Merge branch 'master' into mongodb-secret-backend
This commit is contained in:
Matt Hurne
commit
05cc4f2761
|
|
@ -2,7 +2,8 @@
|
|||
|
||||
DEPRECATIONS/BREAKING CHANGES:
|
||||
|
||||
* Issued certificates from the `pki` backend against new roles created after upgrading will contain a set of default key usages.
|
||||
* Issued certificates from the `pki` backend against new roles created or
|
||||
modified after upgrading will contain a set of default key usages.
|
||||
|
||||
FEATURES:
|
||||
|
||||
|
|
@ -42,6 +43,8 @@ BUG FIXES:
|
|||
during renewal [GH-1542]
|
||||
* core: Fix regression causing status codes to be `400` in most non-5xx error
|
||||
cases [GH-1553]
|
||||
* secret/postgresql(,mysql,mssql): Fix incorrect use of database over
|
||||
transaction object which could lead to connection exhaustion [GH-1572]
|
||||
* physical/postgres: Remove use of prepared statements as this causes
|
||||
connection multiplexing software to break [GH-1548]
|
||||
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ func (b *backend) pathCredsCreateRead(
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// Get our connection
|
||||
// Get our handle
|
||||
db, err := b.DB(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -83,13 +83,14 @@ func (b *backend) pathCredsCreateRead(
|
|||
|
||||
// Execute each query
|
||||
for _, query := range SplitSQL(roleSQL) {
|
||||
stmt, err := db.Prepare(Query(query, map[string]string{
|
||||
stmt, err := tx.Prepare(Query(query, map[string]string{
|
||||
"name": username,
|
||||
"password": password,
|
||||
}))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer stmt.Close()
|
||||
if _, err := stmt.Exec(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -133,6 +133,7 @@ func (b *backend) secretCredsRevoke(
|
|||
lastStmtError = err
|
||||
continue
|
||||
}
|
||||
defer stmt.Close()
|
||||
_, err = stmt.Exec()
|
||||
if err != nil {
|
||||
lastStmtError = err
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ func (b *backend) pathRoleCreateRead(
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// Get our connection
|
||||
// Get our handle
|
||||
db, err := b.DB(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -83,13 +83,14 @@ func (b *backend) pathRoleCreateRead(
|
|||
|
||||
// Execute each query
|
||||
for _, query := range SplitSQL(role.SQL) {
|
||||
stmt, err := db.Prepare(Query(query, map[string]string{
|
||||
stmt, err := tx.Prepare(Query(query, map[string]string{
|
||||
"name": username,
|
||||
"password": password,
|
||||
}))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer stmt.Close()
|
||||
if _, err := stmt.Exec(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ package postgresql
|
|||
import (
|
||||
"database/sql"
|
||||
"fmt"
|
||||
"log"
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
|
|
@ -11,10 +12,10 @@ import (
|
|||
)
|
||||
|
||||
func Factory(conf *logical.BackendConfig) (logical.Backend, error) {
|
||||
return Backend().Setup(conf)
|
||||
return Backend(conf).Setup(conf)
|
||||
}
|
||||
|
||||
func Backend() *backend {
|
||||
func Backend(conf *logical.BackendConfig) *backend {
|
||||
var b backend
|
||||
b.Backend = &framework.Backend{
|
||||
Help: strings.TrimSpace(backendHelp),
|
||||
|
|
@ -34,6 +35,7 @@ func Backend() *backend {
|
|||
Clean: b.ResetDB,
|
||||
}
|
||||
|
||||
b.logger = conf.Logger
|
||||
return &b
|
||||
}
|
||||
|
||||
|
|
@ -42,10 +44,14 @@ type backend struct {
|
|||
|
||||
db *sql.DB
|
||||
lock sync.Mutex
|
||||
|
||||
logger *log.Logger
|
||||
}
|
||||
|
||||
// DB returns the database connection.
|
||||
func (b *backend) DB(s logical.Storage) (*sql.DB, error) {
|
||||
b.logger.Println("[WARN] postgres/db: enter")
|
||||
defer b.logger.Println("[WARN] postgres/db: exit")
|
||||
b.lock.Lock()
|
||||
defer b.lock.Unlock()
|
||||
|
||||
|
|
@ -100,6 +106,9 @@ func (b *backend) DB(s logical.Storage) (*sql.DB, error) {
|
|||
|
||||
// ResetDB forces a connection next time DB() is called.
|
||||
func (b *backend) ResetDB() {
|
||||
b.logger.Println("[WARN] postgres/resetdb: enter")
|
||||
defer b.logger.Println("[WARN] postgres/resetdb: exit")
|
||||
|
||||
b.lock.Lock()
|
||||
defer b.lock.Unlock()
|
||||
|
||||
|
|
|
|||
|
|
@ -101,7 +101,7 @@ func TestBackend_roleCrud(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestBackend_configConnection(t *testing.T) {
|
||||
b := Backend()
|
||||
b, _ := Factory(logical.TestBackendConfig())
|
||||
d1 := map[string]interface{}{
|
||||
"value": os.Getenv("PG_URL"),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,9 +31,12 @@ func pathRoleCreate(b *backend) *framework.Path {
|
|||
|
||||
func (b *backend) pathRoleCreateRead(
|
||||
req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: enter")
|
||||
defer b.logger.Println("[TRACE] postgres/pathRoleCreateRead: exit")
|
||||
name := data.Get("name").(string)
|
||||
|
||||
// Get the role
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: getting role")
|
||||
role, err := b.Role(req.Storage, name)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -43,6 +46,7 @@ func (b *backend) pathRoleCreateRead(
|
|||
}
|
||||
|
||||
// Determine if we have a lease
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: getting lease")
|
||||
lease, err := b.Lease(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
|
@ -77,22 +81,28 @@ func (b *backend) pathRoleCreateRead(
|
|||
Add(lease.Lease).
|
||||
Format("2006-01-02 15:04:05-0700")
|
||||
|
||||
// Get our connection
|
||||
// Get our handle
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: getting database handle")
|
||||
db, err := b.DB(req.Storage)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Start a transaction
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: starting transaction")
|
||||
tx, err := db.Begin()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer tx.Rollback()
|
||||
defer func() {
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: rolling back transaction")
|
||||
tx.Rollback()
|
||||
}()
|
||||
|
||||
// Execute each query
|
||||
for _, query := range SplitSQL(role.SQL) {
|
||||
stmt, err := db.Prepare(Query(query, map[string]string{
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: preparing statement")
|
||||
stmt, err := tx.Prepare(Query(query, map[string]string{
|
||||
"name": username,
|
||||
"password": password,
|
||||
"expiration": expiration,
|
||||
|
|
@ -100,17 +110,23 @@ func (b *backend) pathRoleCreateRead(
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
defer stmt.Close()
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: executing statement")
|
||||
if _, err := stmt.Exec(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// Commit the transaction
|
||||
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: committing transaction")
|
||||
if err := tx.Commit(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Return the secret
|
||||
|
||||
b.logger.Println("[TRACE] postgres/pathRoleCreateRead: generating secret")
|
||||
resp := b.Secret(SecretCredsType).Response(map[string]interface{}{
|
||||
"username": username,
|
||||
"password": password,
|
||||
|
|
|
|||
|
|
@ -163,6 +163,7 @@ func (b *backend) secretCredsRevoke(
|
|||
lastStmtError = err
|
||||
continue
|
||||
}
|
||||
defer stmt.Close()
|
||||
_, err = stmt.Exec()
|
||||
if err != nil {
|
||||
lastStmtError = err
|
||||
|
|
|
|||
Loading…
Reference in a new issue