Skip to content

Commit ad07cb9

Browse files
committed
updated to current vault plugin api
1 parent 5ab8c8f commit ad07cb9

File tree

14 files changed

+410
-99
lines changed

14 files changed

+410
-99
lines changed

.gitignore

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,4 +2,6 @@
22
**/data
33
**/data/*.json
44
**/test
5-
**/releases/*
5+
**/releases/*
6+
**/scripts
7+
**/scripts/*.sh

backend.go

Lines changed: 18 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -18,19 +18,16 @@ import (
1818
"context"
1919
"fmt"
2020

21-
"github.com/hashicorp/vault/logical"
22-
"github.com/hashicorp/vault/logical/framework"
21+
"github.com/hashicorp/vault/sdk/framework"
22+
"github.com/hashicorp/vault/sdk/logical"
2323
)
2424

25-
// New returns a new backend as an interface. This func
26-
// is only necessary for builtin backend plugins.
27-
func New() (interface{}, error) {
28-
return Backend(), nil
29-
}
30-
31-
// Factory returns a new backend as logical.Backend.
25+
// Factory returns the backend
3226
func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
33-
b := Backend()
27+
b, err := Backend(conf)
28+
if err != nil {
29+
return nil, err
30+
}
3431
if err := b.Setup(ctx, conf); err != nil {
3532
return nil, err
3633
}
@@ -40,18 +37,21 @@ func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend,
4037
// FactoryType returns the factory
4138
func FactoryType(backendType logical.BackendType) logical.Factory {
4239
return func(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) {
43-
b := Backend()
40+
b, err := Backend(conf)
41+
if err != nil {
42+
return nil, err
43+
}
4444
b.BackendType = backendType
45-
if err := b.Setup(ctx, conf); err != nil {
45+
if err = b.Setup(ctx, conf); err != nil {
4646
return nil, err
4747
}
4848
return b, nil
4949
}
5050
}
5151

5252
// Backend returns the backend
53-
func Backend() *backend {
54-
var b backend
53+
func Backend(conf *logical.BackendConfig) (*PluginBackend, error) {
54+
var b PluginBackend
5555
b.Backend = &framework.Backend{
5656
Help: "",
5757
Paths: framework.PathAppend(
@@ -76,14 +76,15 @@ func Backend() *backend {
7676
Secrets: []*framework.Secret{},
7777
BackendType: logical.TypeLogical,
7878
}
79-
return &b
79+
return &b, nil
8080
}
8181

82-
type backend struct {
82+
// PluginBackend implements the Backend for this plugin
83+
type PluginBackend struct {
8384
*framework.Backend
8485
}
8586

86-
func (b *backend) pathExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
87+
func (b *PluginBackend) pathExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
8788
out, err := req.Storage.Get(ctx, req.Path)
8889
if err != nil {
8990
return false, fmt.Errorf("existence check failed: %v", err)

go.mod

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
module github.com/immutability-io/trustee
2+
3+
go 1.14
4+
5+
require (
6+
github.com/btcsuite/btcd v0.20.1-beta
7+
github.com/dgrijalva/jwt-go v3.2.0+incompatible
8+
github.com/ethereum/go-ethereum v1.9.16
9+
github.com/hashicorp/errwrap v1.0.0
10+
github.com/hashicorp/vault/api v1.0.4
11+
github.com/hashicorp/vault/sdk v0.1.13
12+
github.com/pborman/uuid v1.2.0
13+
github.com/sethvargo/go-diceware v0.2.0
14+
golang.org/x/crypto v0.0.0-20200709230013-948cd5f35899
15+
)

go.sum

Lines changed: 295 additions & 0 deletions
Large diffs are not rendered by default.

main.go

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -18,22 +18,20 @@ import (
1818
"log"
1919
"os"
2020

21-
"github.com/hashicorp/vault/helper/pluginutil"
22-
"github.com/hashicorp/vault/logical"
23-
"github.com/hashicorp/vault/logical/plugin"
21+
"github.com/hashicorp/vault/api"
22+
"github.com/hashicorp/vault/sdk/plugin"
2423
)
2524

2625
func main() {
27-
apiClientMeta := &pluginutil.APIClientMeta{}
26+
apiClientMeta := &api.PluginAPIClientMeta{}
2827
flags := apiClientMeta.FlagSet()
2928
flags.Parse(os.Args[1:]) // Ignore command, strictly parse flags
3029

3130
tlsConfig := apiClientMeta.GetTLSConfig()
32-
tlsProviderFunc := pluginutil.VaultPluginTLSProvider(tlsConfig)
31+
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
3332

34-
factoryFunc := FactoryType(logical.TypeLogical)
3533
err := plugin.Serve(&plugin.ServeOpts{
36-
BackendFactoryFunc: factoryFunc,
34+
BackendFactoryFunc: Factory,
3735
TLSProviderFunc: tlsProviderFunc,
3836
})
3937
if err != nil {

path_addresses.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -18,16 +18,16 @@ import (
1818
"context"
1919
"fmt"
2020

21-
"github.com/hashicorp/vault/logical"
22-
"github.com/hashicorp/vault/logical/framework"
21+
"github.com/hashicorp/vault/sdk/framework"
22+
"github.com/hashicorp/vault/sdk/logical"
2323
)
2424

2525
// AccountAddress stores the name of the account to allow reverse lookup by address
2626
type AccountAddress struct {
2727
Address string `json:"address"`
2828
}
2929

30-
func addressesPaths(b *backend) []*framework.Path {
30+
func addressesPaths(b *PluginBackend) []*framework.Path {
3131
return []*framework.Path{
3232
&framework.Path{
3333
Pattern: "addresses/?",
@@ -80,7 +80,7 @@ func addressesPaths(b *backend) []*framework.Path {
8080
}
8181
}
8282

83-
func (b *backend) pathAddressesRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
83+
func (b *PluginBackend) pathAddressesRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
8484
_, err := b.configured(ctx, req)
8585
if err != nil {
8686
return nil, err
@@ -104,7 +104,7 @@ func (b *backend) pathAddressesRead(ctx context.Context, req *logical.Request, d
104104
}, nil
105105
}
106106

107-
func (b *backend) pathAddressesList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
107+
func (b *PluginBackend) pathAddressesList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
108108
_, err := b.configured(ctx, req)
109109
if err != nil {
110110
return nil, err
@@ -117,7 +117,7 @@ func (b *backend) pathAddressesList(ctx context.Context, req *logical.Request, d
117117
return logical.ListResponse(vals), nil
118118
}
119119

120-
func (b *backend) readAddress(ctx context.Context, req *logical.Request, address string) (*AccountNames, error) {
120+
func (b *PluginBackend) readAddress(ctx context.Context, req *logical.Request, address string) (*AccountNames, error) {
121121
path := fmt.Sprintf("addresses/%s", address)
122122
entry, err := req.Storage.Get(ctx, path)
123123
if err != nil {
@@ -136,7 +136,7 @@ func (b *backend) readAddress(ctx context.Context, req *logical.Request, address
136136
return &accountNames, nil
137137
}
138138

139-
func (b *backend) pathAddressesVerify(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
139+
func (b *PluginBackend) pathAddressesVerify(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
140140
_, err := b.configured(ctx, req)
141141
if err != nil {
142142
return nil, err
@@ -158,7 +158,7 @@ func (b *backend) pathAddressesVerify(ctx context.Context, req *logical.Request,
158158
return b.verifySignature(ctx, req, data, account.Names[0])
159159
}
160160

161-
func (b *backend) crossReference(ctx context.Context, req *logical.Request, name, address string) error {
161+
func (b *PluginBackend) crossReference(ctx context.Context, req *logical.Request, name, address string) error {
162162
accountAddress := &AccountAddress{Address: address}
163163
accountNames, err := b.readAddress(ctx, req, address)
164164

@@ -191,7 +191,7 @@ func (b *backend) crossReference(ctx context.Context, req *logical.Request, name
191191
return nil
192192
}
193193

194-
func (b *backend) removeCrossReference(ctx context.Context, req *logical.Request, name, address string) error {
194+
func (b *PluginBackend) removeCrossReference(ctx context.Context, req *logical.Request, name, address string) error {
195195
pathAccountAddress := fmt.Sprintf("addresses/%s", address)
196196
pathAccountName := fmt.Sprintf("names/%s", name)
197197

path_audience.go

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,8 @@ import (
2323
jwt "github.com/dgrijalva/jwt-go"
2424
"github.com/ethereum/go-ethereum/common/hexutil"
2525
"github.com/ethereum/go-ethereum/crypto"
26-
"github.com/hashicorp/vault/logical"
27-
"github.com/hashicorp/vault/logical/framework"
26+
"github.com/hashicorp/vault/sdk/framework"
27+
"github.com/hashicorp/vault/sdk/logical"
2828
)
2929

3030
// Audience is a public key known to vault. A Trustee has an address (Ethereum-compatible)
@@ -33,7 +33,7 @@ type Audience struct {
3333
PublicKey string `json:"public_key"`
3434
}
3535

36-
func audiencesPaths(b *backend) []*framework.Path {
36+
func audiencesPaths(b *PluginBackend) []*framework.Path {
3737
return []*framework.Path{
3838
&framework.Path{
3939
Pattern: "audiences/?",
@@ -70,7 +70,7 @@ Creates (or updates) an audience.
7070
}
7171
}
7272

73-
func (b *backend) pathAudiencesList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
73+
func (b *PluginBackend) pathAudiencesList(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
7474
_, err := b.configured(ctx, req)
7575
if err != nil {
7676
return nil, err
@@ -82,7 +82,7 @@ func (b *backend) pathAudiencesList(ctx context.Context, req *logical.Request, d
8282
return logical.ListResponse(vals), nil
8383
}
8484

85-
func (b *backend) pathAudiencesCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
85+
func (b *PluginBackend) pathAudiencesCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
8686
_, err := b.configured(ctx, req)
8787
if err != nil {
8888
return nil, err
@@ -118,7 +118,7 @@ func (b *backend) pathAudiencesCreate(ctx context.Context, req *logical.Request,
118118
}, nil
119119
}
120120

121-
func (b *backend) pathAudiencesRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
121+
func (b *PluginBackend) pathAudiencesRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
122122
_, err := b.configured(ctx, req)
123123
if err != nil {
124124
return nil, err
@@ -142,7 +142,7 @@ func (b *backend) pathAudiencesRead(ctx context.Context, req *logical.Request, d
142142
}, nil
143143
}
144144

145-
func (b *backend) readAudience(ctx context.Context, req *logical.Request, name string) (*Audience, error) {
145+
func (b *PluginBackend) readAudience(ctx context.Context, req *logical.Request, name string) (*Audience, error) {
146146
path := fmt.Sprintf("audiences/%s", name)
147147
entry, err := req.Storage.Get(ctx, path)
148148
if err != nil {
@@ -162,7 +162,7 @@ func (b *backend) readAudience(ctx context.Context, req *logical.Request, name s
162162
return &audience, nil
163163
}
164164

165-
func (b *backend) pathAudiencesDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
165+
func (b *PluginBackend) pathAudiencesDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
166166
_, err := b.configured(ctx, req)
167167
if err != nil {
168168
return nil, err
@@ -173,7 +173,7 @@ func (b *backend) pathAudiencesDelete(ctx context.Context, req *logical.Request,
173173
return nil, nil
174174
}
175175

176-
func (b *backend) pathEncryptForAudience(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
176+
func (b *PluginBackend) pathEncryptForAudience(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
177177
_, err := b.configured(ctx, req)
178178
if err != nil {
179179
return nil, err
@@ -197,7 +197,7 @@ func (b *backend) pathEncryptForAudience(ctx context.Context, req *logical.Reque
197197

198198
}
199199

200-
func (b *backend) encryptForAudience(ctx context.Context, audience *Audience, plaintext string) (string, error) {
200+
func (b *PluginBackend) encryptForAudience(ctx context.Context, audience *Audience, plaintext string) (string, error) {
201201

202202
publicKeyBytes, err := hex.DecodeString(audience.PublicKey)
203203
if err != nil {
@@ -220,7 +220,7 @@ func (b *backend) encryptForAudience(ctx context.Context, audience *Audience, pl
220220

221221
}
222222

223-
func (b *backend) encryptClaims(ctx context.Context, audience *Audience, claims jwt.MapClaims) (jwt.MapClaims, error) {
223+
func (b *PluginBackend) encryptClaims(ctx context.Context, audience *Audience, claims jwt.MapClaims) (jwt.MapClaims, error) {
224224
encryptedClaims := make(jwt.MapClaims)
225225
for key, value := range claims {
226226
ciphertext, err := b.encryptForAudience(ctx, audience, value.(string))

path_config.go

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -19,16 +19,16 @@ import (
1919
"fmt"
2020

2121
"github.com/hashicorp/errwrap"
22-
"github.com/hashicorp/vault/helper/cidrutil"
23-
"github.com/hashicorp/vault/logical"
24-
"github.com/hashicorp/vault/logical/framework"
22+
"github.com/hashicorp/vault/sdk/framework"
23+
"github.com/hashicorp/vault/sdk/helper/cidrutil"
24+
"github.com/hashicorp/vault/sdk/logical"
2525
)
2626

2727
type config struct {
2828
BoundCIDRList []string `json:"bound_cidr_list_list" structs:"bound_cidr_list" mapstructure:"bound_cidr_list"`
2929
}
3030

31-
func configPaths(b *backend) []*framework.Path {
31+
func configPaths(b *PluginBackend) []*framework.Path {
3232
return []*framework.Path{
3333
&framework.Path{
3434
Pattern: "config",
@@ -52,7 +52,7 @@ IP addresses which can perform the login operation.`,
5252
}
5353
}
5454

55-
func (b *backend) pathWriteConfig(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
55+
func (b *PluginBackend) pathWriteConfig(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
5656
var boundCIDRList []string
5757
if boundCIDRListRaw, ok := data.GetOk("bound_cidr_list"); ok {
5858
boundCIDRList = boundCIDRListRaw.([]string)
@@ -77,7 +77,7 @@ func (b *backend) pathWriteConfig(ctx context.Context, req *logical.Request, dat
7777
}, nil
7878
}
7979

80-
func (b *backend) pathReadConfig(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
80+
func (b *PluginBackend) pathReadConfig(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
8181
configBundle, err := b.readConfig(ctx, req.Storage)
8282
if err != nil {
8383
return nil, err
@@ -96,7 +96,7 @@ func (b *backend) pathReadConfig(ctx context.Context, req *logical.Request, data
9696
}
9797

9898
// Config returns the configuration for this backend.
99-
func (b *backend) readConfig(ctx context.Context, s logical.Storage) (*config, error) {
99+
func (b *PluginBackend) readConfig(ctx context.Context, s logical.Storage) (*config, error) {
100100
entry, err := s.Get(ctx, "config")
101101
if err != nil {
102102
return nil, err
@@ -116,7 +116,7 @@ func (b *backend) readConfig(ctx context.Context, s logical.Storage) (*config, e
116116
return &result, nil
117117
}
118118

119-
func (b *backend) configured(ctx context.Context, req *logical.Request) (*config, error) {
119+
func (b *PluginBackend) configured(ctx context.Context, req *logical.Request) (*config, error) {
120120
config, err := b.readConfig(ctx, req.Storage)
121121
if err != nil {
122122
return nil, err
@@ -128,7 +128,7 @@ func (b *backend) configured(ctx context.Context, req *logical.Request) (*config
128128
return config, nil
129129
}
130130

131-
func (b *backend) validIPConstraints(config *config, req *logical.Request) (bool, error) {
131+
func (b *PluginBackend) validIPConstraints(config *config, req *logical.Request) (bool, error) {
132132
if len(config.BoundCIDRList) != 0 {
133133
if req.Connection == nil || req.Connection.RemoteAddr == "" {
134134
return false, fmt.Errorf("failed to get connection information")

path_import.go

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -22,12 +22,12 @@ import (
2222

2323
"github.com/ethereum/go-ethereum/common/hexutil"
2424
"github.com/ethereum/go-ethereum/crypto"
25-
"github.com/ethereum/go-ethereum/crypto/sha3"
26-
"github.com/hashicorp/vault/logical"
27-
"github.com/hashicorp/vault/logical/framework"
25+
"github.com/hashicorp/vault/sdk/framework"
26+
"github.com/hashicorp/vault/sdk/logical"
27+
"golang.org/x/crypto/sha3"
2828
)
2929

30-
func importPaths(b *backend) []*framework.Path {
30+
func importPaths(b *PluginBackend) []*framework.Path {
3131
return []*framework.Path{
3232
&framework.Path{
3333
Pattern: "import/" + framework.GenericNameRegex("name"),
@@ -56,12 +56,12 @@ Reads a JSON keystore, decrypts it and stores the passphrase.
5656
}
5757
}
5858

59-
func (b *backend) pathImportExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
59+
func (b *PluginBackend) pathImportExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
6060
trusteePath := strings.Replace(req.Path, RequestPathImport, RequestPathTrustees, -1)
6161
return pathExists(ctx, req, trusteePath)
6262
}
6363

64-
func (b *backend) pathImportCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
64+
func (b *PluginBackend) pathImportCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
6565
_, err := b.configured(ctx, req)
6666
if err != nil {
6767
return nil, err
@@ -91,7 +91,7 @@ func (b *backend) pathImportCreate(ctx context.Context, req *logical.Request, da
9191
publicKeyBytes := crypto.FromECDSAPub(publicKeyECDSA)
9292
publicKeyString := hexutil.Encode(publicKeyBytes)[4:]
9393

94-
hash := sha3.NewKeccak256()
94+
hash := sha3.NewLegacyKeccak256()
9595
hash.Write(publicKeyBytes[1:])
9696
address := hexutil.Encode(hash.Sum(nil)[12:])
9797

0 commit comments

Comments
 (0)