Skip to content

Commit

Permalink
backport of commit c040f90
Browse files Browse the repository at this point in the history
  • Loading branch information
ccapurso authored Jul 31, 2023
1 parent be97ab8 commit bd15848
Show file tree
Hide file tree
Showing 3 changed files with 42 additions and 16 deletions.
3 changes: 3 additions & 0 deletions changelog/21925.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
kmip (enterprise): Add namespace lock and unlock support
```
41 changes: 25 additions & 16 deletions sdk/logical/system_view.go
Original file line number Diff line number Diff line change
Expand Up @@ -104,27 +104,32 @@ type PasswordPolicy interface {
type ExtendedSystemView interface {
Auditor() Auditor
ForwardGenericRequest(context.Context, *Request) (*Response, error)

// APILockShouldBlockRequest returns whether a namespace for the requested
// mount is locked and should be blocked
APILockShouldBlockRequest() (bool, error)
}

type PasswordGenerator func() (password string, err error)

type StaticSystemView struct {
DefaultLeaseTTLVal time.Duration
MaxLeaseTTLVal time.Duration
SudoPrivilegeVal bool
TaintedVal bool
CachingDisabledVal bool
Primary bool
EnableMlock bool
LocalMountVal bool
ReplicationStateVal consts.ReplicationState
EntityVal *Entity
GroupsVal []*Group
Features license.Features
PluginEnvironment *PluginEnvironment
PasswordPolicies map[string]PasswordGenerator
VersionString string
ClusterUUID string
DefaultLeaseTTLVal time.Duration
MaxLeaseTTLVal time.Duration
SudoPrivilegeVal bool
TaintedVal bool
CachingDisabledVal bool
Primary bool
EnableMlock bool
LocalMountVal bool
ReplicationStateVal consts.ReplicationState
EntityVal *Entity
GroupsVal []*Group
Features license.Features
PluginEnvironment *PluginEnvironment
PasswordPolicies map[string]PasswordGenerator
VersionString string
ClusterUUID string
APILockShouldBlockRequestVal bool
}

type noopAuditor struct{}
Expand Down Expand Up @@ -250,3 +255,7 @@ func (d *StaticSystemView) DeletePasswordPolicy(name string) (existed bool) {
func (d StaticSystemView) ClusterID(ctx context.Context) (string, error) {
return d.ClusterUUID, nil
}

func (d StaticSystemView) APILockShouldBlockRequest() (bool, error) {
return d.APILockShouldBlockRequestVal, nil
}
14 changes: 14 additions & 0 deletions vault/dynamic_system_view.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,20 @@ func (e extendedSystemViewImpl) SudoPrivilege(ctx context.Context, path string,
return authResults.RootPrivs
}

func (e extendedSystemViewImpl) APILockShouldBlockRequest() (bool, error) {
mountEntry := e.mountEntry
if mountEntry == nil {
return false, fmt.Errorf("no mount entry")
}
ns := mountEntry.Namespace()

if err := enterpriseBlockRequestIfError(e.core, ns.Path, mountEntry.Path); err != nil {
return true, nil
}

return false, nil
}

func (d dynamicSystemView) DefaultLeaseTTL() time.Duration {
def, _ := d.fetchTTLs()
return def
Expand Down

0 comments on commit bd15848

Please sign in to comment.