mirror of
https://github.com/hashicorp/vault.git
synced 2025-08-10 16:47:01 +02:00
3565c90cf8
* feat: DB plugin multiplexing (#13734) * WIP: start from main and get a plugin runner from core * move MultiplexedClient map to plugin catalog - call sys.NewPluginClient from PluginFactory - updates to getPluginClient - thread through isMetadataMode * use go-plugin ClientProtocol interface - call sys.NewPluginClient from dbplugin.NewPluginClient * move PluginSets to dbplugin package - export dbplugin HandshakeConfig - small refactor of PluginCatalog.getPluginClient * add removeMultiplexedClient; clean up on Close() - call client.Kill from plugin catalog - set rpcClient when muxed client exists * add ID to dbplugin.DatabasePluginClient struct * only create one plugin process per plugin type * update NewPluginClient to return connection ID to sdk - wrap grpc.ClientConn so we can inject the ID into context - get ID from context on grpc server * add v6 multiplexing protocol version * WIP: backwards compat for db plugins * Ensure locking on plugin catalog access - Create public GetPluginClient method for plugin catalog - rename postgres db plugin * use the New constructor for db plugins * grpc server: use write lock for Close and rlock for CRUD * cleanup MultiplexedClients on Close * remove TODO * fix multiplexing regression with grpc server connection * cleanup grpc server instances on close * embed ClientProtocol in Multiplexer interface * use PluginClientConfig arg to make NewPluginClient plugin type agnostic * create a new plugin process for non-muxed plugins * feat: plugin multiplexing: handle plugin client cleanup (#13896) * use closure for plugin client cleanup * log and return errors; add comments * move rpcClient wrapping to core for ID injection * refactor core plugin client and sdk * remove unused ID method * refactor and only wrap clientConn on multiplexed plugins * rename structs and do not export types * Slight refactor of system view interface * Revert "Slight refactor of system view interface" This reverts commit73d420e5cd. * Revert "Revert "Slight refactor of system view interface"" This reverts commitf75527008a. * only provide pluginRunner arg to the internal newPluginClient method * embed ClientProtocol in pluginClient and name logger * Add back MLock support * remove enableMlock arg from setupPluginCatalog * rename plugin util interface to PluginClient Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com> * feature: multiplexing: fix unit tests (#14007) * fix grpc_server tests and add coverage * update run_config tests * add happy path test case for grpc_server ID from context * update test helpers * feat: multiplexing: handle v5 plugin compiled with new sdk * add mux supported flag and increase test coverage * set multiplexingSupport field in plugin server * remove multiplexingSupport field in sdk * revert postgres to non-multiplexed * add comments on grpc server fields * use pointer receiver on grpc server methods * add changelog * use pointer for grpcserver instance * Use a gRPC server to determine if a plugin should be multiplexed * Apply suggestions from code review Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com> * add lock to removePluginClient * add multiplexingSupport field to externalPlugin struct * do not send nil to grpc MultiplexingSupport * check err before logging * handle locking scenario for cleanupFunc * allow ServeConfigMultiplex to dispense v5 plugin * reposition structs, add err check and comments * add comment on locking for cleanupExternalPlugin Co-authored-by: Brian Kassouf <bkassouf@hashicorp.com> Co-authored-by: Brian Kassouf <briankassouf@users.noreply.github.com>
67 lines
1.8 KiB
Go
67 lines
1.8 KiB
Go
package dbplugin
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/hashicorp/go-plugin"
|
|
"github.com/hashicorp/vault/sdk/database/dbplugin/v5/proto"
|
|
"github.com/hashicorp/vault/sdk/helper/pluginutil"
|
|
"google.golang.org/grpc"
|
|
)
|
|
|
|
// handshakeConfigs are used to just do a basic handshake between
|
|
// a plugin and host. If the handshake fails, a user friendly error is shown.
|
|
// This prevents users from executing bad plugins or executing a plugin
|
|
// directory. It is a UX feature, not a security feature.
|
|
var HandshakeConfig = plugin.HandshakeConfig{
|
|
MagicCookieKey: "VAULT_DATABASE_PLUGIN",
|
|
MagicCookieValue: "926a0820-aea2-be28-51d6-83cdf00e8edb",
|
|
}
|
|
|
|
// Factory is the factory function to create a dbplugin Database.
|
|
type Factory func() (interface{}, error)
|
|
|
|
type GRPCDatabasePlugin struct {
|
|
FactoryFunc Factory
|
|
Impl Database
|
|
|
|
// Embeding this will disable the netRPC protocol
|
|
plugin.NetRPCUnsupportedPlugin
|
|
}
|
|
|
|
var (
|
|
_ plugin.Plugin = &GRPCDatabasePlugin{}
|
|
_ plugin.GRPCPlugin = &GRPCDatabasePlugin{}
|
|
)
|
|
|
|
func (d GRPCDatabasePlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error {
|
|
var server gRPCServer
|
|
|
|
if d.Impl != nil {
|
|
server = gRPCServer{singleImpl: d.Impl}
|
|
} else {
|
|
// multiplexing is supported
|
|
server = gRPCServer{
|
|
factoryFunc: d.FactoryFunc,
|
|
instances: make(map[string]Database),
|
|
}
|
|
|
|
// Multiplexing is enabled for this plugin, register the server so we
|
|
// can tell the client in Vault.
|
|
pluginutil.RegisterPluginMultiplexingServer(s, pluginutil.PluginMultiplexingServerImpl{
|
|
Supported: true,
|
|
})
|
|
}
|
|
|
|
proto.RegisterDatabaseServer(s, &server)
|
|
return nil
|
|
}
|
|
|
|
func (GRPCDatabasePlugin) GRPCClient(doneCtx context.Context, _ *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) {
|
|
client := gRPCClient{
|
|
client: proto.NewDatabaseClient(c),
|
|
doneCtx: doneCtx,
|
|
}
|
|
return client, nil
|
|
}
|