e0ce2195cc
* upgrade aws roles * test upgrade aws roles * Initialize aws credential backend at mount time * add a TODO * create end-to-end test for builtin/credential/aws * fix bug in initializer * improve comments * add Initialize() to logical.Backend * use Initialize() in Core.enableCredentialInternal() * use InitializeRequest to call Initialize() * improve unit testing for framework.Backend * call logical.Backend.Initialize() from all of the places that it needs to be called. * implement backend.proto changes for logical.Backend.Initialize() * persist current role storage version when upgrading aws roles * format comments correctly * improve comments * use postUnseal funcs to initialize backends * simplify test suite * improve test suite * simplify logic in aws role upgrade * simplify aws credential initialization logic * simplify logic in aws role upgrade * use the core's activeContext for initialization * refactor builtin/plugin/Backend * use a goroutine to upgrade the aws roles * misc improvements and cleanup * do not run AWS role upgrade on DR Secondary * always call logical.Backend.Initialize() when loading a plugin. * improve comments * on standbys and DR secondaries we do not want to run any kind of upgrade logic * fix awsVersion struct * clarify aws version upgrade * make the upgrade logic for aws auth more explicit * aws upgrade is now called from a switch * fix fallthrough bug * simplify logic * simplify logic * rename things * introduce currentAwsVersion const to track aws version * improve comments * rearrange things once more * conglomerate things into one function * stub out aws auth initialize e2e test * improve aws auth initialize e2e test * finish aws auth initialize e2e test * tinker with aws auth initialize e2e test * tinker with aws auth initialize e2e test * tinker with aws auth initialize e2e test * fix typo in test suite * simplify logic a tad * rearrange assignment * Fix a few lifecycle related issues in #7025 (#7075) * Fix panic when plugin fails to load
143 lines
3.1 KiB
Go
143 lines
3.1 KiB
Go
package vault
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"sync"
|
|
"time"
|
|
|
|
log "github.com/hashicorp/go-hclog"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
type RouterTestHandlerFunc func(context.Context, *logical.Request) (*logical.Response, error)
|
|
|
|
type NoopBackend struct {
|
|
sync.Mutex
|
|
|
|
Root []string
|
|
Login []string
|
|
Paths []string
|
|
Requests []*logical.Request
|
|
Response *logical.Response
|
|
RequestHandler RouterTestHandlerFunc
|
|
Invalidations []string
|
|
DefaultLeaseTTL time.Duration
|
|
MaxLeaseTTL time.Duration
|
|
BackendType logical.BackendType
|
|
}
|
|
|
|
func NoopBackendFactory(_ context.Context, _ *logical.BackendConfig) (logical.Backend, error) {
|
|
return &NoopBackend{}, nil
|
|
}
|
|
|
|
func (n *NoopBackend) HandleRequest(ctx context.Context, req *logical.Request) (*logical.Response, error) {
|
|
if req.TokenEntry() != nil {
|
|
panic("got a non-nil TokenEntry")
|
|
}
|
|
|
|
var err error
|
|
resp := n.Response
|
|
if n.RequestHandler != nil {
|
|
resp, err = n.RequestHandler(ctx, req)
|
|
}
|
|
|
|
n.Lock()
|
|
defer n.Unlock()
|
|
|
|
requestCopy := *req
|
|
n.Paths = append(n.Paths, req.Path)
|
|
n.Requests = append(n.Requests, &requestCopy)
|
|
if req.Storage == nil {
|
|
return nil, fmt.Errorf("missing view")
|
|
}
|
|
|
|
if req.Path == "panic" {
|
|
panic("as you command")
|
|
}
|
|
|
|
return resp, err
|
|
}
|
|
|
|
func (n *NoopBackend) HandleExistenceCheck(ctx context.Context, req *logical.Request) (bool, bool, error) {
|
|
return false, false, nil
|
|
}
|
|
|
|
func (n *NoopBackend) SpecialPaths() *logical.Paths {
|
|
return &logical.Paths{
|
|
Root: n.Root,
|
|
Unauthenticated: n.Login,
|
|
}
|
|
}
|
|
|
|
func (n *NoopBackend) System() logical.SystemView {
|
|
defaultLeaseTTLVal := time.Hour * 24
|
|
maxLeaseTTLVal := time.Hour * 24 * 32
|
|
if n.DefaultLeaseTTL > 0 {
|
|
defaultLeaseTTLVal = n.DefaultLeaseTTL
|
|
}
|
|
|
|
if n.MaxLeaseTTL > 0 {
|
|
maxLeaseTTLVal = n.MaxLeaseTTL
|
|
}
|
|
|
|
return logical.StaticSystemView{
|
|
DefaultLeaseTTLVal: defaultLeaseTTLVal,
|
|
MaxLeaseTTLVal: maxLeaseTTLVal,
|
|
}
|
|
}
|
|
|
|
func (n *NoopBackend) Cleanup(ctx context.Context) {
|
|
// noop
|
|
}
|
|
|
|
func (n *NoopBackend) InvalidateKey(ctx context.Context, k string) {
|
|
n.Invalidations = append(n.Invalidations, k)
|
|
}
|
|
|
|
func (n *NoopBackend) Setup(ctx context.Context, config *logical.BackendConfig) error {
|
|
return nil
|
|
}
|
|
|
|
func (n *NoopBackend) Logger() log.Logger {
|
|
return log.NewNullLogger()
|
|
}
|
|
|
|
func (n *NoopBackend) Initialize(ctx context.Context, req *logical.InitializationRequest) error {
|
|
return nil
|
|
}
|
|
|
|
func (n *NoopBackend) Type() logical.BackendType {
|
|
if n.BackendType == logical.TypeUnknown {
|
|
return logical.TypeLogical
|
|
}
|
|
return n.BackendType
|
|
}
|
|
|
|
// InitializableBackend is a backend that knows whether it has been initialized
|
|
// properly.
|
|
type InitializableBackend struct {
|
|
*NoopBackend
|
|
isInitialized bool
|
|
}
|
|
|
|
func (b *InitializableBackend) Initialize(ctx context.Context, req *logical.InitializationRequest) error {
|
|
if b.isInitialized {
|
|
return errors.New("already initialized")
|
|
}
|
|
|
|
// do a dummy write, to prove that the storage is not readonly
|
|
entry := &logical.StorageEntry{
|
|
Key: "initialize/zork",
|
|
Value: []byte("quux"),
|
|
}
|
|
err := req.Storage.Put(ctx, entry)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
b.isInitialized = true
|
|
return nil
|
|
}
|