-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
0 parents
commit b5b809b
Showing
17 changed files
with
874 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
# Overview | ||
A high level description of the contribution, including: | ||
Who the change affects or is for (stakeholders)? | ||
What is the change? | ||
Why is the change needed? | ||
How does this change affect the user experience (if at all)? | ||
|
||
# Related Issues/Pull Requests | ||
- [ ] [Issue #1234](https://github.com/hashicorp/vault/issues/1234) | ||
- [ ] [PR #1234](https://github.com/hashicorp/vault/pr/1234) | ||
|
||
# Contributor Checklist | ||
- [ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet | ||
- [ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests) | ||
- [ ] Backwards compatible |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
name: Lint GitHub Actions Workflows | ||
on: | ||
push: | ||
paths: | ||
- '.github/workflows/**' | ||
jobs: | ||
actionlint: | ||
# using `main` as the ref will keep your workflow up-to-date | ||
uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
name: Upgrade dependencies | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
# Runs 12:00AM on the first of every month | ||
- cron: '0 0 1 * *' | ||
jobs: | ||
upgrade: | ||
# using `main` as the ref will keep your workflow up-to-date | ||
uses: hashicorp/vault-workflows-common/.github/workflows/bulk-dependency-updates.yaml@main | ||
secrets: | ||
VAULT_ECO_GITHUB_TOKEN: ${{ secrets.VAULT_ECO_GITHUB_TOKEN }} | ||
with: | ||
reviewer-team: hashicorp/vault-ecosystem-applications | ||
repository: ${{ github.repository }} | ||
run-id: ${{ github.run_id }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
name: Jira Sync | ||
on: | ||
issues: | ||
types: [opened, closed, deleted, reopened] | ||
pull_request_target: | ||
types: [opened, closed, reopened] | ||
issue_comment: # Also triggers when commenting on a PR from the conversation view | ||
types: [created] | ||
jobs: | ||
sync: | ||
uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main | ||
secrets: | ||
JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }} | ||
JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }} | ||
JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }} | ||
with: | ||
teams-array: '["ecosystem", "applications-eco"]' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
name: Run Tests | ||
on: | ||
push: | ||
jobs: | ||
run-tests: | ||
# using `main` as the ref will keep your workflow up-to-date | ||
uses: hashicorp/vault-workflows-common/.github/workflows/tests.yaml@main |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
.DS_Store | ||
.idea | ||
.vscode | ||
pkg/* | ||
bin/* | ||
go.work | ||
go.work.sum |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
1.20.4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
## Unreleased |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# Determine this makefile's path. | ||
# Be sure to place this BEFORE `include` directives, if any. | ||
REPO_DIR := $(shell basename $(CURDIR)) | ||
|
||
PLUGIN_NAME := $(shell command ls cmd/) | ||
|
||
.PHONY: default | ||
default: dev | ||
|
||
.PHONY: dev | ||
dev: | ||
CGO_ENABLED=0 go build -o bin/$(PLUGIN_NAME) cmd/$(PLUGIN_NAME)/main.go | ||
|
||
# bootstrap the build by downloading additional tools | ||
.PHONY: bootstrap | ||
bootstrap: | ||
@echo "Downloading tools ..." | ||
@go generate -tags tools tools/tools.go | ||
# This should only ever be performed once, so we lean on the cmd/ directory | ||
# to indicate whether this has already been done. | ||
@if [ "$(PLUGIN_NAME)" != "$(REPO_DIR)" ]; then \ | ||
echo "Renaming cmd/$(PLUGIN_NAME) to cmd/$(REPO_DIR) ..."; \ | ||
mv cmd/$(PLUGIN_NAME) to cmd/$(REPO_DIR); \ | ||
echo "Renaming Go module to github.com/hashicorp/$(REPO_DIR) ..."; \ | ||
go mod edit -module github.com/hashicorp/$(REPO_DIR); \ | ||
fi | ||
|
||
|
||
.PHONY: test | ||
test: fmtcheck | ||
CGO_ENABLED=0 go test ./... $(TESTARGS) -timeout=20m | ||
|
||
.PHONY: fmtcheck | ||
fmtcheck: | ||
@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'" | ||
|
||
.PHONY: fmt | ||
fmt: | ||
gofumpt -l -w . |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,147 @@ | ||
# Vault Plugin Scaffolding | ||
|
||
This is a standalone backend plugin for use with [Hashicorp | ||
Vault](https://www.github.com/hashicorp/vault). | ||
|
||
[//]: <> (Include a general statement about this plugin) | ||
|
||
Please note: We take Vault's security and our users' trust very seriously. If | ||
you believe you have found a security issue in Vault, please responsibly | ||
disclose by contacting us at [[email protected]](mailto:[email protected]). | ||
|
||
## Using this Template Repository | ||
|
||
_Note: Remove this instruction sub-heading once you've created a repository from this template_ | ||
|
||
This repository is a template for a Vault secret engine and auth method plugins. | ||
It is intended as a starting point for creating Vault plugins, containing: | ||
|
||
- Changelog, readme, Makefile, pull request template | ||
- Scripts for internal tooling | ||
- Jira sync and basic testing GitHub actions | ||
- A base `main.go` for compiling the plugin | ||
|
||
There's some minimal GitHub Secrets setup required in order to get the Jira sync | ||
GH action working. Install the `gh` [CLI](https://cli.github.com/manual/) and | ||
perform the following commands to set secrets for this repository. | ||
|
||
```sh | ||
gh secret set JIRA_SYNC_BASE_URL | ||
gh secret set JIRA_SYNC_USER_EMAIL | ||
gh secret set JIRA_SYNC_API_TOKEN | ||
``` | ||
|
||
|
||
This template repository does not include a Mozilla Public License 2.0 `LICENSE` | ||
since plugins created this way can be internal to hashicorp and for Vault | ||
Enterprise consumption. To add a license, follow [these GitHub | ||
instructions](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/adding-a-license-to-a-repository), | ||
or obtain one from one of our public Vault plugins. | ||
|
||
Please see the [GitHub template repository | ||
documentation](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template) | ||
for how to create a new repository from this template on GitHub. | ||
|
||
Things _not_ handled by this template repository: | ||
- Repository settings, such as branch protection rules | ||
- Memberships and permissions | ||
- GitHub secrets for this repository | ||
|
||
Please see the [Repository Configuration Page](https://hashicorp.atlassian.net/wiki/spaces/VAULT/pages/2103476333/Repository+Configuration) | ||
for the setting proper repository configuration values. | ||
|
||
## Quick Links | ||
|
||
- [Vault Website](https://developer.hashicorp.com/vault) | ||
- [Vault Project GitHub](https://www.github.com/hashicorp/vault) | ||
|
||
[//]: <> (Include any other quick links relevant to your plugin) | ||
|
||
## Getting Started | ||
|
||
This is a [Vault plugin](https://developer.hashicorp.com/vault/docs/plugins) | ||
and is meant to work with Vault. This guide assumes you have already installed | ||
Vault and have a basic understanding of how Vault works. | ||
|
||
Otherwise, first read this guide on how to [get started with | ||
Vault](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install). | ||
|
||
|
||
## Usage | ||
|
||
[//]: <> (Provide usage instructions and/or links to this plugin) | ||
|
||
## Developing | ||
|
||
If you wish to work on this plugin, you'll first need | ||
[Go](https://www.golang.org) installed on your machine. | ||
|
||
If you're developing for the first time, run `make bootstrap` to install the | ||
necessary tools. Bootstrap will also update repository name references if that | ||
has not been performed ever before. | ||
|
||
```sh | ||
$ make bootstrap | ||
``` | ||
|
||
To compile a development version of this plugin, run `make` or `make dev`. | ||
This will put the plugin binary in the `bin` and `$GOPATH/bin` folders. `dev` | ||
mode will only generate the binary for your platform and is faster: | ||
|
||
```sh | ||
$ make dev | ||
``` | ||
|
||
Put the plugin binary into a location of your choice. This directory | ||
will be specified as the [`plugin_directory`](https://developer.hashicorp.com/vault/docs/configuration#plugin_directory) | ||
in the Vault config used to start the server. | ||
|
||
```hcl | ||
# config.hcl | ||
plugin_directory = "path/to/plugin/directory" | ||
... | ||
``` | ||
|
||
Start a Vault server with this config file: | ||
|
||
```sh | ||
$ vault server -dev -config=path/to/config.hcl ... | ||
... | ||
``` | ||
|
||
Once the server is started, register the plugin in the Vault server's [plugin catalog](https://developer.hashicorp.com/vault/docs/plugins/plugin-architecture#plugin-catalog): | ||
|
||
```sh | ||
$ SHA256=$(openssl dgst -sha256 $GOPATH/vault-plugin-secrets-myplugin | cut -d ' ' -f2) | ||
$ vault plugin register \ | ||
-sha256=$SHA256 \ | ||
-command="vault-plugin-secrets-myplugin" \ | ||
secrets myplugin | ||
... | ||
Success! Data written to: sys/plugins/catalog/myplugin | ||
``` | ||
|
||
Enable the secrets engine to use this plugin: | ||
|
||
```sh | ||
$ vault secrets enable myplugin | ||
... | ||
|
||
Successfully enabled 'plugin' at 'myplugin'! | ||
``` | ||
|
||
### Tests | ||
|
||
To run the tests, invoke `make test`: | ||
|
||
```sh | ||
$ make test | ||
``` | ||
|
||
You can also specify a `TESTARGS` variable to filter tests like so: | ||
|
||
```sh | ||
$ make test TESTARGS='-run=TestConfig' | ||
``` | ||
|
||
[//]: <> (Specify any other test instructions such as acceptance/integration tests) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
package main | ||
|
||
import ( | ||
"os" | ||
|
||
"github.com/hashicorp/go-hclog" | ||
"github.com/hashicorp/vault/api" | ||
"github.com/hashicorp/vault/sdk/plugin" | ||
) | ||
|
||
func main() { | ||
apiClientMeta := &api.PluginAPIClientMeta{} | ||
flags := apiClientMeta.FlagSet() | ||
flags.Parse(os.Args[1:]) | ||
|
||
tlsConfig := apiClientMeta.GetTLSConfig() | ||
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig) | ||
|
||
err := plugin.ServeMultiplex(&plugin.ServeOpts{ | ||
// set the TLSProviderFunc so that the plugin maintains backwards | ||
// compatibility with Vault versions that don’t support plugin AutoMTLS | ||
TLSProviderFunc: tlsProviderFunc, | ||
// TODO: Add the plugin's Factory function here, e.g.: | ||
// BackendFactoryFunc: vault-plugin-scaffolding.Factory, | ||
}) | ||
if err != nil { | ||
logger := hclog.New(&hclog.LoggerOptions{}) | ||
|
||
logger.Error("plugin shutting down", "error", err) | ||
os.Exit(1) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
module github.com/hashicorp/vault-plugin-scaffolding | ||
|
||
go 1.20 | ||
|
||
require ( | ||
github.com/hashicorp/go-hclog v1.5.0 | ||
github.com/hashicorp/vault/api v1.9.2 | ||
github.com/hashicorp/vault/sdk v0.9.1 | ||
) | ||
|
||
require ( | ||
github.com/armon/go-metrics v0.4.1 // indirect | ||
github.com/armon/go-radix v1.0.0 // indirect | ||
github.com/cenkalti/backoff/v3 v3.2.2 // indirect | ||
github.com/fatih/color v1.13.0 // indirect | ||
github.com/frankban/quicktest v1.14.2 // indirect | ||
github.com/go-jose/go-jose/v3 v3.0.0 // indirect | ||
github.com/golang/protobuf v1.5.2 // indirect | ||
github.com/golang/snappy v0.0.4 // indirect | ||
github.com/google/go-cmp v0.5.9 // indirect | ||
github.com/hashicorp/errwrap v1.1.0 // indirect | ||
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect | ||
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect | ||
github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 // indirect | ||
github.com/hashicorp/go-multierror v1.1.1 // indirect | ||
github.com/hashicorp/go-plugin v1.4.8 // indirect | ||
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect | ||
github.com/hashicorp/go-rootcerts v1.0.2 // indirect | ||
github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect | ||
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect | ||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect | ||
github.com/hashicorp/go-sockaddr v1.0.2 // indirect | ||
github.com/hashicorp/go-uuid v1.0.3 // indirect | ||
github.com/hashicorp/go-version v1.6.0 // indirect | ||
github.com/hashicorp/golang-lru v0.5.4 // indirect | ||
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect | ||
github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect | ||
github.com/mattn/go-colorable v0.1.13 // indirect | ||
github.com/mattn/go-isatty v0.0.17 // indirect | ||
github.com/mitchellh/copystructure v1.2.0 // indirect | ||
github.com/mitchellh/go-homedir v1.1.0 // indirect | ||
github.com/mitchellh/go-testing-interface v1.14.1 // indirect | ||
github.com/mitchellh/mapstructure v1.5.0 // indirect | ||
github.com/mitchellh/reflectwalk v1.0.2 // indirect | ||
github.com/oklog/run v1.1.0 // indirect | ||
github.com/pierrec/lz4 v2.6.1+incompatible // indirect | ||
github.com/rogpeppe/go-internal v1.8.1 // indirect | ||
github.com/ryanuber/go-glob v1.0.0 // indirect | ||
go.uber.org/atomic v1.9.0 // indirect | ||
golang.org/x/crypto v0.6.0 // indirect | ||
golang.org/x/net v0.8.0 // indirect | ||
golang.org/x/sys v0.6.0 // indirect | ||
golang.org/x/text v0.8.0 // indirect | ||
golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect | ||
google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect | ||
google.golang.org/grpc v1.53.0 // indirect | ||
google.golang.org/protobuf v1.28.1 // indirect | ||
gopkg.in/square/go-jose.v2 v2.6.0 // indirect | ||
) |
Oops, something went wrong.