diff --git a/Makefile b/Makefile index d3443a0e8b..ba499ad740 100644 --- a/Makefile +++ b/Makefile @@ -22,6 +22,12 @@ ifneq ($(FDB_ENABLED), ) BUILD_TAGS+=foundationdb endif +# Set BUILD_MINIMAL to a non-empty value to build a minimal version of Vault with only core features. +BUILD_MINIMAL ?= +ifneq ($(strip $(BUILD_MINIMAL)),) + BUILD_TAGS+=minimal +endif + default: dev # bin generates the releasable binaries for Vault diff --git a/changelog/27394.txt b/changelog/27394.txt new file mode 100644 index 0000000000..81a04305f4 --- /dev/null +++ b/changelog/27394.txt @@ -0,0 +1,4 @@ +```release-note:feature +**Vault Minimal Version**: Add the ability to build a minimal version of Vault +with only core features using the BUILD_MINIMAL environment variable. +``` diff --git a/command/commands.go b/command/commands.go index f549f38ebb..7f0f302db0 100644 --- a/command/commands.go +++ b/command/commands.go @@ -10,48 +10,18 @@ import ( "github.com/hashicorp/cli" hcpvlib "github.com/hashicorp/vault-hcp-lib" - credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud" - credCF "github.com/hashicorp/vault-plugin-auth-cf" - credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin" credOIDC "github.com/hashicorp/vault-plugin-auth-jwt" - credKerb "github.com/hashicorp/vault-plugin-auth-kerberos" - credOCI "github.com/hashicorp/vault-plugin-auth-oci" logicalKv "github.com/hashicorp/vault-plugin-secrets-kv" "github.com/hashicorp/vault/audit" - credAws "github.com/hashicorp/vault/builtin/credential/aws" credCert "github.com/hashicorp/vault/builtin/credential/cert" - credGitHub "github.com/hashicorp/vault/builtin/credential/github" - credLdap "github.com/hashicorp/vault/builtin/credential/ldap" - credOkta "github.com/hashicorp/vault/builtin/credential/okta" credToken "github.com/hashicorp/vault/builtin/credential/token" credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" logicalDb "github.com/hashicorp/vault/builtin/logical/database" "github.com/hashicorp/vault/builtin/plugin" _ "github.com/hashicorp/vault/helper/builtinplugins" - physAerospike "github.com/hashicorp/vault/physical/aerospike" - physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss" - physAzure "github.com/hashicorp/vault/physical/azure" - physCassandra "github.com/hashicorp/vault/physical/cassandra" - physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb" - physConsul "github.com/hashicorp/vault/physical/consul" - physCouchDB "github.com/hashicorp/vault/physical/couchdb" - physDynamoDB "github.com/hashicorp/vault/physical/dynamodb" - physEtcd "github.com/hashicorp/vault/physical/etcd" - physFoundationDB "github.com/hashicorp/vault/physical/foundationdb" - physGCS "github.com/hashicorp/vault/physical/gcs" - physManta "github.com/hashicorp/vault/physical/manta" - physMSSQL "github.com/hashicorp/vault/physical/mssql" - physMySQL "github.com/hashicorp/vault/physical/mysql" - physOCI "github.com/hashicorp/vault/physical/oci" - physPostgreSQL "github.com/hashicorp/vault/physical/postgresql" physRaft "github.com/hashicorp/vault/physical/raft" - physS3 "github.com/hashicorp/vault/physical/s3" - physSpanner "github.com/hashicorp/vault/physical/spanner" - physSwift "github.com/hashicorp/vault/physical/swift" - physZooKeeper "github.com/hashicorp/vault/physical/zookeeper" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" - physFile "github.com/hashicorp/vault/sdk/physical/file" physInmem "github.com/hashicorp/vault/sdk/physical/inmem" sr "github.com/hashicorp/vault/serviceregistration" csr "github.com/hashicorp/vault/serviceregistration/consul" @@ -160,6 +130,23 @@ const ( ) var ( + physicalBackends = map[string]physical.Factory{ + "inmem_ha": physInmem.NewInmemHA, + "inmem_transactional_ha": physInmem.NewTransactionalInmemHA, + "inmem_transactional": physInmem.NewTransactionalInmem, + "inmem": physInmem.NewInmem, + "raft": physRaft.NewRaftBackend, + } + + loginHandlers = map[string]LoginHandler{ + "cert": &credCert.CLIHandler{}, + "oidc": &credOIDC.CLIHandler{}, + "token": &credToken.CLIHandler{}, + "userpass": &credUserpass.CLIHandler{ + DefaultMount: "userpass", + }, + } + auditBackends = map[string]audit.Factory{ "file": audit.NewFileBackend, "socket": audit.NewSocketBackend, @@ -178,66 +165,15 @@ var ( "kv": logicalKv.Factory, } - physicalBackends = map[string]physical.Factory{ - "aerospike": physAerospike.NewAerospikeBackend, - "alicloudoss": physAliCloudOSS.NewAliCloudOSSBackend, - "azure": physAzure.NewAzureBackend, - "cassandra": physCassandra.NewCassandraBackend, - "cockroachdb": physCockroachDB.NewCockroachDBBackend, - "consul": physConsul.NewConsulBackend, - "couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend, - "couchdb": physCouchDB.NewCouchDBBackend, - "dynamodb": physDynamoDB.NewDynamoDBBackend, - "etcd": physEtcd.NewEtcdBackend, - "file_transactional": physFile.NewTransactionalFileBackend, - "file": physFile.NewFileBackend, - "foundationdb": physFoundationDB.NewFDBBackend, - "gcs": physGCS.NewBackend, - "inmem_ha": physInmem.NewInmemHA, - "inmem_transactional_ha": physInmem.NewTransactionalInmemHA, - "inmem_transactional": physInmem.NewTransactionalInmem, - "inmem": physInmem.NewInmem, - "manta": physManta.NewMantaBackend, - "mssql": physMSSQL.NewMSSQLBackend, - "mysql": physMySQL.NewMySQLBackend, - "oci": physOCI.NewBackend, - "postgresql": physPostgreSQL.NewPostgreSQLBackend, - "s3": physS3.NewS3Backend, - "spanner": physSpanner.NewBackend, - "swift": physSwift.NewSwiftBackend, - "raft": physRaft.NewRaftBackend, - "zookeeper": physZooKeeper.NewZooKeeperBackend, - } - serviceRegistrations = map[string]sr.Factory{ "consul": csr.NewServiceRegistration, "kubernetes": ksr.NewServiceRegistration, } - - loginHandlers = map[string]LoginHandler{ - "alicloud": &credAliCloud.CLIHandler{}, - "aws": &credAws.CLIHandler{}, - "cert": &credCert.CLIHandler{}, - "cf": &credCF.CLIHandler{}, - "gcp": &credGcp.CLIHandler{}, - "github": &credGitHub.CLIHandler{}, - "kerberos": &credKerb.CLIHandler{}, - "ldap": &credLdap.CLIHandler{}, - "oci": &credOCI.CLIHandler{}, - "oidc": &credOIDC.CLIHandler{}, - "okta": &credOkta.CLIHandler{}, - "pcf": &credCF.CLIHandler{}, // Deprecated. - "radius": &credUserpass.CLIHandler{ - DefaultMount: "radius", - }, - "token": &credToken.CLIHandler{}, - "userpass": &credUserpass.CLIHandler{ - DefaultMount: "userpass", - }, - } ) func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) map[string]cli.CommandFactory { + extendAddonCommands() + getBaseCommand := func() *BaseCommand { return &BaseCommand{ UI: ui, diff --git a/command/commands_full.go b/command/commands_full.go new file mode 100644 index 0000000000..c853e8f5b8 --- /dev/null +++ b/command/commands_full.go @@ -0,0 +1,96 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build !minimal + +package command + +import ( + "maps" + + credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud" + credCF "github.com/hashicorp/vault-plugin-auth-cf" + credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin" + credKerb "github.com/hashicorp/vault-plugin-auth-kerberos" + credOCI "github.com/hashicorp/vault-plugin-auth-oci" + credAws "github.com/hashicorp/vault/builtin/credential/aws" + credGitHub "github.com/hashicorp/vault/builtin/credential/github" + credLdap "github.com/hashicorp/vault/builtin/credential/ldap" + credOkta "github.com/hashicorp/vault/builtin/credential/okta" + credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" + _ "github.com/hashicorp/vault/helper/builtinplugins" + physAerospike "github.com/hashicorp/vault/physical/aerospike" + physAliCloudOSS "github.com/hashicorp/vault/physical/alicloudoss" + physAzure "github.com/hashicorp/vault/physical/azure" + physCassandra "github.com/hashicorp/vault/physical/cassandra" + physCockroachDB "github.com/hashicorp/vault/physical/cockroachdb" + physConsul "github.com/hashicorp/vault/physical/consul" + physCouchDB "github.com/hashicorp/vault/physical/couchdb" + physDynamoDB "github.com/hashicorp/vault/physical/dynamodb" + physEtcd "github.com/hashicorp/vault/physical/etcd" + physFoundationDB "github.com/hashicorp/vault/physical/foundationdb" + physGCS "github.com/hashicorp/vault/physical/gcs" + physManta "github.com/hashicorp/vault/physical/manta" + physMSSQL "github.com/hashicorp/vault/physical/mssql" + physMySQL "github.com/hashicorp/vault/physical/mysql" + physOCI "github.com/hashicorp/vault/physical/oci" + physPostgreSQL "github.com/hashicorp/vault/physical/postgresql" + physS3 "github.com/hashicorp/vault/physical/s3" + physSpanner "github.com/hashicorp/vault/physical/spanner" + physSwift "github.com/hashicorp/vault/physical/swift" + physZooKeeper "github.com/hashicorp/vault/physical/zookeeper" + "github.com/hashicorp/vault/sdk/physical" + physFile "github.com/hashicorp/vault/sdk/physical/file" +) + +func newFullAddonCommands() (map[string]physical.Factory, map[string]LoginHandler) { + addonPhysicalBackends := map[string]physical.Factory{ + "aerospike": physAerospike.NewAerospikeBackend, + "alicloudoss": physAliCloudOSS.NewAliCloudOSSBackend, + "azure": physAzure.NewAzureBackend, + "cassandra": physCassandra.NewCassandraBackend, + "cockroachdb": physCockroachDB.NewCockroachDBBackend, + "consul": physConsul.NewConsulBackend, + "couchdb_transactional": physCouchDB.NewTransactionalCouchDBBackend, + "couchdb": physCouchDB.NewCouchDBBackend, + "dynamodb": physDynamoDB.NewDynamoDBBackend, + "etcd": physEtcd.NewEtcdBackend, + "file_transactional": physFile.NewTransactionalFileBackend, + "file": physFile.NewFileBackend, + "foundationdb": physFoundationDB.NewFDBBackend, + "gcs": physGCS.NewBackend, + "manta": physManta.NewMantaBackend, + "mssql": physMSSQL.NewMSSQLBackend, + "mysql": physMySQL.NewMySQLBackend, + "oci": physOCI.NewBackend, + "postgresql": physPostgreSQL.NewPostgreSQLBackend, + "s3": physS3.NewS3Backend, + "spanner": physSpanner.NewBackend, + "swift": physSwift.NewSwiftBackend, + "zookeeper": physZooKeeper.NewZooKeeperBackend, + } + addonLoginHandlers := map[string]LoginHandler{ + "alicloud": &credAliCloud.CLIHandler{}, + "aws": &credAws.CLIHandler{}, + "cf": &credCF.CLIHandler{}, + "gcp": &credGcp.CLIHandler{}, + "github": &credGitHub.CLIHandler{}, + "kerberos": &credKerb.CLIHandler{}, + "ldap": &credLdap.CLIHandler{}, + "oci": &credOCI.CLIHandler{}, + "okta": &credOkta.CLIHandler{}, + "pcf": &credCF.CLIHandler{}, // Deprecated. + "radius": &credUserpass.CLIHandler{ + DefaultMount: "radius", + }, + } + + return addonPhysicalBackends, addonLoginHandlers +} + +func extendAddonCommands() { + addonPhysicalBackends, addonLoginHandlers := newFullAddonCommands() + + maps.Copy(physicalBackends, addonPhysicalBackends) + maps.Copy(loginHandlers, addonLoginHandlers) +} diff --git a/command/commands_full_test.go b/command/commands_full_test.go new file mode 100644 index 0000000000..b3f5c5fe9d --- /dev/null +++ b/command/commands_full_test.go @@ -0,0 +1,45 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build !enterprise && !minimal + +package command + +import ( + "maps" + "testing" + + "github.com/stretchr/testify/require" +) + +// Test_extendAddonCommands tests extendAddonCommands() extends physical and logical backends with +// those generated by newFullAddonCommands() +func Test_extendAddonCommands(t *testing.T) { + expMinPhysicalBackends := maps.Clone(physicalBackends) + expMinLoginHandlers := maps.Clone(loginHandlers) + + expAddonPhysicalBackends, expAddonLoginHandlers := newFullAddonCommands() + + extendAddonCommands() + + require.Equal(t, len(expMinPhysicalBackends)+len(expAddonPhysicalBackends), len(physicalBackends), + "extended total physical backends mismatch total of minimal and full addon physical backends") + require.Equal(t, len(expMinLoginHandlers)+len(expAddonLoginHandlers), len(loginHandlers), + "extended total login handlers mismatch total of minimal and full addon login handlers") + + for k := range expMinPhysicalBackends { + require.Contains(t, physicalBackends, k, "expected to contain minimal physical backend") + } + + for k := range expAddonPhysicalBackends { + require.Contains(t, physicalBackends, k, "expected to contain full addon physical backend") + } + + for k := range expMinLoginHandlers { + require.Contains(t, loginHandlers, k, "expected to contain minimal login handler") + } + + for k := range expAddonLoginHandlers { + require.Contains(t, loginHandlers, k, "expected to contain full addon login handler") + } +} diff --git a/command/commands_min.go b/command/commands_min.go new file mode 100644 index 0000000000..3833936226 --- /dev/null +++ b/command/commands_min.go @@ -0,0 +1,14 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build minimal + +package command + +import ( + _ "github.com/hashicorp/vault/helper/builtinplugins" +) + +func extendAddonCommands() { + // No-op +} diff --git a/command/commands_test.go b/command/commands_test.go index ac057f737c..4ae1d8c352 100644 --- a/command/commands_test.go +++ b/command/commands_test.go @@ -26,8 +26,6 @@ func Test_Commands_HCPInit(t *testing.T) { for n, tst := range tests { t.Run(n, func(t *testing.T) { - t.Parallel() - mockUi := cli.NewMockUi() commands := initCommands(mockUi, nil, nil) if tst.expectError { diff --git a/helper/builtinplugins/registry.go b/helper/builtinplugins/registry.go index feaa7a100d..e5a6044e5f 100644 --- a/helper/builtinplugins/registry.go +++ b/helper/builtinplugins/registry.go @@ -6,54 +6,14 @@ package builtinplugins import ( "context" - credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud" - credAzure "github.com/hashicorp/vault-plugin-auth-azure" - credCF "github.com/hashicorp/vault-plugin-auth-cf" - credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin" credJWT "github.com/hashicorp/vault-plugin-auth-jwt" - credKerb "github.com/hashicorp/vault-plugin-auth-kerberos" - credKube "github.com/hashicorp/vault-plugin-auth-kubernetes" - credOCI "github.com/hashicorp/vault-plugin-auth-oci" - dbCouchbase "github.com/hashicorp/vault-plugin-database-couchbase" - dbElastic "github.com/hashicorp/vault-plugin-database-elasticsearch" - dbMongoAtlas "github.com/hashicorp/vault-plugin-database-mongodbatlas" - dbRedis "github.com/hashicorp/vault-plugin-database-redis" - dbRedisElastiCache "github.com/hashicorp/vault-plugin-database-redis-elasticache" - dbSnowflake "github.com/hashicorp/vault-plugin-database-snowflake" - logicalAd "github.com/hashicorp/vault-plugin-secrets-ad/plugin" - logicalAlicloud "github.com/hashicorp/vault-plugin-secrets-alicloud" - logicalAzure "github.com/hashicorp/vault-plugin-secrets-azure" - logicalGcp "github.com/hashicorp/vault-plugin-secrets-gcp/plugin" - logicalGcpKms "github.com/hashicorp/vault-plugin-secrets-gcpkms" - logicalKube "github.com/hashicorp/vault-plugin-secrets-kubernetes" logicalKv "github.com/hashicorp/vault-plugin-secrets-kv" - logicalMongoAtlas "github.com/hashicorp/vault-plugin-secrets-mongodbatlas" - logicalLDAP "github.com/hashicorp/vault-plugin-secrets-openldap" - logicalTerraform "github.com/hashicorp/vault-plugin-secrets-terraform" credAppRole "github.com/hashicorp/vault/builtin/credential/approle" - credAws "github.com/hashicorp/vault/builtin/credential/aws" credCert "github.com/hashicorp/vault/builtin/credential/cert" - credGitHub "github.com/hashicorp/vault/builtin/credential/github" - credLdap "github.com/hashicorp/vault/builtin/credential/ldap" - credOkta "github.com/hashicorp/vault/builtin/credential/okta" - credRadius "github.com/hashicorp/vault/builtin/credential/radius" credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" - logicalAws "github.com/hashicorp/vault/builtin/logical/aws" - logicalConsul "github.com/hashicorp/vault/builtin/logical/consul" - logicalNomad "github.com/hashicorp/vault/builtin/logical/nomad" logicalPki "github.com/hashicorp/vault/builtin/logical/pki" - logicalRabbit "github.com/hashicorp/vault/builtin/logical/rabbitmq" logicalSsh "github.com/hashicorp/vault/builtin/logical/ssh" - logicalTotp "github.com/hashicorp/vault/builtin/logical/totp" logicalTransit "github.com/hashicorp/vault/builtin/logical/transit" - dbCass "github.com/hashicorp/vault/plugins/database/cassandra" - dbHana "github.com/hashicorp/vault/plugins/database/hana" - dbInflux "github.com/hashicorp/vault/plugins/database/influxdb" - dbMongo "github.com/hashicorp/vault/plugins/database/mongodb" - dbMssql "github.com/hashicorp/vault/plugins/database/mssql" - dbMysql "github.com/hashicorp/vault/plugins/database/mysql" - dbPostgres "github.com/hashicorp/vault/plugins/database/postgresql" - dbRedshift "github.com/hashicorp/vault/plugins/database/redshift" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/logical" @@ -93,104 +53,29 @@ func removedFactory(ctx context.Context, config *logical.BackendConfig) (logical return removedBackend, nil } -func newRegistry() *registry { - reg := ®istry{ +func newMinimalRegistry() *registry { + return ®istry{ credentialBackends: map[string]credentialBackend{ - "alicloud": {Factory: credAliCloud.Factory}, - "app-id": { - Factory: removedFactory, - DeprecationStatus: consts.Removed, - }, - "approle": {Factory: credAppRole.Factory}, - "aws": {Factory: credAws.Factory}, - "azure": {Factory: credAzure.Factory}, - "cert": {Factory: credCert.Factory}, - "cf": {Factory: credCF.Factory}, - "gcp": {Factory: credGcp.Factory}, - "github": {Factory: credGitHub.Factory}, - "jwt": {Factory: credJWT.Factory}, - "kerberos": {Factory: credKerb.Factory}, - "kubernetes": {Factory: credKube.Factory}, - "ldap": {Factory: credLdap.Factory}, - "oci": {Factory: credOCI.Factory}, - "oidc": {Factory: credJWT.Factory}, - "okta": {Factory: credOkta.Factory}, - "pcf": { - Factory: credCF.Factory, - DeprecationStatus: consts.Deprecated, - }, - "radius": {Factory: credRadius.Factory}, + "approle": {Factory: credAppRole.Factory}, + "cert": {Factory: credCert.Factory}, + "jwt": {Factory: credJWT.Factory}, + "oidc": {Factory: credJWT.Factory}, "userpass": {Factory: credUserpass.Factory}, }, - databasePlugins: map[string]databasePlugin{ - // These four plugins all use the same mysql implementation but with - // different username settings passed by the constructor. - "mysql-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultUserNameTemplate)}, - "mysql-aurora-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)}, - "mysql-rds-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)}, - "mysql-legacy-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)}, - - "cassandra-database-plugin": {Factory: dbCass.New}, - "couchbase-database-plugin": {Factory: dbCouchbase.New}, - "elasticsearch-database-plugin": {Factory: dbElastic.New}, - "hana-database-plugin": {Factory: dbHana.New}, - "influxdb-database-plugin": {Factory: dbInflux.New}, - "mongodb-database-plugin": {Factory: dbMongo.New}, - "mongodbatlas-database-plugin": {Factory: dbMongoAtlas.New}, - "mssql-database-plugin": {Factory: dbMssql.New}, - "postgresql-database-plugin": {Factory: dbPostgres.New}, - "redshift-database-plugin": {Factory: dbRedshift.New}, - "redis-database-plugin": {Factory: dbRedis.New}, - "redis-elasticache-database-plugin": {Factory: dbRedisElastiCache.New}, - "snowflake-database-plugin": {Factory: dbSnowflake.New}, - }, + databasePlugins: map[string]databasePlugin{}, logicalBackends: map[string]logicalBackend{ - "ad": { - Factory: logicalAd.Factory, - DeprecationStatus: consts.Deprecated, - }, - "alicloud": {Factory: logicalAlicloud.Factory}, - "aws": {Factory: logicalAws.Factory}, - "azure": {Factory: logicalAzure.Factory}, - "cassandra": { - Factory: removedFactory, - DeprecationStatus: consts.Removed, - }, - "consul": {Factory: logicalConsul.Factory}, - "gcp": {Factory: logicalGcp.Factory}, - "gcpkms": {Factory: logicalGcpKms.Factory}, - "kubernetes": {Factory: logicalKube.Factory}, - "kv": {Factory: logicalKv.Factory}, - "mongodb": { - Factory: removedFactory, - DeprecationStatus: consts.Removed, - }, - // The mongodbatlas secrets engine is not the same as the database plugin equivalent - // (`mongodbatlas-database-plugin`), and thus will not be deprecated at this time. - "mongodbatlas": {Factory: logicalMongoAtlas.Factory}, - "mssql": { - Factory: removedFactory, - DeprecationStatus: consts.Removed, - }, - "mysql": { - Factory: removedFactory, - DeprecationStatus: consts.Removed, - }, - "nomad": {Factory: logicalNomad.Factory}, - "openldap": {Factory: logicalLDAP.Factory}, - "ldap": {Factory: logicalLDAP.Factory}, - "pki": {Factory: logicalPki.Factory}, - "postgresql": { - Factory: removedFactory, - DeprecationStatus: consts.Removed, - }, - "rabbitmq": {Factory: logicalRabbit.Factory}, - "ssh": {Factory: logicalSsh.Factory}, - "terraform": {Factory: logicalTerraform.Factory}, - "totp": {Factory: logicalTotp.Factory}, - "transit": {Factory: logicalTransit.Factory}, + "kv": {Factory: logicalKv.Factory}, + "pki": {Factory: logicalPki.Factory}, + "ssh": {Factory: logicalSsh.Factory}, + "transit": {Factory: logicalTransit.Factory}, }, } +} + +func newRegistry() *registry { + reg := newMinimalRegistry() + + extendAddonPlugins(reg) entAddExtPlugins(reg) diff --git a/helper/builtinplugins/registry_full.go b/helper/builtinplugins/registry_full.go new file mode 100644 index 0000000000..32bba40487 --- /dev/null +++ b/helper/builtinplugins/registry_full.go @@ -0,0 +1,149 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build !minimal + +package builtinplugins + +import ( + "maps" + + credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud" + credAzure "github.com/hashicorp/vault-plugin-auth-azure" + credCF "github.com/hashicorp/vault-plugin-auth-cf" + credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin" + credKerb "github.com/hashicorp/vault-plugin-auth-kerberos" + credKube "github.com/hashicorp/vault-plugin-auth-kubernetes" + credOCI "github.com/hashicorp/vault-plugin-auth-oci" + dbCouchbase "github.com/hashicorp/vault-plugin-database-couchbase" + dbElastic "github.com/hashicorp/vault-plugin-database-elasticsearch" + dbMongoAtlas "github.com/hashicorp/vault-plugin-database-mongodbatlas" + dbRedis "github.com/hashicorp/vault-plugin-database-redis" + dbRedisElastiCache "github.com/hashicorp/vault-plugin-database-redis-elasticache" + dbSnowflake "github.com/hashicorp/vault-plugin-database-snowflake" + logicalAd "github.com/hashicorp/vault-plugin-secrets-ad/plugin" + logicalAlicloud "github.com/hashicorp/vault-plugin-secrets-alicloud" + logicalAzure "github.com/hashicorp/vault-plugin-secrets-azure" + logicalGcp "github.com/hashicorp/vault-plugin-secrets-gcp/plugin" + logicalGcpKms "github.com/hashicorp/vault-plugin-secrets-gcpkms" + logicalKube "github.com/hashicorp/vault-plugin-secrets-kubernetes" + logicalMongoAtlas "github.com/hashicorp/vault-plugin-secrets-mongodbatlas" + logicalLDAP "github.com/hashicorp/vault-plugin-secrets-openldap" + logicalTerraform "github.com/hashicorp/vault-plugin-secrets-terraform" + credAws "github.com/hashicorp/vault/builtin/credential/aws" + credGitHub "github.com/hashicorp/vault/builtin/credential/github" + credLdap "github.com/hashicorp/vault/builtin/credential/ldap" + credOkta "github.com/hashicorp/vault/builtin/credential/okta" + credRadius "github.com/hashicorp/vault/builtin/credential/radius" + logicalAws "github.com/hashicorp/vault/builtin/logical/aws" + logicalConsul "github.com/hashicorp/vault/builtin/logical/consul" + logicalNomad "github.com/hashicorp/vault/builtin/logical/nomad" + logicalRabbit "github.com/hashicorp/vault/builtin/logical/rabbitmq" + logicalTotp "github.com/hashicorp/vault/builtin/logical/totp" + dbCass "github.com/hashicorp/vault/plugins/database/cassandra" + dbHana "github.com/hashicorp/vault/plugins/database/hana" + dbInflux "github.com/hashicorp/vault/plugins/database/influxdb" + dbMongo "github.com/hashicorp/vault/plugins/database/mongodb" + dbMssql "github.com/hashicorp/vault/plugins/database/mssql" + dbMysql "github.com/hashicorp/vault/plugins/database/mysql" + dbPostgres "github.com/hashicorp/vault/plugins/database/postgresql" + dbRedshift "github.com/hashicorp/vault/plugins/database/redshift" + "github.com/hashicorp/vault/sdk/helper/consts" +) + +func newFullAddonRegistry() *registry { + return ®istry{ + credentialBackends: map[string]credentialBackend{ + "alicloud": {Factory: credAliCloud.Factory}, + "app-id": { + Factory: removedFactory, + DeprecationStatus: consts.Removed, + }, + "aws": {Factory: credAws.Factory}, + "azure": {Factory: credAzure.Factory}, + "cf": {Factory: credCF.Factory}, + "gcp": {Factory: credGcp.Factory}, + "github": {Factory: credGitHub.Factory}, + "kerberos": {Factory: credKerb.Factory}, + "kubernetes": {Factory: credKube.Factory}, + "ldap": {Factory: credLdap.Factory}, + "oci": {Factory: credOCI.Factory}, + "okta": {Factory: credOkta.Factory}, + "pcf": { + Factory: credCF.Factory, + DeprecationStatus: consts.Deprecated, + }, + "radius": {Factory: credRadius.Factory}, + }, + databasePlugins: map[string]databasePlugin{ + // These four plugins all use the same mysql implementation but with + // different username settings passed by the constructor. + "mysql-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultUserNameTemplate)}, + "mysql-aurora-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)}, + "mysql-rds-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)}, + "mysql-legacy-database-plugin": {Factory: dbMysql.New(dbMysql.DefaultLegacyUserNameTemplate)}, + + "cassandra-database-plugin": {Factory: dbCass.New}, + "couchbase-database-plugin": {Factory: dbCouchbase.New}, + "elasticsearch-database-plugin": {Factory: dbElastic.New}, + "hana-database-plugin": {Factory: dbHana.New}, + "influxdb-database-plugin": {Factory: dbInflux.New}, + "mongodb-database-plugin": {Factory: dbMongo.New}, + "mongodbatlas-database-plugin": {Factory: dbMongoAtlas.New}, + "mssql-database-plugin": {Factory: dbMssql.New}, + "postgresql-database-plugin": {Factory: dbPostgres.New}, + "redshift-database-plugin": {Factory: dbRedshift.New}, + "redis-database-plugin": {Factory: dbRedis.New}, + "redis-elasticache-database-plugin": {Factory: dbRedisElastiCache.New}, + "snowflake-database-plugin": {Factory: dbSnowflake.New}, + }, + logicalBackends: map[string]logicalBackend{ + "ad": { + Factory: logicalAd.Factory, + DeprecationStatus: consts.Deprecated, + }, + "alicloud": {Factory: logicalAlicloud.Factory}, + "aws": {Factory: logicalAws.Factory}, + "azure": {Factory: logicalAzure.Factory}, + "cassandra": { + Factory: removedFactory, + DeprecationStatus: consts.Removed, + }, + "consul": {Factory: logicalConsul.Factory}, + "gcp": {Factory: logicalGcp.Factory}, + "gcpkms": {Factory: logicalGcpKms.Factory}, + "kubernetes": {Factory: logicalKube.Factory}, + "mongodb": { + Factory: removedFactory, + DeprecationStatus: consts.Removed, + }, + "mongodbatlas": {Factory: logicalMongoAtlas.Factory}, + "mssql": { + Factory: removedFactory, + DeprecationStatus: consts.Removed, + }, + "mysql": { + Factory: removedFactory, + DeprecationStatus: consts.Removed, + }, + "nomad": {Factory: logicalNomad.Factory}, + "openldap": {Factory: logicalLDAP.Factory}, + "ldap": {Factory: logicalLDAP.Factory}, + "postgresql": { + Factory: removedFactory, + DeprecationStatus: consts.Removed, + }, + "rabbitmq": {Factory: logicalRabbit.Factory}, + "terraform": {Factory: logicalTerraform.Factory}, + "totp": {Factory: logicalTotp.Factory}, + }, + } +} + +func extendAddonPlugins(reg *registry) { + addonReg := newFullAddonRegistry() + + maps.Copy(reg.credentialBackends, addonReg.credentialBackends) + maps.Copy(reg.databasePlugins, addonReg.databasePlugins) + maps.Copy(reg.logicalBackends, addonReg.logicalBackends) +} diff --git a/helper/builtinplugins/registry_full_test.go b/helper/builtinplugins/registry_full_test.go new file mode 100644 index 0000000000..23626daf52 --- /dev/null +++ b/helper/builtinplugins/registry_full_test.go @@ -0,0 +1,30 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build !enterprise && !minimal + +package builtinplugins + +import ( + "testing" + + "github.com/stretchr/testify/require" +) + +// Test_newRegistry tests that newRegistry() returns a registry with +// the expected minimal registry extended with full addon registry +func Test_newRegistry(t *testing.T) { + actual := newRegistry() + expMinimal := newMinimalRegistry() + expFullAddon := newFullAddonRegistry() + + require.Equal(t, len(expMinimal.credentialBackends)+len(expFullAddon.credentialBackends), len(actual.credentialBackends), + "newRegistry() total auth backends mismatch total of minimal and full addon registries") + require.Equal(t, len(expMinimal.databasePlugins)+len(expFullAddon.databasePlugins), len(actual.databasePlugins), + "newRegistry() total database plugins mismatch total of minimal and full addon registries") + require.Equal(t, len(expMinimal.logicalBackends)+len(expFullAddon.logicalBackends), len(actual.logicalBackends), + "newRegistry() total logical backends mismatch total of minimal and full addon registries") + + assertRegistrySubset(t, actual, expMinimal, "common") + assertRegistrySubset(t, actual, expFullAddon, "full addon") +} diff --git a/helper/builtinplugins/registry_min.go b/helper/builtinplugins/registry_min.go new file mode 100644 index 0000000000..75b281f631 --- /dev/null +++ b/helper/builtinplugins/registry_min.go @@ -0,0 +1,10 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build minimal + +package builtinplugins + +func extendAddonPlugins(_ *registry) { + // No-op +} diff --git a/helper/builtinplugins/registry_testing_util.go b/helper/builtinplugins/registry_testing_util.go new file mode 100644 index 0000000000..78d0f93867 --- /dev/null +++ b/helper/builtinplugins/registry_testing_util.go @@ -0,0 +1,27 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package builtinplugins + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/require" +) + +func assertRegistrySubset(t *testing.T, r, subset *registry, subsetName string) { + t.Helper() + + for k := range subset.credentialBackends { + require.Contains(t, r.credentialBackends, k, fmt.Sprintf("expected to contain %s auth backend", subsetName)) + } + + for k := range subset.databasePlugins { + require.Contains(t, r.databasePlugins, k, fmt.Sprintf("expected to contain %s database plugin", subsetName)) + } + + for k := range subset.logicalBackends { + require.Contains(t, r.logicalBackends, k, fmt.Sprintf("expected to contain %s logical backend", subsetName)) + } +}