open-vault/logical/plugin/grpc_system.go

package plugin

import (
	"context"
	"encoding/json"
	"errors"
	"time"

	"google.golang.org/grpc"

	"fmt"

	"github.com/hashicorp/vault/helper/consts"
	"github.com/hashicorp/vault/helper/pluginutil"
	"github.com/hashicorp/vault/helper/wrapping"
	"github.com/hashicorp/vault/logical"
	"github.com/hashicorp/vault/logical/plugin/pb"
)

func newGRPCSystemView(conn *grpc.ClientConn) *gRPCSystemViewClient {
	return &gRPCSystemViewClient{
		client: pb.NewSystemViewClient(conn),
	}
}

type gRPCSystemViewClient struct {
	client pb.SystemViewClient
}

func (s *gRPCSystemViewClient) DefaultLeaseTTL() time.Duration {
	reply, err := s.client.DefaultLeaseTTL(context.Background(), &pb.Empty{})
	if err != nil {
		return 0
	}

	return time.Duration(reply.TTL)
}

func (s *gRPCSystemViewClient) MaxLeaseTTL() time.Duration {
	reply, err := s.client.MaxLeaseTTL(context.Background(), &pb.Empty{})
	if err != nil {
		return 0
	}

	return time.Duration(reply.TTL)
}

func (s *gRPCSystemViewClient) SudoPrivilege(ctx context.Context, path string, token string) bool {
	reply, err := s.client.SudoPrivilege(ctx, &pb.SudoPrivilegeArgs{
		Path:  path,
		Token: token,
	})
	if err != nil {
		return false
	}

	return reply.Sudo
}

func (s *gRPCSystemViewClient) Tainted() bool {
	reply, err := s.client.Tainted(context.Background(), &pb.Empty{})
	if err != nil {
		return false
	}

	return reply.Tainted
}

func (s *gRPCSystemViewClient) CachingDisabled() bool {
	reply, err := s.client.CachingDisabled(context.Background(), &pb.Empty{})
	if err != nil {
		return false
	}

	return reply.Disabled
}

func (s *gRPCSystemViewClient) ReplicationState() consts.ReplicationState {
	reply, err := s.client.ReplicationState(context.Background(), &pb.Empty{})
	if err != nil {
		return consts.ReplicationUnknown
	}

	return consts.ReplicationState(reply.State)
}

func (s *gRPCSystemViewClient) ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error) {
	buf, err := json.Marshal(data)
	if err != nil {
		return nil, err
	}

	reply, err := s.client.ResponseWrapData(ctx, &pb.ResponseWrapDataArgs{
		Data: string(buf[:]),
		TTL:  int64(ttl),
		JWT:  false,
	})
	if err != nil {
		return nil, err
	}
	if reply.Err != "" {
		return nil, errors.New(reply.Err)
	}

	info, err := pb.ProtoResponseWrapInfoToLogicalResponseWrapInfo(reply.WrapInfo)
	if err != nil {
		return nil, err
	}

	return info, nil
}

func (s *gRPCSystemViewClient) LookupPlugin(ctx context.Context, name string) (*pluginutil.PluginRunner, error) {
	return nil, fmt.Errorf("cannot call LookupPlugin from a plugin backend")
}

func (s *gRPCSystemViewClient) MlockEnabled() bool {
	reply, err := s.client.MlockEnabled(context.Background(), &pb.Empty{})
	if err != nil {
		return false
	}

	return reply.Enabled
}

type gRPCSystemViewServer struct {
	impl logical.SystemView
}

func (s *gRPCSystemViewServer) DefaultLeaseTTL(ctx context.Context, _ *pb.Empty) (*pb.TTLReply, error) {
	ttl := s.impl.DefaultLeaseTTL()
	return &pb.TTLReply{
		TTL: int64(ttl),
	}, nil
}

func (s *gRPCSystemViewServer) MaxLeaseTTL(ctx context.Context, _ *pb.Empty) (*pb.TTLReply, error) {
	ttl := s.impl.MaxLeaseTTL()
	return &pb.TTLReply{
		TTL: int64(ttl),
	}, nil
}

func (s *gRPCSystemViewServer) SudoPrivilege(ctx context.Context, args *pb.SudoPrivilegeArgs) (*pb.SudoPrivilegeReply, error) {
	sudo := s.impl.SudoPrivilege(ctx, args.Path, args.Token)
	return &pb.SudoPrivilegeReply{
		Sudo: sudo,
	}, nil
}

func (s *gRPCSystemViewServer) Tainted(ctx context.Context, _ *pb.Empty) (*pb.TaintedReply, error) {
	tainted := s.impl.Tainted()
	return &pb.TaintedReply{
		Tainted: tainted,
	}, nil
}

func (s *gRPCSystemViewServer) CachingDisabled(ctx context.Context, _ *pb.Empty) (*pb.CachingDisabledReply, error) {
	cachingDisabled := s.impl.CachingDisabled()
	return &pb.CachingDisabledReply{
		Disabled: cachingDisabled,
	}, nil
}

func (s *gRPCSystemViewServer) ReplicationState(ctx context.Context, _ *pb.Empty) (*pb.ReplicationStateReply, error) {
	replicationState := s.impl.ReplicationState()
	return &pb.ReplicationStateReply{
		State: int32(replicationState),
	}, nil
}

func (s *gRPCSystemViewServer) ResponseWrapData(ctx context.Context, args *pb.ResponseWrapDataArgs) (*pb.ResponseWrapDataReply, error) {
	data := map[string]interface{}{}
	err := json.Unmarshal([]byte(args.Data), &data)
	if err != nil {
		return &pb.ResponseWrapDataReply{}, err
	}

	// Do not allow JWTs to be returned
	info, err := s.impl.ResponseWrapData(ctx, data, time.Duration(args.TTL), false)
	if err != nil {
		return &pb.ResponseWrapDataReply{
			Err: pb.ErrToString(err),
		}, nil
	}

	pbInfo, err := pb.LogicalResponseWrapInfoToProtoResponseWrapInfo(info)
	if err != nil {
		return &pb.ResponseWrapDataReply{}, err
	}

	return &pb.ResponseWrapDataReply{
		WrapInfo: pbInfo,
	}, nil
}

func (s *gRPCSystemViewServer) MlockEnabled(ctx context.Context, _ *pb.Empty) (*pb.MlockEnabledReply, error) {
	enabled := s.impl.MlockEnabled()
	return &pb.MlockEnabledReply{
		Enabled: enabled,
	}, nil
}
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`package plugin`

			`import (`
			`"context"`
			`"encoding/json"`
			`"errors"`
			`"time"`

			`"google.golang.org/grpc"`

			`"fmt"`

			`"github.com/hashicorp/vault/helper/consts"`
			`"github.com/hashicorp/vault/helper/pluginutil"`
			`"github.com/hashicorp/vault/helper/wrapping"`
			`"github.com/hashicorp/vault/logical"`
			`"github.com/hashicorp/vault/logical/plugin/pb"`
			`)`

			`func newGRPCSystemView(conn grpc.ClientConn) gRPCSystemViewClient {`
			`return &gRPCSystemViewClient{`
			`client: pb.NewSystemViewClient(conn),`
			`}`
			`}`

			`type gRPCSystemViewClient struct {`
			`client pb.SystemViewClient`
			`}`

			`func (s *gRPCSystemViewClient) DefaultLeaseTTL() time.Duration {`
			`reply, err := s.client.DefaultLeaseTTL(context.Background(), &pb.Empty{})`
			`if err != nil {`
			`return 0`
			`}`

			`return time.Duration(reply.TTL)`
			`}`

			`func (s *gRPCSystemViewClient) MaxLeaseTTL() time.Duration {`
			`reply, err := s.client.MaxLeaseTTL(context.Background(), &pb.Empty{})`
			`if err != nil {`
			`return 0`
			`}`

			`return time.Duration(reply.TTL)`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (s *gRPCSystemViewClient) SudoPrivilege(ctx context.Context, path string, token string) bool {`
			`reply, err := s.client.SudoPrivilege(ctx, &pb.SudoPrivilegeArgs{`
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`Path: path,`
			`Token: token,`
			`})`
			`if err != nil {`
			`return false`
			`}`

			`return reply.Sudo`
			`}`

			`func (s *gRPCSystemViewClient) Tainted() bool {`
			`reply, err := s.client.Tainted(context.Background(), &pb.Empty{})`
			`if err != nil {`
			`return false`
			`}`

			`return reply.Tainted`
			`}`

			`func (s *gRPCSystemViewClient) CachingDisabled() bool {`
			`reply, err := s.client.CachingDisabled(context.Background(), &pb.Empty{})`
			`if err != nil {`
			`return false`
			`}`

			`return reply.Disabled`
			`}`

			`func (s *gRPCSystemViewClient) ReplicationState() consts.ReplicationState {`
			`reply, err := s.client.ReplicationState(context.Background(), &pb.Empty{})`
			`if err != nil {`
Sync some bits over 2018-01-23 02:44:38 +00:00			`return consts.ReplicationUnknown`
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`}`

			`return consts.ReplicationState(reply.State)`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (s gRPCSystemViewClient) ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (wrapping.ResponseWrapInfo, error) {`
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`buf, err := json.Marshal(data)`
			`if err != nil {`
			`return nil, err`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`reply, err := s.client.ResponseWrapData(ctx, &pb.ResponseWrapDataArgs{`
Update data values from byte arrays to strings in proto definition (#3829) * Update data values from byte arrays to strings in proto definition * Update comments 2018-01-23 01:56:34 +00:00			`Data: string(buf[:]),`
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`TTL: int64(ttl),`
			`JWT: false,`
			`})`
			`if err != nil {`
			`return nil, err`
			`}`
			`if reply.Err != "" {`
			`return nil, errors.New(reply.Err)`
			`}`

			`info, err := pb.ProtoResponseWrapInfoToLogicalResponseWrapInfo(reply.WrapInfo)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return info, nil`
			`}`

Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`func (s gRPCSystemViewClient) LookupPlugin(ctx context.Context, name string) (pluginutil.PluginRunner, error) {`
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`return nil, fmt.Errorf("cannot call LookupPlugin from a plugin backend")`
			`}`

			`func (s *gRPCSystemViewClient) MlockEnabled() bool {`
			`reply, err := s.client.MlockEnabled(context.Background(), &pb.Empty{})`
			`if err != nil {`
			`return false`
			`}`

			`return reply.Enabled`
			`}`

			`type gRPCSystemViewServer struct {`
			`impl logical.SystemView`
			`}`

			`func (s gRPCSystemViewServer) DefaultLeaseTTL(ctx context.Context, _ pb.Empty) (*pb.TTLReply, error) {`
			`ttl := s.impl.DefaultLeaseTTL()`
			`return &pb.TTLReply{`
			`TTL: int64(ttl),`
			`}, nil`
			`}`

			`func (s gRPCSystemViewServer) MaxLeaseTTL(ctx context.Context, _ pb.Empty) (*pb.TTLReply, error) {`
			`ttl := s.impl.MaxLeaseTTL()`
			`return &pb.TTLReply{`
			`TTL: int64(ttl),`
			`}, nil`
			`}`

			`func (s gRPCSystemViewServer) SudoPrivilege(ctx context.Context, args pb.SudoPrivilegeArgs) (*pb.SudoPrivilegeReply, error) {`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`sudo := s.impl.SudoPrivilege(ctx, args.Path, args.Token)`
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`return &pb.SudoPrivilegeReply{`
			`Sudo: sudo,`
			`}, nil`
			`}`

			`func (s gRPCSystemViewServer) Tainted(ctx context.Context, _ pb.Empty) (*pb.TaintedReply, error) {`
			`tainted := s.impl.Tainted()`
			`return &pb.TaintedReply{`
			`Tainted: tainted,`
			`}, nil`
			`}`

			`func (s gRPCSystemViewServer) CachingDisabled(ctx context.Context, _ pb.Empty) (*pb.CachingDisabledReply, error) {`
			`cachingDisabled := s.impl.CachingDisabled()`
			`return &pb.CachingDisabledReply{`
			`Disabled: cachingDisabled,`
			`}, nil`
			`}`

			`func (s gRPCSystemViewServer) ReplicationState(ctx context.Context, _ pb.Empty) (*pb.ReplicationStateReply, error) {`
			`replicationState := s.impl.ReplicationState()`
			`return &pb.ReplicationStateReply{`
			`State: int32(replicationState),`
			`}, nil`
			`}`

			`func (s gRPCSystemViewServer) ResponseWrapData(ctx context.Context, args pb.ResponseWrapDataArgs) (*pb.ResponseWrapDataReply, error) {`
			`data := map[string]interface{}{}`
Update data values from byte arrays to strings in proto definition (#3829) * Update data values from byte arrays to strings in proto definition * Update comments 2018-01-23 01:56:34 +00:00			`err := json.Unmarshal([]byte(args.Data), &data)`
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`if err != nil {`
			`return &pb.ResponseWrapDataReply{}, err`
			`}`

			`// Do not allow JWTs to be returned`
Add context to storage backends and wire it through a lot of places (#3817) 2018-01-19 06:44:44 +00:00			`info, err := s.impl.ResponseWrapData(ctx, data, time.Duration(args.TTL), false)`
gRPC Backend Plugins (#3808) * Add grpc plugins * Add grpc plugins * Translate wrap info to/from proto * Add nil checks * Fix nil marshaling errors * Provide logging through the go-plugin logger * handle errors in the messages * Update the TLS config so bidirectional connections work * Add connectivity checks * Restart plugin and add timeouts where context is not availible * Add the response wrap data into the grpc system implementation * Add leaseoptions to pb.Auth * Add an error translator * Add tests for translating the proto objects * Fix rename of function * Add tracing to plugins for easier debugging * Handle plugin crashes with the go-plugin context * Add test for grpcStorage * Add tests for backend and system * Bump go-plugin for GRPCBroker * Remove RegisterLicense * Add casing translations for new proto messages * Use doneCtx in grpcClient * Use doneCtx in grpcClient * s/shutdown/shut down/ 2018-01-18 21:49:20 +00:00			`if err != nil {`
			`return &pb.ResponseWrapDataReply{`
			`Err: pb.ErrToString(err),`
			`}, nil`
			`}`

			`pbInfo, err := pb.LogicalResponseWrapInfoToProtoResponseWrapInfo(info)`
			`if err != nil {`
			`return &pb.ResponseWrapDataReply{}, err`
			`}`

			`return &pb.ResponseWrapDataReply{`
			`WrapInfo: pbInfo,`
			`}, nil`
			`}`

			`func (s gRPCSystemViewServer) MlockEnabled(ctx context.Context, _ pb.Empty) (*pb.MlockEnabledReply, error) {`
			`enabled := s.impl.MlockEnabled()`
			`return &pb.MlockEnabledReply{`
			`Enabled: enabled,`
			`}, nil`
			`}`