diff --git a/command/command_stubs_oss.go b/command/command_stubs_oss.go index bb199f373c0c..73c2f6b3d7f3 100644 --- a/command/command_stubs_oss.go +++ b/command/command_stubs_oss.go @@ -35,3 +35,5 @@ func entGetFIPSInfoKey() string { func entGetRequestLimiterStatus(coreConfig vault.CoreConfig) string { return "" } + +func entExtendAddonHandlers(handlers *vaultHandlers) {} diff --git a/command/command_test.go b/command/command_test.go index d4fb934ab48c..dc8c108339fa 100644 --- a/command/command_test.go +++ b/command/command_test.go @@ -122,10 +122,11 @@ func testVaultServerWithKVVersion(tb testing.TB, kvVersion string) (*api.Client, func testVaultServerAllBackends(tb testing.TB) (*api.Client, func()) { tb.Helper() + handlers := newVaultHandlers() client, _, closer := testVaultServerCoreConfig(tb, &vault.CoreConfig{ - CredentialBackends: credentialBackends, - AuditBackends: auditBackends, - LogicalBackends: logicalBackends, + CredentialBackends: handlers.credentialBackends, + AuditBackends: handlers.auditBackends, + LogicalBackends: handlers.logicalBackends, BuiltinRegistry: builtinplugins.Registry, }) return client, closer diff --git a/command/commands.go b/command/commands.go index 7f0f302db02d..c62780fa7f5f 100644 --- a/command/commands.go +++ b/command/commands.go @@ -129,50 +129,68 @@ const ( flagNameDelegatedAuthAccessors = "delegated-auth-accessors" ) -var ( - physicalBackends = map[string]physical.Factory{ - "inmem_ha": physInmem.NewInmemHA, - "inmem_transactional_ha": physInmem.NewTransactionalInmemHA, - "inmem_transactional": physInmem.NewTransactionalInmem, - "inmem": physInmem.NewInmem, - "raft": physRaft.NewRaftBackend, - } +// vaultHandlers contains the handlers for creating the various Vault backends. +type vaultHandlers struct { + physicalBackends map[string]physical.Factory + loginHandlers map[string]LoginHandler + auditBackends map[string]audit.Factory + credentialBackends map[string]logical.Factory + logicalBackends map[string]logical.Factory + serviceRegistrations map[string]sr.Factory +} - loginHandlers = map[string]LoginHandler{ - "cert": &credCert.CLIHandler{}, - "oidc": &credOIDC.CLIHandler{}, - "token": &credToken.CLIHandler{}, - "userpass": &credUserpass.CLIHandler{ - DefaultMount: "userpass", +// newMinimalVaultHandlers returns a new vaultHandlers that a minimal Vault would use. +func newMinimalVaultHandlers() *vaultHandlers { + return &vaultHandlers{ + physicalBackends: map[string]physical.Factory{ + "inmem_ha": physInmem.NewInmemHA, + "inmem_transactional_ha": physInmem.NewTransactionalInmemHA, + "inmem_transactional": physInmem.NewTransactionalInmem, + "inmem": physInmem.NewInmem, + "raft": physRaft.NewRaftBackend, + }, + loginHandlers: map[string]LoginHandler{ + "cert": &credCert.CLIHandler{}, + "oidc": &credOIDC.CLIHandler{}, + "token": &credToken.CLIHandler{}, + "userpass": &credUserpass.CLIHandler{ + DefaultMount: "userpass", + }, + }, + auditBackends: map[string]audit.Factory{ + "file": audit.NewFileBackend, + "socket": audit.NewSocketBackend, + "syslog": audit.NewSyslogBackend, + }, + credentialBackends: map[string]logical.Factory{ + "plugin": plugin.Factory, + }, + logicalBackends: map[string]logical.Factory{ + "plugin": plugin.Factory, + "database": logicalDb.Factory, + // This is also available in the plugin catalog, but is here due to the need to + // automatically mount it. + "kv": logicalKv.Factory, + }, + serviceRegistrations: map[string]sr.Factory{ + "consul": csr.NewServiceRegistration, + "kubernetes": ksr.NewServiceRegistration, }, } +} - auditBackends = map[string]audit.Factory{ - "file": audit.NewFileBackend, - "socket": audit.NewSocketBackend, - "syslog": audit.NewSyslogBackend, - } - - credentialBackends = map[string]logical.Factory{ - "plugin": plugin.Factory, - } - - logicalBackends = map[string]logical.Factory{ - "plugin": plugin.Factory, - "database": logicalDb.Factory, - // This is also available in the plugin catalog, but is here due to the need to - // automatically mount it. - "kv": logicalKv.Factory, - } +// newVaultHandlers returns a new vaultHandlers composed of newMinimalVaultHandlers() +// and any addon handlers from Vault CE and Vault Enterprise selected by Go build tags. +func newVaultHandlers() *vaultHandlers { + handlers := newMinimalVaultHandlers() + extendAddonHandlers(handlers) + entExtendAddonHandlers(handlers) - serviceRegistrations = map[string]sr.Factory{ - "consul": csr.NewServiceRegistration, - "kubernetes": ksr.NewServiceRegistration, - } -) + return handlers +} func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory { - extendAddonCommands() + handlers := newVaultHandlers() getBaseCommand := func() *BaseCommand { return &BaseCommand{ @@ -242,7 +260,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co "auth help": func() (cli.Command, error) { return &AuthHelpCommand{ BaseCommand: getBaseCommand(), - Handlers: loginHandlers, + Handlers: handlers.loginHandlers, }, nil }, "auth list": func() (cli.Command, error) { @@ -299,7 +317,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co "login": func() (cli.Command, error) { return &LoginCommand{ BaseCommand: getBaseCommand(), - Handlers: loginHandlers, + Handlers: handlers.loginHandlers, }, nil }, "namespace": func() (cli.Command, error) { @@ -370,7 +388,7 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co "operator migrate": func() (cli.Command, error) { return &OperatorMigrateCommand{ BaseCommand: getBaseCommand(), - PhysicalBackends: physicalBackends, + PhysicalBackends: handlers.physicalBackends, ShutdownCh: MakeShutdownCh(), }, nil }, @@ -660,12 +678,11 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.Co tokenHelper: runOpts.TokenHelper, flagAddress: runOpts.Address, }, - AuditBackends: auditBackends, - CredentialBackends: credentialBackends, - LogicalBackends: logicalBackends, - PhysicalBackends: physicalBackends, - - ServiceRegistrations: serviceRegistrations, + AuditBackends: handlers.auditBackends, + CredentialBackends: handlers.credentialBackends, + LogicalBackends: handlers.logicalBackends, + PhysicalBackends: handlers.physicalBackends, + ServiceRegistrations: handlers.serviceRegistrations, ShutdownCh: MakeShutdownCh(), SighupCh: MakeSighupCh(), diff --git a/command/commands_full.go b/command/commands_full.go index c853e8f5b8bd..8db22350cf89 100644 --- a/command/commands_full.go +++ b/command/commands_full.go @@ -43,7 +43,7 @@ import ( physFile "github.com/hashicorp/vault/sdk/physical/file" ) -func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandler) { +func newFullAddonHandlers() (map[string]physical.Factory, map[string]LoginHandler) { addonPhysicalBackends := map[string]physical.Factory{ "aerospike": physAerospike.NewAerospikeBackend, "alicloudoss": physAliCloudOSS.NewAliCloudOSSBackend, @@ -88,9 +88,9 @@ func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandle return addonPhysicalBackends, addonLoginHandlers } -func extendAddonCommands() { - addonPhysicalBackends, addonLoginHandlers := newFullAddonCommands() +func extendAddonHandlers(handlers *vaultHandlers) { + addonPhysicalBackends, addonLoginHandlers := newFullAddonHandlers() - maps.Copy(physicalBackends, addonPhysicalBackends) - maps.Copy(loginHandlers, addonLoginHandlers) + maps.Copy(handlers.physicalBackends, addonPhysicalBackends) + maps.Copy(handlers.loginHandlers, addonLoginHandlers) } diff --git a/command/commands_full_test.go b/command/commands_full_test.go index b3f5c5fe9d7e..e22c0fc5f102 100644 --- a/command/commands_full_test.go +++ b/command/commands_full_test.go @@ -12,34 +12,35 @@ import ( "github.com/stretchr/testify/require" ) -// Test_extendAddonCommands tests extendAddonCommands() extends physical and logical backends with -// those generated by newFullAddonCommands() -func Test_extendAddonCommands(t *testing.T) { - expMinPhysicalBackends := maps.Clone(physicalBackends) - expMinLoginHandlers := maps.Clone(loginHandlers) +// Test_extendAddonHandlers tests extendAddonHandlers() extends the minimal Vault handlers with handlers +// generated by newFullAddonHandlers() +func Test_extendAddonHandlers(t *testing.T) { + handlers := newMinimalVaultHandlers() + expMinPhysicalBackends := maps.Clone(handlers.physicalBackends) + expMinLoginHandlers := maps.Clone(handlers.loginHandlers) - expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonCommands() + expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonHandlers() - extendAddonCommands() + extendAddonHandlers(handlers) - require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(physicalBackends), + require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(handlers.physicalBackends), "extended total physical backends mismatch total of minimal and full addon physical backends") - require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(loginHandlers), + require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(handlers.loginHandlers), "extended total login handlers mismatch total of minimal and full addon login handlers") for k := range expMinPhysicalBackends { - require.Contains(t, physicalBackends, k, "expected to contain minimal physical backend") + require.Contains(t, handlers.physicalBackends, k, "expected to contain minimal physical backend") } for k := range expAddonPhysicalBackends { - require.Contains(t, physicalBackends, k, "expected to contain full addon physical backend") + require.Contains(t, handlers.physicalBackends, k, "expected to contain full addon physical backend") } for k := range expMinLoginHandlers { - require.Contains(t, loginHandlers, k, "expected to contain minimal login handler") + require.Contains(t, handlers.loginHandlers, k, "expected to contain minimal login handler") } for k := range expAddonLoginHandlers { - require.Contains(t, loginHandlers, k, "expected to contain full addon login handler") + require.Contains(t, handlers.loginHandlers, k, "expected to contain full addon login handler") } } diff --git a/command/commands_min.go b/command/commands_min.go index 3833936226cb..812c37a40c9e 100644 --- a/command/commands_min.go +++ b/command/commands_min.go @@ -9,6 +9,6 @@ import ( _ "github.com/hashicorp/vault/helper/builtinplugins" ) -func extendAddonCommands() { +func extendAddonHandlers(*vaultHandlers) { // No-op } diff --git a/command/commands_test.go b/command/commands_test.go index 4ae1d8c352ed..681e62712599 100644 --- a/command/commands_test.go +++ b/command/commands_test.go @@ -25,7 +25,12 @@ func Test_Commands_HCPInit(t *testing.T) { } for n, tst := range tests { + n := n + tst := tst + t.Run(n, func(t *testing.T) { + t.Parallel() + mockUi := cli.NewMockUi() commands := initCommands(mockUi, nil, nil) if tst.expectError { diff --git a/command/operator_diagnose.go b/command/operator_diagnose.go index 47b6183cc5de..b530ada5f0cc 100644 --- a/command/operator_diagnose.go +++ b/command/operator_diagnose.go @@ -203,17 +203,19 @@ func (c *OperatorDiagnoseCommand) RunWithParsedFlags() int { func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error { rloadFuncs := make(map[string][]reloadutil.ReloadFunc) + handlers := newVaultHandlers() + server := &ServerCommand{ // TODO: set up a different one? // In particular, a UI instance that won't output? BaseCommand: c.BaseCommand, // TODO: refactor to a common place? - AuditBackends: auditBackends, - CredentialBackends: credentialBackends, - LogicalBackends: logicalBackends, - PhysicalBackends: physicalBackends, - ServiceRegistrations: serviceRegistrations, + AuditBackends: handlers.auditBackends, + CredentialBackends: handlers.credentialBackends, + LogicalBackends: handlers.logicalBackends, + PhysicalBackends: handlers.physicalBackends, + ServiceRegistrations: handlers.serviceRegistrations, // TODO: other ServerCommand options? diff --git a/command/operator_migrate_test.go b/command/operator_migrate_test.go index 9a6c27196ebb..15190b2640f5 100644 --- a/command/operator_migrate_test.go +++ b/command/operator_migrate_test.go @@ -32,10 +32,11 @@ func init() { } func TestMigration(t *testing.T) { + handlers := newVaultHandlers() t.Run("Default", func(t *testing.T) { data := generateData() - fromFactory := physicalBackends["file"] + fromFactory := handlers.physicalBackends["file"] folder := t.TempDir() @@ -51,7 +52,7 @@ func TestMigration(t *testing.T) { t.Fatal(err) } - toFactory := physicalBackends["inmem"] + toFactory := handlers.physicalBackends["inmem"] confTo := map[string]string{} to, err := toFactory(confTo, nil) if err != nil { @@ -72,7 +73,7 @@ func TestMigration(t *testing.T) { t.Run("Concurrent migration", func(t *testing.T) { data := generateData() - fromFactory := physicalBackends["file"] + fromFactory := handlers.physicalBackends["file"] folder := t.TempDir() @@ -88,7 +89,7 @@ func TestMigration(t *testing.T) { t.Fatal(err) } - toFactory := physicalBackends["inmem"] + toFactory := handlers.physicalBackends["inmem"] confTo := map[string]string{} to, err := toFactory(confTo, nil) if err != nil { @@ -110,7 +111,7 @@ func TestMigration(t *testing.T) { t.Run("Start option", func(t *testing.T) { data := generateData() - fromFactory := physicalBackends["inmem"] + fromFactory := handlers.physicalBackends["inmem"] confFrom := map[string]string{} from, err := fromFactory(confFrom, nil) if err != nil { @@ -120,7 +121,7 @@ func TestMigration(t *testing.T) { t.Fatal(err) } - toFactory := physicalBackends["file"] + toFactory := handlers.physicalBackends["file"] folder := t.TempDir() confTo := map[string]string{ "path": folder, @@ -149,7 +150,7 @@ func TestMigration(t *testing.T) { t.Run("Start option (parallel)", func(t *testing.T) { data := generateData() - fromFactory := physicalBackends["inmem"] + fromFactory := handlers.physicalBackends["inmem"] confFrom := map[string]string{} from, err := fromFactory(confFrom, nil) if err != nil { @@ -159,7 +160,7 @@ func TestMigration(t *testing.T) { t.Fatal(err) } - toFactory := physicalBackends["file"] + toFactory := handlers.physicalBackends["file"] folder := t.TempDir() confTo := map[string]string{ "path": folder, @@ -269,7 +270,7 @@ storage_destination "dest_type2" { }) t.Run("DFS Scan", func(t *testing.T) { - s, _ := physicalBackends["inmem"](map[string]string{}, nil) + s, _ := handlers.physicalBackends["inmem"](map[string]string{}, nil) data := generateData() data["cc"] = []byte{}