use BUILD_MINIMAL env to build minimal Vault with few storage options…

… and plugins (#27394)
hashicorp · Jun 12, 2024 · 83111c0 · 83111c0
1 parent c4fcb4a
commit 83111c0
Show file tree

Hide file tree

Showing 12 changed files with 417 additions and 217 deletions.
diff --git a/Makefile b/Makefile
@@ -22,6 +22,12 @@ ifneq ($(FDB_ENABLED), )
 	BUILD_TAGS+=foundationdb
 endif
 
+# Set BUILD_MINIMAL to a non-empty value to build a minimal version of Vault with only core features.
+BUILD_MINIMAL ?=
+ifneq ($(strip $(BUILD_MINIMAL)),)
+	BUILD_TAGS+=minimal
+endif
+
 default: dev
 
 # bin generates the releasable binaries for Vault

diff --git a/changelog/27394.txt b/changelog/27394.txt
@@ -0,0 +1,4 @@
+```release-note:feature
+**Vault Minimal Version**: Add the ability to build a minimal version of Vault
+with only core features using the BUILD_MINIMAL environment variable.
+```
diff --git a/command/commands.go b/command/commands.go
@@ -10,48 +10,18 @@ import (
 
 	"github.com/hashicorp/cli"
 	hcpvlib "github.com/hashicorp/vault-hcp-lib"
-	credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
-	credCF "github.com/hashicorp/vault-plugin-auth-cf"
-	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
 	credOIDC "github.com/hashicorp/vault-plugin-auth-jwt"
-	credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
-	credOCI "github.com/hashicorp/vault-plugin-auth-oci"
 	logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
 	"github.com/hashicorp/vault/audit"
-	credAws "github.com/hashicorp/vault/builtin/credential/aws"
 	credCert "github.com/hashicorp/vault/builtin/credential/cert"
-	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
-	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
-	credOkta "github.com/hashicorp/vault/builtin/credential/okta"
 	credToken "github.com/hashicorp/vault/builtin/credential/token"
 	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
 	logicalDb "github.com/hashicorp/vault/builtin/logical/database"
 	"github.com/hashicorp/vault/builtin/plugin"
 	_ "github.com/hashicorp/vault/helper/builtinplugins"
-	physAerospike "github.com/hashicorp/vault/physical/aerospike"
-	physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss"
-	physAzure "github.com/hashicorp/vault/physical/azure"
-	physCassandra "github.com/hashicorp/vault/physical/cassandra"
-	physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb"
-	physConsul "github.com/hashicorp/vault/physical/consul"
-	physCouchDB "github.com/hashicorp/vault/physical/couchdb"
-	physDynamoDB "github.com/hashicorp/vault/physical/dynamodb"
-	physEtcd "github.com/hashicorp/vault/physical/etcd"
-	physFoundationDB "github.com/hashicorp/vault/physical/foundationdb"
-	physGCS "github.com/hashicorp/vault/physical/gcs"
-	physManta "github.com/hashicorp/vault/physical/manta"
-	physMSSQL "github.com/hashicorp/vault/physical/mssql"
-	physMySQL "github.com/hashicorp/vault/physical/mysql"
-	physOCI "github.com/hashicorp/vault/physical/oci"
-	physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
 	physRaft "github.com/hashicorp/vault/physical/raft"
-	physS3 "github.com/hashicorp/vault/physical/s3"
-	physSpanner "github.com/hashicorp/vault/physical/spanner"
-	physSwift "github.com/hashicorp/vault/physical/swift"
-	physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/sdk/physical"
-	physFile "github.com/hashicorp/vault/sdk/physical/file"
 	physInmem "github.com/hashicorp/vault/sdk/physical/inmem"
 	sr "github.com/hashicorp/vault/serviceregistration"
 	csr "github.com/hashicorp/vault/serviceregistration/consul"
@@ -160,6 +130,23 @@ const (
 )
 
 var (
+	physicalBackends = map[string]physical.Factory{
+		"inmem_ha":               physInmem.NewInmemHA,
+		"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
+		"inmem_transactional":    physInmem.NewTransactionalInmem,
+		"inmem":                  physInmem.NewInmem,
+		"raft":                   physRaft.NewRaftBackend,
+	}
+
+	loginHandlers = map[string]LoginHandler{
+		"cert":  &credCert.CLIHandler{},
+		"oidc":  &credOIDC.CLIHandler{},
+		"token": &credToken.CLIHandler{},
+		"userpass": &credUserpass.CLIHandler{
+			DefaultMount: "userpass",
+		},
+	}
+
 	auditBackends = map[string]audit.Factory{
 		"file":   audit.NewFileBackend,
 		"socket": audit.NewSocketBackend,
@@ -178,66 +165,15 @@ var (
 		"kv": logicalKv.Factory,
 	}
 
-	physicalBackends = map[string]physical.Factory{
-		"aerospike":              physAerospike.NewAerospikeBackend,
-		"alicloudoss":            physAliCloudOSS.NewAliCloudOSSBackend,
-		"azure":                  physAzure.NewAzureBackend,
-		"cassandra":              physCassandra.NewCassandraBackend,
-		"cockroachdb":            physCockroachDB.NewCockroachDBBackend,
-		"consul":                 physConsul.NewConsulBackend,
-		"couchdb_transactional":  physCouchDB.NewTransactionalCouchDBBackend,
-		"couchdb":                physCouchDB.NewCouchDBBackend,
-		"dynamodb":               physDynamoDB.NewDynamoDBBackend,
-		"etcd":                   physEtcd.NewEtcdBackend,
-		"file_transactional":     physFile.NewTransactionalFileBackend,
-		"file":                   physFile.NewFileBackend,
-		"foundationdb":           physFoundationDB.NewFDBBackend,
-		"gcs":                    physGCS.NewBackend,
-		"inmem_ha":               physInmem.NewInmemHA,
-		"inmem_transactional_ha": physInmem.NewTransactionalInmemHA,
-		"inmem_transactional":    physInmem.NewTransactionalInmem,
-		"inmem":                  physInmem.NewInmem,
-		"manta":                  physManta.NewMantaBackend,
-		"mssql":                  physMSSQL.NewMSSQLBackend,
-		"mysql":                  physMySQL.NewMySQLBackend,
-		"oci":                    physOCI.NewBackend,
-		"postgresql":             physPostgreSQL.NewPostgreSQLBackend,
-		"s3":                     physS3.NewS3Backend,
-		"spanner":                physSpanner.NewBackend,
-		"swift":                  physSwift.NewSwiftBackend,
-		"raft":                   physRaft.NewRaftBackend,
-		"zookeeper":              physZooKeeper.NewZooKeeperBackend,
-	}
-
 	serviceRegistrations = map[string]sr.Factory{
 		"consul":     csr.NewServiceRegistration,
 		"kubernetes": ksr.NewServiceRegistration,
 	}
-
-	loginHandlers = map[string]LoginHandler{
-		"alicloud": &credAliCloud.CLIHandler{},
-		"aws":      &credAws.CLIHandler{},
-		"cert":     &credCert.CLIHandler{},
-		"cf":       &credCF.CLIHandler{},
-		"gcp":      &credGcp.CLIHandler{},
-		"github":   &credGitHub.CLIHandler{},
-		"kerberos": &credKerb.CLIHandler{},
-		"ldap":     &credLdap.CLIHandler{},
-		"oci":      &credOCI.CLIHandler{},
-		"oidc":     &credOIDC.CLIHandler{},
-		"okta":     &credOkta.CLIHandler{},
-		"pcf":      &credCF.CLIHandler{}, // Deprecated.
-		"radius": &credUserpass.CLIHandler{
-			DefaultMount: "radius",
-		},
-		"token": &credToken.CLIHandler{},
-		"userpass": &credUserpass.CLIHandler{
-			DefaultMount: "userpass",
-		},
-	}
 )
 
 func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory {
+	extendAddonCommands()
+
 	getBaseCommand := func() *BaseCommand {
 		return &BaseCommand{
 			UI:             ui,

diff --git a/command/commands_full.go b/command/commands_full.go
@@ -0,0 +1,96 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build !minimal
+
+package command
+
+import (
+	"maps"
+
+	credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
+	credCF "github.com/hashicorp/vault-plugin-auth-cf"
+	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
+	credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
+	credOCI "github.com/hashicorp/vault-plugin-auth-oci"
+	credAws "github.com/hashicorp/vault/builtin/credential/aws"
+	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
+	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
+	credOkta "github.com/hashicorp/vault/builtin/credential/okta"
+	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
+	_ "github.com/hashicorp/vault/helper/builtinplugins"
+	physAerospike "github.com/hashicorp/vault/physical/aerospike"
+	physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss"
+	physAzure "github.com/hashicorp/vault/physical/azure"
+	physCassandra "github.com/hashicorp/vault/physical/cassandra"
+	physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb"
+	physConsul "github.com/hashicorp/vault/physical/consul"
+	physCouchDB "github.com/hashicorp/vault/physical/couchdb"
+	physDynamoDB "github.com/hashicorp/vault/physical/dynamodb"
+	physEtcd "github.com/hashicorp/vault/physical/etcd"
+	physFoundationDB "github.com/hashicorp/vault/physical/foundationdb"
+	physGCS "github.com/hashicorp/vault/physical/gcs"
+	physManta "github.com/hashicorp/vault/physical/manta"
+	physMSSQL "github.com/hashicorp/vault/physical/mssql"
+	physMySQL "github.com/hashicorp/vault/physical/mysql"
+	physOCI "github.com/hashicorp/vault/physical/oci"
+	physPostgreSQL "github.com/hashicorp/vault/physical/postgresql"
+	physS3 "github.com/hashicorp/vault/physical/s3"
+	physSpanner "github.com/hashicorp/vault/physical/spanner"
+	physSwift "github.com/hashicorp/vault/physical/swift"
+	physZooKeeper "github.com/hashicorp/vault/physical/zookeeper"
+	"github.com/hashicorp/vault/sdk/physical"
+	physFile "github.com/hashicorp/vault/sdk/physical/file"
+)
+
+func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandler) {
+	addonPhysicalBackends := map[string]physical.Factory{
+		"aerospike":             physAerospike.NewAerospikeBackend,
+		"alicloudoss":           physAliCloudOSS.NewAliCloudOSSBackend,
+		"azure":                 physAzure.NewAzureBackend,
+		"cassandra":             physCassandra.NewCassandraBackend,
+		"cockroachdb":           physCockroachDB.NewCockroachDBBackend,
+		"consul":                physConsul.NewConsulBackend,
+		"couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend,
+		"couchdb":               physCouchDB.NewCouchDBBackend,
+		"dynamodb":              physDynamoDB.NewDynamoDBBackend,
+		"etcd":                  physEtcd.NewEtcdBackend,
+		"file_transactional":    physFile.NewTransactionalFileBackend,
+		"file":                  physFile.NewFileBackend,
+		"foundationdb":          physFoundationDB.NewFDBBackend,
+		"gcs":                   physGCS.NewBackend,
+		"manta":                 physManta.NewMantaBackend,
+		"mssql":                 physMSSQL.NewMSSQLBackend,
+		"mysql":                 physMySQL.NewMySQLBackend,
+		"oci":                   physOCI.NewBackend,
+		"postgresql":            physPostgreSQL.NewPostgreSQLBackend,
+		"s3":                    physS3.NewS3Backend,
+		"spanner":               physSpanner.NewBackend,
+		"swift":                 physSwift.NewSwiftBackend,
+		"zookeeper":             physZooKeeper.NewZooKeeperBackend,
+	}
+	addonLoginHandlers := map[string]LoginHandler{
+		"alicloud": &credAliCloud.CLIHandler{},
+		"aws":      &credAws.CLIHandler{},
+		"cf":       &credCF.CLIHandler{},
+		"gcp":      &credGcp.CLIHandler{},
+		"github":   &credGitHub.CLIHandler{},
+		"kerberos": &credKerb.CLIHandler{},
+		"ldap":     &credLdap.CLIHandler{},
+		"oci":      &credOCI.CLIHandler{},
+		"okta":     &credOkta.CLIHandler{},
+		"pcf":      &credCF.CLIHandler{}, // Deprecated.
+		"radius": &credUserpass.CLIHandler{
+			DefaultMount: "radius",
+		},
+	}
+
+	return addonPhysicalBackends, addonLoginHandlers
+}
+
+func extendAddonCommands() {
+	addonPhysicalBackends, addonLoginHandlers := newFullAddonCommands()
+
+	maps.Copy(physicalBackends, addonPhysicalBackends)
+	maps.Copy(loginHandlers, addonLoginHandlers)
+}
diff --git a/command/commands_full_test.go b/command/commands_full_test.go
@@ -0,0 +1,45 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build !enterprise && !minimal
+
+package command
+
+import (
+	"maps"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+// Test_extendAddonCommands tests extendAddonCommands() extends physical and logical backends with
+// those generated by newFullAddonCommands()
+func Test_extendAddonCommands(t *testing.T) {
+	expMinPhysicalBackends := maps.Clone(physicalBackends)
+	expMinLoginHandlers := maps.Clone(loginHandlers)
+
+	expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonCommands()
+
+	extendAddonCommands()
+
+	require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(physicalBackends),
+		"extended total physical backends mismatch total of minimal and full addon physical backends")
+	require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(loginHandlers),
+		"extended total login handlers mismatch total of minimal and full addon login handlers")
+
+	for k := range expMinPhysicalBackends {
+		require.Contains(t, physicalBackends, k, "expected to contain minimal physical backend")
+	}
+
+	for k := range expAddonPhysicalBackends {
+		require.Contains(t, physicalBackends, k, "expected to contain full addon physical backend")
+	}
+
+	for k := range expMinLoginHandlers {
+		require.Contains(t, loginHandlers, k, "expected to contain minimal login handler")
+	}
+
+	for k := range expAddonLoginHandlers {
+		require.Contains(t, loginHandlers, k, "expected to contain full addon login handler")
+	}
+}
diff --git a/command/commands_min.go b/command/commands_min.go
@@ -0,0 +1,14 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+//go:build minimal
+
+package command
+
+import (
+	_ "github.com/hashicorp/vault/helper/builtinplugins"
+)
+
+func extendAddonCommands() {
+	// No-op
+}
diff --git a/command/commands_test.go b/command/commands_test.go
@@ -26,8 +26,6 @@ func Test_Commands_HCPInit(t *testing.T) {
 
 	for n, tst := range tests {
 		t.Run(n, func(t *testing.T) {
-			t.Parallel()
-
 			mockUi := cli.NewMockUi()
 			commands := initCommands(mockUi, nil, nil)
 			if tst.expectError {