diff --git a/go.mod b/go.mod index 2285d45e1..3c49197e8 100644 --- a/go.mod +++ b/go.mod @@ -195,12 +195,13 @@ require ( go.uber.org/atomic v1.9.0 go.uber.org/goleak v1.1.12 golang.org/x/crypto v0.5.0 + golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb golang.org/x/net v0.5.0 golang.org/x/oauth2 v0.4.0 golang.org/x/sync v0.1.0 golang.org/x/sys v0.4.0 golang.org/x/term v0.4.0 - golang.org/x/tools v0.1.12 + golang.org/x/tools v0.2.0 google.golang.org/api v0.109.0 google.golang.org/grpc v1.51.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0 @@ -443,7 +444,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/multierr v1.7.0 // indirect go.uber.org/zap v1.19.1 // indirect - golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 // indirect + golang.org/x/mod v0.6.0 // indirect golang.org/x/text v0.6.0 // indirect golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect diff --git a/go.sum b/go.sum index 7e0585f4e..d4f321ee3 100644 --- a/go.sum +++ b/go.sum @@ -1981,6 +1981,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb h1:PaBZQdo+iSDyHT053FjUCgZQ/9uqVwPOcl7KSWhKn6w= +golang.org/x/exp v0.0.0-20230213192124-5e25df0256eb/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -2005,8 +2007,9 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4 h1:6zppjxzCulZykYSLyVDYbneBfbaBIQPYMevg0bEwv2s= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.6.0 h1:b9gGHsz9/HhJ3HF5DHQytPpuwocVTChQJK3AvoLRD5I= +golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -2330,8 +2333,9 @@ golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.1.12 h1:VveCTK38A2rkS8ZqFY25HIDFscX5X9OoEhJd3quQmXU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.2.0 h1:G6AHpWxTMGY1KyEYoAQ5WTtIekUUvDNjan3ugu60JvE= +golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190513163551-3ee3066db522/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/helper/builtinplugins/registry_test.go b/helper/builtinplugins/registry_test.go index 47c6654f1..9732845df 100644 --- a/helper/builtinplugins/registry_test.go +++ b/helper/builtinplugins/registry_test.go @@ -1,12 +1,18 @@ package builtinplugins import ( + "bufio" + "fmt" + "os" "reflect" + "regexp" "testing" credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" dbMysql "github.com/hashicorp/vault/plugins/database/mysql" "github.com/hashicorp/vault/sdk/helper/consts" + + "golang.org/x/exp/slices" ) // Test_RegistryGet exercises the (registry).Get functionality by comparing @@ -218,3 +224,95 @@ func Test_RegistryStatus(t *testing.T) { }) } } + +// Test_RegistryMatchesGenOpenapi ensures that the plugins mounted in gen_openapi.sh match registry.go +func Test_RegistryMatchesGenOpenapi(t *testing.T) { + const scriptPath = "../../scripts/gen_openapi.sh" + + // parseScript fetches the contents of gen_openapi.sh script & extract the relevant lines + parseScript := func(path string) ([]string, []string, error) { + f, err := os.Open(scriptPath) + if err != nil { + return nil, nil, fmt.Errorf("could not open gen_openapi.sh script: %w", err) + } + defer f.Close() + + var ( + credentialBackends []string + credentialBackendsRe = regexp.MustCompile(`^vault auth enable (?:"([a-zA-Z]+)"|([a-zA-Z]+))$`) + + secretsBackends []string + secretsBackendsRe = regexp.MustCompile(`^vault secrets enable (?:"([a-zA-Z]+)"|([a-zA-Z]+))$`) + ) + + scanner := bufio.NewScanner(f) + + for scanner.Scan() { + line := scanner.Text() + + if m := credentialBackendsRe.FindStringSubmatch(line); m != nil { + credentialBackends = append(credentialBackends, m[1]) + } + if m := secretsBackendsRe.FindStringSubmatch(line); m != nil { + secretsBackends = append(secretsBackends, m[1]) + } + } + + if err := scanner.Err(); err != nil { + return nil, nil, fmt.Errorf("error scanning gen_openapi.sh: %v", err) + } + + return credentialBackends, secretsBackends, nil + } + + // ensureInRegistry ensures that the given plugin is in registry and marked as "supported" + ensureInRegistry := func(t *testing.T, name string, pluginType consts.PluginType) { + t.Helper() + + // "database" will not be present in registry, it is represented as + // a list of database plugins instead + if name == "database" && pluginType == consts.PluginTypeSecrets { + return + } + + deprecationStatus, ok := Registry.DeprecationStatus(name, pluginType) + if !ok { + t.Fatalf("%q %s backend is missing from registry.go; please remove it from gen_openapi.sh", name, pluginType) + } + + if deprecationStatus == consts.Removed { + t.Fatalf("%q %s backend is marked 'removed' in registry.go; please remove it from gen_openapi.sh", name, pluginType) + } + } + + // ensureInScript ensures that the given plugin name in in gen_openapi.sh script + ensureInScript := func(t *testing.T, scriptBackends []string, name string) { + t.Helper() + + if !slices.Contains(scriptBackends, name) { + t.Fatalf("%q backend could not be found in gen_openapi.sh, please add it there", name) + } + } + + // test starts here + scriptCredentialBackends, scriptSecretsBackends, err := parseScript(scriptPath) + if err != nil { + t.Fatal(err) + } + + for _, b := range scriptCredentialBackends { + ensureInRegistry(t, b, consts.PluginTypeCredential) + } + + for _, b := range scriptSecretsBackends { + ensureInRegistry(t, b, consts.PluginTypeSecrets) + } + + for _, b := range Registry.Keys(consts.PluginTypeCredential) { + ensureInScript(t, scriptCredentialBackends, b) + } + + for _, b := range Registry.Keys(consts.PluginTypeSecrets) { + ensureInScript(t, scriptSecretsBackends, b) + } +} diff --git a/scripts/gen_openapi.sh b/scripts/gen_openapi.sh index e4cd34c4a..dedbd873e 100755 --- a/scripts/gen_openapi.sh +++ b/scripts/gen_openapi.sh @@ -37,89 +37,55 @@ export VAULT_ADDR=http://127.0.0.1:8200 echo "Mounting all builtin plugins..." # Enable auth plugins -codeLinesStarted=false - -while read -r line; do - if [[ $line == *"credentialBackends:"* ]] ; then - codeLinesStarted=true - elif [[ $line == *"databasePlugins:"* ]] ; then - break - elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* || $line == *"consts.Removed"* ]] ; then - auth_plugin_previous="" - elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then - auth_plugin_current=${BASH_REMATCH[1]} - - if [[ -n "${auth_plugin_previous}" ]] ; then - echo "enabling auth plugin: ${auth_plugin_previous}" - vault auth enable "${auth_plugin_previous}" - fi - - auth_plugin_previous="${auth_plugin_current}" - fi -done <../../vault/helper/builtinplugins/registry.go - -if [[ -n "${auth_plugin_previous}" ]] ; then - echo "enabling auth plugin: ${auth_plugin_previous}" - vault auth enable "${auth_plugin_previous}" -fi +vault auth enable "alicloud" +vault auth enable "approle" +vault auth enable "aws" +vault auth enable "azure" +vault auth enable "centrify" +vault auth enable "cert" +vault auth enable "cf" +vault auth enable "gcp" +vault auth enable "github" +vault auth enable "jwt" +vault auth enable "kerberos" +vault auth enable "kubernetes" +vault auth enable "ldap" +vault auth enable "oci" +vault auth enable "oidc" +vault auth enable "okta" +vault auth enable "pcf" +vault auth enable "radius" +vault auth enable "userpass" # Enable secrets plugins -codeLinesStarted=false - -while read -r line; do - if [[ $line == *"logicalBackends:"* ]] ; then - codeLinesStarted=true - elif [[ $line == *"addExternalPlugins("* ]] ; then - break - elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* || $line == *"consts.Removed"* ]] ; then - secrets_plugin_previous="" - elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then - secrets_plugin_current=${BASH_REMATCH[1]} - - if [[ -n "${secrets_plugin_previous}" ]] ; then - echo "enabling secrets plugin: ${secrets_plugin_previous}" - vault secrets enable "${secrets_plugin_previous}" - fi - - secrets_plugin_previous="${secrets_plugin_current}" - fi -done <../../vault/helper/builtinplugins/registry.go - -if [[ -n "${secrets_plugin_previous}" ]] ; then - echo "enabling secrets plugin: ${secrets_plugin_previous}" - vault secrets enable "${secrets_plugin_previous}" -fi +vault secrets enable "ad" +vault secrets enable "alicloud" +vault secrets enable "aws" +vault secrets enable "azure" +vault secrets enable "consul" +vault secrets enable "database" +vault secrets enable "gcp" +vault secrets enable "gcpkms" +vault secrets enable "kubernetes" +vault secrets enable "kv" +vault secrets enable "ldap" +vault secrets enable "mongodbatlas" +vault secrets enable "nomad" +vault secrets enable "openldap" +vault secrets enable "pki" +vault secrets enable "rabbitmq" +vault secrets enable "ssh" +vault secrets enable "terraform" +vault secrets enable "totp" +vault secrets enable "transit" # Enable enterprise features -entRegFile=../../vault/helper/builtinplugins/registry_util_ent.go -if [ -f $entRegFile ] && [[ -n "${VAULT_LICENSE}" ]]; then +if [[ -n "${VAULT_LICENSE:-}" ]]; then vault write sys/license text="${VAULT_LICENSE}" - codeLinesStarted=false - - while read -r line; do - if [[ $line == *"ExternalPluginsEnt:"* ]] ; then - codeLinesStarted=true - elif [[ $line == *"addExtPluginsEntImpl("* ]] ; then - break - elif [ $codeLinesStarted = true ] && [[ $line == *"consts.Deprecated"* || $line == *"consts.PendingRemoval"* || $line == *"consts.Removed"* ]] ; then - secrets_plugin_previous="" - elif [ $codeLinesStarted = true ] && [[ $line =~ ^\s*\"(.*)\"\:.*$ ]] ; then - ent_plugin_current=${BASH_REMATCH[1]} - - if [[ -n "${ent_plugin_previous}" ]] ; then - echo "enabling enterprise plugin: ${ent_plugin_previous}" - vault secrets enable "${ent_plugin_previous}" - fi - - ent_plugin_previous="${ent_plugin_current}" - fi - done <$entRegFile - - if [[ -n "${ent_plugin_previous}" ]] ; then - echo "enabling enterprise plugin: ${ent_plugin_previous}" - vault secrets enable "${ent_plugin_previous}" - fi + vault secrets enable "keymgmt" + vault secrets enable "kmip" + vault secrets enable "transform" fi # Output OpenAPI, optionally formatted