add newCommonRegistry() and registry.Extend()

hashicorp · Jun 10, 2024 · ed814c1 · ed814c1
1 parent c29d10e
commit ed814c1
Show file tree

Hide file tree

Showing 5 changed files with 100 additions and 55 deletions.
diff --git a/Makefile b/Makefile
@@ -22,7 +22,9 @@ ifneq ($(FDB_ENABLED), )
 	BUILD_TAGS+=foundationdb
 endif
 
-ifneq ($(MINIMAL), )
+# Set BUILD_MINIMAL to a non-empty value to build a minimal version of Vault with only core features.
+BUILD_MINIMAL ?=
+ifneq ($(strip $(BUILD_MINIMAL)),)
 	BUILD_TAGS+=minimal
 endif
 

diff --git a/helper/builtinplugins/registry.go b/helper/builtinplugins/registry.go
@@ -6,6 +6,14 @@ package builtinplugins
 import (
 	"context"
 
+	credJWT "github.com/hashicorp/vault-plugin-auth-jwt"
+	logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
+	credAppRole "github.com/hashicorp/vault/builtin/credential/approle"
+	credCert "github.com/hashicorp/vault/builtin/credential/cert"
+	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
+	logicalPki "github.com/hashicorp/vault/builtin/logical/pki"
+	logicalSsh "github.com/hashicorp/vault/builtin/logical/ssh"
+	logicalTransit "github.com/hashicorp/vault/builtin/logical/transit"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -45,6 +53,29 @@ func removedFactory(ctx context.Context, config *logical.BackendConfig) (logical
 	return removedBackend, nil
 }
 
+func newCommonRegistry() *registry {
+	reg := &registry{
+		credentialBackends: map[string]credentialBackend{
+			"approle":  {Factory: credAppRole.Factory},
+			"cert":     {Factory: credCert.Factory},
+			"jwt":      {Factory: credJWT.Factory},
+			"oidc":     {Factory: credJWT.Factory},
+			"userpass": {Factory: credUserpass.Factory},
+		},
+		databasePlugins: map[string]databasePlugin{},
+		logicalBackends: map[string]logicalBackend{
+			"kv":      {Factory: logicalKv.Factory},
+			"pki":     {Factory: logicalPki.Factory},
+			"ssh":     {Factory: logicalSsh.Factory},
+			"transit": {Factory: logicalTransit.Factory},
+		},
+	}
+
+	entAddExtPlugins(reg)
+
+	return reg
+}
+
 func addExtPluginsImpl(r *registry) {}
 
 type registry struct {
@@ -127,6 +158,18 @@ func (r *registry) DeprecationStatus(name string, pluginType consts.PluginType)
 	return consts.Unknown, false
 }
 
+func (r *registry) Extend(other *registry) {
+	for k, v := range other.credentialBackends {
+		r.credentialBackends[k] = v
+	}
+	for k, v := range other.databasePlugins {
+		r.databasePlugins[k] = v
+	}
+	for k, v := range other.logicalBackends {
+		r.logicalBackends[k] = v
+	}
+}
+
 func toFunc(ifc interface{}) func() (interface{}, error) {
 	return func() (interface{}, error) {
 		return ifc, nil

diff --git a/helper/builtinplugins/registry_full.go b/helper/builtinplugins/registry_full.go
@@ -10,7 +10,6 @@ import (
 	credAzure "github.com/hashicorp/vault-plugin-auth-azure"
 	credCF "github.com/hashicorp/vault-plugin-auth-cf"
 	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
-	credJWT "github.com/hashicorp/vault-plugin-auth-jwt"
 	credKerb "github.com/hashicorp/vault-plugin-auth-kerberos"
 	credKube "github.com/hashicorp/vault-plugin-auth-kubernetes"
 	credOCI "github.com/hashicorp/vault-plugin-auth-oci"
@@ -26,26 +25,19 @@ import (
 	logicalGcp "github.com/hashicorp/vault-plugin-secrets-gcp/plugin"
 	logicalGcpKms "github.com/hashicorp/vault-plugin-secrets-gcpkms"
 	logicalKube "github.com/hashicorp/vault-plugin-secrets-kubernetes"
-	logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
 	logicalMongoAtlas "github.com/hashicorp/vault-plugin-secrets-mongodbatlas"
 	logicalLDAP "github.com/hashicorp/vault-plugin-secrets-openldap"
 	logicalTerraform "github.com/hashicorp/vault-plugin-secrets-terraform"
-	credAppRole "github.com/hashicorp/vault/builtin/credential/approle"
 	credAws "github.com/hashicorp/vault/builtin/credential/aws"
-	credCert "github.com/hashicorp/vault/builtin/credential/cert"
 	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
 	credLdap "github.com/hashicorp/vault/builtin/credential/ldap"
 	credOkta "github.com/hashicorp/vault/builtin/credential/okta"
 	credRadius "github.com/hashicorp/vault/builtin/credential/radius"
-	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
 	logicalAws "github.com/hashicorp/vault/builtin/logical/aws"
 	logicalConsul "github.com/hashicorp/vault/builtin/logical/consul"
 	logicalNomad "github.com/hashicorp/vault/builtin/logical/nomad"
-	logicalPki "github.com/hashicorp/vault/builtin/logical/pki"
 	logicalRabbit "github.com/hashicorp/vault/builtin/logical/rabbitmq"
-	logicalSsh "github.com/hashicorp/vault/builtin/logical/ssh"
 	logicalTotp "github.com/hashicorp/vault/builtin/logical/totp"
-	logicalTransit "github.com/hashicorp/vault/builtin/logical/transit"
 	dbCass "github.com/hashicorp/vault/plugins/database/cassandra"
 	dbHana "github.com/hashicorp/vault/plugins/database/hana"
 	dbInflux "github.com/hashicorp/vault/plugins/database/influxdb"
@@ -57,34 +49,29 @@ import (
 	"github.com/hashicorp/vault/sdk/helper/consts"
 )
 
-func newRegistry() *registry {
-	reg := &registry{
+func newFullAddonRegistry() *registry {
+	return &registry{
 		credentialBackends: map[string]credentialBackend{
 			"alicloud": {Factory: credAliCloud.Factory},
 			"app-id": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
-			"approle":    {Factory: credAppRole.Factory},
 			"aws":        {Factory: credAws.Factory},
 			"azure":      {Factory: credAzure.Factory},
-			"cert":       {Factory: credCert.Factory},
 			"cf":         {Factory: credCF.Factory},
 			"gcp":        {Factory: credGcp.Factory},
 			"github":     {Factory: credGitHub.Factory},
-			"jwt":        {Factory: credJWT.Factory},
 			"kerberos":   {Factory: credKerb.Factory},
 			"kubernetes": {Factory: credKube.Factory},
 			"ldap":       {Factory: credLdap.Factory},
 			"oci":        {Factory: credOCI.Factory},
-			"oidc":       {Factory: credJWT.Factory},
 			"okta":       {Factory: credOkta.Factory},
 			"pcf": {
 				Factory:           credCF.Factory,
 				DeprecationStatus: consts.Deprecated,
 			},
-			"radius":   {Factory: credRadius.Factory},
-			"userpass": {Factory: credUserpass.Factory},
+			"radius": {Factory: credRadius.Factory},
 		},
 		databasePlugins: map[string]databasePlugin{
 			// These four plugins all use the same mysql implementation but with
@@ -124,13 +111,10 @@ func newRegistry() *registry {
 			"gcp":        {Factory: logicalGcp.Factory},
 			"gcpkms":     {Factory: logicalGcpKms.Factory},
 			"kubernetes": {Factory: logicalKube.Factory},
-			"kv":         {Factory: logicalKv.Factory},
 			"mongodb": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
-			// The mongodbatlas secrets engine is not the same as the database plugin equivalent
-			// (`mongodbatlas-database-plugin`), and thus will not be deprecated at this time.
 			"mongodbatlas": {Factory: logicalMongoAtlas.Factory},
 			"mssql": {
 				Factory:           removedFactory,
@@ -143,20 +127,21 @@ func newRegistry() *registry {
 			"nomad":    {Factory: logicalNomad.Factory},
 			"openldap": {Factory: logicalLDAP.Factory},
 			"ldap":     {Factory: logicalLDAP.Factory},
-			"pki":      {Factory: logicalPki.Factory},
 			"postgresql": {
 				Factory:           removedFactory,
 				DeprecationStatus: consts.Removed,
 			},
 			"rabbitmq":  {Factory: logicalRabbit.Factory},
-			"ssh":       {Factory: logicalSsh.Factory},
 			"terraform": {Factory: logicalTerraform.Factory},
 			"totp":      {Factory: logicalTotp.Factory},
-			"transit":   {Factory: logicalTransit.Factory},
 		},
 	}
+}
+
+func newRegistry() *registry {
+	reg := newFullAddonRegistry()
 
-	entAddExtPlugins(reg)
+	reg.Extend(newCommonRegistry())
 
 	return reg
 }
diff --git a/helper/builtinplugins/registry_full_test.go b/helper/builtinplugins/registry_full_test.go
@@ -0,0 +1,45 @@
+package builtinplugins
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_newRegistry(t *testing.T) {
+	actual := newRegistry()
+	expCommon := newCommonRegistry()
+	expFullAddon := newFullAddonRegistry()
+
+	assert.Equal(t, len(actual.credentialBackends), len(expCommon.credentialBackends)+len(expFullAddon.credentialBackends),
+		"newRegistry() total auth backends mismatch total of common and full addon registries")
+	assert.Equal(t, len(actual.databasePlugins), len(expCommon.databasePlugins)+len(expFullAddon.databasePlugins),
+		"newRegistry() total database plugins mismatch total of common and full addon registries")
+	assert.Equal(t, len(actual.logicalBackends), len(expCommon.logicalBackends)+len(expFullAddon.logicalBackends),
+		"newRegistry() total logical backends mismatch total of common and full addon registries")
+
+	assertRegistrySubset(t, actual, expCommon, "common")
+	assertRegistrySubset(t, actual, expFullAddon, "full addon")
+}
+
+func assertRegistrySubset(t *testing.T, r, subset *registry, subsetName string) {
+	t.Helper()
+
+	for k := range subset.credentialBackends {
+		if !assert.Contains(t, r.credentialBackends, k) {
+			t.Errorf("missing %s auth backend=%v, newRegistry()=%v", subsetName, k, r.credentialBackends)
+		}
+	}
+
+	for k := range subset.databasePlugins {
+		if !assert.Contains(t, r.databasePlugins, k) {
+			t.Errorf("missing %s database plugin=%v, newRegistry()=%v", subsetName, k, r.databasePlugins)
+		}
+	}
+
+	for k := range subset.logicalBackends {
+		if !assert.Contains(t, r.logicalBackends, k) {
+			t.Errorf("missing %s logical backend=%v, newRegistry()=%v", subsetName, k, r.logicalBackends)
+		}
+	}
+}
diff --git a/helper/builtinplugins/registry_min.go b/helper/builtinplugins/registry_min.go
@@ -5,36 +5,6 @@
 
 package builtinplugins
 
-import (
-	credJWT "github.com/hashicorp/vault-plugin-auth-jwt"
-	logicalKv "github.com/hashicorp/vault-plugin-secrets-kv"
-	credAppRole "github.com/hashicorp/vault/builtin/credential/approle"
-	credCert "github.com/hashicorp/vault/builtin/credential/cert"
-	credUserpass "github.com/hashicorp/vault/builtin/credential/userpass"
-	logicalPki "github.com/hashicorp/vault/builtin/logical/pki"
-	logicalSsh "github.com/hashicorp/vault/builtin/logical/ssh"
-	logicalTransit "github.com/hashicorp/vault/builtin/logical/transit"
-)
-
 func newRegistry() *registry {
-	reg := &registry{
-		credentialBackends: map[string]credentialBackend{
-			"approle":  {Factory: credAppRole.Factory},
-			"cert":     {Factory: credCert.Factory},
-			"jwt":      {Factory: credJWT.Factory},
-			"oidc":     {Factory: credJWT.Factory},
-			"userpass": {Factory: credUserpass.Factory},
-		},
-		databasePlugins: map[string]databasePlugin{},
-		logicalBackends: map[string]logicalBackend{
-			"kv":      {Factory: logicalKv.Factory},
-			"pki":     {Factory: logicalPki.Factory},
-			"ssh":     {Factory: logicalSsh.Factory},
-			"transit": {Factory: logicalTransit.Factory},
-		},
-	}
-
-	entAddExtPlugins(reg)
-
-	return reg
+	return newCommonRegistry()
 }