2017-05-02 21:40:11 +00:00
|
|
|
package plugins
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/hashicorp/vault/api"
|
|
|
|
"github.com/hashicorp/vault/builtin/logical/database/dbplugin"
|
|
|
|
"github.com/hashicorp/vault/helper/pluginutil"
|
|
|
|
)
|
|
|
|
|
|
|
|
// Serve is used to start a plugin's RPC server. It takes an interface that must
|
|
|
|
// implement a known plugin interface to vault and an optional api.TLSConfig for
|
2018-03-20 18:54:10 +00:00
|
|
|
// use during the inital unwrap request to vault. The api config is particularly
|
2017-05-02 21:40:11 +00:00
|
|
|
// useful when vault is setup to require client cert checking.
|
|
|
|
func Serve(plugin interface{}, tlsConfig *api.TLSConfig) {
|
|
|
|
tlsProvider := pluginutil.VaultPluginTLSProvider(tlsConfig)
|
|
|
|
|
|
|
|
err := pluginutil.OptionallyEnableMlock()
|
|
|
|
if err != nil {
|
|
|
|
fmt.Println(err)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
|
|
|
switch p := plugin.(type) {
|
|
|
|
case dbplugin.Database:
|
|
|
|
dbplugin.Serve(p, tlsProvider)
|
|
|
|
default:
|
2017-05-02 22:59:08 +00:00
|
|
|
fmt.Println("Unsupported plugin type")
|
2017-05-02 21:40:11 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
}
|