-
Notifications
You must be signed in to change notification settings - Fork 4.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make the plugin catalog endpoint roundtrip so we can use terraform to manage them. #3778
Changes from 1 commit
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -10,12 +10,12 @@ import ( | |
"errors" | ||
"fmt" | ||
"hash" | ||
"path/filepath" | ||
"strconv" | ||
"strings" | ||
"sync" | ||
"time" | ||
|
||
"github.com/fatih/structs" | ||
uuid "github.com/hashicorp/go-uuid" | ||
"github.com/hashicorp/vault/helper/consts" | ||
"github.com/hashicorp/vault/helper/parseutil" | ||
|
@@ -860,6 +860,10 @@ func NewSystemBackend(core *Core) *SystemBackend { | |
Type: framework.TypeString, | ||
Description: strings.TrimSpace(sysHelp["plugin-catalog_command"][0]), | ||
}, | ||
"args": &framework.FieldSchema{ | ||
Type: framework.TypeStringSlice, | ||
Description: strings.TrimSpace(sysHelp["plugin-catalog_args"][0]), | ||
}, | ||
}, | ||
|
||
Callbacks: map[logical.Operation]framework.OperationFunc{ | ||
|
@@ -1098,12 +1102,17 @@ func (b *SystemBackend) handlePluginCatalogUpdate(ctx context.Context, req *logi | |
return logical.ErrorResponse("missing command value"), nil | ||
} | ||
|
||
args := d.Get("args").([]string) | ||
// For backwards compatibility, also accept args as part of command. | ||
parts := strings.Split(command, " ") | ||
args = append(parts[1:], args...) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. If they specify both |
||
|
||
sha256Bytes, err := hex.DecodeString(sha256) | ||
if err != nil { | ||
return logical.ErrorResponse("Could not decode SHA-256 value from Hex"), err | ||
} | ||
|
||
err = b.Core.pluginCatalog.Set(pluginName, command, sha256Bytes) | ||
err = b.Core.pluginCatalog.Set(pluginName, parts[0], args, sha256Bytes) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
@@ -1124,8 +1133,17 @@ func (b *SystemBackend) handlePluginCatalogRead(ctx context.Context, req *logica | |
return nil, nil | ||
} | ||
|
||
// Create a map of data to be returned and remove sensitive information from it | ||
data := structs.New(plugin).Map() | ||
command, err := filepath.Rel(b.Core.pluginCatalog.directory, plugin.Command) | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
data := map[string]interface{}{ | ||
"name": plugin.Name, | ||
"args": plugin.Args, | ||
"command": command, | ||
"sha256": hex.EncodeToString(plugin.Sha256), | ||
} | ||
|
||
return &logical.Response{ | ||
Data: data, | ||
|
@@ -3332,6 +3350,10 @@ executable defined in this command must exist in vault's | |
plugin directory.`, | ||
"", | ||
}, | ||
"plugin-catalog_args": { | ||
`The args passed to plugin command.`, | ||
"", | ||
}, | ||
"leases": { | ||
`View or list lease metadata.`, | ||
` | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -50,8 +50,8 @@ func TestPluginCatalog_CRUD(t *testing.T) { | |
} | ||
defer file.Close() | ||
|
||
command := fmt.Sprintf("%s --test", filepath.Base(file.Name())) | ||
err = core.pluginCatalog.Set("mysql-database-plugin", command, []byte{'1'}) | ||
command := fmt.Sprintf("%s", filepath.Base(file.Name())) | ||
err = core.pluginCatalog.Set("mysql-database-plugin", command, []string{"--test"}, []byte{'1'}) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Please also add a check to verify correct behavior if both args and command-with-args are given (after fixing above) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I've added the test to logical_system_test.go, as the logic to ensure only command or args is specified is in logical_system.go - hope thats okay! |
||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
|
@@ -139,14 +139,14 @@ func TestPluginCatalog_List(t *testing.T) { | |
} | ||
defer file.Close() | ||
|
||
command := fmt.Sprintf("%s --test", filepath.Base(file.Name())) | ||
err = core.pluginCatalog.Set("mysql-database-plugin", command, []byte{'1'}) | ||
command := filepath.Base(file.Name()) | ||
err = core.pluginCatalog.Set("mysql-database-plugin", command, []string{"--test"}, []byte{'1'}) | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
|
||
// Set another plugin | ||
err = core.pluginCatalog.Set("aaaaaaa", command, []byte{'1'}) | ||
err = core.pluginCatalog.Set("aaaaaaa", command, []string{"--test"}, []byte{'1'}) | ||
if err != nil { | ||
t.Fatal(err) | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please do a length check before this line to make sure the command actually has more than one value...otherwise it'll panic.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Length >0 is assured by the check for the empty string above (as with the previous iteration of the code). But I'll add it anyway :-)