Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feature: multiplexing support for database plugins #14033

Merged
merged 23 commits into from
Feb 17, 2022
Merged

Conversation

fairclothjm
Copy link
Contributor

@fairclothjm fairclothjm commented Feb 12, 2022

Description

This PR adds multiplexing support for database plugins.

When multiplexed database plugins are configured in Vault, each plugin will only have a single process managing all connections configured. This single process, per database plugin, will be multiplexed across all Vault namespaces for mounts of this type.

To test multiplexing

  • build a v5 db plugin from main branch
  • build v6 multiplexed plugin from the feature-multiplexing branch
  • build a vault binary from the multiplexing branch feature-multiplexing
  • start vault and register the plugins
  • write the database configs and perform credential operations as normal

@fairclothjm fairclothjm requested a review from a team February 12, 2022 02:32
fairclothjm and others added 9 commits February 14, 2022 09:22
* WIP: start from main and get a plugin runner from core

* move MultiplexedClient map to plugin catalog
- call sys.NewPluginClient from PluginFactory
- updates to getPluginClient
- thread through isMetadataMode

* use go-plugin ClientProtocol interface
- call sys.NewPluginClient from dbplugin.NewPluginClient

* move PluginSets to dbplugin package
- export dbplugin HandshakeConfig
- small refactor of PluginCatalog.getPluginClient

* add removeMultiplexedClient; clean up on Close()
- call client.Kill from plugin catalog
- set rpcClient when muxed client exists

* add ID to dbplugin.DatabasePluginClient struct

* only create one plugin process per plugin type

* update NewPluginClient to return connection ID to sdk
- wrap grpc.ClientConn so we can inject the ID into context
- get ID from context on grpc server

* add v6 multiplexing  protocol version

* WIP: backwards compat for db plugins

* Ensure locking on plugin catalog access

- Create public GetPluginClient method for plugin catalog
- rename postgres db plugin

* use the New constructor for db plugins

* grpc server: use write lock for Close and rlock for CRUD

* cleanup MultiplexedClients on Close

* remove TODO

* fix multiplexing regression with grpc server connection

* cleanup grpc server instances on close

* embed ClientProtocol in Multiplexer interface

* use PluginClientConfig arg to make NewPluginClient plugin type agnostic

* create a new plugin process for non-muxed plugins
* use closure for plugin client cleanup

* log and return errors; add comments

* move rpcClient wrapping to core for ID injection

* refactor core plugin client and sdk

* remove unused ID method

* refactor and only wrap clientConn on multiplexed plugins

* rename structs and do not export types

* Slight refactor of system view interface

* Revert "Slight refactor of system view interface"

This reverts commit 73d420e.

* Revert "Revert "Slight refactor of system view interface""

This reverts commit f755270.

* only provide pluginRunner arg to the internal newPluginClient method

* embed ClientProtocol in pluginClient and name logger

* Add back MLock support

* remove enableMlock arg from setupPluginCatalog

* rename plugin util interface to PluginClient

Co-authored-by: Brian Kassouf <[email protected]>
* fix grpc_server tests and add coverage

* update run_config tests

* add happy path test case for grpc_server ID from context

* update test helpers
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 14, 2022 15:23 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 14, 2022 15:23 Inactive
@fairclothjm fairclothjm removed the request for review from a team February 14, 2022 15:23
@calvn calvn modified the milestones: 1.10, 1.10-rc1 Feb 14, 2022
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 14, 2022 20:26 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 14, 2022 20:26 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 14, 2022 20:40 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 14, 2022 20:40 Inactive
Copy link
Contributor

@briankassouf briankassouf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few small things, overall this is looking really great!

vault/plugin_catalog.go Outdated Show resolved Hide resolved
vault/plugin_catalog.go Outdated Show resolved Hide resolved
vault/plugin_catalog.go Outdated Show resolved Hide resolved
vault/plugin_catalog.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 15, 2022 18:44 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 15, 2022 18:44 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 15, 2022 20:23 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 15, 2022 20:23 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 15, 2022 20:50 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 15, 2022 20:50 Inactive
vault/plugin_catalog.go Outdated Show resolved Hide resolved
vault/plugin_catalog.go Outdated Show resolved Hide resolved
vault/plugin_catalog.go Outdated Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault February 16, 2022 13:51 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 16, 2022 13:51 Inactive
@jasonodonnell jasonodonnell self-requested a review February 16, 2022 19:25
Copy link
Contributor

@jasonodonnell jasonodonnell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did a bunch of testing on this and it looks good to me. We can address any other issues in smaller PRs. 😄

Great work!

Copy link
Contributor

@austingebauer austingebauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work! LGTM 👍

vault/plugin_catalog.go Show resolved Hide resolved
@vercel vercel bot temporarily deployed to Preview – vault-storybook February 16, 2022 20:35 Inactive
@vercel vercel bot temporarily deployed to Preview – vault February 16, 2022 20:35 Inactive
Copy link
Contributor

@calvn calvn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, awesome work on this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants