From ed814c120b312ef350779786e78fa634bbac9de2 Mon Sep 17 00:00:00 2001 From: Thy Ton Date: Mon, 10 Jun 2024 08:18:06 -0700 Subject: [PATCH] add newCommonRegistry() and registry.Extend() --- Makefile | 4 +- helper/builtinplugins/registry.go | 43 ++++++++++++++++++++ helper/builtinplugins/registry_full.go | 31 ++++---------- helper/builtinplugins/registry_full_test.go | 45 +++++++++++++++++++++ helper/builtinplugins/registry_min.go | 32 +-------------- 5 files changed, 100 insertions(+), 55 deletions(-) create mode 100644 helper/builtinplugins/registry_full_test.go diff --git a/Makefile b/Makefile index a87e45892746..ba499ad7407f 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,9 @@ ifneq ($(FDB_ENABLED), ) BUILD_TAGS+=foundationdb endif -ifneq ($(MINIMAL), ) +# Set BUILD_MINIMAL to a non-empty value to build a minimal version of Vault with only core features. +BUILD_MINIMAL ?= +ifneq ($(strip $(BUILD_MINIMAL)),) BUILD_TAGS+=minimal endif diff --git a/helper/builtinplugins/registry.go b/helper/builtinplugins/registry.go index 34e7f951d134..65802bb09a8f 100644 --- a/helper/builtinplugins/registry.go +++ b/helper/builtinplugins/registry.go @@ -6,6 +6,14 @@ package builtinplugins import ( "context" + credJWT "github.com/hashicorp/vault-plugin-auth-jwt" + logicalKv "github.com/hashicorp/vault-plugin-secrets-kv" + credAppRole "github.com/hashicorp/vault/builtin/credential/approle" + credCert "github.com/hashicorp/vault/builtin/credential/cert" + credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" + logicalPki "github.com/hashicorp/vault/builtin/logical/pki" + logicalSsh "github.com/hashicorp/vault/builtin/logical/ssh" + logicalTransit "github.com/hashicorp/vault/builtin/logical/transit" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/logical" @@ -45,6 +53,29 @@ func removedFactory(ctx context.Context, config *logical.BackendConfig) (logical return removedBackend, nil } +func newCommonRegistry() *registry { + reg := ®istry{ + credentialBackends: map[string]credentialBackend{ + "approle": {Factory: credAppRole.Factory}, + "cert": {Factory: credCert.Factory}, + "jwt": {Factory: credJWT.Factory}, + "oidc": {Factory: credJWT.Factory}, + "userpass": {Factory: credUserpass.Factory}, + }, + databasePlugins: map[string]databasePlugin{}, + logicalBackends: map[string]logicalBackend{ + "kv": {Factory: logicalKv.Factory}, + "pki": {Factory: logicalPki.Factory}, + "ssh": {Factory: logicalSsh.Factory}, + "transit": {Factory: logicalTransit.Factory}, + }, + } + + entAddExtPlugins(reg) + + return reg +} + func addExtPluginsImpl(r *registry) {} type registry struct { @@ -127,6 +158,18 @@ func (r *registry) DeprecationStatus(name string, pluginType consts.PluginType) return consts.Unknown, false } +func (r *registry) Extend(other *registry) { + for k, v := range other.credentialBackends { + r.credentialBackends[k] = v + } + for k, v := range other.databasePlugins { + r.databasePlugins[k] = v + } + for k, v := range other.logicalBackends { + r.logicalBackends[k] = v + } +} + func toFunc(ifc interface{}) func() (interface{}, error) { return func() (interface{}, error) { return ifc, nil diff --git a/helper/builtinplugins/registry_full.go b/helper/builtinplugins/registry_full.go index efcb76563ad3..7eaf41d481ce 100644 --- a/helper/builtinplugins/registry_full.go +++ b/helper/builtinplugins/registry_full.go @@ -10,7 +10,6 @@ import ( credAzure "github.com/hashicorp/vault-plugin-auth-azure" credCF "github.com/hashicorp/vault-plugin-auth-cf" credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin" - credJWT "github.com/hashicorp/vault-plugin-auth-jwt" credKerb "github.com/hashicorp/vault-plugin-auth-kerberos" credKube "github.com/hashicorp/vault-plugin-auth-kubernetes" credOCI "github.com/hashicorp/vault-plugin-auth-oci" @@ -26,26 +25,19 @@ import ( logicalGcp "github.com/hashicorp/vault-plugin-secrets-gcp/plugin" logicalGcpKms "github.com/hashicorp/vault-plugin-secrets-gcpkms" logicalKube "github.com/hashicorp/vault-plugin-secrets-kubernetes" - logicalKv "github.com/hashicorp/vault-plugin-secrets-kv" logicalMongoAtlas "github.com/hashicorp/vault-plugin-secrets-mongodbatlas" logicalLDAP "github.com/hashicorp/vault-plugin-secrets-openldap" logicalTerraform "github.com/hashicorp/vault-plugin-secrets-terraform" - credAppRole "github.com/hashicorp/vault/builtin/credential/approle" credAws "github.com/hashicorp/vault/builtin/credential/aws" - credCert "github.com/hashicorp/vault/builtin/credential/cert" credGitHub "github.com/hashicorp/vault/builtin/credential/github" credLdap "github.com/hashicorp/vault/builtin/credential/ldap" credOkta "github.com/hashicorp/vault/builtin/credential/okta" credRadius "github.com/hashicorp/vault/builtin/credential/radius" - credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" logicalAws "github.com/hashicorp/vault/builtin/logical/aws" logicalConsul "github.com/hashicorp/vault/builtin/logical/consul" logicalNomad "github.com/hashicorp/vault/builtin/logical/nomad" - logicalPki "github.com/hashicorp/vault/builtin/logical/pki" logicalRabbit "github.com/hashicorp/vault/builtin/logical/rabbitmq" - logicalSsh "github.com/hashicorp/vault/builtin/logical/ssh" logicalTotp "github.com/hashicorp/vault/builtin/logical/totp" - logicalTransit "github.com/hashicorp/vault/builtin/logical/transit" dbCass "github.com/hashicorp/vault/plugins/database/cassandra" dbHana "github.com/hashicorp/vault/plugins/database/hana" dbInflux "github.com/hashicorp/vault/plugins/database/influxdb" @@ -57,34 +49,29 @@ import ( "github.com/hashicorp/vault/sdk/helper/consts" ) -func newRegistry() *registry { - reg := ®istry{ +func newFullAddonRegistry() *registry { + return ®istry{ credentialBackends: map[string]credentialBackend{ "alicloud": {Factory: credAliCloud.Factory}, "app-id": { Factory: removedFactory, DeprecationStatus: consts.Removed, }, - "approle": {Factory: credAppRole.Factory}, "aws": {Factory: credAws.Factory}, "azure": {Factory: credAzure.Factory}, - "cert": {Factory: credCert.Factory}, "cf": {Factory: credCF.Factory}, "gcp": {Factory: credGcp.Factory}, "github": {Factory: credGitHub.Factory}, - "jwt": {Factory: credJWT.Factory}, "kerberos": {Factory: credKerb.Factory}, "kubernetes": {Factory: credKube.Factory}, "ldap": {Factory: credLdap.Factory}, "oci": {Factory: credOCI.Factory}, - "oidc": {Factory: credJWT.Factory}, "okta": {Factory: credOkta.Factory}, "pcf": { Factory: credCF.Factory, DeprecationStatus: consts.Deprecated, }, - "radius": {Factory: credRadius.Factory}, - "userpass": {Factory: credUserpass.Factory}, + "radius": {Factory: credRadius.Factory}, }, databasePlugins: map[string]databasePlugin{ // These four plugins all use the same mysql implementation but with @@ -124,13 +111,10 @@ func newRegistry() *registry { "gcp": {Factory: logicalGcp.Factory}, "gcpkms": {Factory: logicalGcpKms.Factory}, "kubernetes": {Factory: logicalKube.Factory}, - "kv": {Factory: logicalKv.Factory}, "mongodb": { Factory: removedFactory, DeprecationStatus: consts.Removed, }, - // The mongodbatlas secrets engine is not the same as the database plugin equivalent - // (`mongodbatlas-database-plugin`), and thus will not be deprecated at this time. "mongodbatlas": {Factory: logicalMongoAtlas.Factory}, "mssql": { Factory: removedFactory, @@ -143,20 +127,21 @@ func newRegistry() *registry { "nomad": {Factory: logicalNomad.Factory}, "openldap": {Factory: logicalLDAP.Factory}, "ldap": {Factory: logicalLDAP.Factory}, - "pki": {Factory: logicalPki.Factory}, "postgresql": { Factory: removedFactory, DeprecationStatus: consts.Removed, }, "rabbitmq": {Factory: logicalRabbit.Factory}, - "ssh": {Factory: logicalSsh.Factory}, "terraform": {Factory: logicalTerraform.Factory}, "totp": {Factory: logicalTotp.Factory}, - "transit": {Factory: logicalTransit.Factory}, }, } +} + +func newRegistry() *registry { + reg := newFullAddonRegistry() - entAddExtPlugins(reg) + reg.Extend(newCommonRegistry()) return reg } diff --git a/helper/builtinplugins/registry_full_test.go b/helper/builtinplugins/registry_full_test.go new file mode 100644 index 000000000000..cec08bf8701f --- /dev/null +++ b/helper/builtinplugins/registry_full_test.go @@ -0,0 +1,45 @@ +package builtinplugins + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func Test_newRegistry(t *testing.T) { + actual := newRegistry() + expCommon := newCommonRegistry() + expFullAddon := newFullAddonRegistry() + + assert.Equal(t, len(actual.credentialBackends), len(expCommon.credentialBackends)+len(expFullAddon.credentialBackends), + "newRegistry() total auth backends mismatch total of common and full addon registries") + assert.Equal(t, len(actual.databasePlugins), len(expCommon.databasePlugins)+len(expFullAddon.databasePlugins), + "newRegistry() total database plugins mismatch total of common and full addon registries") + assert.Equal(t, len(actual.logicalBackends), len(expCommon.logicalBackends)+len(expFullAddon.logicalBackends), + "newRegistry() total logical backends mismatch total of common and full addon registries") + + assertRegistrySubset(t, actual, expCommon, "common") + assertRegistrySubset(t, actual, expFullAddon, "full addon") +} + +func assertRegistrySubset(t *testing.T, r, subset *registry, subsetName string) { + t.Helper() + + for k := range subset.credentialBackends { + if !assert.Contains(t, r.credentialBackends, k) { + t.Errorf("missing %s auth backend=%v, newRegistry()=%v", subsetName, k, r.credentialBackends) + } + } + + for k := range subset.databasePlugins { + if !assert.Contains(t, r.databasePlugins, k) { + t.Errorf("missing %s database plugin=%v, newRegistry()=%v", subsetName, k, r.databasePlugins) + } + } + + for k := range subset.logicalBackends { + if !assert.Contains(t, r.logicalBackends, k) { + t.Errorf("missing %s logical backend=%v, newRegistry()=%v", subsetName, k, r.logicalBackends) + } + } +} diff --git a/helper/builtinplugins/registry_min.go b/helper/builtinplugins/registry_min.go index 4fc1039ef975..fe3a1c31880c 100644 --- a/helper/builtinplugins/registry_min.go +++ b/helper/builtinplugins/registry_min.go @@ -5,36 +5,6 @@ package builtinplugins -import ( - credJWT "github.com/hashicorp/vault-plugin-auth-jwt" - logicalKv "github.com/hashicorp/vault-plugin-secrets-kv" - credAppRole "github.com/hashicorp/vault/builtin/credential/approle" - credCert "github.com/hashicorp/vault/builtin/credential/cert" - credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" - logicalPki "github.com/hashicorp/vault/builtin/logical/pki" - logicalSsh "github.com/hashicorp/vault/builtin/logical/ssh" - logicalTransit "github.com/hashicorp/vault/builtin/logical/transit" -) - func newRegistry() *registry { - reg := ®istry{ - credentialBackends: map[string]credentialBackend{ - "approle": {Factory: credAppRole.Factory}, - "cert": {Factory: credCert.Factory}, - "jwt": {Factory: credJWT.Factory}, - "oidc": {Factory: credJWT.Factory}, - "userpass": {Factory: credUserpass.Factory}, - }, - databasePlugins: map[string]databasePlugin{}, - logicalBackends: map[string]logicalBackend{ - "kv": {Factory: logicalKv.Factory}, - "pki": {Factory: logicalPki.Factory}, - "ssh": {Factory: logicalSsh.Factory}, - "transit": {Factory: logicalTransit.Factory}, - }, - } - - entAddExtPlugins(reg) - - return reg + return newCommonRegistry() }