0xce , 0x17 , 0xdb ,
0x2b , 0x57 , 0xfa , 0x1b , 0x26 , 0x24 , 0xdd , 0x44 , 0xa9 , 0x29 , 0xfe , 0x19 , 0x86 , 0xdf , 0x85 , 0xbe ,
0xf4 , 0x69 , 0xe0 , 0xff , 0xc6 , 0x08 , 0xfb , 0x65 , 0xcb , 0x84 , 0x44 , 0x67 , 0x70 , 0xe0 , 0xf1 , 0xf0 ,
0xca , 0x5f , 0xd9 , 0xd6 , 0xd8 , 0x3a , 0x3f , 0x26 , 0x99 , 0x84 , 0x3e , 0x82 , 0xe1 , 0x8e , 0xc5 , 0xfe ,
0xd5 , 0x7e , 0xee , 0xf1 , 0x30 , 0x64 , 0x9e , 0xf4 , 0x79 , 0x68 , 0xb7 , 0xc6 , 0xd6 , 0x79 , 0x8f , 0x0c ,
0x52 , 0xc5 , 0x34 , 0x3f , 0x7f , 0xd2 , 0xb2 , 0x2d , 0x4c , 0xe0 , 0x28 , 0xf1 , 0xfe , 0x5f , 0xfa , 0xc5 ,
0x7f , 0x5b , 0x30 , 0x9c , 0xc6 , 0x8c , 0x4a , 0xf6 , 0x52 , 0xb0 , 0x58 , 0xbb , 0xfe , 0x14 , 0x40 , 0x48 ,
0x2a , 0xd9 , 0x86 , 0x85 , 0x52 , 0x28 , 0xf7 , 0x47 , 0x17 , 0x77 , 0x27 , 0x3a , 0x0f , 0x93 , 0x59 , 0xae ,
0x23 , 0x86 , 0x1d , 0xfa , 0x1a , 0x4e , 0xb7 , 0x82 , 0xc5 , 0x21 , 0xdd , 0xb0 , 0x79 , 0xc6 , 0xac , 0xa5 ,
0xa0 , 0x76 , 0x01 , 0x7d , 0x99 , 0x19 , 0x4c , 0x95 , 0x9e , 0x9c , 0x6c , 0x4b , 0x32 , 0x7a , 0x02 , 0xc0 ,
0x7e , 0x8d , 0xfc , 0x98 , 0x2a , 0xd2 , 0x6d , 0x85 , 0x76 , 0x26 , 0x69 , 0xda , 0x27 , 0x3a , 0xed , 0x93 ,
0x17 , 0x3a , 0xed , 0xc4 , 0xb0 , 0xc6 , 0x7f , 0x5a , 0x30 , 0x20 , 0x2c , 0x64 , 0xaf , 0x6e , 0x1f , 0x89 ,
0x03 , 0x3d , 0x4d , 0x4c , 0x85 , 0xd0 , 0x27 , 0xb9 , 0x7c , 0x2b , 0x8a , 0x0c , 0x86 , 0x84 , 0xed , 0xf8 ,
0x35 , 0xfb , 0x5f , 0x29 , 0xe2 , 0x2f , 0xe1 , 0x3e , 0xe1 , 0x89 , 0x29 , 0xe1 , 0x5c , 0x4e , 0x63 , 0xb6 ,
0x64 , 0x61 , 0xd2 , 0x93 , 0x42 , 0xdf , 0xf8 , 0x6e , 0xe5 , 0xc6 , 0xf6 , 0x79 , 0xdf , 0xf4 , 0x8d , 0xff ,
0x69 , 0x01 , 0x14 , 0xd7 , 0xa2 , 0x47 , 0x70 , 0xc7 , 0x4b , 0x5a , 0xc4 , 0xe7 , 0xe1 , 0xbc , 0xc2 , 0xb4 ,
0xff , 0xb4 , 0x65 , 0x5b , 0x04 , 0x69 , 0xb5 , 0x01 , 0x7a , 0x0c , 0xa3 , 0x98 , 0xed , 0xb8 , 0x57 , 0x83 ,
0xb5 , 0x72 , 0xd8 , 0xdd , 0xc2 , 0xa0 , 0x7c , 0x5b , 0xcc , 0x83 , 0x60 , 0x41 , 0xbd , 0x6b , 0x13 , 0xd6 ,
0x2e , 0x6e , 0xd3 , 0x6a , 0x03 , 0xf4 , 0x31 , 0x0c , 0xe2 , 0xa4 , 0xf4 , 0x26 , 0xa2 , 0x93 , 0x23 , 0x4e ,
0x95 , 0x6e , 0x56 , 0x4a , 0x9e , 0xa6 , 0x6c , 0x77 , 0x55 , 0xf8 , 0xb9 , 0x9c , 0x24 , 0xa7 , 0xe0 , 0x65 ,
0x1f , 0xa4 , 0xc9 , 0x29 , 0x4e , 0x12 , 0xac , 0x26 , 0x60 , 0x1f , 0xa6 , 0x58 , 0x2d , 0x23 , 0x1b , 0x0e ,
0xd5 , 0x55 , 0x34 , 0xb0 , 0x7b , 0x4a , 0xa5 , 0xc5 , 0x14 , 0x25 , 0x53 , 0x9f , 0x7d , 0x8d , 0x4a , 0x65 ,
0x7c , 0x09 , 0x27 , 0xe5 , 0xb1 , 0x40 , 0x63 , 0x38 , 0x7a , 0xe6 , 0x8b , 0x28 , 0xa0 , 0xfb , 0xcb , 0xa4 ,
0xbe , 0x2a , 0xd3 , 0xc4 , 0x3c , 0x4a , 0xfc , 0x11 , 0x1e , 0xb0 , 0x4b , 0xa3 , 0xfc , 0x5a , 0xc6 , 0x0f ,
0xe1 , 0x38 , 0xdd , 0x13 , 0x22 , 0xe2 , 0xa1 , 0x60 , 0x37 , 0x2d , 0x0a , 0xfc , 0x3d , 0x20 , 0x73 , 0xf4 ,
0x33 , 0x6b , 0xb3 , 0xb1 , 0xac , 0x4a , 0xef , 0x3b , 0xd0 , 0x8b , 0xa8 , 0x10 , 0xaf , 0x78 , 0xbc , 0xd4 ,
0xb7 , 0x6a , 0x19 , 0x63 , 0x38 , 0x7e , 0xb1 , 0x8f , 0x58 , 0xee , 0x07 , 0x41 , 0x47 , 0xee , 0x23 , 0xed ,
0x43 , 0x7d , 0xe3 , 0xc7 , 0xf0 , 0xce , 0x0d , 0x8d , 0xf9 , 0x06 , 0xaa , 0x87 , 0xd0 , 0xfd , 0x66 , 0x13 ,
0xc9 , 0x3d , 0xfe , 0x02 , 0xee , 0x3d , 0x67 , 0x21 , 0x8b , 0xa9 , 0x64 , 0x4d , 0x78 , 0x93 , 0xa0 , 0x55 ,
0x21 , 0xb8 , 0x80 , 0x41 , 0xd2 , 0x02 , 0xbe , 0x97 , 0x84 , 0x9b , 0x25 , 0xfa , 0x2d , 0x83 , 0x55 , 0x3c ,
0x55 , 0xea , 0x54 , 0x5f , 0xf6 , 0x48 , 0x26 , 0xe1 , 0x3f , 0x2c , 0x18 , 0xcd , 0x58 , 0xd3 , 0xcc , 0xbd ,
0xdd , 0x94 , 0x7f , 0x0b , 0x48 , 0x28 , 0xce , 0xf3 , 0x84 , 0x56 , 0x79 , 0xab , 0x3a , 0x65 , 0xb4 , 0x19 ,
0x17 , 0x19 , 0x88 , 0xca , 0x09 , 0xfe , 0x11 , 0xce , 0xaa , 0xc4 , 0x6e , 0x57 , 0xf0 , 0x8b , 0xbf , 0xba ,
0xd0 , 0x7b , 0x96 , 0xfd , 0x2a , 0x91 , 0x0b , 0x9d , 0xa4 , 0xfa , 0xe8 , 0xb4 , 0x20 , 0xa5 , 0x0a , 0xe6 ,
0x9c , 0x15 , 0x07 , 0xa5 , 0xf6 , 0x78 , 0x0e , 0x50 , 0x34 , 0x1f , 0xba , 0x57 , 0x58 , 0xd5 , 0xfe , 0x46 ,
0xce , 0xfd , 0x66 , 0x65 , 0xe6 , 0xe8 , 0x73 , 0xe8 , 0xe7 , 0x5b , 0x1f , 0x19 , 0x39 , 0xa9 , 0xfe , 0x0a ,
0x9c , 0x2a , 0xb5 , 0x64 , 0x93 , 0x17 , 0xdb , 0xd8 , 0xa4 , 0x50 , 0xdb , 0xd1 , 0x75 , 0xec , 0x1a , 0x46 ,
0x8d , 0x9d , 0x8c , 0x1e , 0x1a , 0x6e , 0x5e , 0xb3 , 0x83 , 0x9d , 0x0f , 0xde , 0x68 , 0x97 , 0xc5 , 0xf7 ,
0x19 , 0x74 , 0x92 , 0x69 , 0x46 , 0xa3 , 0x02 , 0x60 , 0xbc , 0x02 , 0xcc , 0xfc , 0x96 , 0x86 , 0xfe , 0x43 ,
0xe8 , 0x4e , 0x03 , 0x2e , 0x1a , 0x2a , 0x52 , 0x8b , 0x65 , 0x06 , 0x27 , 0xe5 , 0xd6 , 0x40 , 0x0f , 0x8c ,
0xd6 , 0x6a , 0xea , 0x66 , 0x67 , 0x7c , 0xb3 , 0x41 , 0x76 , 0xff , 0x0f , 0x70 , 0xa7 , 0x61 , 0x50 , 0xeb ,
0x6c , 0xde , 0x2f , 0x0e , 0x5e , 0x37 , 0xd8 , 0x5f , 0x01 , 0x14 , 0x2f , 0x2b , 0xb3 , 0x56 , 0xb5 , 0xf7 ,
0x56 , 0x2d , 0x3e , 0xdc , 0xfe , 0xbd , 0x65 , 0x3d , 0xbd , 0xf8 , 0xe9 , 0x93 , 0x95 , 0x2f , 0xd7 , 0xdb ,
0xc5 , 0xc4 , 0xe3 , 0x1b , 0x77 , 0x4d , 0xc5 , 0xda , 0xf7 , 0x78 , 0x1c , 0xb9 , 0x3b , 0xba , 0x0d , 0xa4 ,
0xdb , 0xf8 , 0x10 , 0x5c , 0x1c , 0xa8 , 0xdf , 0xf9 , 0xa3 , 0x7f , 0x03 , 0x00 , 0x00 , 0xff , 0xff , 0xf7 ,
0xf5 , 0x87 , 0x73 , 0x28 , 0x0a , 0x00 , 0x00 ,
2019-04-15 15:36:10 +00:00
}
// Reference imports to suppress errors if they are not otherwise used.
var _ context . Context
var _ grpc . ClientConn
// This is a compile-time assertion to ensure that this generated file
// is compatible with the grpc package it is being compiled against.
const _ = grpc . SupportPackageIsVersion4
// DatabaseClient is the client API for Database service.
//
// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
type DatabaseClient interface {
Type ( ctx context . Context , in * Empty , opts ... grpc . CallOption ) ( * TypeResponse , error )
CreateUser ( ctx context . Context , in * CreateUserRequest , opts ... grpc . CallOption ) ( * CreateUserResponse , error )
RenewUser ( ctx context . Context , in * RenewUserRequest , opts ... grpc . CallOption ) ( * Empty , error )
RevokeUser ( ctx context . Context , in * RevokeUserRequest , opts ... grpc . CallOption ) ( * Empty , error )
RotateRootCredentials ( ctx context . Context , in * RotateRootCredentialsRequest , opts ... grpc . CallOption ) ( * RotateRootCredentialsResponse , error )
Init ( ctx context . Context , in * InitRequest , opts ... grpc . CallOption ) ( * InitResponse , error )
Close ( ctx context . Context , in * Empty , opts ... grpc . CallOption ) ( * Empty , error )
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
SetCredentials ( ctx context . Context , in * SetCredentialsRequest , opts ... grpc . CallOption ) ( * SetCredentialsResponse , error )
GenerateCredentials ( ctx context . Context , in * Empty , opts ... grpc . CallOption ) ( * GenerateCredentialsResponse , error )
2020-02-14 21:00:33 +00:00
//
// Deprecated: Do not use.
2019-04-15 15:36:10 +00:00
Initialize ( ctx context . Context , in * InitializeRequest , opts ... grpc . CallOption ) ( * Empty , error )
}
type databaseClient struct {
cc * grpc . ClientConn
}
func NewDatabaseClient ( cc * grpc . ClientConn ) DatabaseClient {
return & databaseClient { cc }
}
func ( c * databaseClient ) Type ( ctx context . Context , in * Empty , opts ... grpc . CallOption ) ( * TypeResponse , error ) {
out := new ( TypeResponse )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/Type" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
func ( c * databaseClient ) CreateUser ( ctx context . Context , in * CreateUserRequest , opts ... grpc . CallOption ) ( * CreateUserResponse , error ) {
out := new ( CreateUserResponse )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/CreateUser" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
func ( c * databaseClient ) RenewUser ( ctx context . Context , in * RenewUserRequest , opts ... grpc . CallOption ) ( * Empty , error ) {
out := new ( Empty )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/RenewUser" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
func ( c * databaseClient ) RevokeUser ( ctx context . Context , in * RevokeUserRequest , opts ... grpc . CallOption ) ( * Empty , error ) {
out := new ( Empty )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/RevokeUser" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
func ( c * databaseClient ) RotateRootCredentials ( ctx context . Context , in * RotateRootCredentialsRequest , opts ... grpc . CallOption ) ( * RotateRootCredentialsResponse , error ) {
out := new ( RotateRootCredentialsResponse )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/RotateRootCredentials" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
func ( c * databaseClient ) Init ( ctx context . Context , in * InitRequest , opts ... grpc . CallOption ) ( * InitResponse , error ) {
out := new ( InitResponse )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/Init" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
func ( c * databaseClient ) Close ( ctx context . Context , in * Empty , opts ... grpc . CallOption ) ( * Empty , error ) {
out := new ( Empty )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/Close" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
func ( c * databaseClient ) SetCredentials ( ctx context . Context , in * SetCredentialsRequest , opts ... grpc . CallOption ) ( * SetCredentialsResponse , error ) {
out := new ( SetCredentialsResponse )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/SetCredentials" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
func ( c * databaseClient ) GenerateCredentials ( ctx context . Context , in * Empty , opts ... grpc . CallOption ) ( * GenerateCredentialsResponse , error ) {
out := new ( GenerateCredentialsResponse )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/GenerateCredentials" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
2019-04-15 15:36:10 +00:00
// Deprecated: Do not use.
func ( c * databaseClient ) Initialize ( ctx context . Context , in * InitializeRequest , opts ... grpc . CallOption ) ( * Empty , error ) {
out := new ( Empty )
err := c . cc . Invoke ( ctx , "/dbplugin.Database/Initialize" , in , out , opts ... )
if err != nil {
return nil , err
}
return out , nil
}
// DatabaseServer is the server API for Database service.
type DatabaseServer interface {
Type ( context . Context , * Empty ) ( * TypeResponse , error )
CreateUser ( context . Context , * CreateUserRequest ) ( * CreateUserResponse , error )
RenewUser ( context . Context , * RenewUserRequest ) ( * Empty , error )
RevokeUser ( context . Context , * RevokeUserRequest ) ( * Empty , error )
RotateRootCredentials ( context . Context , * RotateRootCredentialsRequest ) ( * RotateRootCredentialsResponse , error )
Init ( context . Context , * InitRequest ) ( * InitResponse , error )
Close ( context . Context , * Empty ) ( * Empty , error )
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
SetCredentials ( context . Context , * SetCredentialsRequest ) ( * SetCredentialsResponse , error )
GenerateCredentials ( context . Context , * Empty ) ( * GenerateCredentialsResponse , error )
2020-02-14 21:00:33 +00:00
//
// Deprecated: Do not use.
2019-04-15 15:36:10 +00:00
Initialize ( context . Context , * InitializeRequest ) ( * Empty , error )
}
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
// UnimplementedDatabaseServer can be embedded to have forward compatible implementations.
type UnimplementedDatabaseServer struct {
}
func ( * UnimplementedDatabaseServer ) Type ( ctx context . Context , req * Empty ) ( * TypeResponse , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method Type not implemented" )
}
func ( * UnimplementedDatabaseServer ) CreateUser ( ctx context . Context , req * CreateUserRequest ) ( * CreateUserResponse , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method CreateUser not implemented" )
}
func ( * UnimplementedDatabaseServer ) RenewUser ( ctx context . Context , req * RenewUserRequest ) ( * Empty , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method RenewUser not implemented" )
}
func ( * UnimplementedDatabaseServer ) RevokeUser ( ctx context . Context , req * RevokeUserRequest ) ( * Empty , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method RevokeUser not implemented" )
}
func ( * UnimplementedDatabaseServer ) RotateRootCredentials ( ctx context . Context , req * RotateRootCredentialsRequest ) ( * RotateRootCredentialsResponse , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method RotateRootCredentials not implemented" )
}
func ( * UnimplementedDatabaseServer ) Init ( ctx context . Context , req * InitRequest ) ( * InitResponse , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method Init not implemented" )
}
func ( * UnimplementedDatabaseServer ) Close ( ctx context . Context , req * Empty ) ( * Empty , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method Close not implemented" )
}
func ( * UnimplementedDatabaseServer ) SetCredentials ( ctx context . Context , req * SetCredentialsRequest ) ( * SetCredentialsResponse , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method SetCredentials not implemented" )
}
func ( * UnimplementedDatabaseServer ) GenerateCredentials ( ctx context . Context , req * Empty ) ( * GenerateCredentialsResponse , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method GenerateCredentials not implemented" )
}
func ( * UnimplementedDatabaseServer ) Initialize ( ctx context . Context , req * InitializeRequest ) ( * Empty , error ) {
return nil , status . Errorf ( codes . Unimplemented , "method Initialize not implemented" )
}
2019-04-15 15:36:10 +00:00
func RegisterDatabaseServer ( s * grpc . Server , srv DatabaseServer ) {
s . RegisterService ( & _Database_serviceDesc , srv )
}
func _Database_Type_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( Empty )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . Type ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/Type" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . Type ( ctx , req . ( * Empty ) )
}
return interceptor ( ctx , in , info , handler )
}
func _Database_CreateUser_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( CreateUserRequest )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . CreateUser ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/CreateUser" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . CreateUser ( ctx , req . ( * CreateUserRequest ) )
}
return interceptor ( ctx , in , info , handler )
}
func _Database_RenewUser_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( RenewUserRequest )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . RenewUser ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/RenewUser" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . RenewUser ( ctx , req . ( * RenewUserRequest ) )
}
return interceptor ( ctx , in , info , handler )
}
func _Database_RevokeUser_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( RevokeUserRequest )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . RevokeUser ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/RevokeUser" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . RevokeUser ( ctx , req . ( * RevokeUserRequest ) )
}
return interceptor ( ctx , in , info , handler )
}
func _Database_RotateRootCredentials_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( RotateRootCredentialsRequest )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . RotateRootCredentials ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/RotateRootCredentials" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . RotateRootCredentials ( ctx , req . ( * RotateRootCredentialsRequest ) )
}
return interceptor ( ctx , in , info , handler )
}
func _Database_Init_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( InitRequest )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . Init ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/Init" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . Init ( ctx , req . ( * InitRequest ) )
}
return interceptor ( ctx , in , info , handler )
}
func _Database_Close_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( Empty )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . Close ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/Close" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . Close ( ctx , req . ( * Empty ) )
}
return interceptor ( ctx , in , info , handler )
}
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
func _Database_SetCredentials_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( SetCredentialsRequest )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . SetCredentials ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/SetCredentials" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . SetCredentials ( ctx , req . ( * SetCredentialsRequest ) )
}
return interceptor ( ctx , in , info , handler )
}
func _Database_GenerateCredentials_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( Empty )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . GenerateCredentials ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/GenerateCredentials" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . GenerateCredentials ( ctx , req . ( * Empty ) )
}
return interceptor ( ctx , in , info , handler )
}
2019-04-15 15:36:10 +00:00
func _Database_Initialize_Handler ( srv interface { } , ctx context . Context , dec func ( interface { } ) error , interceptor grpc . UnaryServerInterceptor ) ( interface { } , error ) {
in := new ( InitializeRequest )
if err := dec ( in ) ; err != nil {
return nil , err
}
if interceptor == nil {
return srv . ( DatabaseServer ) . Initialize ( ctx , in )
}
info := & grpc . UnaryServerInfo {
Server : srv ,
FullMethod : "/dbplugin.Database/Initialize" ,
}
handler := func ( ctx context . Context , req interface { } ) ( interface { } , error ) {
return srv . ( DatabaseServer ) . Initialize ( ctx , req . ( * InitializeRequest ) )
}
return interceptor ( ctx , in , info , handler )
}
var _Database_serviceDesc = grpc . ServiceDesc {
ServiceName : "dbplugin.Database" ,
HandlerType : ( * DatabaseServer ) ( nil ) ,
Methods : [ ] grpc . MethodDesc {
{
MethodName : "Type" ,
Handler : _Database_Type_Handler ,
} ,
{
MethodName : "CreateUser" ,
Handler : _Database_CreateUser_Handler ,
} ,
{
MethodName : "RenewUser" ,
Handler : _Database_RenewUser_Handler ,
} ,
{
MethodName : "RevokeUser" ,
Handler : _Database_RevokeUser_Handler ,
} ,
{
MethodName : "RotateRootCredentials" ,
Handler : _Database_RotateRootCredentials_Handler ,
} ,
{
MethodName : "Init" ,
Handler : _Database_Init_Handler ,
} ,
{
MethodName : "Close" ,
Handler : _Database_Close_Handler ,
} ,
Combined Database Backend: Static Accounts (#6834)
* Add priority queue to sdk
* fix issue of storing pointers and now copy
* update to use copy structure
* Remove file, put Item struct def. into other file
* add link
* clean up docs
* refactor internal data structure to hide heap method implementations. Other cleanup after feedback
* rename PushItem and PopItem to just Push/Pop, after encapsulating the heap methods
* updates after feedback
* refactoring/renaming
* guard against pushing a nil item
* minor updates after feedback
* Add SetCredentials, GenerateCredentials gRPC methods to combined database backend gPRC
* Initial Combined database backend implementation of static accounts and automatic rotation
* vendor updates
* initial implementation of static accounts with Combined database backend, starting with PostgreSQL implementation
* add lock and setup of rotation queue
* vendor the queue
* rebase on new method signature of queue
* remove mongo tests for now
* update default role sql
* gofmt after rebase
* cleanup after rebasing to remove checks for ErrNotFound error
* rebase cdcr-priority-queue
* vendor dependencies with 'go mod vendor'
* website database docs for Static Role support
* document the rotate-role API endpoint
* postgres specific static role docs
* use constants for paths
* updates from review
* remove dead code
* combine and clarify error message for older plugins
* Update builtin/logical/database/backend.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups from feedback
* code and comment cleanups
* move db.RLock higher to protect db.GenerateCredentials call
* Return output with WALID if we failed to delete the WAL
* Update builtin/logical/database/path_creds_create.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* updates after running 'make fmt'
* update after running 'make proto'
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update comment and remove and rearrange some dead code
* Update website/source/api/secret/databases/index.html.md
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* cleanups after review
* Update sdk/database/dbplugin/grpc_transport.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* code cleanup after feedback
* remove PasswordLastSet; it's not used
* document GenerateCredentials and SetCredentials
* Update builtin/logical/database/path_rotate_credentials.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* wrap pop and popbykey in backend methods to protect against nil cred rotation queue
* use strings.HasPrefix instead of direct equality check for path
* Forgot to commit this
* updates after feedback
* re-purpose an outdated test to now check that static and dynamic roles cannot share a name
* check for unique name across dynamic and static roles
* refactor loadStaticWALs to return a map of name/setCredentialsWAL struct to consolidate where we're calling set credentials
* remove commented out code
* refactor to have loadstaticwals filter out wals for roles that no longer exist
* return error if nil input given
* add nil check for input into setStaticAccount
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* add constant for queue tick time in seconds, used for comparrison in updates
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Jim Kalafut <jim@kalafut.net>
* code cleanup after review
* remove misplaced code comment
* remove commented out code
* create a queue in the Factory method, even if it's never used
* update path_roles to use a common set of fields, with specific overrides for dynamic/static roles by type
* document new method
* move rotation things into a specific file
* rename test file and consolidate some static account tests
* Update builtin/logical/database/path_roles.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* Update builtin/logical/database/rotation.go
Co-Authored-By: Brian Kassouf <briankassouf@users.noreply.github.com>
* update code comments, method names, and move more methods into rotation.go
* update comments to be capitalized
* remove the item from the queue before we try to destroy it
* findStaticWAL returns an error
* use lowercase keys when encoding WAL entries
* small cleanups
* remove vestigial static account check
* remove redundant DeleteWAL call in populate queue
* if we error on loading role, push back to queue with 10 second backoff
* poll in initqueue to make sure the backend is setup and can write/delete data
* add revoke_user_on_delete flag to allow users to opt-in to revoking the static database user on delete of the Vault role. Default false
* add code comments on read-only loop
* code comment updates
* re-push if error returned from find static wal
* add locksutil and acquire locks when pop'ing from the queue
* grab exclusive locks for updating static roles
* Add SetCredentials and GenerateCredentials stubs to mockPlugin
* add a switch in initQueue to listen for cancelation
* remove guard on zero time, it should have no affect
* create a new context in Factory to pass on and use for closing the backend queue
* restore master copy of vendor dir
2019-06-19 19:45:39 +00:00
{
MethodName : "SetCredentials" ,
Handler : _Database_SetCredentials_Handler ,
} ,
{
MethodName : "GenerateCredentials" ,
Handler : _Database_GenerateCredentials_Handler ,
} ,
2019-04-15 15:36:10 +00:00
{
MethodName : "Initialize" ,
Handler : _Database_Initialize_Handler ,
} ,
} ,
Streams : [ ] grpc . StreamDesc { } ,
2019-04-15 16:14:20 +00:00
Metadata : "sdk/database/dbplugin/database.proto" ,
2019-04-15 15:36:10 +00:00
}
