Fix gen_openapi.sh script to load plugins (#17752)

2022-11-01 17:32:54 -04:00 · 2022-11-01 17:32:54 -04:00 · d6d8006ae8
parent d807b5abba
commit d6d8006ae8
2 changed files with 69 additions and 28 deletions
--- a/changelog/17752.txt
+++ b/changelog/17752.txt
@ -0,0 +1,3 @@
+```release-note:bug
+openapi: fix gen_openapi.sh script to correctly load vault plugins
+```
--- a/scripts/gen_openapi.sh
+++ b/scripts/gen_openapi.sh
@ -24,56 +24,94 @@ vault server -dev -dev-root-token-id=root &
 sleep 2
 VAULT_PID=$!

-echo "Mounting all builtin backends..."
+export VAULT_ADDR=http://127.0.0.1:8200

-# Read auth backends
+echo "Mounting all builtin plugins..."
+
+# Enable auth plugins
 codeLinesStarted=false
-inQuotesRegex='".*"'
+
 while read -r line; do
    if [[ $line == *"credentialBackends:"* ]] ; then
        codeLinesStarted=true
-    elif [ $codeLinesStarted = true ] && [[ $line = *"}"* ]]  ; then
+    elif [[ $line == *"databasePlugins:"* ]] ; then
        break
-    elif [ $codeLinesStarted = true ] && [[ $line =~ $inQuotesRegex ]] && [[ $line != *"Deprecated"* ]] ; then
-        backend=${BASH_REMATCH[0]}
-        plugin=$(sed -e 's/^"//' -e 's/"$//' <<<"$backend")
-        vault auth enable "${plugin}"
+    elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* ]] ; then
+        auth_plugin_previous=""
+    elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
+        auth_plugin_current=${BASH_REMATCH[1]}
+
+        if [[ -n "${auth_plugin_previous}" ]] ; then
+            echo "enabling auth plugin: ${auth_plugin_previous}"
+            vault auth enable "${auth_plugin_previous}"
+        fi
+
+        auth_plugin_previous="${auth_plugin_current}"
    fi
 done <../../vault/helper/builtinplugins/registry.go

-# Read secrets backends
+if [[ -n "${auth_plugin_previous}" ]] ; then
+    echo "enabling auth plugin: ${auth_plugin_previous}"
+    vault auth enable "${auth_plugin_previous}"
+fi
+
+# Enable secrets plugins
 codeLinesStarted=false
+
 while read -r line; do
    if [[ $line == *"logicalBackends:"* ]] ; then
        codeLinesStarted=true
-    elif [ $codeLinesStarted = true ] && [[ $line = *"}"* ]]  ; then
+    elif [[ $line == *"addExternalPlugins("* ]] ; then
        break
-    elif [ $codeLinesStarted = true ] && [[ $line =~ $inQuotesRegex ]] && [[ $line != *"Deprecated"* ]] ; then
-        backend=${BASH_REMATCH[0]}
-        plugin=$(sed -e 's/^"//' -e 's/"$//' <<<"$backend")
-        vault secrets enable "${plugin}"
+    elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* ]] ; then
+        secrets_plugin_previous=""
+    elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
+        secrets_plugin_current=${BASH_REMATCH[1]}
+
+        if [[ -n "${secrets_plugin_previous}" ]] ; then
+            echo "enabling secrets plugin: ${secrets_plugin_previous}"
+            vault secrets enable "${secrets_plugin_previous}"
+        fi
+
+        secrets_plugin_previous="${secrets_plugin_current}"
    fi
 done <../../vault/helper/builtinplugins/registry.go

+if [[ -n "${secrets_plugin_previous}" ]] ; then
+    echo "enabling secrets plugin: ${secrets_plugin_previous}"
+    vault secrets enable "${secrets_plugin_previous}"
+fi

 # Enable enterprise features
 entRegFile=../../vault/helper/builtinplugins/registry_util_ent.go
-if [ -f $entRegFile ] && [[ -n "$VAULT_LICENSE" ]]; then
-  vault write sys/license text="$VAULT_LICENSE"
+if [ -f $entRegFile ] && [[ -n "${VAULT_LICENSE}" ]]; then
+    vault write sys/license text="${VAULT_LICENSE}"

-  inQuotesRegex='".*"'
-  codeLinesStarted=false
-  while read -r line; do
-        if [[ $line == *"ExternalPluginsEnt"* ]] ; then
-        codeLinesStarted=true
-    elif [ $codeLinesStarted = true ] && [[ $line = *"}"* ]]  ; then
-        break
-    elif [ $codeLinesStarted = true ] && [[ $line =~ $inQuotesRegex ]] && [[ $line != *"Deprecated"* ]] ; then
-        backend=${BASH_REMATCH[0]}
-        plugin=$(sed -e 's/^"//' -e 's/"$//' <<<"$backend")
-        vault secrets enable "${plugin}"
+    codeLinesStarted=false
+
+    while read -r line; do
+        if [[ $line == *"ExternalPluginsEnt:"* ]] ; then
+            codeLinesStarted=true
+        elif [[ $line == *"addExtPluginsEntImpl("* ]] ; then
+            break
+        elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* ]] ; then
+            secrets_plugin_previous=""
+        elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then
+            ent_plugin_current=${BASH_REMATCH[1]}
+
+            if [[ -n "${ent_plugin_previous}" ]] ; then
+                echo "enabling enterprise plugin: ${ent_plugin_previous}"
+                vault secrets enable "${ent_plugin_previous}"
+            fi
+
+            ent_plugin_previous="${ent_plugin_current}"
+        fi
+    done <$entRegFile
+
+    if [[ -n "${ent_plugin_previous}" ]] ; then
+        echo "enabling enterprise plugin: ${ent_plugin_previous}"
+        vault secrets enable "${ent_plugin_previous}"
    fi
-  done <$entRegFile
 fi

 # Output OpenAPI, optionally formatted