diff --git a/Makefile b/Makefile index 9a6e799a5..0f344aaba 100644 --- a/Makefile +++ b/Makefile @@ -154,7 +154,7 @@ proto: protoc sdk/physical/types.proto --go_out=plugins=grpc,paths=source_relative:. protoc helper/identity/mfa/types.proto --go_out=plugins=grpc,paths=source_relative:. protoc helper/identity/types.proto --go_out=plugins=grpc,paths=source_relative:. - protoc builtin/logical/database/dbplugin/*.proto --go_out=plugins=grpc,paths=source_relative:. + protoc sdk/database/dbplugin/*.proto --go_out=plugins=grpc,paths=source_relative:. protoc sdk/plugin/pb/*.proto --go_out=plugins=grpc,paths=source_relative:. sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/protobuf:"/sentinel:"" protobuf:"/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/identity/mfa/types.pb.go helper/storagepacker/types.pb.go sdk/plugin/pb/backend.pb.go sdk/logical/identity.pb.go sed -i -e 's/Iv/IV/' -e 's/Hmac/HMAC/' sdk/physical/types.pb.go diff --git a/builtin/credential/app-id/cmd/app-id/main.go b/builtin/credential/app-id/cmd/app-id/main.go index d830849ea..ce482d630 100644 --- a/builtin/credential/app-id/cmd/app-id/main.go +++ b/builtin/credential/app-id/cmd/app-id/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/credential/approle/cmd/approle/main.go b/builtin/credential/approle/cmd/approle/main.go index 27a6c4e89..22fa242fa 100644 --- a/builtin/credential/approle/cmd/approle/main.go +++ b/builtin/credential/approle/cmd/approle/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/credential/aws/cmd/aws/main.go b/builtin/credential/aws/cmd/aws/main.go index 7b8712bb0..6de96d02d 100644 --- a/builtin/credential/aws/cmd/aws/main.go +++ b/builtin/credential/aws/cmd/aws/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/credential/cert/cmd/cert/main.go b/builtin/credential/cert/cmd/cert/main.go index 016dd0aa7..09018ec3f 100644 --- a/builtin/credential/cert/cmd/cert/main.go +++ b/builtin/credential/cert/cmd/cert/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/credential/github/cmd/github/main.go b/builtin/credential/github/cmd/github/main.go index b1f58a392..be4fbb64c 100644 --- a/builtin/credential/github/cmd/github/main.go +++ b/builtin/credential/github/cmd/github/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/credential/ldap/cmd/ldap/main.go b/builtin/credential/ldap/cmd/ldap/main.go index 5ffc8bd97..b632c011c 100644 --- a/builtin/credential/ldap/cmd/ldap/main.go +++ b/builtin/credential/ldap/cmd/ldap/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/credential/okta/cmd/okta/main.go b/builtin/credential/okta/cmd/okta/main.go index ef15c86dc..e2452ba4b 100644 --- a/builtin/credential/okta/cmd/okta/main.go +++ b/builtin/credential/okta/cmd/okta/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/credential/radius/cmd/radius/main.go b/builtin/credential/radius/cmd/radius/main.go index 922266757..9ab5a6369 100644 --- a/builtin/credential/radius/cmd/radius/main.go +++ b/builtin/credential/radius/cmd/radius/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/credential/userpass/cmd/userpass/main.go b/builtin/credential/userpass/cmd/userpass/main.go index 769b47ba7..43098807a 100644 --- a/builtin/credential/userpass/cmd/userpass/main.go +++ b/builtin/credential/userpass/cmd/userpass/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/aws/cmd/aws/main.go b/builtin/logical/aws/cmd/aws/main.go index a2868af4e..48522bac8 100644 --- a/builtin/logical/aws/cmd/aws/main.go +++ b/builtin/logical/aws/cmd/aws/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/cassandra/cmd/cassandra/main.go b/builtin/logical/cassandra/cmd/cassandra/main.go index a0a9f9742..0ab900aa1 100644 --- a/builtin/logical/cassandra/cmd/cassandra/main.go +++ b/builtin/logical/cassandra/cmd/cassandra/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/consul/cmd/consul/main.go b/builtin/logical/consul/cmd/consul/main.go index 817c18c22..3b884ddf8 100644 --- a/builtin/logical/consul/cmd/consul/main.go +++ b/builtin/logical/consul/cmd/consul/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/database/backend.go b/builtin/logical/database/backend.go index a32a8a932..b28f8fe6f 100644 --- a/builtin/logical/database/backend.go +++ b/builtin/logical/database/backend.go @@ -11,8 +11,8 @@ import ( "github.com/hashicorp/errwrap" uuid "github.com/hashicorp/go-uuid" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" diff --git a/builtin/logical/database/backend_test.go b/builtin/logical/database/backend_test.go index f6f6383e5..e2231ad30 100644 --- a/builtin/logical/database/backend_test.go +++ b/builtin/logical/database/backend_test.go @@ -14,11 +14,11 @@ import ( "github.com/go-test/deep" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" "github.com/hashicorp/vault/helper/namespace" vaulthttp "github.com/hashicorp/vault/http" "github.com/hashicorp/vault/plugins/database/postgresql" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/pluginutil" @@ -120,7 +120,7 @@ func TestBackend_PluginMain(t *testing.T) { args := []string{"--ca-cert=" + caPEM} - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(args) diff --git a/builtin/logical/database/dbplugin/client.go b/builtin/logical/database/dbplugin/client.go deleted file mode 100644 index 907e5352b..000000000 --- a/builtin/logical/database/dbplugin/client.go +++ /dev/null @@ -1,89 +0,0 @@ -package dbplugin - -import ( - "context" - "errors" - "sync" - - log "github.com/hashicorp/go-hclog" - plugin "github.com/hashicorp/go-plugin" - "github.com/hashicorp/vault/sdk/helper/pluginutil" -) - -// DatabasePluginClient embeds a databasePluginRPCClient and wraps it's Close -// method to also call Kill() on the plugin.Client. -type DatabasePluginClient struct { - client *plugin.Client - sync.Mutex - - Database -} - -// This wraps the Close call and ensures we both close the database connection -// and kill the plugin. -func (dc *DatabasePluginClient) Close() error { - err := dc.Database.Close() - dc.client.Kill() - - return err -} - -// NewPluginClient returns a databaseRPCClient with a connection to a running -// plugin. The client is wrapped in a DatabasePluginClient object to ensure the -// plugin is killed on call of Close(). -func NewPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunner *pluginutil.PluginRunner, logger log.Logger, isMetadataMode bool) (Database, error) { - - // pluginSets is the map of plugins we can dispense. - pluginSets := map[int]plugin.PluginSet{ - // Version 3 used to supports both protocols. We want to keep it around - // since it's possible old plugins built against this version will still - // work with gRPC. There is currently no difference between version 3 - // and version 4. - 3: plugin.PluginSet{ - "database": new(GRPCDatabasePlugin), - }, - // Version 4 only supports gRPC - 4: plugin.PluginSet{ - "database": new(GRPCDatabasePlugin), - }, - } - - var client *plugin.Client - var err error - if isMetadataMode { - client, err = pluginRunner.RunMetadataMode(ctx, sys, pluginSets, handshakeConfig, []string{}, logger) - } else { - client, err = pluginRunner.Run(ctx, sys, pluginSets, handshakeConfig, []string{}, logger) - } - if err != nil { - return nil, err - } - - // Connect via RPC - rpcClient, err := client.Client() - if err != nil { - return nil, err - } - - // Request the plugin - raw, err := rpcClient.Dispense("database") - if err != nil { - return nil, err - } - - // We should have a database type now. This feels like a normal interface - // implementation but is in fact over an RPC connection. - var db Database - switch raw.(type) { - case *gRPCClient: - db = raw.(*gRPCClient) - default: - return nil, errors.New("unsupported client type") - } - - // Wrap RPC implementation in DatabasePluginClient - return &DatabasePluginClient{ - client: client, - Database: db, - }, nil -} diff --git a/builtin/logical/database/dbplugin/database.pb.go b/builtin/logical/database/dbplugin/database.pb.go deleted file mode 100644 index 54afd0128..000000000 --- a/builtin/logical/database/dbplugin/database.pb.go +++ /dev/null @@ -1,1065 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: builtin/logical/database/dbplugin/database.proto - -package dbplugin - -import ( - context "context" - fmt "fmt" - proto "github.com/golang/protobuf/proto" - timestamp "github.com/golang/protobuf/ptypes/timestamp" - grpc "google.golang.org/grpc" - codes "google.golang.org/grpc/codes" - status "google.golang.org/grpc/status" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package - -// Deprecated: Do not use. -type InitializeRequest struct { - Config []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` - VerifyConnection bool `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *InitializeRequest) Reset() { *m = InitializeRequest{} } -func (m *InitializeRequest) String() string { return proto.CompactTextString(m) } -func (*InitializeRequest) ProtoMessage() {} -func (*InitializeRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{0} -} - -func (m *InitializeRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_InitializeRequest.Unmarshal(m, b) -} -func (m *InitializeRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_InitializeRequest.Marshal(b, m, deterministic) -} -func (m *InitializeRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_InitializeRequest.Merge(m, src) -} -func (m *InitializeRequest) XXX_Size() int { - return xxx_messageInfo_InitializeRequest.Size(m) -} -func (m *InitializeRequest) XXX_DiscardUnknown() { - xxx_messageInfo_InitializeRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_InitializeRequest proto.InternalMessageInfo - -func (m *InitializeRequest) GetConfig() []byte { - if m != nil { - return m.Config - } - return nil -} - -func (m *InitializeRequest) GetVerifyConnection() bool { - if m != nil { - return m.VerifyConnection - } - return false -} - -type InitRequest struct { - Config []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` - VerifyConnection bool `protobuf:"varint,2,opt,name=verify_connection,json=verifyConnection,proto3" json:"verify_connection,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *InitRequest) Reset() { *m = InitRequest{} } -func (m *InitRequest) String() string { return proto.CompactTextString(m) } -func (*InitRequest) ProtoMessage() {} -func (*InitRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{1} -} - -func (m *InitRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_InitRequest.Unmarshal(m, b) -} -func (m *InitRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_InitRequest.Marshal(b, m, deterministic) -} -func (m *InitRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_InitRequest.Merge(m, src) -} -func (m *InitRequest) XXX_Size() int { - return xxx_messageInfo_InitRequest.Size(m) -} -func (m *InitRequest) XXX_DiscardUnknown() { - xxx_messageInfo_InitRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_InitRequest proto.InternalMessageInfo - -func (m *InitRequest) GetConfig() []byte { - if m != nil { - return m.Config - } - return nil -} - -func (m *InitRequest) GetVerifyConnection() bool { - if m != nil { - return m.VerifyConnection - } - return false -} - -type CreateUserRequest struct { - Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"` - UsernameConfig *UsernameConfig `protobuf:"bytes,2,opt,name=username_config,json=usernameConfig,proto3" json:"username_config,omitempty"` - Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CreateUserRequest) Reset() { *m = CreateUserRequest{} } -func (m *CreateUserRequest) String() string { return proto.CompactTextString(m) } -func (*CreateUserRequest) ProtoMessage() {} -func (*CreateUserRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{2} -} - -func (m *CreateUserRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CreateUserRequest.Unmarshal(m, b) -} -func (m *CreateUserRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CreateUserRequest.Marshal(b, m, deterministic) -} -func (m *CreateUserRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_CreateUserRequest.Merge(m, src) -} -func (m *CreateUserRequest) XXX_Size() int { - return xxx_messageInfo_CreateUserRequest.Size(m) -} -func (m *CreateUserRequest) XXX_DiscardUnknown() { - xxx_messageInfo_CreateUserRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_CreateUserRequest proto.InternalMessageInfo - -func (m *CreateUserRequest) GetStatements() *Statements { - if m != nil { - return m.Statements - } - return nil -} - -func (m *CreateUserRequest) GetUsernameConfig() *UsernameConfig { - if m != nil { - return m.UsernameConfig - } - return nil -} - -func (m *CreateUserRequest) GetExpiration() *timestamp.Timestamp { - if m != nil { - return m.Expiration - } - return nil -} - -type RenewUserRequest struct { - Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"` - Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"` - Expiration *timestamp.Timestamp `protobuf:"bytes,3,opt,name=expiration,proto3" json:"expiration,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *RenewUserRequest) Reset() { *m = RenewUserRequest{} } -func (m *RenewUserRequest) String() string { return proto.CompactTextString(m) } -func (*RenewUserRequest) ProtoMessage() {} -func (*RenewUserRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{3} -} - -func (m *RenewUserRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_RenewUserRequest.Unmarshal(m, b) -} -func (m *RenewUserRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_RenewUserRequest.Marshal(b, m, deterministic) -} -func (m *RenewUserRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_RenewUserRequest.Merge(m, src) -} -func (m *RenewUserRequest) XXX_Size() int { - return xxx_messageInfo_RenewUserRequest.Size(m) -} -func (m *RenewUserRequest) XXX_DiscardUnknown() { - xxx_messageInfo_RenewUserRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_RenewUserRequest proto.InternalMessageInfo - -func (m *RenewUserRequest) GetStatements() *Statements { - if m != nil { - return m.Statements - } - return nil -} - -func (m *RenewUserRequest) GetUsername() string { - if m != nil { - return m.Username - } - return "" -} - -func (m *RenewUserRequest) GetExpiration() *timestamp.Timestamp { - if m != nil { - return m.Expiration - } - return nil -} - -type RevokeUserRequest struct { - Statements *Statements `protobuf:"bytes,1,opt,name=statements,proto3" json:"statements,omitempty"` - Username string `protobuf:"bytes,2,opt,name=username,proto3" json:"username,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *RevokeUserRequest) Reset() { *m = RevokeUserRequest{} } -func (m *RevokeUserRequest) String() string { return proto.CompactTextString(m) } -func (*RevokeUserRequest) ProtoMessage() {} -func (*RevokeUserRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{4} -} - -func (m *RevokeUserRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_RevokeUserRequest.Unmarshal(m, b) -} -func (m *RevokeUserRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_RevokeUserRequest.Marshal(b, m, deterministic) -} -func (m *RevokeUserRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_RevokeUserRequest.Merge(m, src) -} -func (m *RevokeUserRequest) XXX_Size() int { - return xxx_messageInfo_RevokeUserRequest.Size(m) -} -func (m *RevokeUserRequest) XXX_DiscardUnknown() { - xxx_messageInfo_RevokeUserRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_RevokeUserRequest proto.InternalMessageInfo - -func (m *RevokeUserRequest) GetStatements() *Statements { - if m != nil { - return m.Statements - } - return nil -} - -func (m *RevokeUserRequest) GetUsername() string { - if m != nil { - return m.Username - } - return "" -} - -type RotateRootCredentialsRequest struct { - Statements []string `protobuf:"bytes,1,rep,name=statements,proto3" json:"statements,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *RotateRootCredentialsRequest) Reset() { *m = RotateRootCredentialsRequest{} } -func (m *RotateRootCredentialsRequest) String() string { return proto.CompactTextString(m) } -func (*RotateRootCredentialsRequest) ProtoMessage() {} -func (*RotateRootCredentialsRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{5} -} - -func (m *RotateRootCredentialsRequest) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_RotateRootCredentialsRequest.Unmarshal(m, b) -} -func (m *RotateRootCredentialsRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_RotateRootCredentialsRequest.Marshal(b, m, deterministic) -} -func (m *RotateRootCredentialsRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_RotateRootCredentialsRequest.Merge(m, src) -} -func (m *RotateRootCredentialsRequest) XXX_Size() int { - return xxx_messageInfo_RotateRootCredentialsRequest.Size(m) -} -func (m *RotateRootCredentialsRequest) XXX_DiscardUnknown() { - xxx_messageInfo_RotateRootCredentialsRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_RotateRootCredentialsRequest proto.InternalMessageInfo - -func (m *RotateRootCredentialsRequest) GetStatements() []string { - if m != nil { - return m.Statements - } - return nil -} - -type Statements struct { - // DEPRECATED, will be removed in 0.12 - CreationStatements string `protobuf:"bytes,1,opt,name=creation_statements,json=creationStatements,proto3" json:"creation_statements,omitempty"` // Deprecated: Do not use. - // DEPRECATED, will be removed in 0.12 - RevocationStatements string `protobuf:"bytes,2,opt,name=revocation_statements,json=revocationStatements,proto3" json:"revocation_statements,omitempty"` // Deprecated: Do not use. - // DEPRECATED, will be removed in 0.12 - RollbackStatements string `protobuf:"bytes,3,opt,name=rollback_statements,json=rollbackStatements,proto3" json:"rollback_statements,omitempty"` // Deprecated: Do not use. - // DEPRECATED, will be removed in 0.12 - RenewStatements string `protobuf:"bytes,4,opt,name=renew_statements,json=renewStatements,proto3" json:"renew_statements,omitempty"` // Deprecated: Do not use. - Creation []string `protobuf:"bytes,5,rep,name=creation,proto3" json:"creation,omitempty"` - Revocation []string `protobuf:"bytes,6,rep,name=revocation,proto3" json:"revocation,omitempty"` - Rollback []string `protobuf:"bytes,7,rep,name=rollback,proto3" json:"rollback,omitempty"` - Renewal []string `protobuf:"bytes,8,rep,name=renewal,proto3" json:"renewal,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Statements) Reset() { *m = Statements{} } -func (m *Statements) String() string { return proto.CompactTextString(m) } -func (*Statements) ProtoMessage() {} -func (*Statements) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{6} -} - -func (m *Statements) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Statements.Unmarshal(m, b) -} -func (m *Statements) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Statements.Marshal(b, m, deterministic) -} -func (m *Statements) XXX_Merge(src proto.Message) { - xxx_messageInfo_Statements.Merge(m, src) -} -func (m *Statements) XXX_Size() int { - return xxx_messageInfo_Statements.Size(m) -} -func (m *Statements) XXX_DiscardUnknown() { - xxx_messageInfo_Statements.DiscardUnknown(m) -} - -var xxx_messageInfo_Statements proto.InternalMessageInfo - -// Deprecated: Do not use. -func (m *Statements) GetCreationStatements() string { - if m != nil { - return m.CreationStatements - } - return "" -} - -// Deprecated: Do not use. -func (m *Statements) GetRevocationStatements() string { - if m != nil { - return m.RevocationStatements - } - return "" -} - -// Deprecated: Do not use. -func (m *Statements) GetRollbackStatements() string { - if m != nil { - return m.RollbackStatements - } - return "" -} - -// Deprecated: Do not use. -func (m *Statements) GetRenewStatements() string { - if m != nil { - return m.RenewStatements - } - return "" -} - -func (m *Statements) GetCreation() []string { - if m != nil { - return m.Creation - } - return nil -} - -func (m *Statements) GetRevocation() []string { - if m != nil { - return m.Revocation - } - return nil -} - -func (m *Statements) GetRollback() []string { - if m != nil { - return m.Rollback - } - return nil -} - -func (m *Statements) GetRenewal() []string { - if m != nil { - return m.Renewal - } - return nil -} - -type UsernameConfig struct { - DisplayName string `protobuf:"bytes,1,opt,name=DisplayName,proto3" json:"DisplayName,omitempty"` - RoleName string `protobuf:"bytes,2,opt,name=RoleName,proto3" json:"RoleName,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *UsernameConfig) Reset() { *m = UsernameConfig{} } -func (m *UsernameConfig) String() string { return proto.CompactTextString(m) } -func (*UsernameConfig) ProtoMessage() {} -func (*UsernameConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{7} -} - -func (m *UsernameConfig) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_UsernameConfig.Unmarshal(m, b) -} -func (m *UsernameConfig) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_UsernameConfig.Marshal(b, m, deterministic) -} -func (m *UsernameConfig) XXX_Merge(src proto.Message) { - xxx_messageInfo_UsernameConfig.Merge(m, src) -} -func (m *UsernameConfig) XXX_Size() int { - return xxx_messageInfo_UsernameConfig.Size(m) -} -func (m *UsernameConfig) XXX_DiscardUnknown() { - xxx_messageInfo_UsernameConfig.DiscardUnknown(m) -} - -var xxx_messageInfo_UsernameConfig proto.InternalMessageInfo - -func (m *UsernameConfig) GetDisplayName() string { - if m != nil { - return m.DisplayName - } - return "" -} - -func (m *UsernameConfig) GetRoleName() string { - if m != nil { - return m.RoleName - } - return "" -} - -type InitResponse struct { - Config []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *InitResponse) Reset() { *m = InitResponse{} } -func (m *InitResponse) String() string { return proto.CompactTextString(m) } -func (*InitResponse) ProtoMessage() {} -func (*InitResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{8} -} - -func (m *InitResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_InitResponse.Unmarshal(m, b) -} -func (m *InitResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_InitResponse.Marshal(b, m, deterministic) -} -func (m *InitResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_InitResponse.Merge(m, src) -} -func (m *InitResponse) XXX_Size() int { - return xxx_messageInfo_InitResponse.Size(m) -} -func (m *InitResponse) XXX_DiscardUnknown() { - xxx_messageInfo_InitResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_InitResponse proto.InternalMessageInfo - -func (m *InitResponse) GetConfig() []byte { - if m != nil { - return m.Config - } - return nil -} - -type CreateUserResponse struct { - Username string `protobuf:"bytes,1,opt,name=username,proto3" json:"username,omitempty"` - Password string `protobuf:"bytes,2,opt,name=password,proto3" json:"password,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CreateUserResponse) Reset() { *m = CreateUserResponse{} } -func (m *CreateUserResponse) String() string { return proto.CompactTextString(m) } -func (*CreateUserResponse) ProtoMessage() {} -func (*CreateUserResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{9} -} - -func (m *CreateUserResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_CreateUserResponse.Unmarshal(m, b) -} -func (m *CreateUserResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_CreateUserResponse.Marshal(b, m, deterministic) -} -func (m *CreateUserResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_CreateUserResponse.Merge(m, src) -} -func (m *CreateUserResponse) XXX_Size() int { - return xxx_messageInfo_CreateUserResponse.Size(m) -} -func (m *CreateUserResponse) XXX_DiscardUnknown() { - xxx_messageInfo_CreateUserResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_CreateUserResponse proto.InternalMessageInfo - -func (m *CreateUserResponse) GetUsername() string { - if m != nil { - return m.Username - } - return "" -} - -func (m *CreateUserResponse) GetPassword() string { - if m != nil { - return m.Password - } - return "" -} - -type TypeResponse struct { - Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *TypeResponse) Reset() { *m = TypeResponse{} } -func (m *TypeResponse) String() string { return proto.CompactTextString(m) } -func (*TypeResponse) ProtoMessage() {} -func (*TypeResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{10} -} - -func (m *TypeResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_TypeResponse.Unmarshal(m, b) -} -func (m *TypeResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_TypeResponse.Marshal(b, m, deterministic) -} -func (m *TypeResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_TypeResponse.Merge(m, src) -} -func (m *TypeResponse) XXX_Size() int { - return xxx_messageInfo_TypeResponse.Size(m) -} -func (m *TypeResponse) XXX_DiscardUnknown() { - xxx_messageInfo_TypeResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_TypeResponse proto.InternalMessageInfo - -func (m *TypeResponse) GetType() string { - if m != nil { - return m.Type - } - return "" -} - -type RotateRootCredentialsResponse struct { - Config []byte `protobuf:"bytes,1,opt,name=config,proto3" json:"config,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *RotateRootCredentialsResponse) Reset() { *m = RotateRootCredentialsResponse{} } -func (m *RotateRootCredentialsResponse) String() string { return proto.CompactTextString(m) } -func (*RotateRootCredentialsResponse) ProtoMessage() {} -func (*RotateRootCredentialsResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{11} -} - -func (m *RotateRootCredentialsResponse) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_RotateRootCredentialsResponse.Unmarshal(m, b) -} -func (m *RotateRootCredentialsResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_RotateRootCredentialsResponse.Marshal(b, m, deterministic) -} -func (m *RotateRootCredentialsResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_RotateRootCredentialsResponse.Merge(m, src) -} -func (m *RotateRootCredentialsResponse) XXX_Size() int { - return xxx_messageInfo_RotateRootCredentialsResponse.Size(m) -} -func (m *RotateRootCredentialsResponse) XXX_DiscardUnknown() { - xxx_messageInfo_RotateRootCredentialsResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_RotateRootCredentialsResponse proto.InternalMessageInfo - -func (m *RotateRootCredentialsResponse) GetConfig() []byte { - if m != nil { - return m.Config - } - return nil -} - -type Empty struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Empty) Reset() { *m = Empty{} } -func (m *Empty) String() string { return proto.CompactTextString(m) } -func (*Empty) ProtoMessage() {} -func (*Empty) Descriptor() ([]byte, []int) { - return fileDescriptor_7bf7b4c7fef2f66e, []int{12} -} - -func (m *Empty) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Empty.Unmarshal(m, b) -} -func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Empty.Marshal(b, m, deterministic) -} -func (m *Empty) XXX_Merge(src proto.Message) { - xxx_messageInfo_Empty.Merge(m, src) -} -func (m *Empty) XXX_Size() int { - return xxx_messageInfo_Empty.Size(m) -} -func (m *Empty) XXX_DiscardUnknown() { - xxx_messageInfo_Empty.DiscardUnknown(m) -} - -var xxx_messageInfo_Empty proto.InternalMessageInfo - -func init() { - proto.RegisterType((*InitializeRequest)(nil), "dbplugin.InitializeRequest") - proto.RegisterType((*InitRequest)(nil), "dbplugin.InitRequest") - proto.RegisterType((*CreateUserRequest)(nil), "dbplugin.CreateUserRequest") - proto.RegisterType((*RenewUserRequest)(nil), "dbplugin.RenewUserRequest") - proto.RegisterType((*RevokeUserRequest)(nil), "dbplugin.RevokeUserRequest") - proto.RegisterType((*RotateRootCredentialsRequest)(nil), "dbplugin.RotateRootCredentialsRequest") - proto.RegisterType((*Statements)(nil), "dbplugin.Statements") - proto.RegisterType((*UsernameConfig)(nil), "dbplugin.UsernameConfig") - proto.RegisterType((*InitResponse)(nil), "dbplugin.InitResponse") - proto.RegisterType((*CreateUserResponse)(nil), "dbplugin.CreateUserResponse") - proto.RegisterType((*TypeResponse)(nil), "dbplugin.TypeResponse") - proto.RegisterType((*RotateRootCredentialsResponse)(nil), "dbplugin.RotateRootCredentialsResponse") - proto.RegisterType((*Empty)(nil), "dbplugin.Empty") -} - -func init() { - proto.RegisterFile("builtin/logical/database/dbplugin/database.proto", fileDescriptor_7bf7b4c7fef2f66e) -} - -var fileDescriptor_7bf7b4c7fef2f66e = []byte{ - // 724 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xd1, 0x4e, 0xdb, 0x4a, - 0x10, 0x95, 0x93, 0x00, 0xc9, 0x80, 0x80, 0xec, 0x05, 0x64, 0xf9, 0x72, 0x6f, 0x91, 0x1f, 0x28, - 0x55, 0xd5, 0xb8, 0x82, 0x56, 0x54, 0xa8, 0xa2, 0x2a, 0xa1, 0xaa, 0x2a, 0x55, 0x3c, 0x2c, 0xf0, - 0x52, 0x55, 0x42, 0x1b, 0x67, 0x49, 0x56, 0x38, 0x5e, 0xd7, 0xbb, 0x0e, 0x4d, 0x7f, 0xa0, 0xfd, - 0x8c, 0x7e, 0x4e, 0x1f, 0xfb, 0x49, 0x95, 0x37, 0x59, 0xef, 0x26, 0x86, 0xf2, 0x40, 0xfb, 0xe6, - 0xd9, 0x99, 0x33, 0x73, 0xe6, 0x78, 0x76, 0x16, 0x9e, 0x76, 0x32, 0x16, 0x49, 0x16, 0x07, 0x11, - 0xef, 0xb1, 0x90, 0x44, 0x41, 0x97, 0x48, 0xd2, 0x21, 0x82, 0x06, 0xdd, 0x4e, 0x12, 0x65, 0x3d, - 0x16, 0x17, 0x27, 0xad, 0x24, 0xe5, 0x92, 0xa3, 0xba, 0x76, 0x78, 0x0f, 0x7a, 0x9c, 0xf7, 0x22, - 0x1a, 0xa8, 0xf3, 0x4e, 0x76, 0x19, 0x48, 0x36, 0xa0, 0x42, 0x92, 0x41, 0x32, 0x0e, 0xf5, 0x3f, - 0x42, 0xf3, 0x5d, 0xcc, 0x24, 0x23, 0x11, 0xfb, 0x42, 0x31, 0xfd, 0x94, 0x51, 0x21, 0xd1, 0x06, - 0xcc, 0x87, 0x3c, 0xbe, 0x64, 0x3d, 0xd7, 0xd9, 0x72, 0x76, 0x96, 0xf0, 0xc4, 0x42, 0x8f, 0xa1, - 0x39, 0xa4, 0x29, 0xbb, 0x1c, 0x5d, 0x84, 0x3c, 0x8e, 0x69, 0x28, 0x19, 0x8f, 0xdd, 0xca, 0x96, - 0xb3, 0x53, 0xc7, 0xab, 0x63, 0x47, 0xbb, 0x38, 0x3f, 0xa8, 0xb8, 0x8e, 0x8f, 0x61, 0x31, 0xcf, - 0xfe, 0x27, 0xf3, 0xfa, 0x3f, 0x1c, 0x68, 0xb6, 0x53, 0x4a, 0x24, 0x3d, 0x17, 0x34, 0xd5, 0xa9, - 0x9f, 0x01, 0x08, 0x49, 0x24, 0x1d, 0xd0, 0x58, 0x0a, 0x95, 0x7e, 0x71, 0x77, 0xad, 0xa5, 0x75, - 0x68, 0x9d, 0x16, 0x3e, 0x6c, 0xc5, 0xa1, 0xd7, 0xb0, 0x92, 0x09, 0x9a, 0xc6, 0x64, 0x40, 0x2f, - 0x26, 0xcc, 0x2a, 0x0a, 0xea, 0x1a, 0xe8, 0xf9, 0x24, 0xa0, 0xad, 0xfc, 0x78, 0x39, 0x9b, 0xb2, - 0xd1, 0x01, 0x00, 0xfd, 0x9c, 0xb0, 0x94, 0x28, 0xd2, 0x55, 0x85, 0xf6, 0x5a, 0x63, 0xd9, 0x5b, - 0x5a, 0xf6, 0xd6, 0x99, 0x96, 0x1d, 0x5b, 0xd1, 0xfe, 0x77, 0x07, 0x56, 0x31, 0x8d, 0xe9, 0xf5, - 0xfd, 0x3b, 0xf1, 0xa0, 0xae, 0x89, 0xa9, 0x16, 0x1a, 0xb8, 0xb0, 0xef, 0x45, 0x91, 0x42, 0x13, - 0xd3, 0x21, 0xbf, 0xa2, 0x7f, 0x95, 0xa2, 0x7f, 0x08, 0x9b, 0x98, 0xe7, 0xa1, 0x98, 0x73, 0xd9, - 0x4e, 0x69, 0x97, 0xc6, 0xf9, 0x4c, 0x0a, 0x5d, 0xf1, 0xff, 0x99, 0x8a, 0xd5, 0x9d, 0x86, 0x9d, - 0xdb, 0xff, 0x59, 0x01, 0x30, 0x65, 0xd1, 0x1e, 0xfc, 0x13, 0xe6, 0x23, 0xc2, 0x78, 0x7c, 0x31, - 0xc3, 0xb4, 0x71, 0x54, 0x71, 0x1d, 0x8c, 0xb4, 0xdb, 0x02, 0xed, 0xc3, 0x7a, 0x4a, 0x87, 0x3c, - 0x2c, 0xc1, 0x2a, 0x05, 0x6c, 0xcd, 0x04, 0x4c, 0x57, 0x4b, 0x79, 0x14, 0x75, 0x48, 0x78, 0x65, - 0xc3, 0xaa, 0xa6, 0x9a, 0x76, 0x5b, 0xa0, 0x27, 0xb0, 0x9a, 0xe6, 0xbf, 0xde, 0x46, 0xd4, 0x0a, - 0xc4, 0x8a, 0xf2, 0x9d, 0x4e, 0x89, 0xa7, 0x29, 0xbb, 0x73, 0xaa, 0xfd, 0xc2, 0xce, 0xc5, 0x31, - 0xbc, 0xdc, 0xf9, 0xb1, 0x38, 0xe6, 0x24, 0xc7, 0x6a, 0x02, 0xee, 0xc2, 0x18, 0xab, 0x6d, 0xe4, - 0xc2, 0x82, 0x2a, 0x45, 0x22, 0xb7, 0xae, 0x5c, 0xda, 0xf4, 0x4f, 0x60, 0x79, 0x7a, 0xf4, 0xd1, - 0x16, 0x2c, 0x1e, 0x33, 0x91, 0x44, 0x64, 0x74, 0x92, 0xff, 0x43, 0xa5, 0x26, 0xb6, 0x8f, 0xf2, - 0x4a, 0x98, 0x47, 0xf4, 0xc4, 0xfa, 0xc5, 0xda, 0xf6, 0xb7, 0x61, 0x69, 0xbc, 0x0b, 0x44, 0xc2, - 0x63, 0x41, 0x6f, 0x5b, 0x06, 0xfe, 0x7b, 0x40, 0xf6, 0xf5, 0x9e, 0x44, 0xdb, 0xc3, 0xe3, 0xcc, - 0xcc, 0xb7, 0x07, 0xf5, 0x84, 0x08, 0x71, 0xcd, 0xd3, 0xae, 0xae, 0xaa, 0x6d, 0xdf, 0x87, 0xa5, - 0xb3, 0x51, 0x42, 0x8b, 0x3c, 0x08, 0x6a, 0x72, 0x94, 0xe8, 0x1c, 0xea, 0xdb, 0xdf, 0x87, 0xff, - 0x6e, 0x19, 0xbe, 0x3b, 0xa8, 0x2e, 0xc0, 0xdc, 0x9b, 0x41, 0x22, 0x47, 0xbb, 0x5f, 0x6b, 0x50, - 0x3f, 0x9e, 0xec, 0x60, 0x14, 0x40, 0x2d, 0x2f, 0x89, 0x56, 0xcc, 0x8d, 0x50, 0x51, 0xde, 0x86, - 0x39, 0x98, 0xe2, 0xf4, 0x16, 0xc0, 0x74, 0x8c, 0xfe, 0x35, 0x51, 0xa5, 0x35, 0xe7, 0x6d, 0xde, - 0xec, 0x9c, 0x24, 0x7a, 0x01, 0x8d, 0x62, 0x9d, 0x20, 0xcf, 0x84, 0xce, 0xee, 0x18, 0x6f, 0x96, - 0x5a, 0xbe, 0x22, 0xcc, 0x35, 0xb7, 0x29, 0x94, 0x2e, 0x7f, 0x19, 0xdb, 0x87, 0xf5, 0x1b, 0xe5, - 0x43, 0xdb, 0x56, 0x9a, 0xdf, 0x5c, 0x6e, 0xef, 0xe1, 0x9d, 0x71, 0x93, 0xfe, 0x9e, 0x43, 0x2d, - 0x1f, 0x21, 0xb4, 0x6e, 0x00, 0xd6, 0xf3, 0x62, 0xeb, 0x3b, 0x35, 0x69, 0x8f, 0x60, 0xae, 0x1d, - 0x71, 0x71, 0xc3, 0x1f, 0x29, 0xf5, 0xf2, 0x0a, 0xc0, 0x3c, 0x87, 0xb6, 0x0e, 0xa5, 0x47, 0xb2, - 0x84, 0xf5, 0xab, 0xdf, 0x2a, 0xce, 0xd1, 0xe1, 0x87, 0x97, 0x3d, 0x26, 0xfb, 0x59, 0xa7, 0x15, - 0xf2, 0x41, 0xd0, 0x27, 0xa2, 0xcf, 0x42, 0x9e, 0x26, 0xc1, 0x90, 0x64, 0x91, 0x0c, 0xee, 0x7c, - 0xc9, 0x3b, 0xf3, 0x6a, 0x1f, 0xef, 0xfd, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x9c, 0x49, 0x0b, 0x5b, - 0xf5, 0x07, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// DatabaseClient is the client API for Database service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type DatabaseClient interface { - Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) - CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) - RenewUser(ctx context.Context, in *RenewUserRequest, opts ...grpc.CallOption) (*Empty, error) - RevokeUser(ctx context.Context, in *RevokeUserRequest, opts ...grpc.CallOption) (*Empty, error) - RotateRootCredentials(ctx context.Context, in *RotateRootCredentialsRequest, opts ...grpc.CallOption) (*RotateRootCredentialsResponse, error) - Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error) - Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) - Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*Empty, error) -} - -type databaseClient struct { - cc *grpc.ClientConn -} - -func NewDatabaseClient(cc *grpc.ClientConn) DatabaseClient { - return &databaseClient{cc} -} - -func (c *databaseClient) Type(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*TypeResponse, error) { - out := new(TypeResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/Type", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) CreateUser(ctx context.Context, in *CreateUserRequest, opts ...grpc.CallOption) (*CreateUserResponse, error) { - out := new(CreateUserResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/CreateUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) RenewUser(ctx context.Context, in *RenewUserRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.Database/RenewUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) RevokeUser(ctx context.Context, in *RevokeUserRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.Database/RevokeUser", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) RotateRootCredentials(ctx context.Context, in *RotateRootCredentialsRequest, opts ...grpc.CallOption) (*RotateRootCredentialsResponse, error) { - out := new(RotateRootCredentialsResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/RotateRootCredentials", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) Init(ctx context.Context, in *InitRequest, opts ...grpc.CallOption) (*InitResponse, error) { - out := new(InitResponse) - err := c.cc.Invoke(ctx, "/dbplugin.Database/Init", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *databaseClient) Close(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.Database/Close", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// Deprecated: Do not use. -func (c *databaseClient) Initialize(ctx context.Context, in *InitializeRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/dbplugin.Database/Initialize", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// DatabaseServer is the server API for Database service. -type DatabaseServer interface { - Type(context.Context, *Empty) (*TypeResponse, error) - CreateUser(context.Context, *CreateUserRequest) (*CreateUserResponse, error) - RenewUser(context.Context, *RenewUserRequest) (*Empty, error) - RevokeUser(context.Context, *RevokeUserRequest) (*Empty, error) - RotateRootCredentials(context.Context, *RotateRootCredentialsRequest) (*RotateRootCredentialsResponse, error) - Init(context.Context, *InitRequest) (*InitResponse, error) - Close(context.Context, *Empty) (*Empty, error) - Initialize(context.Context, *InitializeRequest) (*Empty, error) -} - -// UnimplementedDatabaseServer can be embedded to have forward compatible implementations. -type UnimplementedDatabaseServer struct { -} - -func (*UnimplementedDatabaseServer) Type(ctx context.Context, req *Empty) (*TypeResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Type not implemented") -} -func (*UnimplementedDatabaseServer) CreateUser(ctx context.Context, req *CreateUserRequest) (*CreateUserResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method CreateUser not implemented") -} -func (*UnimplementedDatabaseServer) RenewUser(ctx context.Context, req *RenewUserRequest) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method RenewUser not implemented") -} -func (*UnimplementedDatabaseServer) RevokeUser(ctx context.Context, req *RevokeUserRequest) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method RevokeUser not implemented") -} -func (*UnimplementedDatabaseServer) RotateRootCredentials(ctx context.Context, req *RotateRootCredentialsRequest) (*RotateRootCredentialsResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method RotateRootCredentials not implemented") -} -func (*UnimplementedDatabaseServer) Init(ctx context.Context, req *InitRequest) (*InitResponse, error) { - return nil, status.Errorf(codes.Unimplemented, "method Init not implemented") -} -func (*UnimplementedDatabaseServer) Close(ctx context.Context, req *Empty) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method Close not implemented") -} -func (*UnimplementedDatabaseServer) Initialize(ctx context.Context, req *InitializeRequest) (*Empty, error) { - return nil, status.Errorf(codes.Unimplemented, "method Initialize not implemented") -} - -func RegisterDatabaseServer(s *grpc.Server, srv DatabaseServer) { - s.RegisterService(&_Database_serviceDesc, srv) -} - -func _Database_Type_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Type(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/Type", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Type(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_CreateUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CreateUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).CreateUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/CreateUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).CreateUser(ctx, req.(*CreateUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_RenewUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RenewUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).RenewUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/RenewUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).RenewUser(ctx, req.(*RenewUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_RevokeUser_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RevokeUserRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).RevokeUser(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/RevokeUser", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).RevokeUser(ctx, req.(*RevokeUserRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_RotateRootCredentials_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(RotateRootCredentialsRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).RotateRootCredentials(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/RotateRootCredentials", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).RotateRootCredentials(ctx, req.(*RotateRootCredentialsRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_Init_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(InitRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Init(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/Init", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Init(ctx, req.(*InitRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_Close_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Close(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/Close", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Close(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _Database_Initialize_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(InitializeRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(DatabaseServer).Initialize(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/dbplugin.Database/Initialize", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(DatabaseServer).Initialize(ctx, req.(*InitializeRequest)) - } - return interceptor(ctx, in, info, handler) -} - -var _Database_serviceDesc = grpc.ServiceDesc{ - ServiceName: "dbplugin.Database", - HandlerType: (*DatabaseServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Type", - Handler: _Database_Type_Handler, - }, - { - MethodName: "CreateUser", - Handler: _Database_CreateUser_Handler, - }, - { - MethodName: "RenewUser", - Handler: _Database_RenewUser_Handler, - }, - { - MethodName: "RevokeUser", - Handler: _Database_RevokeUser_Handler, - }, - { - MethodName: "RotateRootCredentials", - Handler: _Database_RotateRootCredentials_Handler, - }, - { - MethodName: "Init", - Handler: _Database_Init_Handler, - }, - { - MethodName: "Close", - Handler: _Database_Close_Handler, - }, - { - MethodName: "Initialize", - Handler: _Database_Initialize_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "builtin/logical/database/dbplugin/database.proto", -} diff --git a/builtin/logical/database/dbplugin/database.proto b/builtin/logical/database/dbplugin/database.proto deleted file mode 100644 index 7873792ee..000000000 --- a/builtin/logical/database/dbplugin/database.proto +++ /dev/null @@ -1,93 +0,0 @@ -syntax = "proto3"; - -option go_package = "github.com/hashicorp/vault/builtin/logical/database/dbplugin"; - -package dbplugin; - -import "google/protobuf/timestamp.proto"; - -message InitializeRequest { - option deprecated = true; - bytes config = 1; - bool verify_connection = 2; -} - -message InitRequest { - bytes config = 1; - bool verify_connection = 2; -} - -message CreateUserRequest { - Statements statements = 1; - UsernameConfig username_config = 2; - google.protobuf.Timestamp expiration = 3; -} - -message RenewUserRequest { - Statements statements = 1; - string username = 2; - google.protobuf.Timestamp expiration = 3; -} - -message RevokeUserRequest { - Statements statements = 1; - string username = 2; -} - -message RotateRootCredentialsRequest { - repeated string statements = 1; -} - -message Statements { - // DEPRECATED, will be removed in 0.12 - string creation_statements = 1 [deprecated=true]; - // DEPRECATED, will be removed in 0.12 - string revocation_statements = 2 [deprecated=true]; - // DEPRECATED, will be removed in 0.12 - string rollback_statements = 3 [deprecated=true]; - // DEPRECATED, will be removed in 0.12 - string renew_statements = 4 [deprecated=true]; - - repeated string creation = 5; - repeated string revocation = 6; - repeated string rollback = 7; - repeated string renewal = 8; -} - -message UsernameConfig { - string DisplayName = 1; - string RoleName = 2; -} - -message InitResponse { - bytes config = 1; -} - -message CreateUserResponse { - string username = 1; - string password = 2; -} - -message TypeResponse { - string type = 1; -} - -message RotateRootCredentialsResponse { - bytes config = 1; -} - -message Empty {} - -service Database { - rpc Type(Empty) returns (TypeResponse); - rpc CreateUser(CreateUserRequest) returns (CreateUserResponse); - rpc RenewUser(RenewUserRequest) returns (Empty); - rpc RevokeUser(RevokeUserRequest) returns (Empty); - rpc RotateRootCredentials(RotateRootCredentialsRequest) returns (RotateRootCredentialsResponse); - rpc Init(InitRequest) returns (InitResponse); - rpc Close(Empty) returns (Empty); - - rpc Initialize(InitializeRequest) returns (Empty) { - option deprecated = true; - }; -} diff --git a/builtin/logical/database/dbplugin/databasemiddleware.go b/builtin/logical/database/dbplugin/databasemiddleware.go deleted file mode 100644 index ba2dd4e5c..000000000 --- a/builtin/logical/database/dbplugin/databasemiddleware.go +++ /dev/null @@ -1,275 +0,0 @@ -package dbplugin - -import ( - "context" - "errors" - "net/url" - "strings" - "sync" - "time" - - "github.com/hashicorp/errwrap" - - metrics "github.com/armon/go-metrics" - log "github.com/hashicorp/go-hclog" -) - -// ---- Tracing Middleware Domain ---- - -// databaseTracingMiddleware wraps a implementation of Database and executes -// trace logging on function call. -type databaseTracingMiddleware struct { - next Database - logger log.Logger -} - -func (mw *databaseTracingMiddleware) Type() (string, error) { - return mw.next.Type() -} - -func (mw *databaseTracingMiddleware) CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error) { - defer func(then time.Time) { - mw.logger.Trace("create user", "status", "finished", "err", err, "took", time.Since(then)) - }(time.Now()) - - mw.logger.Trace("create user", "status", "started") - return mw.next.CreateUser(ctx, statements, usernameConfig, expiration) -} - -func (mw *databaseTracingMiddleware) RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) (err error) { - defer func(then time.Time) { - mw.logger.Trace("renew user", "status", "finished", "err", err, "took", time.Since(then)) - }(time.Now()) - - mw.logger.Trace("renew user", "status", "started") - return mw.next.RenewUser(ctx, statements, username, expiration) -} - -func (mw *databaseTracingMiddleware) RevokeUser(ctx context.Context, statements Statements, username string) (err error) { - defer func(then time.Time) { - mw.logger.Trace("revoke user", "status", "finished", "err", err, "took", time.Since(then)) - }(time.Now()) - - mw.logger.Trace("revoke user", "status", "started") - return mw.next.RevokeUser(ctx, statements, username) -} - -func (mw *databaseTracingMiddleware) RotateRootCredentials(ctx context.Context, statements []string) (conf map[string]interface{}, err error) { - defer func(then time.Time) { - mw.logger.Trace("rotate root credentials", "status", "finished", "err", err, "took", time.Since(then)) - }(time.Now()) - - mw.logger.Trace("rotate root credentials", "status", "started") - return mw.next.RotateRootCredentials(ctx, statements) -} - -func (mw *databaseTracingMiddleware) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error { - _, err := mw.Init(ctx, conf, verifyConnection) - return err -} - -func (mw *databaseTracingMiddleware) Init(ctx context.Context, conf map[string]interface{}, verifyConnection bool) (saveConf map[string]interface{}, err error) { - defer func(then time.Time) { - mw.logger.Trace("initialize", "status", "finished", "verify", verifyConnection, "err", err, "took", time.Since(then)) - }(time.Now()) - - mw.logger.Trace("initialize", "status", "started") - return mw.next.Init(ctx, conf, verifyConnection) -} - -func (mw *databaseTracingMiddleware) Close() (err error) { - defer func(then time.Time) { - mw.logger.Trace("close", "status", "finished", "err", err, "took", time.Since(then)) - }(time.Now()) - - mw.logger.Trace("close", "status", "started") - return mw.next.Close() -} - -// ---- Metrics Middleware Domain ---- - -// databaseMetricsMiddleware wraps an implementation of Databases and on -// function call logs metrics about this instance. -type databaseMetricsMiddleware struct { - next Database - - typeStr string -} - -func (mw *databaseMetricsMiddleware) Type() (string, error) { - return mw.next.Type() -} - -func (mw *databaseMetricsMiddleware) CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error) { - defer func(now time.Time) { - metrics.MeasureSince([]string{"database", "CreateUser"}, now) - metrics.MeasureSince([]string{"database", mw.typeStr, "CreateUser"}, now) - - if err != nil { - metrics.IncrCounter([]string{"database", "CreateUser", "error"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "CreateUser", "error"}, 1) - } - }(time.Now()) - - metrics.IncrCounter([]string{"database", "CreateUser"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "CreateUser"}, 1) - return mw.next.CreateUser(ctx, statements, usernameConfig, expiration) -} - -func (mw *databaseMetricsMiddleware) RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) (err error) { - defer func(now time.Time) { - metrics.MeasureSince([]string{"database", "RenewUser"}, now) - metrics.MeasureSince([]string{"database", mw.typeStr, "RenewUser"}, now) - - if err != nil { - metrics.IncrCounter([]string{"database", "RenewUser", "error"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "RenewUser", "error"}, 1) - } - }(time.Now()) - - metrics.IncrCounter([]string{"database", "RenewUser"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "RenewUser"}, 1) - return mw.next.RenewUser(ctx, statements, username, expiration) -} - -func (mw *databaseMetricsMiddleware) RevokeUser(ctx context.Context, statements Statements, username string) (err error) { - defer func(now time.Time) { - metrics.MeasureSince([]string{"database", "RevokeUser"}, now) - metrics.MeasureSince([]string{"database", mw.typeStr, "RevokeUser"}, now) - - if err != nil { - metrics.IncrCounter([]string{"database", "RevokeUser", "error"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "RevokeUser", "error"}, 1) - } - }(time.Now()) - - metrics.IncrCounter([]string{"database", "RevokeUser"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "RevokeUser"}, 1) - return mw.next.RevokeUser(ctx, statements, username) -} - -func (mw *databaseMetricsMiddleware) RotateRootCredentials(ctx context.Context, statements []string) (conf map[string]interface{}, err error) { - defer func(now time.Time) { - metrics.MeasureSince([]string{"database", "RotateRootCredentials"}, now) - metrics.MeasureSince([]string{"database", mw.typeStr, "RotateRootCredentials"}, now) - - if err != nil { - metrics.IncrCounter([]string{"database", "RotateRootCredentials", "error"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "RotateRootCredentials", "error"}, 1) - } - }(time.Now()) - - metrics.IncrCounter([]string{"database", "RotateRootCredentials"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "RotateRootCredentials"}, 1) - return mw.next.RotateRootCredentials(ctx, statements) -} - -func (mw *databaseMetricsMiddleware) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error { - _, err := mw.Init(ctx, conf, verifyConnection) - return err -} - -func (mw *databaseMetricsMiddleware) Init(ctx context.Context, conf map[string]interface{}, verifyConnection bool) (saveConf map[string]interface{}, err error) { - defer func(now time.Time) { - metrics.MeasureSince([]string{"database", "Initialize"}, now) - metrics.MeasureSince([]string{"database", mw.typeStr, "Initialize"}, now) - - if err != nil { - metrics.IncrCounter([]string{"database", "Initialize", "error"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "Initialize", "error"}, 1) - } - }(time.Now()) - - metrics.IncrCounter([]string{"database", "Initialize"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "Initialize"}, 1) - return mw.next.Init(ctx, conf, verifyConnection) -} - -func (mw *databaseMetricsMiddleware) Close() (err error) { - defer func(now time.Time) { - metrics.MeasureSince([]string{"database", "Close"}, now) - metrics.MeasureSince([]string{"database", mw.typeStr, "Close"}, now) - - if err != nil { - metrics.IncrCounter([]string{"database", "Close", "error"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "Close", "error"}, 1) - } - }(time.Now()) - - metrics.IncrCounter([]string{"database", "Close"}, 1) - metrics.IncrCounter([]string{"database", mw.typeStr, "Close"}, 1) - return mw.next.Close() -} - -// ---- Error Sanitizer Middleware Domain ---- - -// DatabaseErrorSanitizerMiddleware wraps an implementation of Databases and -// sanitizes returned error messages -type DatabaseErrorSanitizerMiddleware struct { - l sync.RWMutex - next Database - secretsFn func() map[string]interface{} -} - -func NewDatabaseErrorSanitizerMiddleware(next Database, secretsFn func() map[string]interface{}) *DatabaseErrorSanitizerMiddleware { - return &DatabaseErrorSanitizerMiddleware{ - next: next, - secretsFn: secretsFn, - } -} - -func (mw *DatabaseErrorSanitizerMiddleware) Type() (string, error) { - dbType, err := mw.next.Type() - return dbType, mw.sanitize(err) -} - -func (mw *DatabaseErrorSanitizerMiddleware) CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error) { - username, password, err = mw.next.CreateUser(ctx, statements, usernameConfig, expiration) - return username, password, mw.sanitize(err) -} - -func (mw *DatabaseErrorSanitizerMiddleware) RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) (err error) { - return mw.sanitize(mw.next.RenewUser(ctx, statements, username, expiration)) -} - -func (mw *DatabaseErrorSanitizerMiddleware) RevokeUser(ctx context.Context, statements Statements, username string) (err error) { - return mw.sanitize(mw.next.RevokeUser(ctx, statements, username)) -} - -func (mw *DatabaseErrorSanitizerMiddleware) RotateRootCredentials(ctx context.Context, statements []string) (conf map[string]interface{}, err error) { - conf, err = mw.next.RotateRootCredentials(ctx, statements) - return conf, mw.sanitize(err) -} - -func (mw *DatabaseErrorSanitizerMiddleware) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error { - _, err := mw.Init(ctx, conf, verifyConnection) - return err -} - -func (mw *DatabaseErrorSanitizerMiddleware) Init(ctx context.Context, conf map[string]interface{}, verifyConnection bool) (saveConf map[string]interface{}, err error) { - saveConf, err = mw.next.Init(ctx, conf, verifyConnection) - return saveConf, mw.sanitize(err) -} - -func (mw *DatabaseErrorSanitizerMiddleware) Close() (err error) { - return mw.sanitize(mw.next.Close()) -} - -// sanitize -func (mw *DatabaseErrorSanitizerMiddleware) sanitize(err error) error { - if err == nil { - return nil - } - if errwrap.ContainsType(err, new(url.Error)) { - return errors.New("unable to parse connection url") - } - if mw.secretsFn != nil { - for k, v := range mw.secretsFn() { - if k == "" { - continue - } - err = errors.New(strings.Replace(err.Error(), k, v.(string), -1)) - } - } - return err -} diff --git a/builtin/logical/database/dbplugin/grpc_transport.go b/builtin/logical/database/dbplugin/grpc_transport.go deleted file mode 100644 index 1b3fe7f47..000000000 --- a/builtin/logical/database/dbplugin/grpc_transport.go +++ /dev/null @@ -1,285 +0,0 @@ -package dbplugin - -import ( - "context" - "encoding/json" - "errors" - "time" - - "google.golang.org/grpc" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" - - "github.com/golang/protobuf/ptypes" - "github.com/hashicorp/vault/sdk/helper/pluginutil" -) - -var ( - ErrPluginShutdown = errors.New("plugin shutdown") -) - -// ---- gRPC Server domain ---- - -type gRPCServer struct { - impl Database -} - -func (s *gRPCServer) Type(context.Context, *Empty) (*TypeResponse, error) { - t, err := s.impl.Type() - if err != nil { - return nil, err - } - - return &TypeResponse{ - Type: t, - }, nil -} - -func (s *gRPCServer) CreateUser(ctx context.Context, req *CreateUserRequest) (*CreateUserResponse, error) { - e, err := ptypes.Timestamp(req.Expiration) - if err != nil { - return nil, err - } - - u, p, err := s.impl.CreateUser(ctx, *req.Statements, *req.UsernameConfig, e) - - return &CreateUserResponse{ - Username: u, - Password: p, - }, err -} - -func (s *gRPCServer) RenewUser(ctx context.Context, req *RenewUserRequest) (*Empty, error) { - e, err := ptypes.Timestamp(req.Expiration) - if err != nil { - return nil, err - } - err = s.impl.RenewUser(ctx, *req.Statements, req.Username, e) - return &Empty{}, err -} - -func (s *gRPCServer) RevokeUser(ctx context.Context, req *RevokeUserRequest) (*Empty, error) { - err := s.impl.RevokeUser(ctx, *req.Statements, req.Username) - return &Empty{}, err -} - -func (s *gRPCServer) RotateRootCredentials(ctx context.Context, req *RotateRootCredentialsRequest) (*RotateRootCredentialsResponse, error) { - - resp, err := s.impl.RotateRootCredentials(ctx, req.Statements) - if err != nil { - return nil, err - } - - respConfig, err := json.Marshal(resp) - if err != nil { - return nil, err - } - - return &RotateRootCredentialsResponse{ - Config: respConfig, - }, err -} - -func (s *gRPCServer) Initialize(ctx context.Context, req *InitializeRequest) (*Empty, error) { - _, err := s.Init(ctx, &InitRequest{ - Config: req.Config, - VerifyConnection: req.VerifyConnection, - }) - return &Empty{}, err -} - -func (s *gRPCServer) Init(ctx context.Context, req *InitRequest) (*InitResponse, error) { - config := map[string]interface{}{} - err := json.Unmarshal(req.Config, &config) - if err != nil { - return nil, err - } - - resp, err := s.impl.Init(ctx, config, req.VerifyConnection) - if err != nil { - return nil, err - } - - respConfig, err := json.Marshal(resp) - if err != nil { - return nil, err - } - - return &InitResponse{ - Config: respConfig, - }, err -} - -func (s *gRPCServer) Close(_ context.Context, _ *Empty) (*Empty, error) { - s.impl.Close() - return &Empty{}, nil -} - -// ---- gRPC client domain ---- - -type gRPCClient struct { - client DatabaseClient - clientConn *grpc.ClientConn - - doneCtx context.Context -} - -func (c *gRPCClient) Type() (string, error) { - resp, err := c.client.Type(c.doneCtx, &Empty{}) - if err != nil { - return "", err - } - - return resp.Type, err -} - -func (c *gRPCClient) CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error) { - t, err := ptypes.TimestampProto(expiration) - if err != nil { - return "", "", err - } - - ctx, cancel := context.WithCancel(ctx) - quitCh := pluginutil.CtxCancelIfCanceled(cancel, c.doneCtx) - defer close(quitCh) - defer cancel() - - resp, err := c.client.CreateUser(ctx, &CreateUserRequest{ - Statements: &statements, - UsernameConfig: &usernameConfig, - Expiration: t, - }) - if err != nil { - if c.doneCtx.Err() != nil { - return "", "", ErrPluginShutdown - } - - return "", "", err - } - - return resp.Username, resp.Password, err -} - -func (c *gRPCClient) RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) error { - t, err := ptypes.TimestampProto(expiration) - if err != nil { - return err - } - - ctx, cancel := context.WithCancel(ctx) - quitCh := pluginutil.CtxCancelIfCanceled(cancel, c.doneCtx) - defer close(quitCh) - defer cancel() - - _, err = c.client.RenewUser(ctx, &RenewUserRequest{ - Statements: &statements, - Username: username, - Expiration: t, - }) - if err != nil { - if c.doneCtx.Err() != nil { - return ErrPluginShutdown - } - - return err - } - - return nil -} - -func (c *gRPCClient) RevokeUser(ctx context.Context, statements Statements, username string) error { - ctx, cancel := context.WithCancel(ctx) - quitCh := pluginutil.CtxCancelIfCanceled(cancel, c.doneCtx) - defer close(quitCh) - defer cancel() - - _, err := c.client.RevokeUser(ctx, &RevokeUserRequest{ - Statements: &statements, - Username: username, - }) - - if err != nil { - if c.doneCtx.Err() != nil { - return ErrPluginShutdown - } - - return err - } - - return nil -} - -func (c *gRPCClient) RotateRootCredentials(ctx context.Context, statements []string) (conf map[string]interface{}, err error) { - ctx, cancel := context.WithCancel(ctx) - quitCh := pluginutil.CtxCancelIfCanceled(cancel, c.doneCtx) - defer close(quitCh) - defer cancel() - - resp, err := c.client.RotateRootCredentials(ctx, &RotateRootCredentialsRequest{ - Statements: statements, - }) - - if err != nil { - if c.doneCtx.Err() != nil { - return nil, ErrPluginShutdown - } - - return nil, err - } - - if err := json.Unmarshal(resp.Config, &conf); err != nil { - return nil, err - } - - return conf, nil -} - -func (c *gRPCClient) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error { - _, err := c.Init(ctx, conf, verifyConnection) - return err -} - -func (c *gRPCClient) Init(ctx context.Context, conf map[string]interface{}, verifyConnection bool) (map[string]interface{}, error) { - configRaw, err := json.Marshal(conf) - if err != nil { - return nil, err - } - - ctx, cancel := context.WithCancel(ctx) - quitCh := pluginutil.CtxCancelIfCanceled(cancel, c.doneCtx) - defer close(quitCh) - defer cancel() - - resp, err := c.client.Init(ctx, &InitRequest{ - Config: configRaw, - VerifyConnection: verifyConnection, - }) - if err != nil { - // Fall back to old call if not implemented - grpcStatus, ok := status.FromError(err) - if ok && grpcStatus.Code() == codes.Unimplemented { - _, err = c.client.Initialize(ctx, &InitializeRequest{ - Config: configRaw, - VerifyConnection: verifyConnection, - }) - if err == nil { - return conf, nil - } - } - - if c.doneCtx.Err() != nil { - return nil, ErrPluginShutdown - } - return nil, err - } - - if err := json.Unmarshal(resp.Config, &conf); err != nil { - return nil, err - } - return conf, nil -} - -func (c *gRPCClient) Close() error { - _, err := c.client.Close(c.doneCtx, &Empty{}) - return err -} diff --git a/builtin/logical/database/dbplugin/plugin.go b/builtin/logical/database/dbplugin/plugin.go deleted file mode 100644 index 6d248d15a..000000000 --- a/builtin/logical/database/dbplugin/plugin.go +++ /dev/null @@ -1,168 +0,0 @@ -package dbplugin - -import ( - "context" - "fmt" - "time" - - "google.golang.org/grpc" - - "github.com/hashicorp/errwrap" - log "github.com/hashicorp/go-hclog" - plugin "github.com/hashicorp/go-plugin" - "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/pluginutil" -) - -// Database is the interface that all database objects must implement. -type Database interface { - // Type returns the TypeName for the particular database backend - // implementation. This type name is usually set as a constant within the - // database backend implementation, e.g. "mysql" for the MySQL database - // backend. - Type() (string, error) - - // CreateUser is called on `$ vault read database/creds/:role-name` and it's - // also the first time anything is touched from `$ vault write - // database/roles/:role-name`. This is likely to be the highest-throughput - // method for most plugins. - CreateUser(ctx context.Context, statements Statements, usernameConfig UsernameConfig, expiration time.Time) (username string, password string, err error) - - // RenewUser is triggered by a renewal call to the API. In many database - // backends, this triggers a call on the underlying database that extends a - // VALID UNTIL clause on a user. However, if no such need exists, setting - // this as a NO-OP means that when renewal is called, the lease renewal time - // is pushed further out as appropriate, thus pushing out the time until the - // RevokeUser method is called. - RenewUser(ctx context.Context, statements Statements, username string, expiration time.Time) error - - // RevokeUser is triggered either automatically by a lease expiration, or by - // a revocation call to the API. - RevokeUser(ctx context.Context, statements Statements, username string) error - - // RotateRootCredentials is triggered by a root credential rotation call to - // the API. - RotateRootCredentials(ctx context.Context, statements []string) (config map[string]interface{}, err error) - - // Init is called on `$ vault write database/config/:db-name`, or when you - // do a creds call after Vault's been restarted. The config provided won't - // hold all the keys and values provided in the API call, some will be - // stripped by the database engine before the config is provided. The config - // returned will be stored, which will persist it across shutdowns. - Init(ctx context.Context, config map[string]interface{}, verifyConnection bool) (saveConfig map[string]interface{}, err error) - - // Close attempts to close the underlying database connection that was - // established by the backend. - Close() error - - // DEPRECATED: Will be removed in a future plugin version bump. - // Initialize is a backwards-compatible implementation that simply calls - // Init, dropping the saveConfig, and returning the err. - Initialize(ctx context.Context, config map[string]interface{}, verifyConnection bool) (err error) -} - -// PluginFactory is used to build plugin database types. It wraps the database -// object in a logging and metrics middleware. -func PluginFactory(ctx context.Context, pluginName string, sys pluginutil.LookRunnerUtil, logger log.Logger) (Database, error) { - // Look for plugin in the plugin catalog - pluginRunner, err := sys.LookupPlugin(ctx, pluginName, consts.PluginTypeDatabase) - if err != nil { - return nil, err - } - - namedLogger := logger.Named(pluginName) - - var transport string - var db Database - if pluginRunner.Builtin { - // Plugin is builtin so we can retrieve an instance of the interface - // from the pluginRunner. Then cast it to a Database. - dbRaw, err := pluginRunner.BuiltinFactory() - if err != nil { - return nil, errwrap.Wrapf("error initializing plugin: {{err}}", err) - } - - var ok bool - db, ok = dbRaw.(Database) - if !ok { - return nil, fmt.Errorf("unsupported database type: %q", pluginName) - } - - transport = "builtin" - - } else { - // create a DatabasePluginClient instance - db, err = NewPluginClient(ctx, sys, pluginRunner, namedLogger, false) - if err != nil { - return nil, err - } - - // Switch on the underlying database client type to get the transport - // method. - switch db.(*DatabasePluginClient).Database.(type) { - case *gRPCClient: - transport = "gRPC" - } - - } - - typeStr, err := db.Type() - if err != nil { - return nil, errwrap.Wrapf("error getting plugin type: {{err}}", err) - } - - // Wrap with metrics middleware - db = &databaseMetricsMiddleware{ - next: db, - typeStr: typeStr, - } - - // Wrap with tracing middleware - if namedLogger.IsTrace() { - db = &databaseTracingMiddleware{ - next: db, - logger: namedLogger.With("transport", transport), - } - } - - return db, nil -} - -// handshakeConfigs are used to just do a basic handshake between -// a plugin and host. If the handshake fails, a user friendly error is shown. -// This prevents users from executing bad plugins or executing a plugin -// directory. It is a UX feature, not a security feature. -var handshakeConfig = plugin.HandshakeConfig{ - ProtocolVersion: 4, - MagicCookieKey: "VAULT_DATABASE_PLUGIN", - MagicCookieValue: "926a0820-aea2-be28-51d6-83cdf00e8edb", -} - -var _ plugin.Plugin = &GRPCDatabasePlugin{} -var _ plugin.GRPCPlugin = &GRPCDatabasePlugin{} - -// GRPCDatabasePlugin is the plugin.Plugin implementation that only supports GRPC -// transport -type GRPCDatabasePlugin struct { - Impl Database - - // Embeding this will disable the netRPC protocol - plugin.NetRPCUnsupportedPlugin -} - -func (d GRPCDatabasePlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { - impl := &DatabaseErrorSanitizerMiddleware{ - next: d.Impl, - } - - RegisterDatabaseServer(s, &gRPCServer{impl: impl}) - return nil -} - -func (GRPCDatabasePlugin) GRPCClient(doneCtx context.Context, _ *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { - return &gRPCClient{ - client: NewDatabaseClient(c), - clientConn: c, - doneCtx: doneCtx, - }, nil -} diff --git a/builtin/logical/database/dbplugin/plugin_test.go b/builtin/logical/database/dbplugin/plugin_test.go index 2556ceab1..e076cc481 100644 --- a/builtin/logical/database/dbplugin/plugin_test.go +++ b/builtin/logical/database/dbplugin/plugin_test.go @@ -9,10 +9,9 @@ import ( log "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" "github.com/hashicorp/vault/helper/namespace" vaulthttp "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/plugins" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/pluginutil" "github.com/hashicorp/vault/sdk/logical" @@ -113,11 +112,11 @@ func TestPlugin_GRPC_Main(t *testing.T) { args := []string{"--tls-skip-verify=true"} - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(args) - plugins.Serve(plugin, apiClientMeta.GetTLSConfig()) + dbplugin.Serve(plugin, api.VaultPluginTLSProvider(apiClientMeta.GetTLSConfig())) } func TestPlugin_Init(t *testing.T) { diff --git a/builtin/logical/database/dbplugin/server.go b/builtin/logical/database/dbplugin/server.go deleted file mode 100644 index 401661f46..000000000 --- a/builtin/logical/database/dbplugin/server.go +++ /dev/null @@ -1,43 +0,0 @@ -package dbplugin - -import ( - "crypto/tls" - - plugin "github.com/hashicorp/go-plugin" -) - -// Serve is called from within a plugin and wraps the provided -// Database implementation in a databasePluginRPCServer object and starts a -// RPC server. -func Serve(db Database, tlsProvider func() (*tls.Config, error)) { - plugin.Serve(ServeConfig(db, tlsProvider)) -} - -func ServeConfig(db Database, tlsProvider func() (*tls.Config, error)) *plugin.ServeConfig { - // pluginSets is the map of plugins we can dispense. - pluginSets := map[int]plugin.PluginSet{ - // Version 3 used to supports both protocols. We want to keep it around - // since it's possible old plugins built against this version will still - // work with gRPC. There is currently no difference between version 3 - // and version 4. - 3: plugin.PluginSet{ - "database": &GRPCDatabasePlugin{ - Impl: db, - }, - }, - 4: plugin.PluginSet{ - "database": &GRPCDatabasePlugin{ - Impl: db, - }, - }, - } - - conf := &plugin.ServeConfig{ - HandshakeConfig: handshakeConfig, - VersionedPlugins: pluginSets, - TLSProvider: tlsProvider, - GRPCServer: plugin.DefaultGRPCServer, - } - - return conf -} diff --git a/builtin/logical/database/path_config_connection.go b/builtin/logical/database/path_config_connection.go index 0c497d2cb..644ab772c 100644 --- a/builtin/logical/database/path_config_connection.go +++ b/builtin/logical/database/path_config_connection.go @@ -9,7 +9,7 @@ import ( "github.com/fatih/structs" uuid "github.com/hashicorp/go-uuid" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/database/path_creds_create.go b/builtin/logical/database/path_creds_create.go index 18085c39a..2eaf79e09 100644 --- a/builtin/logical/database/path_creds_create.go +++ b/builtin/logical/database/path_creds_create.go @@ -5,7 +5,7 @@ import ( "fmt" "time" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" diff --git a/builtin/logical/database/path_roles.go b/builtin/logical/database/path_roles.go index f6e8568b0..1d5181115 100644 --- a/builtin/logical/database/path_roles.go +++ b/builtin/logical/database/path_roles.go @@ -4,7 +4,7 @@ import ( "context" "time" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" diff --git a/builtin/logical/database/secret_creds.go b/builtin/logical/database/secret_creds.go index 3570eb724..186dd1665 100644 --- a/builtin/logical/database/secret_creds.go +++ b/builtin/logical/database/secret_creds.go @@ -5,7 +5,7 @@ import ( "fmt" "time" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mongodb/cmd/mongodb/main.go b/builtin/logical/mongodb/cmd/mongodb/main.go index 7ae34e629..619f8e3a5 100644 --- a/builtin/logical/mongodb/cmd/mongodb/main.go +++ b/builtin/logical/mongodb/cmd/mongodb/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/mssql/cmd/mssql/main.go b/builtin/logical/mssql/cmd/mssql/main.go index 44e1fece4..0db9c1c98 100644 --- a/builtin/logical/mssql/cmd/mssql/main.go +++ b/builtin/logical/mssql/cmd/mssql/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/mssql/path_creds_create.go b/builtin/logical/mssql/path_creds_create.go index 0e4010f0b..0638d333a 100644 --- a/builtin/logical/mssql/path_creds_create.go +++ b/builtin/logical/mssql/path_creds_create.go @@ -6,8 +6,8 @@ import ( "strings" uuid "github.com/hashicorp/go-uuid" - "github.com/hashicorp/vault/helper/dbtxn" "github.com/hashicorp/vault/sdk/framework" + "github.com/hashicorp/vault/sdk/helper/dbtxn" "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mssql/secret_creds.go b/builtin/logical/mssql/secret_creds.go index 113cdbb56..68d6b84d1 100644 --- a/builtin/logical/mssql/secret_creds.go +++ b/builtin/logical/mssql/secret_creds.go @@ -6,8 +6,8 @@ import ( "fmt" "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/helper/dbtxn" "github.com/hashicorp/vault/sdk/framework" + "github.com/hashicorp/vault/sdk/helper/dbtxn" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mysql/cmd/mysql/main.go b/builtin/logical/mysql/cmd/mysql/main.go index 452980a8b..e1fbe4a01 100644 --- a/builtin/logical/mysql/cmd/mysql/main.go +++ b/builtin/logical/mysql/cmd/mysql/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/mysql/path_role_create.go b/builtin/logical/mysql/path_role_create.go index ebb1b76d9..33a41798b 100644 --- a/builtin/logical/mysql/path_role_create.go +++ b/builtin/logical/mysql/path_role_create.go @@ -6,8 +6,8 @@ import ( "strings" uuid "github.com/hashicorp/go-uuid" - "github.com/hashicorp/vault/helper/dbtxn" "github.com/hashicorp/vault/sdk/framework" + "github.com/hashicorp/vault/sdk/helper/dbtxn" "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" _ "github.com/lib/pq" diff --git a/builtin/logical/nomad/cmd/nomad/main.go b/builtin/logical/nomad/cmd/nomad/main.go index b9c09cbec..31b1c9350 100644 --- a/builtin/logical/nomad/cmd/nomad/main.go +++ b/builtin/logical/nomad/cmd/nomad/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/pki/cmd/pki/main.go b/builtin/logical/pki/cmd/pki/main.go index 5884732d2..ffcb4521c 100644 --- a/builtin/logical/pki/cmd/pki/main.go +++ b/builtin/logical/pki/cmd/pki/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/postgresql/cmd/postgresql/main.go b/builtin/logical/postgresql/cmd/postgresql/main.go index 287bd021c..6610b9757 100644 --- a/builtin/logical/postgresql/cmd/postgresql/main.go +++ b/builtin/logical/postgresql/cmd/postgresql/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/postgresql/path_role_create.go b/builtin/logical/postgresql/path_role_create.go index de5f31a31..99f553a1c 100644 --- a/builtin/logical/postgresql/path_role_create.go +++ b/builtin/logical/postgresql/path_role_create.go @@ -7,8 +7,8 @@ import ( "time" uuid "github.com/hashicorp/go-uuid" - "github.com/hashicorp/vault/helper/dbtxn" "github.com/hashicorp/vault/sdk/framework" + "github.com/hashicorp/vault/sdk/helper/dbtxn" "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" _ "github.com/lib/pq" diff --git a/builtin/logical/postgresql/secret_creds.go b/builtin/logical/postgresql/secret_creds.go index da3ef9206..4a72d7a1a 100644 --- a/builtin/logical/postgresql/secret_creds.go +++ b/builtin/logical/postgresql/secret_creds.go @@ -8,8 +8,8 @@ import ( "time" "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/helper/dbtxn" "github.com/hashicorp/vault/sdk/framework" + "github.com/hashicorp/vault/sdk/helper/dbtxn" "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/lib/pq" diff --git a/builtin/logical/rabbitmq/cmd/rabbitmq/main.go b/builtin/logical/rabbitmq/cmd/rabbitmq/main.go index 2020487c3..516f699ea 100644 --- a/builtin/logical/rabbitmq/cmd/rabbitmq/main.go +++ b/builtin/logical/rabbitmq/cmd/rabbitmq/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/ssh/cmd/ssh/main.go b/builtin/logical/ssh/cmd/ssh/main.go index d53442c2b..d04bd30af 100644 --- a/builtin/logical/ssh/cmd/ssh/main.go +++ b/builtin/logical/ssh/cmd/ssh/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/totp/cmd/totp/main.go b/builtin/logical/totp/cmd/totp/main.go index 1ccbd0021..4c96df7f3 100644 --- a/builtin/logical/totp/cmd/totp/main.go +++ b/builtin/logical/totp/cmd/totp/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/logical/transit/cmd/transit/main.go b/builtin/logical/transit/cmd/transit/main.go index dcc757577..25d4675b9 100644 --- a/builtin/logical/transit/cmd/transit/main.go +++ b/builtin/logical/transit/cmd/transit/main.go @@ -10,7 +10,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/builtin/plugin/backend_test.go b/builtin/plugin/backend_test.go index b93cf0df6..600df8604 100644 --- a/builtin/plugin/backend_test.go +++ b/builtin/plugin/backend_test.go @@ -56,7 +56,7 @@ func TestBackend_PluginMain(t *testing.T) { args = append(args, fmt.Sprintf("--ca-cert=%s", caPEM)) - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(args) tlsConfig := apiClientMeta.GetTLSConfig() diff --git a/command/agent/cache/lease_cache.go b/command/agent/cache/lease_cache.go index 434234b96..2c82f7eeb 100644 --- a/command/agent/cache/lease_cache.go +++ b/command/agent/cache/lease_cache.go @@ -19,9 +19,9 @@ import ( hclog "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/api" cachememdb "github.com/hashicorp/vault/command/agent/cache/cachememdb" - "github.com/hashicorp/vault/helper/base62" "github.com/hashicorp/vault/helper/namespace" nshelper "github.com/hashicorp/vault/helper/namespace" + "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/cryptoutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" diff --git a/command/operator_generate_root.go b/command/operator_generate_root.go index b08636c53..fcecaaf1a 100644 --- a/command/operator_generate_root.go +++ b/command/operator_generate_root.go @@ -12,9 +12,9 @@ import ( "github.com/hashicorp/errwrap" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/helper/base62" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/hashicorp/vault/helper/xor" + "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/cli" "github.com/posener/complete" diff --git a/command/operator_migrate_test.go b/command/operator_migrate_test.go index 9179cbd59..8b30d3e11 100644 --- a/command/operator_migrate_test.go +++ b/command/operator_migrate_test.go @@ -17,8 +17,8 @@ import ( "github.com/go-test/deep" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/vault/command/server" - "github.com/hashicorp/vault/helper/base62" "github.com/hashicorp/vault/helper/testhelpers" + "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/vault" ) diff --git a/go.mod b/go.mod index 24a46d49d..e75343dc0 100644 --- a/go.mod +++ b/go.mod @@ -67,7 +67,6 @@ require ( github.com/hashicorp/go-hclog v0.8.0 github.com/hashicorp/go-memdb v1.0.0 github.com/hashicorp/go-multierror v1.0.0 - github.com/hashicorp/go-plugin v1.0.0 github.com/hashicorp/go-rootcerts v1.0.0 github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-syslog v1.0.0 @@ -75,20 +74,20 @@ require ( github.com/hashicorp/golang-lru v0.5.1 github.com/hashicorp/hcl v1.0.0 github.com/hashicorp/nomad/api v0.0.0-20190412184103-1c38ced33adf - github.com/hashicorp/vault-plugin-auth-alicloud v0.5.0 - github.com/hashicorp/vault-plugin-auth-azure v0.5.0 - github.com/hashicorp/vault-plugin-auth-centrify v0.5.0 - github.com/hashicorp/vault-plugin-auth-gcp v0.5.0 - github.com/hashicorp/vault-plugin-auth-jwt v0.5.0 - github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.0 - github.com/hashicorp/vault-plugin-secrets-ad v0.5.0 - github.com/hashicorp/vault-plugin-secrets-alicloud v0.5.0 - github.com/hashicorp/vault-plugin-secrets-azure v0.5.0 - github.com/hashicorp/vault-plugin-secrets-gcp v0.5.0 - github.com/hashicorp/vault-plugin-secrets-gcpkms v0.5.0 - github.com/hashicorp/vault-plugin-secrets-kv v0.5.0 - github.com/hashicorp/vault/api v1.0.0 - github.com/hashicorp/vault/sdk v0.1.7 + github.com/hashicorp/vault-plugin-auth-alicloud v0.5.1 + github.com/hashicorp/vault-plugin-auth-azure v0.5.1 + github.com/hashicorp/vault-plugin-auth-centrify v0.5.1 + github.com/hashicorp/vault-plugin-auth-gcp v0.5.1 + github.com/hashicorp/vault-plugin-auth-jwt v0.5.1 + github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.1 + github.com/hashicorp/vault-plugin-secrets-ad v0.5.1 + github.com/hashicorp/vault-plugin-secrets-alicloud v0.5.1 + github.com/hashicorp/vault-plugin-secrets-azure v0.5.1 + github.com/hashicorp/vault-plugin-secrets-gcp v0.5.1 + github.com/hashicorp/vault-plugin-secrets-gcpkms v0.5.1 + github.com/hashicorp/vault-plugin-secrets-kv v0.5.1 + github.com/hashicorp/vault/api v1.0.1 + github.com/hashicorp/vault/sdk v0.1.8 github.com/influxdata/influxdb v0.0.0-20190411212539-d24b7ba8c4c4 github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 // indirect github.com/jackc/pgx v3.3.0+incompatible // indirect diff --git a/go.sum b/go.sum index 6c4aba98d..1852aee4b 100644 --- a/go.sum +++ b/go.sum @@ -274,30 +274,33 @@ github.com/hashicorp/nomad/api v0.0.0-20190412184103-1c38ced33adf h1:U/40PQvWkaX github.com/hashicorp/nomad/api v0.0.0-20190412184103-1c38ced33adf/go.mod h1:BDngVi1f4UA6aJq9WYTgxhfWSE1+42xshvstLU2fRGk= github.com/hashicorp/serf v0.8.2 h1:YZ7UKsJv+hKjqGVUUbtE3HNj79Eln2oQ75tniF6iPt0= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hashicorp/vault-plugin-auth-alicloud v0.5.0 h1:wz9UqUd83z96xzXMzMlRO+qMljyu5AgV2kYyQEaFusM= -github.com/hashicorp/vault-plugin-auth-alicloud v0.5.0/go.mod h1:m9UIpluGiLWWU60qbQ1AXNt6RD15kvgL7p93WGEE8CY= -github.com/hashicorp/vault-plugin-auth-azure v0.5.0 h1:SCC6gkPaMZnO4JJk+bMIf4QEWEiVjuBVcmM7sfgQgFg= -github.com/hashicorp/vault-plugin-auth-azure v0.5.0/go.mod h1:ISyvQfA+G1Wo57geBEGrh+rBRaTJph65+cCpyL9y3SM= -github.com/hashicorp/vault-plugin-auth-centrify v0.5.0 h1:1BkJBJ72nGCz5XTHFrIMV7pyWmbCO7T/5DNhs6Ka+Sg= -github.com/hashicorp/vault-plugin-auth-centrify v0.5.0/go.mod h1:5LJVb/fR3QIFI3ctn+ylMo+C46YGXRYXbg5l+2OC87A= +github.com/hashicorp/vault-plugin-auth-alicloud v0.5.1 h1:CldlLfMGlcXy+5CvnNsOWJjE9/C1i+Nho4ClSJe+63k= +github.com/hashicorp/vault-plugin-auth-alicloud v0.5.1/go.mod h1:v0d6/ft2ESFHG/PB2pqcwDPlvtAWWfOmfsY0nfbIMy0= +github.com/hashicorp/vault-plugin-auth-azure v0.5.1 h1:1CTmC68zYhp/cKuHW8K0QbnWEetFK7UUu5jaWhmzbHw= +github.com/hashicorp/vault-plugin-auth-azure v0.5.1/go.mod h1:D/slkpcqcZMqslj1X9jfU9aIOrC41LVkfDQ9lFhYg0o= +github.com/hashicorp/vault-plugin-auth-centrify v0.5.1 h1:kHWphxtASUJVYgqvfr6KjCN74qWLJeLhSRE5kBQ4iiQ= +github.com/hashicorp/vault-plugin-auth-centrify v0.5.1/go.mod h1:GHplZPj7NfPWdeCkgTRnNzbjVP5IW5MNm7+MMsjobpQ= github.com/hashicorp/vault-plugin-auth-gcp v0.5.0 h1:7mydlUN3w1LL7eKpy7i6Zzta8f0nDmBo8jxAaj1eBfg= github.com/hashicorp/vault-plugin-auth-gcp v0.5.0/go.mod h1:ll5vk2qVxmCzzDM+gl2Qdd9vGOf2FyUg9hspbyvBpQ0= -github.com/hashicorp/vault-plugin-auth-jwt v0.5.0 h1:NGXKnn+VObN7Wmy8ZW1mQw1E5zSuv9A8Nco07yETpH4= -github.com/hashicorp/vault-plugin-auth-jwt v0.5.0/go.mod h1:yPCRQbpM5Tjg2q9jGWUpmgEGbvGU/LQ4AXVXgDuNJD8= -github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.0 h1:vo4ppQrEmSDQjFz4kLmSdeapVmgMGnRPvNKyerfoWvA= -github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.0/go.mod h1:cZj//LdJ5DW6Kt+X+DEe/k6vdtNDP8fwET8g38++2pU= -github.com/hashicorp/vault-plugin-secrets-ad v0.5.0 h1:WyUKWfhIZioVjz1QmSiasy3gTjrbJv0MjEiFZ8C/eeQ= -github.com/hashicorp/vault-plugin-secrets-ad v0.5.0/go.mod h1:WmGEMGORK89KYcyDvWFplTuMW390alTzbkZvTRXoU7c= -github.com/hashicorp/vault-plugin-secrets-alicloud v0.5.0 h1:ewf07WNRNq3gtZZMiquas+f/OlAVK11j+zJan4xI19Q= -github.com/hashicorp/vault-plugin-secrets-alicloud v0.5.0/go.mod h1:kRuTqhroXcplElZa5rA4DfEh6Ae3DPHuFWiL/kDegLM= -github.com/hashicorp/vault-plugin-secrets-azure v0.5.0 h1:/lru2wFWqQcXuU2BkL1wmPd64OnSlWjQJSlM+Ia72ls= -github.com/hashicorp/vault-plugin-secrets-azure v0.5.0/go.mod h1:ETT9lHxMk+rrACbsDrM+YzJ8upURhC+7CRyXrStBeII= -github.com/hashicorp/vault-plugin-secrets-gcp v0.5.0 h1:92FGSp6mYtT59XExLBJeAGy/vmN3XY7zpaVnvRnMGHg= -github.com/hashicorp/vault-plugin-secrets-gcp v0.5.0/go.mod h1:8Fldfy8Dae4RXd1Z4WfRIvXbmD6MLeieoODDotOY8jc= -github.com/hashicorp/vault-plugin-secrets-gcpkms v0.5.0 h1:SNCIpLEN9sLIw5PMY2Gw3O91WOwC1DikcWx2yQXb+wg= -github.com/hashicorp/vault-plugin-secrets-gcpkms v0.5.0/go.mod h1:6kWea8qrrjq/7WwfB0Vr4/Wf/rTcYQAD6rDZhpnB9xI= -github.com/hashicorp/vault-plugin-secrets-kv v0.5.0 h1:YEtOOvboPmATo/ESzIwMs3YyuZnlt7Oltdrwy9c5cBg= -github.com/hashicorp/vault-plugin-secrets-kv v0.5.0/go.mod h1:NILaahjnYpYnZ3HQXn4rFBSvtYjW9MAtGsjcTf50AOk= +github.com/hashicorp/vault-plugin-auth-gcp v0.5.1 h1:8DR00s+Wmc21i3sfzvsqW88VMdf6NI2ue+onGoHshww= +github.com/hashicorp/vault-plugin-auth-gcp v0.5.1/go.mod h1:eLj92eX8MPI4vY1jaazVLF2sVbSAJ3LRHLRhF/pUmlI= +github.com/hashicorp/vault-plugin-auth-jwt v0.5.1 h1:d9WLI7oF6VMtwBZwS5bbChc4kW+UwNZUKIGXH6wnnTc= +github.com/hashicorp/vault-plugin-auth-jwt v0.5.1/go.mod h1:5VU7gc6/BEEFQW/viqMs3LBxI1D1cxJmKqKQEP3JUP4= +github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.1 h1:q6DGb12Vw/CpZ9xDWAmpzxVRKeClFqRFgbIZ3fZcvuY= +github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.1/go.mod h1:qCDsm0njdfUrnN5sFKMLjxGjZKjQf2qB6dReQ4gr4YI= +github.com/hashicorp/vault-plugin-secrets-ad v0.5.1 h1:BdiASUZLOvOUs317EnaUNjGxTSw0PYGQA7zJZhDKLC4= +github.com/hashicorp/vault-plugin-secrets-ad v0.5.1/go.mod h1:EH9CI8+0aWRBz8eIgGth0QjttmHWlGvn+8ZmX/ZUetE= +github.com/hashicorp/vault-plugin-secrets-alicloud v0.5.1 h1:72K91p4uLhT/jgtBq2zV5Wn8ocvny4sAN56XOcTxK1w= +github.com/hashicorp/vault-plugin-secrets-alicloud v0.5.1/go.mod h1:MspbyD2pPrYgBnYIawkBsFinaDb9lx9PA6uBYOG+d8I= +github.com/hashicorp/vault-plugin-secrets-azure v0.5.1 h1:6XFAkvpQl4zrXpZLSW9TCfF2z0mb2vwbrNmX2nzn480= +github.com/hashicorp/vault-plugin-secrets-azure v0.5.1/go.mod h1:9D3lbhWkN7kTCIrQl8yxMU4IkisAY3SYZaRvseih6ZE= +github.com/hashicorp/vault-plugin-secrets-gcp v0.5.1 h1:u4rOnhR1iLNxgi03bhJeNpdAr+2YVVOdYgN0IWztj+Q= +github.com/hashicorp/vault-plugin-secrets-gcp v0.5.1/go.mod h1:kVy5kaH4qjHX6d2eB3zPI/h/6edpNBF8LBoRC6zEbbs= +github.com/hashicorp/vault-plugin-secrets-gcpkms v0.5.1 h1:v25YWb7eMPe9DjGsUexRRuWwPlFNh+lbEGOeNrZalf8= +github.com/hashicorp/vault-plugin-secrets-gcpkms v0.5.1/go.mod h1:seBkt6x33ZT20koMcUwV/viMomnXDipsLgK5KUKz2ik= +github.com/hashicorp/vault-plugin-secrets-kv v0.5.1 h1:awaZ/UoeiDD0j3xF1E0kmXWJvAZw8ULayQu46mB6Un4= +github.com/hashicorp/vault-plugin-secrets-kv v0.5.1/go.mod h1:PIjaafaRr2QlkGl2SNhIywxlejeW0iMUtmx8u9u/a6c= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= @@ -418,6 +421,8 @@ github.com/ory/dockertest v3.3.4+incompatible h1:VrpM6Gqg7CrPm3bL4Wm1skO+zFWLbh7 github.com/ory/dockertest v3.3.4+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c h1:Lgl0gzECD8GnQ5QCWA8o6BtfL6mDH5rQgM4/fX3avOs= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= +github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= diff --git a/helper/base62/base62.go b/helper/base62/base62.go deleted file mode 100644 index cfbf3a364..000000000 --- a/helper/base62/base62.go +++ /dev/null @@ -1,41 +0,0 @@ -// Package base62 provides utilities for working with base62 strings. -// base62 strings will only contain characters: 0-9, a-z, A-Z -package base62 - -import ( - uuid "github.com/hashicorp/go-uuid" -) - -const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" -const csLen = byte(len(charset)) - -// Random generates a random string using base-62 characters. -// Resulting entropy is ~5.95 bits/character. -func Random(length int) (string, error) { - if length == 0 { - return "", nil - } - output := make([]byte, 0, length) - - // Request a bit more than length to reduce the chance - // of needing more than one batch of random bytes - batchSize := length + length/4 - - for { - buf, err := uuid.GenerateRandomBytes(batchSize) - if err != nil { - return "", err - } - - for _, b := range buf { - // Avoid bias by using a value range that's a multiple of 62 - if b < (csLen * 4) { - output = append(output, charset[b%csLen]) - - if len(output) == length { - return string(output), nil - } - } - } - } -} diff --git a/helper/base62/base62_test.go b/helper/base62/base62_test.go deleted file mode 100644 index 4cd490237..000000000 --- a/helper/base62/base62_test.go +++ /dev/null @@ -1,31 +0,0 @@ -package base62 - -import ( - "testing" -) - -func TestRandom(t *testing.T) { - strings := make(map[string]struct{}) - - for i := 0; i < 100000; i++ { - c, err := Random(16) - if err != nil { - t.Fatal(err) - } - if _, ok := strings[c]; ok { - t.Fatalf("Unexpected duplicate string: %s", c) - } - strings[c] = struct{}{} - - } - - for i := 0; i < 3000; i++ { - c, err := Random(i) - if err != nil { - t.Fatal(err) - } - if len(c) != i { - t.Fatalf("Expected length %d, got: %d", i, len(c)) - } - } -} diff --git a/helper/builtinplugins/registry.go b/helper/builtinplugins/registry.go index 1ab1a6d80..699f3d6fc 100644 --- a/helper/builtinplugins/registry.go +++ b/helper/builtinplugins/registry.go @@ -1,7 +1,7 @@ package builtinplugins import ( - "github.com/hashicorp/vault/plugins/helper/database/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/logical" diff --git a/helper/dbtxn/dbtxn.go b/helper/dbtxn/dbtxn.go deleted file mode 100644 index 3337bd97b..000000000 --- a/helper/dbtxn/dbtxn.go +++ /dev/null @@ -1,63 +0,0 @@ -package dbtxn - -import ( - "context" - "database/sql" - "fmt" - "strings" -) - -// ExecuteDBQuery handles executing one single statement, while properly releasing its resources. -// - ctx: Required -// - db: Required -// - config: Optional, may be nil -// - query: Required -func ExecuteDBQuery(ctx context.Context, db *sql.DB, params map[string]string, query string) error { - - parsedQuery := parseQuery(params, query) - - stmt, err := db.PrepareContext(ctx, parsedQuery) - if err != nil { - return err - } - defer stmt.Close() - - return execute(ctx, stmt) -} - -// ExecuteTxQuery handles executing one single statement, while properly releasing its resources. -// - ctx: Required -// - tx: Required -// - config: Optional, may be nil -// - query: Required -func ExecuteTxQuery(ctx context.Context, tx *sql.Tx, params map[string]string, query string) error { - - parsedQuery := parseQuery(params, query) - - stmt, err := tx.PrepareContext(ctx, parsedQuery) - if err != nil { - return err - } - defer stmt.Close() - - return execute(ctx, stmt) -} - -func execute(ctx context.Context, stmt *sql.Stmt) error { - if _, err := stmt.ExecContext(ctx); err != nil { - return err - } - return nil -} - -func parseQuery(m map[string]string, tpl string) string { - - if m == nil || len(m) <= 0 { - return tpl - } - - for k, v := range m { - tpl = strings.Replace(tpl, fmt.Sprintf("{{%s}}", k), v, -1) - } - return tpl -} diff --git a/http/plugin_test.go b/http/plugin_test.go index 2352f8fab..305ce2457 100644 --- a/http/plugin_test.go +++ b/http/plugin_test.go @@ -76,7 +76,7 @@ func TestPlugin_PluginMain(t *testing.T) { args := []string{"--ca-cert=" + caPEM} - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(args) diff --git a/http/sys_generate_root.go b/http/sys_generate_root.go index 1e2a06fd7..56b8694a2 100644 --- a/http/sys_generate_root.go +++ b/http/sys_generate_root.go @@ -8,7 +8,7 @@ import ( "io" "net/http" - "github.com/hashicorp/vault/helper/base62" + "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/vault" ) diff --git a/plugins/database/cassandra/cassandra-database-plugin/main.go b/plugins/database/cassandra/cassandra-database-plugin/main.go index 8c44fa15e..c03984193 100644 --- a/plugins/database/cassandra/cassandra-database-plugin/main.go +++ b/plugins/database/cassandra/cassandra-database-plugin/main.go @@ -9,7 +9,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/plugins/database/cassandra/cassandra.go b/plugins/database/cassandra/cassandra.go index 054904540..44c889709 100644 --- a/plugins/database/cassandra/cassandra.go +++ b/plugins/database/cassandra/cassandra.go @@ -8,10 +8,9 @@ import ( "github.com/gocql/gocql" multierror "github.com/hashicorp/go-multierror" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/plugins" - "github.com/hashicorp/vault/plugins/helper/database/credsutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/strutil" ) @@ -62,7 +61,7 @@ func Run(apiTLSConfig *api.TLSConfig) error { return err } - plugins.Serve(dbType.(dbplugin.Database), apiTLSConfig) + dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig)) return nil } diff --git a/plugins/database/cassandra/cassandra_test.go b/plugins/database/cassandra/cassandra_test.go index 5f3676cb2..fcf041652 100644 --- a/plugins/database/cassandra/cassandra_test.go +++ b/plugins/database/cassandra/cassandra_test.go @@ -11,7 +11,7 @@ import ( "github.com/gocql/gocql" "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/ory/dockertest" ) diff --git a/plugins/database/cassandra/connection_producer.go b/plugins/database/cassandra/connection_producer.go index 916ab1bdf..87579de4e 100644 --- a/plugins/database/cassandra/connection_producer.go +++ b/plugins/database/cassandra/connection_producer.go @@ -12,8 +12,8 @@ import ( "github.com/gocql/gocql" "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/plugins/helper/database/connutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/helper/connutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/tlsutil" diff --git a/plugins/database/hana/hana-database-plugin/main.go b/plugins/database/hana/hana-database-plugin/main.go index eb87fb695..bbd6139f5 100644 --- a/plugins/database/hana/hana-database-plugin/main.go +++ b/plugins/database/hana/hana-database-plugin/main.go @@ -9,7 +9,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/plugins/database/hana/hana.go b/plugins/database/hana/hana.go index 6b318e4e0..a2af57526 100644 --- a/plugins/database/hana/hana.go +++ b/plugins/database/hana/hana.go @@ -10,12 +10,11 @@ import ( _ "github.com/SAP/go-hdb/driver" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/helper/dbtxn" - "github.com/hashicorp/vault/plugins" - "github.com/hashicorp/vault/plugins/helper/database/connutil" - "github.com/hashicorp/vault/plugins/helper/database/credsutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/connutil" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" + "github.com/hashicorp/vault/sdk/helper/dbtxn" "github.com/hashicorp/vault/sdk/helper/strutil" ) @@ -64,7 +63,7 @@ func Run(apiTLSConfig *api.TLSConfig) error { return err } - plugins.Serve(dbType.(dbplugin.Database), apiTLSConfig) + dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig)) return nil } diff --git a/plugins/database/hana/hana_test.go b/plugins/database/hana/hana_test.go index cb352520b..bcb7a9e19 100644 --- a/plugins/database/hana/hana_test.go +++ b/plugins/database/hana/hana_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" ) func TestHANA_Initialize(t *testing.T) { diff --git a/plugins/database/influxdb/connection_producer.go b/plugins/database/influxdb/connection_producer.go index 8dc41821d..52bd8e945 100644 --- a/plugins/database/influxdb/connection_producer.go +++ b/plugins/database/influxdb/connection_producer.go @@ -8,7 +8,7 @@ import ( "time" "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/plugins/helper/database/connutil" + "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/tlsutil" diff --git a/plugins/database/influxdb/influxdb-database-plugin/main.go b/plugins/database/influxdb/influxdb-database-plugin/main.go index 417e51a9c..5f7be2e8b 100644 --- a/plugins/database/influxdb/influxdb-database-plugin/main.go +++ b/plugins/database/influxdb/influxdb-database-plugin/main.go @@ -9,7 +9,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/plugins/database/influxdb/influxdb.go b/plugins/database/influxdb/influxdb.go index 22c070cfa..e77adf5f1 100644 --- a/plugins/database/influxdb/influxdb.go +++ b/plugins/database/influxdb/influxdb.go @@ -7,10 +7,9 @@ import ( multierror "github.com/hashicorp/go-multierror" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/plugins" - "github.com/hashicorp/vault/plugins/helper/database/credsutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/strutil" influx "github.com/influxdata/influxdb/client/v2" ) @@ -62,7 +61,7 @@ func Run(apiTLSConfig *api.TLSConfig) error { return err } - plugins.Serve(dbType.(dbplugin.Database), apiTLSConfig) + dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig)) return nil } diff --git a/plugins/database/influxdb/influxdb_test.go b/plugins/database/influxdb/influxdb_test.go index 2898f9f61..174862685 100644 --- a/plugins/database/influxdb/influxdb_test.go +++ b/plugins/database/influxdb/influxdb_test.go @@ -9,7 +9,7 @@ import ( "time" "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" influx "github.com/influxdata/influxdb/client/v2" "github.com/ory/dockertest" ) diff --git a/plugins/database/mongodb/connection_producer.go b/plugins/database/mongodb/connection_producer.go index 5debbc6a5..847e8fa0e 100644 --- a/plugins/database/mongodb/connection_producer.go +++ b/plugins/database/mongodb/connection_producer.go @@ -15,8 +15,8 @@ import ( "time" "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/plugins/helper/database/connutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/helper/connutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/mitchellh/mapstructure" mgo "gopkg.in/mgo.v2" diff --git a/plugins/database/mongodb/mongodb-database-plugin/main.go b/plugins/database/mongodb/mongodb-database-plugin/main.go index c5f9e12ac..d8b5d398d 100644 --- a/plugins/database/mongodb/mongodb-database-plugin/main.go +++ b/plugins/database/mongodb/mongodb-database-plugin/main.go @@ -9,7 +9,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/plugins/database/mongodb/mongodb.go b/plugins/database/mongodb/mongodb.go index 820a38170..607aff71b 100644 --- a/plugins/database/mongodb/mongodb.go +++ b/plugins/database/mongodb/mongodb.go @@ -13,10 +13,9 @@ import ( "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/plugins" - "github.com/hashicorp/vault/plugins/helper/database/credsutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" mgo "gopkg.in/mgo.v2" ) @@ -61,7 +60,7 @@ func Run(apiTLSConfig *api.TLSConfig) error { return err } - plugins.Serve(dbType.(*MongoDB), apiTLSConfig) + dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig)) return nil } diff --git a/plugins/database/mongodb/mongodb_test.go b/plugins/database/mongodb/mongodb_test.go index 779f312aa..99addcf46 100644 --- a/plugins/database/mongodb/mongodb_test.go +++ b/plugins/database/mongodb/mongodb_test.go @@ -11,7 +11,7 @@ import ( "strings" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/ory/dockertest" ) diff --git a/plugins/database/mssql/mssql-database-plugin/main.go b/plugins/database/mssql/mssql-database-plugin/main.go index 55080a7d5..96b4f338d 100644 --- a/plugins/database/mssql/mssql-database-plugin/main.go +++ b/plugins/database/mssql/mssql-database-plugin/main.go @@ -9,7 +9,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/plugins/database/mssql/mssql.go b/plugins/database/mssql/mssql.go index 2ba384410..dfc34c1b4 100644 --- a/plugins/database/mssql/mssql.go +++ b/plugins/database/mssql/mssql.go @@ -12,12 +12,11 @@ import ( "github.com/hashicorp/errwrap" multierror "github.com/hashicorp/go-multierror" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/helper/dbtxn" - "github.com/hashicorp/vault/plugins" - "github.com/hashicorp/vault/plugins/helper/database/connutil" - "github.com/hashicorp/vault/plugins/helper/database/credsutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/connutil" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" + "github.com/hashicorp/vault/sdk/helper/dbtxn" "github.com/hashicorp/vault/sdk/helper/strutil" ) @@ -63,7 +62,7 @@ func Run(apiTLSConfig *api.TLSConfig) error { return err } - plugins.Serve(dbType.(dbplugin.Database), apiTLSConfig) + dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig)) return nil } diff --git a/plugins/database/mssql/mssql_test.go b/plugins/database/mssql/mssql_test.go index 43b721e81..3840233e9 100644 --- a/plugins/database/mssql/mssql_test.go +++ b/plugins/database/mssql/mssql_test.go @@ -9,7 +9,7 @@ import ( "testing" "time" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" ) func TestMSSQL_Initialize(t *testing.T) { diff --git a/plugins/database/mysql/mysql-database-plugin/main.go b/plugins/database/mysql/mysql-database-plugin/main.go index 0849c3fe6..ca9879eb1 100644 --- a/plugins/database/mysql/mysql-database-plugin/main.go +++ b/plugins/database/mysql/mysql-database-plugin/main.go @@ -9,7 +9,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/plugins/database/mysql/mysql-legacy-database-plugin/main.go b/plugins/database/mysql/mysql-legacy-database-plugin/main.go index 479558f51..90297d7f4 100644 --- a/plugins/database/mysql/mysql-legacy-database-plugin/main.go +++ b/plugins/database/mysql/mysql-legacy-database-plugin/main.go @@ -9,7 +9,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/plugins/database/mysql/mysql.go b/plugins/database/mysql/mysql.go index 18f497c63..bf349aaea 100644 --- a/plugins/database/mysql/mysql.go +++ b/plugins/database/mysql/mysql.go @@ -9,11 +9,10 @@ import ( stdmysql "github.com/go-sql-driver/mysql" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/plugins" - "github.com/hashicorp/vault/plugins/helper/database/connutil" - "github.com/hashicorp/vault/plugins/helper/database/credsutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/connutil" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/strutil" ) @@ -94,7 +93,7 @@ func runCommon(legacy bool, apiTLSConfig *api.TLSConfig) error { return err } - plugins.Serve(dbType.(dbplugin.Database), apiTLSConfig) + dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig)) return nil } diff --git a/plugins/database/mysql/mysql_test.go b/plugins/database/mysql/mysql_test.go index b39dc9b71..d927265f7 100644 --- a/plugins/database/mysql/mysql_test.go +++ b/plugins/database/mysql/mysql_test.go @@ -9,9 +9,9 @@ import ( "testing" "time" - "github.com/hashicorp/vault/plugins/helper/database/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/ory/dockertest" ) diff --git a/plugins/database/postgresql/postgresql-database-plugin/main.go b/plugins/database/postgresql/postgresql-database-plugin/main.go index e4c92464d..2c5c1b5f7 100644 --- a/plugins/database/postgresql/postgresql-database-plugin/main.go +++ b/plugins/database/postgresql/postgresql-database-plugin/main.go @@ -9,7 +9,7 @@ import ( ) func main() { - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(os.Args[1:]) diff --git a/plugins/database/postgresql/postgresql.go b/plugins/database/postgresql/postgresql.go index 09f90ad29..4be5418cb 100644 --- a/plugins/database/postgresql/postgresql.go +++ b/plugins/database/postgresql/postgresql.go @@ -10,12 +10,11 @@ import ( "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/helper/dbtxn" - "github.com/hashicorp/vault/plugins" - "github.com/hashicorp/vault/plugins/helper/database/connutil" - "github.com/hashicorp/vault/plugins/helper/database/credsutil" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" + "github.com/hashicorp/vault/sdk/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/helper/connutil" + "github.com/hashicorp/vault/sdk/database/helper/credsutil" + "github.com/hashicorp/vault/sdk/database/helper/dbutil" + "github.com/hashicorp/vault/sdk/helper/dbtxn" "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/lib/pq" ) @@ -66,7 +65,7 @@ func Run(apiTLSConfig *api.TLSConfig) error { return err } - plugins.Serve(dbType.(dbplugin.Database), apiTLSConfig) + dbplugin.Serve(dbType.(dbplugin.Database), api.VaultPluginTLSProvider(apiTLSConfig)) return nil } diff --git a/plugins/database/postgresql/postgresql_test.go b/plugins/database/postgresql/postgresql_test.go index e6bb33044..0579b8582 100644 --- a/plugins/database/postgresql/postgresql_test.go +++ b/plugins/database/postgresql/postgresql_test.go @@ -10,7 +10,7 @@ import ( "testing" "time" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/ory/dockertest" ) diff --git a/plugins/helper/database/connutil/connutil.go b/plugins/helper/database/connutil/connutil.go deleted file mode 100644 index 35553d226..000000000 --- a/plugins/helper/database/connutil/connutil.go +++ /dev/null @@ -1,25 +0,0 @@ -package connutil - -import ( - "context" - "errors" - "sync" -) - -var ( - ErrNotInitialized = errors.New("connection has not been initialized") -) - -// ConnectionProducer can be used as an embedded interface in the Database -// definition. It implements the methods dealing with individual database -// connections and is used in all the builtin database types. -type ConnectionProducer interface { - Close() error - Init(context.Context, map[string]interface{}, bool) (map[string]interface{}, error) - Connection(context.Context) (interface{}, error) - - sync.Locker - - // DEPRECATED, will be removed in 0.12 - Initialize(context.Context, map[string]interface{}, bool) error -} diff --git a/plugins/helper/database/connutil/sql.go b/plugins/helper/database/connutil/sql.go deleted file mode 100644 index 41bee605f..000000000 --- a/plugins/helper/database/connutil/sql.go +++ /dev/null @@ -1,164 +0,0 @@ -package connutil - -import ( - "context" - "database/sql" - "fmt" - "strings" - "sync" - "time" - - "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/plugins/helper/database/dbutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/mitchellh/mapstructure" -) - -var _ ConnectionProducer = &SQLConnectionProducer{} - -// SQLConnectionProducer implements ConnectionProducer and provides a generic producer for most sql databases -type SQLConnectionProducer struct { - ConnectionURL string `json:"connection_url" mapstructure:"connection_url" structs:"connection_url"` - MaxOpenConnections int `json:"max_open_connections" mapstructure:"max_open_connections" structs:"max_open_connections"` - MaxIdleConnections int `json:"max_idle_connections" mapstructure:"max_idle_connections" structs:"max_idle_connections"` - MaxConnectionLifetimeRaw interface{} `json:"max_connection_lifetime" mapstructure:"max_connection_lifetime" structs:"max_connection_lifetime"` - Username string `json:"username" mapstructure:"username" structs:"username"` - Password string `json:"password" mapstructure:"password" structs:"password"` - - Type string - RawConfig map[string]interface{} - maxConnectionLifetime time.Duration - Initialized bool - db *sql.DB - sync.Mutex -} - -func (c *SQLConnectionProducer) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error { - _, err := c.Init(ctx, conf, verifyConnection) - return err -} - -func (c *SQLConnectionProducer) Init(ctx context.Context, conf map[string]interface{}, verifyConnection bool) (map[string]interface{}, error) { - c.Lock() - defer c.Unlock() - - c.RawConfig = conf - - err := mapstructure.WeakDecode(conf, &c) - if err != nil { - return nil, err - } - - if len(c.ConnectionURL) == 0 { - return nil, fmt.Errorf("connection_url cannot be empty") - } - - c.ConnectionURL = dbutil.QueryHelper(c.ConnectionURL, map[string]string{ - "username": c.Username, - "password": c.Password, - }) - - if c.MaxOpenConnections == 0 { - c.MaxOpenConnections = 2 - } - - if c.MaxIdleConnections == 0 { - c.MaxIdleConnections = c.MaxOpenConnections - } - if c.MaxIdleConnections > c.MaxOpenConnections { - c.MaxIdleConnections = c.MaxOpenConnections - } - if c.MaxConnectionLifetimeRaw == nil { - c.MaxConnectionLifetimeRaw = "0s" - } - - c.maxConnectionLifetime, err = parseutil.ParseDurationSecond(c.MaxConnectionLifetimeRaw) - if err != nil { - return nil, errwrap.Wrapf("invalid max_connection_lifetime: {{err}}", err) - } - - // Set initialized to true at this point since all fields are set, - // and the connection can be established at a later time. - c.Initialized = true - - if verifyConnection { - if _, err := c.Connection(ctx); err != nil { - return nil, errwrap.Wrapf("error verifying connection: {{err}}", err) - } - - if err := c.db.PingContext(ctx); err != nil { - return nil, errwrap.Wrapf("error verifying connection: {{err}}", err) - } - } - - return c.RawConfig, nil -} - -func (c *SQLConnectionProducer) Connection(ctx context.Context) (interface{}, error) { - if !c.Initialized { - return nil, ErrNotInitialized - } - - // If we already have a DB, test it and return - if c.db != nil { - if err := c.db.PingContext(ctx); err == nil { - return c.db, nil - } - // If the ping was unsuccessful, close it and ignore errors as we'll be - // reestablishing anyways - c.db.Close() - } - - // For mssql backend, switch to sqlserver instead - dbType := c.Type - if c.Type == "mssql" { - dbType = "sqlserver" - } - - // Otherwise, attempt to make connection - conn := c.ConnectionURL - - // Ensure timezone is set to UTC for all the connections - if strings.HasPrefix(conn, "postgres://") || strings.HasPrefix(conn, "postgresql://") { - if strings.Contains(conn, "?") { - conn += "&timezone=utc" - } else { - conn += "?timezone=utc" - } - } - - var err error - c.db, err = sql.Open(dbType, conn) - if err != nil { - return nil, err - } - - // Set some connection pool settings. We don't need much of this, - // since the request rate shouldn't be high. - c.db.SetMaxOpenConns(c.MaxOpenConnections) - c.db.SetMaxIdleConns(c.MaxIdleConnections) - c.db.SetConnMaxLifetime(c.maxConnectionLifetime) - - return c.db, nil -} - -func (c *SQLConnectionProducer) SecretValues() map[string]interface{} { - return map[string]interface{}{ - c.Password: "[password]", - } -} - -// Close attempts to close the connection -func (c *SQLConnectionProducer) Close() error { - // Grab the write lock - c.Lock() - defer c.Unlock() - - if c.db != nil { - c.db.Close() - } - - c.db = nil - - return nil -} diff --git a/plugins/helper/database/credsutil/credsutil.go b/plugins/helper/database/credsutil/credsutil.go deleted file mode 100644 index 82fa3b854..000000000 --- a/plugins/helper/database/credsutil/credsutil.go +++ /dev/null @@ -1,46 +0,0 @@ -package credsutil - -import ( - "time" - - "fmt" - - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/helper/base62" -) - -// CredentialsProducer can be used as an embedded interface in the Database -// definition. It implements the methods for generating user information for a -// particular database type and is used in all the builtin database types. -type CredentialsProducer interface { - GenerateUsername(usernameConfig dbplugin.UsernameConfig) (string, error) - GeneratePassword() (string, error) - GenerateExpiration(ttl time.Time) (string, error) -} - -const ( - reqStr = `A1a-` - minStrLen = 10 -) - -// RandomAlphaNumeric returns a random string of characters [A-Za-z0-9-] -// of the provided length. The string generated takes up to 4 characters -// of space that are predefined and prepended to ensure password -// character requirements. It also requires a min length of 10 characters. -func RandomAlphaNumeric(length int, prependA1a bool) (string, error) { - if length < minStrLen { - return "", fmt.Errorf("minimum length of %d is required", minStrLen) - } - - var prefix string - if prependA1a { - prefix = reqStr - } - - randomStr, err := base62.Random(length - len(prefix)) - if err != nil { - return "", err - } - - return prefix + randomStr, nil -} diff --git a/plugins/helper/database/credsutil/credsutil_test.go b/plugins/helper/database/credsutil/credsutil_test.go deleted file mode 100644 index e094719d0..000000000 --- a/plugins/helper/database/credsutil/credsutil_test.go +++ /dev/null @@ -1,40 +0,0 @@ -package credsutil - -import ( - "strings" - "testing" -) - -func TestRandomAlphaNumeric(t *testing.T) { - s, err := RandomAlphaNumeric(10, true) - if err != nil { - t.Fatalf("Unexpected error: %s", err) - } - if len(s) != 10 { - t.Fatalf("Unexpected length of string, expected 10, got string: %s", s) - } - - s, err = RandomAlphaNumeric(20, true) - if err != nil { - t.Fatalf("Unexpected error: %s", err) - } - if len(s) != 20 { - t.Fatalf("Unexpected length of string, expected 20, got string: %s", s) - } - - if !strings.Contains(s, reqStr) { - t.Fatalf("Expected %s to contain %s", s, reqStr) - } - - s, err = RandomAlphaNumeric(20, false) - if err != nil { - t.Fatalf("Unexpected error: %s", err) - } - if len(s) != 20 { - t.Fatalf("Unexpected length of string, expected 20, got string: %s", s) - } - - if strings.Contains(s, reqStr) { - t.Fatalf("Expected %s not to contain %s", s, reqStr) - } -} diff --git a/plugins/helper/database/credsutil/sql.go b/plugins/helper/database/credsutil/sql.go deleted file mode 100644 index 2f9cc7d19..000000000 --- a/plugins/helper/database/credsutil/sql.go +++ /dev/null @@ -1,72 +0,0 @@ -package credsutil - -import ( - "fmt" - "time" - - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" -) - -const ( - NoneLength int = -1 -) - -// SQLCredentialsProducer implements CredentialsProducer and provides a generic credentials producer for most sql database types. -type SQLCredentialsProducer struct { - DisplayNameLen int - RoleNameLen int - UsernameLen int - Separator string -} - -func (scp *SQLCredentialsProducer) GenerateUsername(config dbplugin.UsernameConfig) (string, error) { - username := "v" - - displayName := config.DisplayName - if scp.DisplayNameLen > 0 && len(displayName) > scp.DisplayNameLen { - displayName = displayName[:scp.DisplayNameLen] - } else if scp.DisplayNameLen == NoneLength { - displayName = "" - } - - if len(displayName) > 0 { - username = fmt.Sprintf("%s%s%s", username, scp.Separator, displayName) - } - - roleName := config.RoleName - if scp.RoleNameLen > 0 && len(roleName) > scp.RoleNameLen { - roleName = roleName[:scp.RoleNameLen] - } else if scp.RoleNameLen == NoneLength { - roleName = "" - } - - if len(roleName) > 0 { - username = fmt.Sprintf("%s%s%s", username, scp.Separator, roleName) - } - - userUUID, err := RandomAlphaNumeric(20, false) - if err != nil { - return "", err - } - - username = fmt.Sprintf("%s%s%s", username, scp.Separator, userUUID) - username = fmt.Sprintf("%s%s%s", username, scp.Separator, fmt.Sprint(time.Now().Unix())) - if scp.UsernameLen > 0 && len(username) > scp.UsernameLen { - username = username[:scp.UsernameLen] - } - - return username, nil -} - -func (scp *SQLCredentialsProducer) GeneratePassword() (string, error) { - password, err := RandomAlphaNumeric(20, true) - if err != nil { - return "", err - } - - return password, nil -} - -func (scp *SQLCredentialsProducer) GenerateExpiration(ttl time.Time) (string, error) { - return ttl.Format("2006-01-02 15:04:05-0700"), nil -} diff --git a/plugins/helper/database/dbutil/dbutil.go b/plugins/helper/database/dbutil/dbutil.go deleted file mode 100644 index 42257053c..000000000 --- a/plugins/helper/database/dbutil/dbutil.go +++ /dev/null @@ -1,52 +0,0 @@ -package dbutil - -import ( - "errors" - "fmt" - "strings" - - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" -) - -var ( - ErrEmptyCreationStatement = errors.New("empty creation statements") -) - -// Query templates a query for us. -func QueryHelper(tpl string, data map[string]string) string { - for k, v := range data { - tpl = strings.Replace(tpl, fmt.Sprintf("{{%s}}", k), v, -1) - } - - return tpl -} - -// StatementCompatibilityHelper will populate the statements fields to support -// compatibility -func StatementCompatibilityHelper(statements dbplugin.Statements) dbplugin.Statements { - switch { - case len(statements.Creation) > 0 && len(statements.CreationStatements) == 0: - statements.CreationStatements = strings.Join(statements.Creation, ";") - case len(statements.CreationStatements) > 0: - statements.Creation = []string{statements.CreationStatements} - } - switch { - case len(statements.Revocation) > 0 && len(statements.RevocationStatements) == 0: - statements.RevocationStatements = strings.Join(statements.Revocation, ";") - case len(statements.RevocationStatements) > 0: - statements.Revocation = []string{statements.RevocationStatements} - } - switch { - case len(statements.Renewal) > 0 && len(statements.RenewStatements) == 0: - statements.RenewStatements = strings.Join(statements.Renewal, ";") - case len(statements.RenewStatements) > 0: - statements.Renewal = []string{statements.RenewStatements} - } - switch { - case len(statements.Rollback) > 0 && len(statements.RollbackStatements) == 0: - statements.RollbackStatements = strings.Join(statements.Rollback, ";") - case len(statements.RollbackStatements) > 0: - statements.Rollback = []string{statements.RollbackStatements} - } - return statements -} diff --git a/plugins/helper/database/dbutil/dbutil_test.go b/plugins/helper/database/dbutil/dbutil_test.go deleted file mode 100644 index 4d239a6ef..000000000 --- a/plugins/helper/database/dbutil/dbutil_test.go +++ /dev/null @@ -1,62 +0,0 @@ -package dbutil - -import ( - "reflect" - "testing" - - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" -) - -func TestStatementCompatibilityHelper(t *testing.T) { - const ( - creationStatement = "creation" - renewStatement = "renew" - revokeStatement = "revoke" - rollbackStatement = "rollback" - ) - - expectedStatements := dbplugin.Statements{ - Creation: []string{creationStatement}, - Rollback: []string{rollbackStatement}, - Revocation: []string{revokeStatement}, - Renewal: []string{renewStatement}, - CreationStatements: creationStatement, - RenewStatements: renewStatement, - RollbackStatements: rollbackStatement, - RevocationStatements: revokeStatement, - } - - statements1 := dbplugin.Statements{ - CreationStatements: creationStatement, - RenewStatements: renewStatement, - RollbackStatements: rollbackStatement, - RevocationStatements: revokeStatement, - } - - if !reflect.DeepEqual(expectedStatements, StatementCompatibilityHelper(statements1)) { - t.Fatalf("mismatch: %#v, %#v", expectedStatements, statements1) - } - - statements2 := dbplugin.Statements{ - Creation: []string{creationStatement}, - Rollback: []string{rollbackStatement}, - Revocation: []string{revokeStatement}, - Renewal: []string{renewStatement}, - } - - if !reflect.DeepEqual(expectedStatements, StatementCompatibilityHelper(statements2)) { - t.Fatalf("mismatch: %#v, %#v", expectedStatements, statements2) - } - - statements3 := dbplugin.Statements{ - CreationStatements: creationStatement, - } - expectedStatements3 := dbplugin.Statements{ - Creation: []string{creationStatement}, - CreationStatements: creationStatement, - } - if !reflect.DeepEqual(expectedStatements3, StatementCompatibilityHelper(statements3)) { - t.Fatalf("mismatch: %#v, %#v", expectedStatements3, statements3) - } - -} diff --git a/plugins/serve.go b/plugins/serve.go deleted file mode 100644 index 40e85d617..000000000 --- a/plugins/serve.go +++ /dev/null @@ -1,31 +0,0 @@ -package plugins - -import ( - "fmt" - - "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" - "github.com/hashicorp/vault/sdk/helper/pluginutil" -) - -// Serve is used to start a plugin's RPC server. It takes an interface that must -// implement a known plugin interface to vault and an optional api.TLSConfig for -// use during the initial unwrap request to vault. The api config is particularly -// useful when vault is setup to require client cert checking. -func Serve(plugin interface{}, tlsConfig *api.TLSConfig) { - tlsProvider := api.VaultPluginTLSProvider(tlsConfig) - - err := pluginutil.OptionallyEnableMlock() - if err != nil { - fmt.Println(err) - return - } - - switch p := plugin.(type) { - case dbplugin.Database: - dbplugin.Serve(p, tlsProvider) - default: - fmt.Println("Unsupported plugin type") - } - -} diff --git a/vault/expiration.go b/vault/expiration.go index b83d1191e..03eb721c3 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -16,9 +16,9 @@ import ( "github.com/hashicorp/errwrap" log "github.com/hashicorp/go-hclog" multierror "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/helper/base62" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" + "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/locksutil" diff --git a/vault/generate_root_test.go b/vault/generate_root_test.go index fc00973e6..cd4c44be0 100644 --- a/vault/generate_root_test.go +++ b/vault/generate_root_test.go @@ -4,10 +4,10 @@ import ( "encoding/base64" "testing" - "github.com/hashicorp/vault/helper/base62" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/hashicorp/vault/helper/xor" + "github.com/hashicorp/vault/sdk/helper/base62" ) func TestCore_GenerateRoot_Lifecycle(t *testing.T) { diff --git a/vault/logical_system_integ_test.go b/vault/logical_system_integ_test.go index bfb74a645..8ecb72507 100644 --- a/vault/logical_system_integ_test.go +++ b/vault/logical_system_integ_test.go @@ -581,7 +581,7 @@ func TestBackend_PluginMainLogical(t *testing.T) { } args = append(args, fmt.Sprintf("--ca-cert=%s", caPEM)) - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(args) tlsConfig := apiClientMeta.GetTLSConfig() @@ -610,7 +610,7 @@ func TestBackend_PluginMainCredentials(t *testing.T) { } args = append(args, fmt.Sprintf("--ca-cert=%s", caPEM)) - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(args) tlsConfig := apiClientMeta.GetTLSConfig() @@ -646,7 +646,7 @@ func TestBackend_PluginMainEnv(t *testing.T) { } args = append(args, fmt.Sprintf("--ca-cert=%s", caPEM)) - apiClientMeta := &api.APIClientMeta{} + apiClientMeta := &api.PluginAPIClientMeta{} flags := apiClientMeta.FlagSet() flags.Parse(args) tlsConfig := apiClientMeta.GetTLSConfig() diff --git a/vault/plugin_catalog.go b/vault/plugin_catalog.go index ef9723fc3..f1a2fc963 100644 --- a/vault/plugin_catalog.go +++ b/vault/plugin_catalog.go @@ -14,7 +14,7 @@ import ( multierror "github.com/hashicorp/go-multierror" "github.com/hashicorp/errwrap" - "github.com/hashicorp/vault/builtin/logical/database/dbplugin" + "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/pluginutil" diff --git a/vault/token_store.go b/vault/token_store.go index 12d1017c3..31789ca87 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -21,10 +21,10 @@ import ( metrics "github.com/armon/go-metrics" multierror "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/helper/base62" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" + "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/locksutil" diff --git a/website/source/docs/internals/plugins.html.md b/website/source/docs/internals/plugins.html.md index e6484a3c5..9057fdee8 100644 --- a/website/source/docs/internals/plugins.html.md +++ b/website/source/docs/internals/plugins.html.md @@ -129,7 +129,7 @@ import ( "os" "github.com/hashicorp/vault/sdk/helper/pluginutil" - "github.com/hashicorp/vault/plugins" + "github.com/hashicorp/vault/api/plugins" ) func main() { diff --git a/website/source/docs/secrets/databases/custom.html.md b/website/source/docs/secrets/databases/custom.html.md index e75a26df9..dac648821 100644 --- a/website/source/docs/secrets/databases/custom.html.md +++ b/website/source/docs/secrets/databases/custom.html.md @@ -74,7 +74,7 @@ calling the `Serve` method: package main import ( - "github.com/hashicorp/vault/plugins" + "github.com/hashicorp/vault/api/plugins" ) func main() {