Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	// PluginMlockEnabled is the ENV name used to pass the configuration for
	// enabling mlock
	PluginMlockEnabled = "VAULT_PLUGIN_MLOCK_ENABLED"

	// PluginVaultVersionEnv is the ENV name used to pass the version of the
	// vault server to the plugin
	PluginVaultVersionEnv = "VAULT_VERSION"

	// PluginMetadataModeEnv is an ENV name used to disable TLS communication
	// to bootstrap mounting plugins.
	PluginMetadataModeEnv = "VAULT_PLUGIN_METADATA_MODE"

	// PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the
	// plugin.
	PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN"

	// PluginCACertPEMEnv is an ENV name used for holding a CA PEM-encoded
	// string. Used for testing.
	PluginCACertPEMEnv = "VAULT_TESTING_PLUGIN_CA_PEM"
)

Functions

func CtxCancelIfCanceled

func CtxCancelIfCanceled(f context.CancelFunc, ctxCanceler context.Context) chan struct{}

    CtxCancelIfCanceled takes a context cancel func and a context. If the context is shutdown the cancelfunc is called. This is useful for merging two cancel functions.

    func GRPCSupport

    func GRPCSupport() bool

      GRPCSupport defaults to returning true, unless VAULT_VERSION is missing or it fails to meet the version constraint.

      func InMetadataMode

      func InMetadataMode() bool

        InMetadataMode returns true if the plugin calling this function is running in metadata mode.

        func OptionallyEnableMlock

        func OptionallyEnableMlock() error

          OptionallyEnableMlock determines if mlock should be called, and if so enables mlock.

          Types

          type LookRunnerUtil

          type LookRunnerUtil interface {
          	Looker
          	RunnerUtil
          }

            LookRunnerUtil defines the functions for both Looker and Wrapper

            type Looker

            type Looker interface {
            	LookupPlugin(context.Context, string, consts.PluginType) (*PluginRunner, error)
            }

              Looker defines the plugin Lookup function that looks into the plugin catalog for available plugins and returns a PluginRunner

              type PluginRunner

              type PluginRunner struct {
              	Name           string                      `json:"name" structs:"name"`
              	Type           consts.PluginType           `json:"type" structs:"type"`
              	Command        string                      `json:"command" structs:"command"`
              	Args           []string                    `json:"args" structs:"args"`
              	Env            []string                    `json:"env" structs:"env"`
              	Sha256         []byte                      `json:"sha256" structs:"sha256"`
              	Builtin        bool                        `json:"builtin" structs:"builtin"`
              	BuiltinFactory func() (interface{}, error) `json:"-" structs:"-"`
              }

                PluginRunner defines the metadata needed to run a plugin securely with go-plugin.

                func (*PluginRunner) Run

                func (r *PluginRunner) Run(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)

                  Run takes a wrapper RunnerUtil instance along with the go-plugin parameters and returns a configured plugin.Client with TLS Configured and a wrapping token set on PluginUnwrapTokenEnv for plugin process consumption.

                  func (*PluginRunner) RunConfig

                  func (r *PluginRunner) RunConfig(ctx context.Context, opts ...RunOpt) (*plugin.Client, error)

                  func (*PluginRunner) RunMetadataMode

                  func (r *PluginRunner) RunMetadataMode(ctx context.Context, wrapper RunnerUtil, pluginSets map[int]plugin.PluginSet, hs plugin.HandshakeConfig, env []string, logger log.Logger) (*plugin.Client, error)

                    RunMetadataMode returns a configured plugin.Client that will dispense a plugin in metadata mode. The PluginMetadataModeEnv is passed in as part of the Cmd to plugin.Client, and consumed by the plugin process on api.VaultPluginTLSProvider.

                    type RunOpt

                    type RunOpt func(*runConfig)

                    func AutoMTLS

                    func AutoMTLS(autoMTLS bool) RunOpt

                    func Env

                    func Env(env ...string) RunOpt

                    func HandshakeConfig

                    func HandshakeConfig(hs plugin.HandshakeConfig) RunOpt

                    func Logger

                    func Logger(logger log.Logger) RunOpt

                    func MetadataMode

                    func MetadataMode(isMetadataMode bool) RunOpt

                    func PluginSets

                    func PluginSets(pluginSets map[int]plugin.PluginSet) RunOpt

                    func Runner

                    func Runner(wrapper RunnerUtil) RunOpt

                    type RunnerUtil

                    type RunnerUtil interface {
                    	ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error)
                    	MlockEnabled() bool
                    }

                      RunnerUtil interface defines the functions needed by the runner to wrap the metadata needed to run a plugin process. This includes looking up Mlock configuration and wrapping data in a response wrapped token. logical.SystemView implementations satisfy this interface.