Move plugin env checks to their own file (#4253)

This commit is contained in:
Brian Kassouf 2018-04-03 10:36:14 -07:00 committed by GitHub
parent cf1a9647f4
commit 39970ac23d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 32 additions and 39 deletions

View file

@ -3,15 +3,34 @@ package pluginutil
import ( import (
"os" "os"
"github.com/hashicorp/go-version" version "github.com/hashicorp/go-version"
"github.com/hashicorp/vault/helper/mlock"
) )
var ( var (
// PluginMlockEnabled is the ENV name used to pass the configuration for
// enabling mlock
PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
// PluginVaultVersionEnv is the ENV name used to pass the version of the // PluginVaultVersionEnv is the ENV name used to pass the version of the
// vault server to the plugin // vault server to the plugin
PluginVaultVersionEnv = "VAULT_VERSION" PluginVaultVersionEnv = "VAULT_VERSION"
// PluginMetadataModeEnv is an ENV name used to disable TLS communication
// to bootstrap mounting plugins.
PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
) )
// OptionallyEnableMlock determines if mlock should be called, and if so enables
// mlock.
func OptionallyEnableMlock() error {
if os.Getenv(PluginMlockEnabled) == "true" {
return mlock.LockMemory()
}
return nil
}
// GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or // GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or
// it fails to meet the version constraint. // it fails to meet the version constraint.
func GRPCSupport() bool { func GRPCSupport() bool {
@ -40,3 +59,8 @@ func GRPCSupport() bool {
return true return true
} }
// Returns true if the plugin calling this function is running in metadata mode.
func InMetadataMode() bool {
return os.Getenv(PluginMetadataModeEnv) == "true"
}

View file

@ -1,23 +0,0 @@
package pluginutil
import (
"os"
"github.com/hashicorp/vault/helper/mlock"
)
var (
// PluginMlockEnabled is the ENV name used to pass the configuration for
// enabling mlock
PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
)
// OptionallyEnableMlock determines if mlock should be called, and if so enables
// mlock.
func OptionallyEnableMlock() error {
if os.Getenv(PluginMlockEnabled) == "true" {
return mlock.LockMemory()
}
return nil
}

View file

@ -30,10 +30,6 @@ var (
// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded // PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
// string. Used for testing. // string. Used for testing.
PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM" PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"
// PluginMetadataModeEnv is an ENV name used to disable TLS communication
// to bootstrap mounting plugins.
PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
) )
// generateCert is used internally to create certificates for the plugin // generateCert is used internally to create certificates for the plugin

View file

@ -4,7 +4,6 @@ import (
"context" "context"
"errors" "errors"
"net/rpc" "net/rpc"
"os"
"github.com/hashicorp/go-hclog" "github.com/hashicorp/go-hclog"
@ -29,12 +28,8 @@ type backendPluginServer struct {
storageClient *rpc.Client storageClient *rpc.Client
} }
func inMetadataMode() bool {
return os.Getenv(pluginutil.PluginMetadataModeEnv) == "true"
}
func (b *backendPluginServer) HandleRequest(args *HandleRequestArgs, reply *HandleRequestReply) error { func (b *backendPluginServer) HandleRequest(args *HandleRequestArgs, reply *HandleRequestReply) error {
if inMetadataMode() { if pluginutil.InMetadataMode() {
return ErrServerInMetadataMode return ErrServerInMetadataMode
} }
@ -58,7 +53,7 @@ func (b *backendPluginServer) SpecialPaths(_ interface{}, reply *SpecialPathsRep
} }
func (b *backendPluginServer) HandleExistenceCheck(args *HandleExistenceCheckArgs, reply *HandleExistenceCheckReply) error { func (b *backendPluginServer) HandleExistenceCheck(args *HandleExistenceCheckArgs, reply *HandleExistenceCheckReply) error {
if inMetadataMode() { if pluginutil.InMetadataMode() {
return ErrServerInMetadataMode return ErrServerInMetadataMode
} }
@ -85,7 +80,7 @@ func (b *backendPluginServer) Cleanup(_ interface{}, _ *struct{}) error {
} }
func (b *backendPluginServer) InvalidateKey(args string, _ *struct{}) error { func (b *backendPluginServer) InvalidateKey(args string, _ *struct{}) error {
if inMetadataMode() { if pluginutil.InMetadataMode() {
return ErrServerInMetadataMode return ErrServerInMetadataMode
} }

View file

@ -5,6 +5,7 @@ import (
log "github.com/hashicorp/go-hclog" log "github.com/hashicorp/go-hclog"
plugin "github.com/hashicorp/go-plugin" plugin "github.com/hashicorp/go-plugin"
"github.com/hashicorp/vault/helper/pluginutil"
"github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/plugin/pb" "github.com/hashicorp/vault/logical/plugin/pb"
"google.golang.org/grpc" "google.golang.org/grpc"
@ -56,7 +57,7 @@ func (b *backendGRPCPluginServer) Setup(ctx context.Context, args *pb.SetupArgs)
} }
func (b *backendGRPCPluginServer) HandleRequest(ctx context.Context, args *pb.HandleRequestArgs) (*pb.HandleRequestReply, error) { func (b *backendGRPCPluginServer) HandleRequest(ctx context.Context, args *pb.HandleRequestArgs) (*pb.HandleRequestReply, error) {
if inMetadataMode() { if pluginutil.InMetadataMode() {
return &pb.HandleRequestReply{}, ErrServerInMetadataMode return &pb.HandleRequestReply{}, ErrServerInMetadataMode
} }
@ -99,7 +100,7 @@ func (b *backendGRPCPluginServer) SpecialPaths(ctx context.Context, args *pb.Emp
} }
func (b *backendGRPCPluginServer) HandleExistenceCheck(ctx context.Context, args *pb.HandleExistenceCheckArgs) (*pb.HandleExistenceCheckReply, error) { func (b *backendGRPCPluginServer) HandleExistenceCheck(ctx context.Context, args *pb.HandleExistenceCheckArgs) (*pb.HandleExistenceCheckReply, error) {
if inMetadataMode() { if pluginutil.InMetadataMode() {
return &pb.HandleExistenceCheckReply{}, ErrServerInMetadataMode return &pb.HandleExistenceCheckReply{}, ErrServerInMetadataMode
} }
@ -126,7 +127,7 @@ func (b *backendGRPCPluginServer) Cleanup(ctx context.Context, _ *pb.Empty) (*pb
} }
func (b *backendGRPCPluginServer) InvalidateKey(ctx context.Context, args *pb.InvalidateKeyArgs) (*pb.Empty, error) { func (b *backendGRPCPluginServer) InvalidateKey(ctx context.Context, args *pb.InvalidateKeyArgs) (*pb.Empty, error) {
if inMetadataMode() { if pluginutil.InMetadataMode() {
return &pb.Empty{}, ErrServerInMetadataMode return &pb.Empty{}, ErrServerInMetadataMode
} }