Move plugin env checks to their own file (#4253)
This commit is contained in:
Brian Kassouf
GitHub
parent
cf1a9647f4
commit
39970ac23d
|
|
@ -3,15 +3,34 @@ package pluginutil
|
|||
import (
|
||||
"os"
|
||||
|
||||
"github.com/hashicorp/go-version"
|
||||
version "github.com/hashicorp/go-version"
|
||||
"github.com/hashicorp/vault/helper/mlock"
|
||||
)
|
||||
|
||||
var (
|
||||
// PluginMlockEnabled is the ENV name used to pass the configuration for
|
||||
// enabling mlock
|
||||
PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
|
||||
|
||||
// PluginVaultVersionEnv is the ENV name used to pass the version of the
|
||||
// vault server to the plugin
|
||||
PluginVaultVersionEnv = "VAULT_VERSION"
|
||||
|
||||
// PluginMetadataModeEnv is an ENV name used to disable TLS communication
|
||||
// to bootstrap mounting plugins.
|
||||
PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
|
||||
)
|
||||
|
||||
// OptionallyEnableMlock determines if mlock should be called, and if so enables
|
||||
// mlock.
|
||||
func OptionallyEnableMlock() error {
|
||||
if os.Getenv(PluginMlockEnabled) == "true" {
|
||||
return mlock.LockMemory()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or
|
||||
// it fails to meet the version constraint.
|
||||
func GRPCSupport() bool {
|
||||
|
|
@ -40,3 +59,8 @@ func GRPCSupport() bool {
|
|||
|
||||
return true
|
||||
}
|
||||
|
||||
// Returns true if the plugin calling this function is running in metadata mode.
|
||||
func InMetadataMode() bool {
|
||||
return os.Getenv(PluginMetadataModeEnv) == "true"
|
||||
}
|
||||
|
|
@ -1,23 +0,0 @@
|
|||
package pluginutil
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/hashicorp/vault/helper/mlock"
|
||||
)
|
||||
|
||||
var (
|
||||
// PluginMlockEnabled is the ENV name used to pass the configuration for
|
||||
// enabling mlock
|
||||
PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
|
||||
)
|
||||
|
||||
// OptionallyEnableMlock determines if mlock should be called, and if so enables
|
||||
// mlock.
|
||||
func OptionallyEnableMlock() error {
|
||||
if os.Getenv(PluginMlockEnabled) == "true" {
|
||||
return mlock.LockMemory()
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
@ -30,10 +30,6 @@ var (
|
|||
// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
|
||||
// string. Used for testing.
|
||||
PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"
|
||||
|
||||
// PluginMetadataModeEnv is an ENV name used to disable TLS communication
|
||||
// to bootstrap mounting plugins.
|
||||
PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
|
||||
)
|
||||
|
||||
// generateCert is used internally to create certificates for the plugin
|
||||
|
|
|
|||
|
|
@ -4,7 +4,6 @@ import (
|
|||
"context"
|
||||
"errors"
|
||||
"net/rpc"
|
||||
"os"
|
||||
|
||||
"github.com/hashicorp/go-hclog"
|
||||
|
||||
|
|
@ -29,12 +28,8 @@ type backendPluginServer struct {
|
|||
storageClient *rpc.Client
|
||||
}
|
||||
|
||||
func inMetadataMode() bool {
|
||||
return os.Getenv(pluginutil.PluginMetadataModeEnv) == "true"
|
||||
}
|
||||
|
||||
func (b *backendPluginServer) HandleRequest(args *HandleRequestArgs, reply *HandleRequestReply) error {
|
||||
if inMetadataMode() {
|
||||
if pluginutil.InMetadataMode() {
|
||||
return ErrServerInMetadataMode
|
||||
}
|
||||
|
||||
|
|
@ -58,7 +53,7 @@ func (b *backendPluginServer) SpecialPaths(_ interface{}, reply *SpecialPathsRep
|
|||
}
|
||||
|
||||
func (b *backendPluginServer) HandleExistenceCheck(args *HandleExistenceCheckArgs, reply *HandleExistenceCheckReply) error {
|
||||
if inMetadataMode() {
|
||||
if pluginutil.InMetadataMode() {
|
||||
return ErrServerInMetadataMode
|
||||
}
|
||||
|
||||
|
|
@ -85,7 +80,7 @@ func (b *backendPluginServer) Cleanup(_ interface{}, _ *struct{}) error {
|
|||
}
|
||||
|
||||
func (b *backendPluginServer) InvalidateKey(args string, _ *struct{}) error {
|
||||
if inMetadataMode() {
|
||||
if pluginutil.InMetadataMode() {
|
||||
return ErrServerInMetadataMode
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ import (
|
|||
|
||||
log "github.com/hashicorp/go-hclog"
|
||||
plugin "github.com/hashicorp/go-plugin"
|
||||
"github.com/hashicorp/vault/helper/pluginutil"
|
||||
"github.com/hashicorp/vault/logical"
|
||||
"github.com/hashicorp/vault/logical/plugin/pb"
|
||||
"google.golang.org/grpc"
|
||||
|
|
@ -56,7 +57,7 @@ func (b *backendGRPCPluginServer) Setup(ctx context.Context, args *pb.SetupArgs)
|
|||
}
|
||||
|
||||
func (b *backendGRPCPluginServer) HandleRequest(ctx context.Context, args *pb.HandleRequestArgs) (*pb.HandleRequestReply, error) {
|
||||
if inMetadataMode() {
|
||||
if pluginutil.InMetadataMode() {
|
||||
return &pb.HandleRequestReply{}, ErrServerInMetadataMode
|
||||
}
|
||||
|
||||
|
|
@ -99,7 +100,7 @@ func (b *backendGRPCPluginServer) SpecialPaths(ctx context.Context, args *pb.Emp
|
|||
}
|
||||
|
||||
func (b *backendGRPCPluginServer) HandleExistenceCheck(ctx context.Context, args *pb.HandleExistenceCheckArgs) (*pb.HandleExistenceCheckReply, error) {
|
||||
if inMetadataMode() {
|
||||
if pluginutil.InMetadataMode() {
|
||||
return &pb.HandleExistenceCheckReply{}, ErrServerInMetadataMode
|
||||
}
|
||||
|
||||
|
|
@ -126,7 +127,7 @@ func (b *backendGRPCPluginServer) Cleanup(ctx context.Context, _ *pb.Empty) (*pb
|
|||
}
|
||||
|
||||
func (b *backendGRPCPluginServer) InvalidateKey(ctx context.Context, args *pb.InvalidateKeyArgs) (*pb.Empty, error) {
|
||||
if inMetadataMode() {
|
||||
if pluginutil.InMetadataMode() {
|
||||
return &pb.Empty{}, ErrServerInMetadataMode
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue