mirror of
https://github.com/hashicorp/vault.git
synced 2026-04-27 09:07:59 -04:00
9839d40b10
* rotation-manager: enable RM to send rotation information to plugins on registration/rotation operations (#11810) * initial commit for sending NVR to plugins * add changelog * add NVR to plugin fields, add RotationInfo to GRPC request handler * fix tests * ensure consistent formats on times and ttls * add translation to allow grpc data transfer * fix tests and rename fields * fix missed field renames in tests * make all methods net-new for backwards compatibility * update mock plugin and add oss stub back * remove method with no usages * Address wrapper comments * Rebuild proto * Nil check around SetRotationInfo, return n/a for no last_vault_rotation * Fix error to match other instances * Update fields.go * Return nil if unset for next/last vault rotation times --------- Co-authored-by: robmonte <17119716+robmonte@users.noreply.github.com> * Fix return type in stub method --------- Co-authored-by: vinay-gopalan <86625824+vinay-gopalan@users.noreply.github.com> Co-authored-by: robmonte <17119716+robmonte@users.noreply.github.com>
147 lines
4 KiB
Go
147 lines
4 KiB
Go
// Copyright IBM Corp. 2016, 2025
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package mock
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/hashicorp/vault/sdk/framework"
|
|
"github.com/hashicorp/vault/sdk/helper/automatedrotationutil"
|
|
"github.com/hashicorp/vault/sdk/logical"
|
|
"github.com/hashicorp/vault/sdk/rotation"
|
|
)
|
|
|
|
// pathConfig is used to test auto rotation.
|
|
func pathConfig(b *backend) *framework.Path {
|
|
p := &framework.Path{
|
|
Pattern: "config",
|
|
Fields: map[string]*framework.FieldSchema{
|
|
"fail_rotate": {
|
|
Type: framework.TypeBool,
|
|
},
|
|
},
|
|
Callbacks: map[logical.Operation]framework.OperationFunc{
|
|
logical.CreateOperation: b.pathConfigUpdate,
|
|
logical.UpdateOperation: b.pathConfigUpdate,
|
|
logical.ReadOperation: b.pathConfigRead,
|
|
},
|
|
ExistenceCheck: b.pathConfigExistenceCheck,
|
|
}
|
|
automatedrotationutil.AddAutomatedRotationFields(p.Fields)
|
|
return p
|
|
}
|
|
|
|
func (b *backend) pathConfigUpdate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
|
conf, err := b.configEntry(ctx, req.Storage)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if conf == nil {
|
|
conf = &config{}
|
|
}
|
|
|
|
if failRotateRaw, ok := data.GetOk("fail_rotate"); ok {
|
|
conf.FailRotate = failRotateRaw.(bool)
|
|
}
|
|
|
|
if err := conf.ParseAutomatedRotationFields(data); err != nil {
|
|
return logical.ErrorResponse(err.Error()), nil
|
|
}
|
|
|
|
if conf.ShouldDeregisterRotationJob() {
|
|
deregisterReq := &rotation.RotationJobDeregisterRequest{
|
|
MountPoint: req.MountPoint,
|
|
ReqPath: req.Path,
|
|
}
|
|
|
|
b.Logger().Debug("Deregistering rotation job", "mount", req.MountPoint+req.Path)
|
|
if err := b.System().DeregisterRotationJob(ctx, deregisterReq); err != nil {
|
|
return logical.ErrorResponse("error deregistering rotation job: %s", err), nil
|
|
}
|
|
} else if conf.ShouldRegisterRotationJob() {
|
|
cfgReq := &rotation.RotationJobConfigureRequest{
|
|
MountPoint: req.MountPoint,
|
|
ReqPath: req.Path,
|
|
RotationSchedule: conf.RotationSchedule,
|
|
RotationWindow: conf.RotationWindow,
|
|
RotationPeriod: conf.RotationPeriod,
|
|
RotationPolicy: conf.RotationPolicy,
|
|
}
|
|
|
|
b.Logger().Debug("Registering rotation job", "mount", req.MountPoint+req.Path)
|
|
resp, err := b.System().RegisterRotationJobWithResponse(ctx, cfgReq)
|
|
if err != nil {
|
|
return logical.ErrorResponse("error registering rotation job: %s", err), nil
|
|
}
|
|
|
|
conf.SetRotationInfo(resp)
|
|
}
|
|
|
|
entry, err := logical.StorageEntryJSON("config", conf)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if err := req.Storage.Put(ctx, entry); err != nil {
|
|
return nil, err
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
|
conf, err := b.configEntry(ctx, req.Storage)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
if conf == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
configData := map[string]interface{}{}
|
|
conf.PopulateAutomatedRotationData(configData)
|
|
conf.PopulateRotationInfo(configData)
|
|
configData["ttl"] = conf.GetTTL()
|
|
|
|
return &logical.Response{
|
|
Data: configData,
|
|
}, nil
|
|
}
|
|
|
|
func (b *backend) pathConfigDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
|
|
if err := req.Storage.Delete(ctx, "config"); err != nil {
|
|
return nil, err
|
|
}
|
|
return nil, nil
|
|
}
|
|
|
|
func (b *backend) pathConfigExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
|
|
entry, err := b.configEntry(ctx, req.Storage)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return entry != nil, nil
|
|
}
|
|
|
|
// Fetch the client configuration required to access the AWS API.
|
|
func (b *backend) configEntry(ctx context.Context, s logical.Storage) (*config, error) {
|
|
entry, err := s.Get(ctx, "config")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if entry == nil {
|
|
return nil, nil
|
|
}
|
|
|
|
var result config
|
|
if err := entry.DecodeJSON(&result); err != nil {
|
|
return nil, err
|
|
}
|
|
return &result, nil
|
|
}
|
|
|
|
type config struct {
|
|
FailRotate bool
|
|
automatedrotationutil.AutomatedRotationParams
|
|
automatedrotationutil.RotationInfoResponseParams
|
|
}
|