Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Combined Database Backend with Plugins #2200

Merged
merged 162 commits into from
May 4, 2017
Merged
Show file tree
Hide file tree
Changes from 149 commits
Commits
Show all changes
162 commits
Select commit Hold shift + click to select a range
3d77a9a
Begin work on database refactor
Dec 19, 2016
ad17d11
More work on refactor and cassandra database
Dec 20, 2016
bfbb104
Add mysql database type
Jan 4, 2017
cee3dc9
s/Statement/Statements/
Jan 4, 2017
5e2cffc
Add max connection lifetime param and set consistancy on cassandra se…
Jan 4, 2017
e442917
Add mysql into the factory
Feb 8, 2017
fa8da4c
Fix mysql connections
Feb 15, 2017
4d33509
Make db instances immutable and add a reset path to tear down and cre…
Feb 16, 2017
354233f
rename mysql variable
briankassouf Mar 3, 2017
c823ad0
Update locking functionaility
briankassouf Mar 7, 2017
1d23bbb
Remove double lock
briankassouf Mar 7, 2017
01300e0
Remove unused sql object
briankassouf Mar 7, 2017
78fdc2a
Pass statements object
briankassouf Mar 8, 2017
73200db
Add defaults to the cassandra databse type
briankassouf Mar 8, 2017
cd68899
Fix renew and revoke calls
briankassouf Mar 8, 2017
00359cd
Update secrets fields
briankassouf Mar 8, 2017
d4ea6c1
Add plugin features
Mar 10, 2017
3766ab1
Add plugin file
Mar 10, 2017
b63147b
Add special path to enforce root on plugin configuration
briankassouf Mar 10, 2017
72a878b
Rename reset to close
briankassouf Mar 10, 2017
a0d207e
Add checksum attribute
briankassouf Mar 10, 2017
c111b02
Add a way to initalize plugins and builtin databases the same way.
briankassouf Mar 13, 2017
143166b
Add a metrics middleware
briankassouf Mar 14, 2017
a6ae4bd
wrap plugin database type with metrics middleware
briankassouf Mar 14, 2017
5b05f62
Work on TLS communication over plugins
briankassouf Mar 16, 2017
3890f19
Break tls code into helper library
briankassouf Mar 16, 2017
2ef1cbf
Comment and slight refactor of the TLS plugin helper
briankassouf Mar 16, 2017
a878791
Update the name of PluginUnwrapTokenEnv
briankassouf Mar 16, 2017
4043f53
Add a secure config to verify the checksum of the plugin
briankassouf Mar 16, 2017
404596e
Change the handshake config from the default
briankassouf Mar 17, 2017
ff6749b
Comment and fix plugin Type function
briankassouf Mar 17, 2017
2fdb342
Verify connections regardless of if this connections is already existing
briankassouf Mar 21, 2017
2d6f36d
Add a delete method
briankassouf Mar 22, 2017
1be8136
Fix race with deleting the connection
Mar 22, 2017
9aaec25
Add a error message for empty creation statement
Mar 22, 2017
73e553a
Add test files for postgres and mysql databases
Mar 22, 2017
cab491f
s/postgres/mysql/
Mar 22, 2017
a1b7246
Remove unsused code block
Mar 23, 2017
e870e39
More work on getting tests to pass
Mar 23, 2017
ca026c6
Remove the unused sync.Once object
Mar 27, 2017
b2c4555
Wrap the database calls with tracing information
Mar 27, 2017
d93378b
Fix for checking types of database on update
Mar 28, 2017
6de5cfa
Add functionaility to build db objects from disk so restarts work
Mar 28, 2017
0c562fa
Update tests
Mar 28, 2017
947fd66
Cleanup the db factory code and add comments
Mar 28, 2017
8ef78f0
Add comments to connection and credential producers
Mar 28, 2017
1d3d3b7
fix for plugin commands that have more than one paramater
Mar 28, 2017
2b08521
Database refactor mssql (#2562)
calvn Apr 3, 2017
ac519ab
Plugin catalog
briankassouf Apr 4, 2017
b54e1cd
Merge branch 'database-refactor' of github.com:hashicorp/vault into d…
briankassouf Apr 4, 2017
1faa5fc
On change of configuration rotate the database type
briankassouf Apr 4, 2017
8e3cb50
Database refactor invalidate (#2566)
calvn Apr 4, 2017
df944f2
Don't return strings, always structs
Apr 4, 2017
73a2cdf
Do not mark conn as initialized until the end (#2567)
calvn Apr 4, 2017
f6b45bd
Execute builtin plugins
Apr 4, 2017
485b331
Add a cli command to run builtin plugins
Apr 5, 2017
8f88452
move builtin plugins list to the pluginutil
Apr 5, 2017
8a2e29c
Refactor to use builtin plugins from an external repo
Apr 5, 2017
0da69cf
Add postgres builtin plugin
Apr 6, 2017
8e77bd9
Move plugin code into sub directory
Apr 6, 2017
9ae5a2a
Add backend test
Apr 7, 2017
3c1c388
Update backend tests
Apr 10, 2017
73f66f8
Update the interface for plugins removing functions for creating creds
Apr 10, 2017
64efc50
Update plugin test
Apr 10, 2017
f54c4de
Add a flag to tell plugins to verify the connection was successful
Apr 10, 2017
de36d61
Mlock the plugin process
Apr 11, 2017
da4d9a8
Remove unnecessary abstraction
Apr 11, 2017
8f75c30
Update help text and comments
Apr 11, 2017
8c264c6
Add remaining crud functions to plugin catalog and tests
Apr 12, 2017
0e08279
Add path help and comments for plugin-catalog
Apr 12, 2017
cb844b5
Add test for logical_system plugin-catalog handling
Apr 12, 2017
1bc0243
Fix RootPaths test
Apr 12, 2017
c9dc7b8
vendor go-plugin
Apr 12, 2017
f2401c0
Merge branch 'master' into database-refactor
Apr 12, 2017
03e2bcb
Update Type() to return an error
Apr 12, 2017
4c75326
Cleanup path files
Apr 13, 2017
33d66f3
Add comments to the plugin runner
Apr 13, 2017
b20c177
Add allowed_roles parameter and checks
Apr 13, 2017
07f3f4f
Update the plugin directory logic
Apr 13, 2017
be50cba
Move plugins into main vault repo
Apr 13, 2017
ea41734
Move mssql to be an acceptance test
Apr 13, 2017
1f6bf29
Only run mssql acceptance test when running as VAULT_ACC=1
Apr 13, 2017
370dd2d
Adding explicit database to sp_msloginmappings call (#2611)
chrishoffman Apr 18, 2017
8b7fa73
Fix cassandra deps breakage
Apr 19, 2017
afc5be1
Merge remote-tracking branch 'oss/master' into database-refactor
Apr 19, 2017
d9ce189
Use the same TLS cert for the server and client
Apr 19, 2017
62cae4a
Merge branch 'master-oss' into database-refactor
jefferai Apr 20, 2017
f1fa617
Calls to builtin plugins now go directly to the implementation instea…
Apr 21, 2017
a3f6580
Merge remote-tracking branch 'oss/database-refactor' into database-re…
Apr 21, 2017
9abc31e
Fix tests
Apr 21, 2017
3ceb7b6
Fix tests
Apr 21, 2017
c5d5abe
Add cassandra plugin
calvn Apr 23, 2017
2faa08d
Remove commented old method signature
calvn Apr 23, 2017
f4ef3df
Update the builtin keys; move catalog to core; protect against unset …
Apr 24, 2017
707e6ca
Update path for the plugin catalog in logical system
Apr 24, 2017
4cda9ea
Update the ResponseWrapData function to return a wrapping.ResponseWra…
Apr 24, 2017
4c306bd
Change MlockDisabled to MlockEnabled
Apr 24, 2017
7e3f5e6
Update root paths test
Apr 24, 2017
4315e68
Fix test
Apr 24, 2017
f6b96cc
s/DatabaseType/Database/
Apr 24, 2017
194695f
Don't uppercase ErrorResponses
Apr 24, 2017
1971d65
Only run Abs on the plugin directory if it's set
Apr 24, 2017
57f78c4
return a 404 when no plugin is found
Apr 25, 2017
630962b
Update test to reflect the correct read response
Apr 25, 2017
6741811
Update logging to new structure
Apr 25, 2017
22612ad
Use TypeCommaStringSlice for allowed_roles
Apr 25, 2017
58b0bbd
Rename path_role_create to path_creds_create
Apr 25, 2017
e187576
Update the connection details data and fix allowedRoles
Apr 25, 2017
6131bdd
Default deny when allowed roles is empty
Apr 25, 2017
37aacba
Change ttl types to TypeDurationSecond
Apr 26, 2017
d8dbfc6
Update the error messages for renew and revoke
Apr 26, 2017
dc9740d
Add mssql builtin plugin type
Apr 26, 2017
cb13786
Fix MSSQL test
Apr 26, 2017
6b05047
Update to a RWMutex
Apr 26, 2017
f92d686
Add an error check to reset a plugin if it is closed
Apr 26, 2017
2e2d382
Add check to ensure we don't overwrite existing connections
Apr 26, 2017
230a36c
Update New() func signature and its references
calvn Apr 27, 2017
47df4ac
Merge pull request #2632 from hashicorp/cassandra-plugin
calvn Apr 27, 2017
766b909
If user provides a revocation statement for MSSQL plugin honor it
Apr 28, 2017
6684e5c
Update username length for MSSQL
Apr 28, 2017
445a0e3
Update the username length for postgresql
Apr 28, 2017
f3e7ad7
Honor statements for RevokeUser on Cassandra backend, add method comm…
calvn May 1, 2017
b87f8a1
Update interface name from Wrapper to a more descriptive RunnerUtil
May 1, 2017
6ca436c
Don't store an error response as a package variable
May 1, 2017
66630f6
Add test for custiom mssql revoke statement
May 1, 2017
d68f283
Prepend a 'v-' to the sql username strings
May 1, 2017
885398e
Add internals doc for plugins
May 2, 2017
31541b7
Add plugins interal page to the sidebar:
May 2, 2017
6ddfe9a
Rename NewPluginServer to just Serve
May 2, 2017
7f92c5f
Fix documentation
May 2, 2017
d300c23
Add website skeleton
jefferai May 2, 2017
1df8ec9
Update the api for serving plugins and provide a utility to pass TLS …
May 2, 2017
6d4f1aa
Merge remote-tracking branch 'oss/database-refactor' into database-re…
May 2, 2017
30a02ed
Don't need to explictly set redirectAddrs
May 2, 2017
6e7696b
Remove unused TestCoreUnsealedWithListener function
May 2, 2017
fe86f06
Fix a few PR comments
May 2, 2017
dc5979e
Fix wording in docs
May 2, 2017
d230446
Update docs and add cassandra as a builtin plugin
May 3, 2017
60753dc
Only wrap in tracing middleware if the logger is set to trace level
May 3, 2017
2be2e4c
Update docs for the database backend and it's plugins
May 3, 2017
85967cb
Add custom plugins docs page
May 3, 2017
78b27fa
Add API docs
May 3, 2017
799cd3c
Upate links in docs
May 3, 2017
311acb3
Add the plugins catalog API docs
May 3, 2017
f424a9a
Use log to output errors instead of fmt
May 3, 2017
c381b00
Use ParseDurationSecond to parse the timeouts in connutil
May 3, 2017
657826d
Add the other mysql plugin types with the correct username length set…
May 3, 2017
5b8ce92
Fix mysql plugin tests
May 3, 2017
3ca266b
Fix parsing the connection duration when it's nil
May 3, 2017
3fcf1ad
Fix the TLS functionality in cassandra plugin
May 3, 2017
a3619c4
Update databse backend tests to use the APIClientMeta for the plugin …
May 3, 2017
2af2b85
Feedback from PR
May 4, 2017
9e28b03
add new mysql plugin names and fix grammar
May 4, 2017
c825362
PR comments
May 4, 2017
55f1f51
Merge remote-tracking branch 'oss/master' into database-refactor
May 4, 2017
886f873
Update docs and return a better error message
May 4, 2017
17bea65
Don't store the plugin directory prepended command in the barrier, pr…
May 4, 2017
fcd4f90
Merge remote-tracking branch 'oss/master' into database-refactor
May 4, 2017
2e82e00
update docs
May 4, 2017
65b7bba
Update mssql docs
calvn May 4, 2017
3f7ea0d
Merge branch 'database-refactor' of github.com:hashicorp/vault into d…
calvn May 4, 2017
c48b7fa
Few docs updates
May 4, 2017
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion audit/hashstructure.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (
"strings"

"github.com/hashicorp/vault/helper/salt"
"github.com/hashicorp/vault/helper/wrapping"
"github.com/hashicorp/vault/logical"
"github.com/mitchellh/copystructure"
"github.com/mitchellh/reflectwalk"
Expand Down Expand Up @@ -84,7 +85,7 @@ func Hash(salter *salt.Salt, raw interface{}) error {

s.Data = data.(map[string]interface{})

case *logical.ResponseWrapInfo:
case *wrapping.ResponseWrapInfo:
if s == nil {
return nil
}
Expand Down
7 changes: 4 additions & 3 deletions audit/hashstructure_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ import (

"github.com/hashicorp/vault/helper/certutil"
"github.com/hashicorp/vault/helper/salt"
"github.com/hashicorp/vault/helper/wrapping"
"github.com/hashicorp/vault/logical"
"github.com/mitchellh/copystructure"
)
Expand Down Expand Up @@ -69,7 +70,7 @@ func TestCopy_response(t *testing.T) {
Data: map[string]interface{}{
"foo": "bar",
},
WrapInfo: &logical.ResponseWrapInfo{
WrapInfo: &wrapping.ResponseWrapInfo{
TTL: 60,
Token: "foo",
CreationTime: time.Now(),
Expand Down Expand Up @@ -140,7 +141,7 @@ func TestHash(t *testing.T) {
Data: map[string]interface{}{
"foo": "bar",
},
WrapInfo: &logical.ResponseWrapInfo{
WrapInfo: &wrapping.ResponseWrapInfo{
TTL: 60,
Token: "bar",
CreationTime: now,
Expand All @@ -151,7 +152,7 @@ func TestHash(t *testing.T) {
Data: map[string]interface{}{
"foo": "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
},
WrapInfo: &logical.ResponseWrapInfo{
WrapInfo: &wrapping.ResponseWrapInfo{
TTL: 60,
Token: "hmac-sha256:f9320baf0249169e73850cd6156ded0106e2bb6ad8cab01b7bbbebe6d1065317",
CreationTime: now,
Expand Down
177 changes: 177 additions & 0 deletions builtin/logical/database/backend.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,177 @@
package database

import (
"fmt"
"net/rpc"
"strings"
"sync"

log "github.com/mgutz/logxi/v1"

"github.com/hashicorp/vault/builtin/logical/database/dbplugin"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)

const databaseConfigPath = "database/config/"

func Factory(conf *logical.BackendConfig) (logical.Backend, error) {
return Backend(conf).Setup(conf)
}

func Backend(conf *logical.BackendConfig) *databaseBackend {
var b databaseBackend
b.Backend = &framework.Backend{
Help: strings.TrimSpace(backendHelp),

Paths: []*framework.Path{
pathConfigurePluginConnection(&b),
pathListRoles(&b),
pathRoles(&b),
pathCredsCreate(&b),
pathResetConnection(&b),
},

Secrets: []*framework.Secret{
secretCreds(&b),
},

Clean: b.closeAllDBs,

Invalidate: b.invalidate,
}

b.logger = conf.Logger
b.connections = make(map[string]dbplugin.Database)
return &b
}

type databaseBackend struct {
connections map[string]dbplugin.Database
logger log.Logger

*framework.Backend
sync.RWMutex
}

// resetAllDBs closes all connections from all database types
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know we don't lint but s/resetAllDBs/closeAllDBs

func (b *databaseBackend) closeAllDBs() {
b.Lock()
defer b.Unlock()

for _, db := range b.connections {
db.Close()
}

b.connections = make(map[string]dbplugin.Database)
}

// This function is used to retrieve a database object either from the cached
// connection map. The caller of this function needs to hold the backend's read
// lock.
func (b *databaseBackend) getDBObj(name string) (dbplugin.Database, bool) {
db, ok := b.connections[name]
return db, ok
}

// This function creates a new db object from the stored configuration and
// caches it in the connections map. The caller of this function needs to hold
// the backend's write lock
func (b *databaseBackend) createDBObj(s logical.Storage, name string) (dbplugin.Database, error) {
db, ok := b.connections[name]
if ok {
return db, nil
}

config, err := b.DatabaseConfig(s, name)
if err != nil {
return nil, err
}

db, err = dbplugin.PluginFactory(config.PluginName, b.System(), b.logger)
if err != nil {
return nil, err
}

err = db.Initialize(config.ConnectionDetails, true)
if err != nil {
return nil, err
}

b.connections[name] = db

return db, nil
}

func (b *databaseBackend) DatabaseConfig(s logical.Storage, name string) (*DatabaseConfig, error) {
entry, err := s.Get(fmt.Sprintf("config/%s", name))
if err != nil {
return nil, fmt.Errorf("failed to read connection configuration with name: %s", name)
Copy link
Contributor

@calvn calvn May 4, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should err be appended and returned back as well?

}
if entry == nil {
return nil, fmt.Errorf("failed to find entry for connection with name: %s", name)
}

var config DatabaseConfig
if err := entry.DecodeJSON(&config); err != nil {
return nil, err
}

return &config, nil
}

func (b *databaseBackend) Role(s logical.Storage, n string) (*roleEntry, error) {
entry, err := s.Get("role/" + n)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you update n to something like name or roleName? It looks like name is used to describe the database name so roleName may make more sense?!?

if err != nil {
return nil, err
}
if entry == nil {
return nil, nil
}

var result roleEntry
if err := entry.DecodeJSON(&result); err != nil {
return nil, err
}

return &result, nil
}

func (b *databaseBackend) invalidate(key string) {
b.Lock()
defer b.Unlock()

switch {
case strings.HasPrefix(key, databaseConfigPath):
name := strings.TrimPrefix(key, databaseConfigPath)
b.clearConnection(name)
}
}

// clearConnection closes the database connection and
// removes it from the b.connections map.
func (b *databaseBackend) clearConnection(name string) {
db, ok := b.connections[name]
if ok {
db.Close()
delete(b.connections, name)
}
}

func (b *databaseBackend) closeIfShutdown(name string, err error) {
// Plugin has shutdown, close it so next call can reconnect.
if err == rpc.ErrShutdown {
b.Lock()
b.clearConnection(name)
b.Unlock()
}
}

const backendHelp = `
The database backend supports using many different databases
as secret backends, including but not limited to:
cassandra, msslq, mysql, postgres
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/msslq/mssql/


After mounting this backend, configure it using the endpoints within
the "database/config/" path.
`
Loading