plugin/secrets/auth: enable multiplexing (#19215)
* plugin/auth: enable multiplexing - the plugin will be multiplexed when run as an external plugin by vault versions that support secrets/auth plugin multiplexing (> 1.12) - we continue to set the TLSProviderFunc to maintain backwards compatibility with vault versions that don't support AutoMTLS (< 1.12) * enable multiplexing for secrets engines * add changelog * revert call to ServeMultiplex for pki and transit * Revert "revert call to ServeMultiplex for pki and transit" This reverts commit 755be28d14b4c4c4d884d3cf4d2ec003dda579b9.
This commit is contained in:
parent
eca810d06e
commit
678556f3df
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: approle.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: awsauth.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: cert.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: github.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: ldap.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: okta.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: radius.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -16,8 +16,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: userpass.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: aws.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: consul.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: nomad.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: pki.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: rabbitmq.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: ssh.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: totp.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -17,8 +17,10 @@ func main() {
|
|||
tlsConfig := apiClientMeta.GetTLSConfig()
|
||||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
|
||||
|
||||
if err := plugin.Serve(&plugin.ServeOpts{
|
||||
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
|
||||
BackendFactoryFunc: transit.Factory,
|
||||
// set the TLSProviderFunc so that the plugin maintains backwards
|
||||
// compatibility with Vault versions that don’t support plugin AutoMTLS
|
||||
TLSProviderFunc: tlsProviderFunc,
|
||||
}); err != nil {
|
||||
logger := hclog.New(&hclog.LoggerOptions{})
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
```release-note:feature
|
||||
**Secrets/Auth Plugin Multiplexing**: The plugin will be multiplexed when run
|
||||
as an external plugin by vault versions that support secrets/auth plugin
|
||||
multiplexing (> 1.12)
|
||||
```
|
Loading…
Reference in New Issue