open-vault/vault/mount_util.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

//go:build !enterprise

package vault

import (
	"context"
	"path"

	"github.com/hashicorp/vault/helper/namespace"
	"github.com/hashicorp/vault/sdk/logical"
)

func addPathCheckers(c *Core, entry *MountEntry, backend logical.Backend, viewPath string) {
	c.addBackendWriteForwardedPaths(backend, viewPath)
}

func removePathCheckers(c *Core, entry *MountEntry, viewPath string) {
	c.writeForwardedPaths.RemovePathPrefix(viewPath)
}

func addAuditPathChecker(*Core, *MountEntry, *BarrierView, string)            {}
func removeAuditPathChecker(*Core, *MountEntry)                               {}
func addFilterablePath(*Core, string)                                         {}
func preprocessMount(*Core, *MountEntry, *BarrierView) (bool, error)          { return false, nil }
func clearIgnoredPaths(context.Context, *Core, logical.Backend, string) error { return nil }
func addLicenseCallback(*Core, logical.Backend)                               {}
func runFilteredPathsEvaluation(context.Context, *Core) error                 { return nil }

// ViewPath returns storage prefix for the view
func (e *MountEntry) ViewPath() string {
	switch e.Type {
	case systemMountType:
		return systemBarrierPrefix
	case "token":
		return path.Join(systemBarrierPrefix, tokenSubPath) + "/"
	}

	switch e.Table {
	case mountTableType:
		return backendBarrierPrefix + e.UUID + "/"
	case credentialTableType:
		return credentialBarrierPrefix + e.UUID + "/"
	case auditTableType:
		return auditBarrierPrefix + e.UUID + "/"
	}

	panic("invalid mount entry")
}

func verifyNamespace(*Core, *namespace.Namespace, *MountEntry) error { return nil }

// mountEntrySysView creates a logical.SystemView from global and
// mount-specific entries; because this should be called when setting
// up a mountEntry, it doesn't check to ensure that me is not nil
func (c *Core) mountEntrySysView(entry *MountEntry) extendedSystemView {
	esi := extendedSystemViewImpl{
		dynamicSystemView{
			core:        c,
			mountEntry:  entry,
			perfStandby: c.perfStandby,
		},
	}

	return c.NewAcmeBillingSystemView(esi, nil /* managed keys system view */)
}
adding copyright header (#19555) * adding copyright header * fix fmt and a test 2023-03-15 16:00:52 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

Convert to Go 1.17 go:build directive (#13579) 2022-01-05 18:02:03 +00:00			`//go:build !enterprise`
The big one (#5346) 2018-09-18 03:03:00 +00:00
			`package vault`

			`import (`
			`"context"`
			`"path"`

			`"github.com/hashicorp/vault/helper/namespace"`
Create sdk/ and api/ submodules (#6583) 2019-04-12 21:54:35 +00:00			`"github.com/hashicorp/vault/sdk/logical"`
The big one (#5346) 2018-09-18 03:03:00 +00:00			`)`

Add path based primary write forwarding (PBPWF) - OSS (#18735) * Add WriteForwardedStorage to sdk's plugin, logical in OSS This should allow backends to specify paths to forward write (storage.Put(...) and storage.Delete(...)) operations for. Notably, these semantics are subject to change and shouldn't yet be relied on. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Collect paths for write forwarding in OSS This adds a path manager to Core, allowing tracking across all Vault versions of paths which could use write forwarding if available. In particular, even on OSS offerings, we'll need to template {{clusterId}} into the paths, in the event of later upgrading to Enterprise. If we didn't, we'd end up writing paths which will no longer be accessible post-migration, due to write forwarding now replacing the sentinel with the actual cluster identifier. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add forwarded writer implementation to OSS Here, for paths given to us, we determine if we need to do cluster translation and perform local writing. This is the OSS variant. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Wire up mount-specific request forwarding in OSS Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Clarify that state lock needs to be held to call HAState in OSS Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Move cluster sentinel constant to sdk/logical Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Expose ClusterID to Plugins via SystemView This will let plugins learn what the Cluster's ID is, without having to resort to hacks like writing a random string to its cluster-prefixed namespace and then reading it once it has replicated. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add GRPC ClusterID implementation For any external plugins which wish to use it. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> 2023-01-20 21:36:18 +00:00			`func addPathCheckers(c Core, entry MountEntry, backend logical.Backend, viewPath string) {`
			`c.addBackendWriteForwardedPaths(backend, viewPath)`
			`}`

			`func removePathCheckers(c Core, entry MountEntry, viewPath string) {`
			`c.writeForwardedPaths.RemovePathPrefix(viewPath)`
			`}`

The big one (#5346) 2018-09-18 03:03:00 +00:00			`func addAuditPathChecker(Core, MountEntry, *BarrierView, string) {}`
			`func removeAuditPathChecker(Core, MountEntry) {}`
			`func addFilterablePath(*Core, string) {}`
			`func preprocessMount(Core, MountEntry, *BarrierView) (bool, error) { return false, nil }`
			`func clearIgnoredPaths(context.Context, *Core, logical.Backend, string) error { return nil }`
Add new license callback init step for logical backends. (#6887) 2019-06-17 18:11:35 +00:00			`func addLicenseCallback(*Core, logical.Backend) {}`
Port filtered paths changes back to OSS (#7741) * Port filtered paths changes back to OSS * Fix build 2019-10-27 20:30:38 +00:00			`func runFilteredPathsEvaluation(context.Context, *Core) error { return nil }`
The big one (#5346) 2018-09-18 03:03:00 +00:00
			`// ViewPath returns storage prefix for the view`
			`func (e *MountEntry) ViewPath() string {`
			`switch e.Type {`
			`case systemMountType:`
			`return systemBarrierPrefix`
			`case "token":`
			`return path.Join(systemBarrierPrefix, tokenSubPath) + "/"`
			`}`

			`switch e.Table {`
			`case mountTableType:`
			`return backendBarrierPrefix + e.UUID + "/"`
			`case credentialTableType:`
			`return credentialBarrierPrefix + e.UUID + "/"`
			`case auditTableType:`
			`return auditBarrierPrefix + e.UUID + "/"`
			`}`

			`panic("invalid mount entry")`
			`}`

			`func verifyNamespace(Core, namespace.Namespace, *MountEntry) error { return nil }`
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable 2019-10-17 17:33:00 +00:00
			`// mountEntrySysView creates a logical.SystemView from global and`
			`// mount-specific entries; because this should be called when setting`
			`// up a mountEntry, it doesn't check to ensure that me is not nil`
			`func (c Core) mountEntrySysView(entry MountEntry) extendedSystemView {`
Start counting ACME certificate issuance as client activity (#20520) * Add stub ACME billing interfaces Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add initial implementation of client count Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Correctly attribute to mount, namespace Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Refactor adding entities of custom types This begins to add custom types of events; presently these are counted as non-entity tokens, but prefixed with a custom ClientID prefix. In the future, this will be the basis for counting these events separately (into separate buckets and separate storage segments). Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Refactor creation of ACME mounts Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add test case for billing Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Better support managed key system view casting Without an additional parameter, SystemView could be of a different internal implementation type that cannot be directly casted to in OSS. Use a separate parameter for the managed key system view to use instead. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Refactor creation of mounts for enterprise Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Validate mounts in ACME billing tests Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use a hopefully unique separator for encoded identifiers Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use mount accesor, not path Co-authored-by: miagilepner <mia.epner@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Rename AddEventToFragment->AddActivityToFragment Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Co-authored-by: miagilepner <mia.epner@hashicorp.com> Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> 2023-05-17 16:12:04 +00:00			`esi := extendedSystemViewImpl{`
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable 2019-10-17 17:33:00 +00:00			`dynamicSystemView{`
Fix unsafe access to perf standby status from systemview (#17186) Ensure that we don't try to access Core.perfStandby or Core.PerfStandby() from dynamicSystemView, which might be accessed with or without stateLock held. 2022-10-05 12:56:36 +00:00			`core: c,`
			`mountEntry: entry,`
			`perfStandby: c.perfStandby,`
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable 2019-10-17 17:33:00 +00:00			`},`
			`}`
Start counting ACME certificate issuance as client activity (#20520) * Add stub ACME billing interfaces Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add initial implementation of client count Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Correctly attribute to mount, namespace Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Refactor adding entities of custom types This begins to add custom types of events; presently these are counted as non-entity tokens, but prefixed with a custom ClientID prefix. In the future, this will be the basis for counting these events separately (into separate buckets and separate storage segments). Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Refactor creation of ACME mounts Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Add test case for billing Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Better support managed key system view casting Without an additional parameter, SystemView could be of a different internal implementation type that cannot be directly casted to in OSS. Use a separate parameter for the managed key system view to use instead. Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Refactor creation of mounts for enterprise Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Validate mounts in ACME billing tests Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use a hopefully unique separator for encoded identifiers Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Use mount accesor, not path Co-authored-by: miagilepner <mia.epner@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> * Rename AddEventToFragment->AddActivityToFragment Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> --------- Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com> Co-authored-by: miagilepner <mia.epner@hashicorp.com> Co-authored-by: Mike Palmiotto <mike.palmiotto@hashicorp.com> 2023-05-17 16:12:04 +00:00
			`return c.NewAcmeBillingSystemView(esi, nil /* managed keys system view */)`
oss changes for entropy augmentation feature (#7670) * oss changes for entropy augmentation feature * fix oss command/server/config tests * update go.sum * fix logical_system and http/ tests * adds vendored files * removes unused variable 2019-10-17 17:33:00 +00:00			`}`