vault: can pass in the backends
This commit is contained in:
Mitchell Hashimoto
parent
a0232eedd7
commit
d4f54be927
|
|
@ -96,6 +96,9 @@ type Core struct {
|
|||
// router is responsible for managing the mount points for logical backends.
|
||||
router *Router
|
||||
|
||||
// backends is the mapping of backends to use for this core
|
||||
backends map[string]logical.Factory
|
||||
|
||||
// stateLock protects mutable state
|
||||
stateLock sync.RWMutex
|
||||
sealed bool
|
||||
|
|
@ -121,6 +124,7 @@ type Core struct {
|
|||
|
||||
// CoreConfig is used to parameterize a core
|
||||
type CoreConfig struct {
|
||||
Backends map[string]logical.Factory
|
||||
Physical physical.Backend
|
||||
Logger *log.Logger
|
||||
}
|
||||
|
|
@ -146,6 +150,18 @@ func NewCore(conf *CoreConfig) (*Core, error) {
|
|||
sealed: true,
|
||||
logger: conf.Logger,
|
||||
}
|
||||
|
||||
// Setup the backends
|
||||
backends := make(map[string]logical.Factory)
|
||||
for k, f := range conf.Backends {
|
||||
backends[k] = f
|
||||
}
|
||||
backends["generic"] = PassthroughBackendFactory
|
||||
backends["system"] = func(map[string]string) (logical.Backend, error) {
|
||||
return &SystemBackend{Core: c}, nil
|
||||
}
|
||||
|
||||
c.backends = backends
|
||||
return c, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ func TestSystemBackend_mount_invalid(t *testing.T) {
|
|||
if err != logical.ErrInvalidRequest {
|
||||
t.Fatalf("err: %v", err)
|
||||
}
|
||||
if resp.Data["error"] != "unknown logical backend type: nope" {
|
||||
if resp.Data["error"] != "unknown backend type: nope" {
|
||||
t.Fatalf("bad: %v", resp)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,25 +9,6 @@ import (
|
|||
"github.com/hashicorp/vault/logical"
|
||||
)
|
||||
|
||||
// TEMPORARY!
|
||||
|
||||
// BuiltinBackends contains all of the available backends
|
||||
var BuiltinBackends = map[string]logical.Factory{
|
||||
"generic": PassthroughBackendFactory,
|
||||
}
|
||||
|
||||
// NewBackend returns a new logical Backend with the given type and configuration.
|
||||
// The backend is looked up in the BuiltinBackends variable.
|
||||
func NewBackend(t string, conf map[string]string) (logical.Backend, error) {
|
||||
f, ok := BuiltinBackends[t]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unknown logical backend type: %s", t)
|
||||
}
|
||||
return f(conf)
|
||||
}
|
||||
|
||||
// TEMPORARY!
|
||||
|
||||
const (
|
||||
// coreMountConfigPath is used to store the mount configuration.
|
||||
// Mounts are protected within the Vault itself, which means they
|
||||
|
|
@ -103,7 +84,7 @@ func (c *Core) mount(me *MountEntry) error {
|
|||
}
|
||||
|
||||
// Lookup the new backend
|
||||
backend, err := NewBackend(me.Type, nil)
|
||||
backend, err := c.newBackend(me.Type, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -288,24 +269,29 @@ func (c *Core) setupMounts() error {
|
|||
var err error
|
||||
for _, entry := range c.mounts.Entries {
|
||||
// Initialize the backend, special casing for system
|
||||
barrierPrefix := backendBarrierPrefix
|
||||
if entry.Type == "system" {
|
||||
barrierPrefix = systemBarrierPrefix
|
||||
}
|
||||
|
||||
backend, err = c.newBackend(entry.Type, nil)
|
||||
if err != nil {
|
||||
c.logger.Printf(
|
||||
"[ERR] core: failed to create mount entry %#v: %v",
|
||||
entry, err)
|
||||
return loadMountsFailed
|
||||
}
|
||||
|
||||
// Create a barrier view using the UUID
|
||||
view = NewBarrierView(c.barrier, barrierPrefix+entry.UUID+"/")
|
||||
|
||||
if entry.Type == "system" {
|
||||
backend = &SystemBackend{Core: c}
|
||||
view = NewBarrierView(c.barrier, systemBarrierPrefix+entry.UUID+"/")
|
||||
c.systemView = view
|
||||
|
||||
} else {
|
||||
backend, err = NewBackend(entry.Type, nil)
|
||||
if err != nil {
|
||||
c.logger.Printf("[ERR] core: failed to create mount entry %#v: %v", entry, err)
|
||||
return loadMountsFailed
|
||||
}
|
||||
|
||||
// Create a barrier view using the UUID
|
||||
view = NewBarrierView(c.barrier, backendBarrierPrefix+entry.UUID+"/")
|
||||
}
|
||||
|
||||
// Mount the backend
|
||||
if err := c.router.Mount(backend, entry.Type, entry.Path, view); err != nil {
|
||||
err = c.router.Mount(backend, entry.Type, entry.Path, view)
|
||||
if err != nil {
|
||||
c.logger.Printf("[ERR] core: failed to mount entry %#v: %v", entry, err)
|
||||
return loadMountsFailed
|
||||
}
|
||||
|
|
@ -322,6 +308,15 @@ func (c *Core) unloadMounts() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (c *Core) newBackend(t string, conf map[string]string) (logical.Backend, error) {
|
||||
f, ok := c.backends[t]
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unknown backend type: %s", t)
|
||||
}
|
||||
|
||||
return f(conf)
|
||||
}
|
||||
|
||||
// defaultMountTable creates a default mount table
|
||||
func defaultMountTable() *MountTable {
|
||||
table := &MountTable{}
|
||||
|
|
|
|||
Loading…
Reference in New Issue