b6c05fae33
* enable registering backend muxed plugins in plugin catalog * set the sysview on the pluginconfig to allow enabling secrets/auth plugins * store backend instances in map * store single implementations in the instances map cleanup instance map and ensure we don't deadlock * fix system backend unit tests move GetMultiplexIDFromContext to pluginutil package fix pluginutil test fix dbplugin ut * return error(s) if we can't get the plugin client update comments * refactor/move GetMultiplexIDFromContext test * add changelog * remove unnecessary field on pluginClient * add unit tests to PluginCatalog for secrets/auth plugins * fix comment * return pluginClient from TestRunTestPlugin * add multiplexed backend test * honor metadatamode value in newbackend pluginconfig * check that connection exists on cleanup * add automtls to secrets/auth plugins * don't remove apiclientmeta parsing * use formatting directive for fmt.Errorf * fix ut: remove tls provider func * remove tlsproviderfunc from backend plugin tests * use env var to prevent test plugin from running as a unit test * WIP: remove lazy loading * move non lazy loaded backend to new package * use version wrapper for backend plugin factory * remove backendVersionWrapper type * implement getBackendPluginType for plugin catalog * handle backend plugin v4 registration * add plugin automtls env guard * modify plugin factory to determine the backend to use * remove old pluginsets from v5 and log pid in plugin catalog * add reload mechanism via context * readd v3 and v4 to pluginset * call cleanup from reload if non-muxed * move v5 backend code to new package * use context reload for for ErrPluginShutdown case * add wrapper on v5 backend * fix run config UTs * fix unit tests - use v4/v5 mapping for plugin versions - fix test build err - add reload method on fakePluginClient - add multiplexed cases for integration tests * remove comment and update AutoMTLS field in test * remove comment * remove errwrap and unused context * only support metadatamode false for v5 backend plugins * update plugin catalog errors * use const for env variables * rename locks and remove unused * remove unneeded nil check * improvements based on staticcheck recommendations * use const for single implementation string * use const for context key * use info default log level * move pid to pluginClient struct * remove v3 and v4 from multiplexed plugin set * return from reload when non-multiplexed * update automtls env string * combine getBackend and getBrokeredClient * update comments for plugin reload, Backend return val and log * revert Backend return type * allow non-muxed plugins to serve v5 * move v5 code to existing sdk plugin package * do next export sdk fields now that we have removed extra plugin pkg * set TLSProvider in ServeMultiplex for backwards compat * use bool to flag multiplexing support on grpc backend server * revert userpass main.go * refactor plugin sdk - update comments - make use of multiplexing boolean and single implementation ID const * update comment and use multierr * attempt v4 if dispense fails on getPluginTypeForUnknown * update comments on sdk plugin backend
138 lines
4 KiB
Go
138 lines
4 KiB
Go
package plugin
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
|
|
log "github.com/hashicorp/go-hclog"
|
|
plugin "github.com/hashicorp/go-plugin"
|
|
"github.com/hashicorp/vault/sdk/helper/consts"
|
|
"github.com/hashicorp/vault/sdk/helper/pluginutil"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
)
|
|
|
|
// BackendPluginClient is a wrapper around backendPluginClient
|
|
// that also contains its plugin.Client instance. It's primarily
|
|
// used to cleanly kill the client on Cleanup()
|
|
type BackendPluginClient struct {
|
|
client *plugin.Client
|
|
|
|
logical.Backend
|
|
}
|
|
|
|
// Cleanup calls the RPC client's Cleanup() func and also calls
|
|
// the go-plugin's client Kill() func
|
|
func (b *BackendPluginClient) Cleanup(ctx context.Context) {
|
|
b.Backend.Cleanup(ctx)
|
|
b.client.Kill()
|
|
}
|
|
|
|
// NewBackend will return an instance of an RPC-based client implementation of the backend for
|
|
// external plugins, or a concrete implementation of the backend if it is a builtin backend.
|
|
// The backend is returned as a logical.Backend interface. The isMetadataMode param determines whether
|
|
// the plugin should run in metadata mode.
|
|
func NewBackend(ctx context.Context, pluginName string, pluginType consts.PluginType, sys pluginutil.LookRunnerUtil, conf *logical.BackendConfig, isMetadataMode bool) (logical.Backend, error) {
|
|
// Look for plugin in the plugin catalog
|
|
pluginRunner, err := sys.LookupPlugin(ctx, pluginName, pluginType)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var backend logical.Backend
|
|
if pluginRunner.Builtin {
|
|
// Plugin is builtin so we can retrieve an instance of the interface
|
|
// from the pluginRunner. Then cast it to logical.Factory.
|
|
rawFactory, err := pluginRunner.BuiltinFactory()
|
|
if err != nil {
|
|
return nil, fmt.Errorf("error getting plugin type: %q", err)
|
|
}
|
|
|
|
if factory, ok := rawFactory.(logical.Factory); !ok {
|
|
return nil, fmt.Errorf("unsupported backend type: %q", pluginName)
|
|
} else {
|
|
if backend, err = factory(ctx, conf); err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
} else {
|
|
// create a backendPluginClient instance
|
|
backend, err = NewPluginClient(ctx, sys, pluginRunner, conf.Logger, isMetadataMode)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
}
|
|
|
|
return backend, nil
|
|
}
|
|
|
|
func NewPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunner *pluginutil.PluginRunner, logger log.Logger, isMetadataMode bool) (logical.Backend, error) {
|
|
// pluginMap is the map of plugins we can dispense.
|
|
pluginSet := map[int]plugin.PluginSet{
|
|
// Version 3 used to supports both protocols. We want to keep it around
|
|
// since it's possible old plugins built against this version will still
|
|
// work with gRPC. There is currently no difference between version 3
|
|
// and version 4.
|
|
3: {
|
|
"backend": &GRPCBackendPlugin{
|
|
MetadataMode: isMetadataMode,
|
|
},
|
|
},
|
|
4: {
|
|
"backend": &GRPCBackendPlugin{
|
|
MetadataMode: isMetadataMode,
|
|
},
|
|
},
|
|
}
|
|
|
|
namedLogger := logger.Named(pluginRunner.Name)
|
|
|
|
var client *plugin.Client
|
|
var err error
|
|
if isMetadataMode {
|
|
client, err = pluginRunner.RunMetadataMode(ctx, sys, pluginSet, HandshakeConfig, []string{}, namedLogger)
|
|
} else {
|
|
client, err = pluginRunner.Run(ctx, sys, pluginSet, HandshakeConfig, []string{}, namedLogger)
|
|
}
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Connect via RPC
|
|
rpcClient, err := client.Client()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Request the plugin
|
|
raw, err := rpcClient.Dispense("backend")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var backend logical.Backend
|
|
var transport string
|
|
// We should have a logical backend type now. This feels like a normal interface
|
|
// implementation but is in fact over an RPC connection.
|
|
switch b := raw.(type) {
|
|
case *backendGRPCPluginClient:
|
|
backend = b
|
|
transport = "gRPC"
|
|
default:
|
|
return nil, errors.New("unsupported plugin client type")
|
|
}
|
|
|
|
// Wrap the backend in a tracing middleware
|
|
if namedLogger.IsTrace() {
|
|
backend = &BackendTracingMiddleware{
|
|
logger: namedLogger.With("transport", transport),
|
|
next: backend,
|
|
}
|
|
}
|
|
|
|
return &BackendPluginClient{
|
|
client: client,
|
|
Backend: backend,
|
|
}, nil
|
|
}
|