open-vault/vault/mount_util.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

//go:build !enterprise

package vault

import (
	"context"
	"path"

	"github.com/hashicorp/vault/helper/namespace"
	"github.com/hashicorp/vault/sdk/logical"
)

func addPathCheckers(c *Core, entry *MountEntry, backend logical.Backend, viewPath string) {
	c.addBackendWriteForwardedPaths(backend, viewPath)
}

func removePathCheckers(c *Core, entry *MountEntry, viewPath string) {
	c.writeForwardedPaths.RemovePathPrefix(viewPath)
}

func addAuditPathChecker(*Core, *MountEntry, *BarrierView, string)            {}
func removeAuditPathChecker(*Core, *MountEntry)                               {}
func addFilterablePath(*Core, string)                                         {}
func preprocessMount(*Core, *MountEntry, *BarrierView) (bool, error)          { return false, nil }
func clearIgnoredPaths(context.Context, *Core, logical.Backend, string) error { return nil }
func addLicenseCallback(*Core, logical.Backend)                               {}
func runFilteredPathsEvaluation(context.Context, *Core) error                 { return nil }

// ViewPath returns storage prefix for the view
func (e *MountEntry) ViewPath() string {
	switch e.Type {
	case systemMountType:
		return systemBarrierPrefix
	case "token":
		return path.Join(systemBarrierPrefix, tokenSubPath) + "/"
	}

	switch e.Table {
	case mountTableType:
		return backendBarrierPrefix + e.UUID + "/"
	case credentialTableType:
		return credentialBarrierPrefix + e.UUID + "/"
	case auditTableType:
		return auditBarrierPrefix + e.UUID + "/"
	}

	panic("invalid mount entry")
}

func verifyNamespace(*Core, *namespace.Namespace, *MountEntry) error { return nil }

// mountEntrySysView creates a logical.SystemView from global and
// mount-specific entries; because this should be called when setting
// up a mountEntry, it doesn't check to ensure that me is not nil
func (c *Core) mountEntrySysView(entry *MountEntry) extendedSystemView {
	return extendedSystemViewImpl{
		dynamicSystemView{
			core:        c,
			mountEntry:  entry,
			perfStandby: c.perfStandby,
		},
	}
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

Convert to Go 1.17 go:build directive (#13579) 2022-01-05 18:02:03 +00:00			`//go:build !enterprise`
The big one (#5346) 2018-09-18 03:03:00 +00:00
			`package vault`

			`import (`
			`"context"`
			`"path"`

			`"github.com/hashicorp/vault/helper/namespace"`
Create sdk/ and api/ submodules (#6583) 2019-04-12 21:54:35 +00:00			`"github.com/hashicorp/vault/sdk/logical"`
The big one (#5346) 2018-09-18 03:03:00 +00:00			`)`

Add path based primary write forwarding (PBPWF) - OSS (#18735) * Add WriteForwardedStorage to sdk's plugin, logical in OSS This should allow backends to specify paths to forward write (storage.Put(...) and storage.Delete(...)) operations for. Notably, these semantics are subject to change and shouldn't yet be relied on. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Collect paths for write forwarding in OSS This adds a path manager to Core, allowing tracking across all Vault versions of paths which could use write forwarding if available. In particular, even on OSS offerings, we'll need to template {{clusterId}} into the paths, in the event of later upgrading to Enterprise. If we didn't, we'd end up writing paths which will no longer be accessible post-migration, due to write forwarding now replacing the sentinel with the actual cluster identifier. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add forwarded writer implementation to OSS Here, for paths given to us, we determine if we need to do cluster translation and perform local writing. This is the OSS variant. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Wire up mount-specific request forwarding in OSS Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Clarify that state lock needs to be held to call HAState in OSS Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Move cluster sentinel constant to sdk/logical Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Expose ClusterID to Plugins via SystemView This will let plugins learn what the Cluster's ID is, without having to resort to hacks like writing a random string to its cluster-prefixed namespace and then reading it once it has replicated. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add GRPC ClusterID implementation For any external plugins which wish to use it. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> 2023-01-20 21:36:18 +00:00			`func addPathCheckers(c Core, entry MountEntry, backend logical.Backend, viewPath string) {`
			`c.addBackendWriteForwardedPaths(backend, viewPath)`
			`}`

			`func removePathCheckers(c Core, entry MountEntry, viewPath string) {`
			`c.writeForwardedPaths.RemovePathPrefix(viewPath)`
			`}`

The big one (#5346) 2018-09-18 03:03:00 +00:00			`func addAuditPathChecker(Core, MountEntry, *BarrierView, string) {}`
			`func removeAuditPathChecker(Core, MountEntry) {}`
			`func addFilterablePath(*Core, string) {}`
			`func preprocessMount(Core, MountEntry, *BarrierView) (bool, error) { return false, nil }`
			`func clearIgnoredPaths(context.Context, *Core, logical.Backend, string) error { return nil }`
Add new license callback init step for logical backends. (#6887) 2019-06-17 18:11:35 +00:00			`func addLicenseCallback(*Core, logical.Backend) {}`
Port filtered paths changes back to OSS (#7741) * Port filtered paths changes back to OSS * Fix build 2019-10-27 20:30:38 +00:00			`func runFilteredPathsEvaluation(context.Context, *Core) error { return nil }`
The big one (#5346) 2018-09-18 03:03:00 +00:00
			`// ViewPath returns storage prefix for the view`
			`func (e *MountEntry) ViewPath() string {`
			`switch e.Type {`
			`case systemMountType:`
			`return systemBarrierPrefix`
			`case "token":`
			`return path.Join(systemBarrierPrefix, tokenSubPath) + "/"`
			`}`

			`switch e.Table {`
			`case mountTableType:`
			`return backendBarrierPrefix + e.UUID + "/"`
			`case credentialTableType:`
			`return credentialBarrierPrefix + e.UUID + "/"`
			`case auditTableType:`
			`return auditBarrierPrefix + e.UUID + "/"`
			`}`

			`panic("invalid mount entry")`
			`}`

			`func verifyNamespace(Core, namespace.Namespace, *MountEntry) error { return nil }`
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable 2019-10-17 17:33:00 +00:00
			`// mountEntrySysView creates a logical.SystemView from global and`
			`// mount-specific entries; because this should be called when setting`
			`// up a mountEntry, it doesn't check to ensure that me is not nil`
			`func (c Core) mountEntrySysView(entry MountEntry) extendedSystemView {`
			`return extendedSystemViewImpl{`
			`dynamicSystemView{`
Fix unsafe access to perf standby status from systemview (#17186) Ensure that we don't try to access Core.perfStandby or Core.PerfStandby() from dynamicSystemView, which might be accessed with or without stateLock held. 2022-10-05 12:56:36 +00:00			`core: c,`
			`mountEntry: entry,`
			`perfStandby: c.perfStandby,`
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable 2019-10-17 17:33:00 +00:00			`},`
			`}`
			`}`