03cf302e9a
* logbridge with hclog and identical output * Initial search & replace This compiles, but there is a fair amount of TODO and commented out code, especially around the plugin logclient/logserver code. * strip logbridge * fix majority of tests * update logxi aliases * WIP fixing tests * more test fixes * Update test to hclog * Fix format * Rename hclog -> log * WIP making hclog and logxi love each other * update logger_test.go * clean up merged comments * Replace RawLogger interface with a Logger * Add some logger names * Replace Trace with Debug * update builtin logical logging patterns * Fix build errors * More log updates * update log approach in command and builtin * More log updates * update helper, http, and logical directories * Update loggers * Log updates * Update logging * Update logging * Update logging * Update logging * update logging in physical * prefixing and lowercase * Update logging * Move phyisical logging name to server command * Fix som tests * address jims feedback so far * incorporate brians feedback so far * strip comments * move vault.go to logging package * update Debug to Trace * Update go-plugin deps * Update logging based on review comments * Updates from review * Unvendor logxi * Remove null_logger.go
79 lines
1.9 KiB
Go
79 lines
1.9 KiB
Go
package plugin
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"os"
|
|
|
|
log "github.com/hashicorp/go-hclog"
|
|
"github.com/hashicorp/go-plugin"
|
|
"github.com/hashicorp/vault/helper/pluginutil"
|
|
"github.com/hashicorp/vault/logical"
|
|
)
|
|
|
|
// BackendPluginName is the name of the plugin that can be
|
|
// dispensed rom the plugin server.
|
|
const BackendPluginName = "backend"
|
|
|
|
type TLSProviderFunc func() (*tls.Config, error)
|
|
|
|
type ServeOpts struct {
|
|
BackendFactoryFunc logical.Factory
|
|
TLSProviderFunc TLSProviderFunc
|
|
Logger log.Logger
|
|
}
|
|
|
|
// Serve is a helper function used to serve a backend plugin. This
|
|
// should be ran on the plugin's main process.
|
|
func Serve(opts *ServeOpts) error {
|
|
logger := opts.Logger
|
|
if logger == nil {
|
|
logger = log.New(&log.LoggerOptions{
|
|
Level: log.Trace,
|
|
Output: os.Stderr,
|
|
JSONFormat: true,
|
|
})
|
|
}
|
|
|
|
// pluginMap is the map of plugins we can dispense.
|
|
var pluginMap = map[string]plugin.Plugin{
|
|
"backend": &BackendPlugin{
|
|
Factory: opts.BackendFactoryFunc,
|
|
Logger: logger,
|
|
},
|
|
}
|
|
|
|
err := pluginutil.OptionallyEnableMlock()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
serveOpts := &plugin.ServeConfig{
|
|
HandshakeConfig: handshakeConfig,
|
|
Plugins: pluginMap,
|
|
TLSProvider: opts.TLSProviderFunc,
|
|
Logger: logger,
|
|
|
|
// A non-nil value here enables gRPC serving for this plugin...
|
|
GRPCServer: plugin.DefaultGRPCServer,
|
|
}
|
|
|
|
if !pluginutil.GRPCSupport() {
|
|
serveOpts.GRPCServer = nil
|
|
}
|
|
|
|
// If FetchMetadata is true, run without TLSProvider
|
|
plugin.Serve(serveOpts)
|
|
|
|
return nil
|
|
}
|
|
|
|
// handshakeConfigs are used to just do a basic handshake between
|
|
// a plugin and host. If the handshake fails, a user friendly error is shown.
|
|
// This prevents users from executing bad plugins or executing a plugin
|
|
// directory. It is a UX feature, not a security feature.
|
|
var handshakeConfig = plugin.HandshakeConfig{
|
|
ProtocolVersion: 3,
|
|
MagicCookieKey: "VAULT_BACKEND_PLUGIN",
|
|
MagicCookieValue: "6669da05-b1c8-4f49-97d9-c8e5bed98e20",
|
|
}
|