Move plugin env checks to their own file (#4253)
This commit is contained in:
parent
cf1a9647f4
commit
39970ac23d
|
@ -3,15 +3,34 @@ package pluginutil
|
||||||
import (
|
import (
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/hashicorp/go-version"
|
version "github.com/hashicorp/go-version"
|
||||||
|
"github.com/hashicorp/vault/helper/mlock"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
// PluginMlockEnabled is the ENV name used to pass the configuration for
|
||||||
|
// enabling mlock
|
||||||
|
PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
|
||||||
|
|
||||||
// PluginVaultVersionEnv is the ENV name used to pass the version of the
|
// PluginVaultVersionEnv is the ENV name used to pass the version of the
|
||||||
// vault server to the plugin
|
// vault server to the plugin
|
||||||
PluginVaultVersionEnv = "VAULT_VERSION"
|
PluginVaultVersionEnv = "VAULT_VERSION"
|
||||||
|
|
||||||
|
// PluginMetadataModeEnv is an ENV name used to disable TLS communication
|
||||||
|
// to bootstrap mounting plugins.
|
||||||
|
PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// OptionallyEnableMlock determines if mlock should be called, and if so enables
|
||||||
|
// mlock.
|
||||||
|
func OptionallyEnableMlock() error {
|
||||||
|
if os.Getenv(PluginMlockEnabled) == "true" {
|
||||||
|
return mlock.LockMemory()
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or
|
// GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or
|
||||||
// it fails to meet the version constraint.
|
// it fails to meet the version constraint.
|
||||||
func GRPCSupport() bool {
|
func GRPCSupport() bool {
|
||||||
|
@ -40,3 +59,8 @@ func GRPCSupport() bool {
|
||||||
|
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Returns true if the plugin calling this function is running in metadata mode.
|
||||||
|
func InMetadataMode() bool {
|
||||||
|
return os.Getenv(PluginMetadataModeEnv) == "true"
|
||||||
|
}
|
|
@ -1,23 +0,0 @@
|
||||||
package pluginutil
|
|
||||||
|
|
||||||
import (
|
|
||||||
"os"
|
|
||||||
|
|
||||||
"github.com/hashicorp/vault/helper/mlock"
|
|
||||||
)
|
|
||||||
|
|
||||||
var (
|
|
||||||
// PluginMlockEnabled is the ENV name used to pass the configuration for
|
|
||||||
// enabling mlock
|
|
||||||
PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"
|
|
||||||
)
|
|
||||||
|
|
||||||
// OptionallyEnableMlock determines if mlock should be called, and if so enables
|
|
||||||
// mlock.
|
|
||||||
func OptionallyEnableMlock() error {
|
|
||||||
if os.Getenv(PluginMlockEnabled) == "true" {
|
|
||||||
return mlock.LockMemory()
|
|
||||||
}
|
|
||||||
|
|
||||||
return nil
|
|
||||||
}
|
|
|
@ -30,10 +30,6 @@ var (
|
||||||
// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
|
// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
|
||||||
// string. Used for testing.
|
// string. Used for testing.
|
||||||
PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"
|
PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"
|
||||||
|
|
||||||
// PluginMetadataModeEnv is an ENV name used to disable TLS communication
|
|
||||||
// to bootstrap mounting plugins.
|
|
||||||
PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// generateCert is used internally to create certificates for the plugin
|
// generateCert is used internally to create certificates for the plugin
|
||||||
|
|
|
@ -4,7 +4,6 @@ import (
|
||||||
"context"
|
"context"
|
||||||
"errors"
|
"errors"
|
||||||
"net/rpc"
|
"net/rpc"
|
||||||
"os"
|
|
||||||
|
|
||||||
"github.com/hashicorp/go-hclog"
|
"github.com/hashicorp/go-hclog"
|
||||||
|
|
||||||
|
@ -29,12 +28,8 @@ type backendPluginServer struct {
|
||||||
storageClient *rpc.Client
|
storageClient *rpc.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
func inMetadataMode() bool {
|
|
||||||
return os.Getenv(pluginutil.PluginMetadataModeEnv) == "true"
|
|
||||||
}
|
|
||||||
|
|
||||||
func (b *backendPluginServer) HandleRequest(args *HandleRequestArgs, reply *HandleRequestReply) error {
|
func (b *backendPluginServer) HandleRequest(args *HandleRequestArgs, reply *HandleRequestReply) error {
|
||||||
if inMetadataMode() {
|
if pluginutil.InMetadataMode() {
|
||||||
return ErrServerInMetadataMode
|
return ErrServerInMetadataMode
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -58,7 +53,7 @@ func (b *backendPluginServer) SpecialPaths(_ interface{}, reply *SpecialPathsRep
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *backendPluginServer) HandleExistenceCheck(args *HandleExistenceCheckArgs, reply *HandleExistenceCheckReply) error {
|
func (b *backendPluginServer) HandleExistenceCheck(args *HandleExistenceCheckArgs, reply *HandleExistenceCheckReply) error {
|
||||||
if inMetadataMode() {
|
if pluginutil.InMetadataMode() {
|
||||||
return ErrServerInMetadataMode
|
return ErrServerInMetadataMode
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -85,7 +80,7 @@ func (b *backendPluginServer) Cleanup(_ interface{}, _ *struct{}) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *backendPluginServer) InvalidateKey(args string, _ *struct{}) error {
|
func (b *backendPluginServer) InvalidateKey(args string, _ *struct{}) error {
|
||||||
if inMetadataMode() {
|
if pluginutil.InMetadataMode() {
|
||||||
return ErrServerInMetadataMode
|
return ErrServerInMetadataMode
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,7 @@ import (
|
||||||
|
|
||||||
log "github.com/hashicorp/go-hclog"
|
log "github.com/hashicorp/go-hclog"
|
||||||
plugin "github.com/hashicorp/go-plugin"
|
plugin "github.com/hashicorp/go-plugin"
|
||||||
|
"github.com/hashicorp/vault/helper/pluginutil"
|
||||||
"github.com/hashicorp/vault/logical"
|
"github.com/hashicorp/vault/logical"
|
||||||
"github.com/hashicorp/vault/logical/plugin/pb"
|
"github.com/hashicorp/vault/logical/plugin/pb"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
|
@ -56,7 +57,7 @@ func (b *backendGRPCPluginServer) Setup(ctx context.Context, args *pb.SetupArgs)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *backendGRPCPluginServer) HandleRequest(ctx context.Context, args *pb.HandleRequestArgs) (*pb.HandleRequestReply, error) {
|
func (b *backendGRPCPluginServer) HandleRequest(ctx context.Context, args *pb.HandleRequestArgs) (*pb.HandleRequestReply, error) {
|
||||||
if inMetadataMode() {
|
if pluginutil.InMetadataMode() {
|
||||||
return &pb.HandleRequestReply{}, ErrServerInMetadataMode
|
return &pb.HandleRequestReply{}, ErrServerInMetadataMode
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -99,7 +100,7 @@ func (b *backendGRPCPluginServer) SpecialPaths(ctx context.Context, args *pb.Emp
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *backendGRPCPluginServer) HandleExistenceCheck(ctx context.Context, args *pb.HandleExistenceCheckArgs) (*pb.HandleExistenceCheckReply, error) {
|
func (b *backendGRPCPluginServer) HandleExistenceCheck(ctx context.Context, args *pb.HandleExistenceCheckArgs) (*pb.HandleExistenceCheckReply, error) {
|
||||||
if inMetadataMode() {
|
if pluginutil.InMetadataMode() {
|
||||||
return &pb.HandleExistenceCheckReply{}, ErrServerInMetadataMode
|
return &pb.HandleExistenceCheckReply{}, ErrServerInMetadataMode
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -126,7 +127,7 @@ func (b *backendGRPCPluginServer) Cleanup(ctx context.Context, _ *pb.Empty) (*pb
|
||||||
}
|
}
|
||||||
|
|
||||||
func (b *backendGRPCPluginServer) InvalidateKey(ctx context.Context, args *pb.InvalidateKeyArgs) (*pb.Empty, error) {
|
func (b *backendGRPCPluginServer) InvalidateKey(ctx context.Context, args *pb.InvalidateKeyArgs) (*pb.Empty, error) {
|
||||||
if inMetadataMode() {
|
if pluginutil.InMetadataMode() {
|
||||||
return &pb.Empty{}, ErrServerInMetadataMode
|
return &pb.Empty{}, ErrServerInMetadataMode
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue