[DBPW 3/5] Add DBv5 plugin serving & management functions #9745
Conversation
pcman312
changed the title
pcman312
force-pushed
the
dbpw-middleware
branch
from
1b90ebe to
5336ddb
Compare
pcman312
force-pushed
the
dbpw-03-plugin
branch
from
8bce816 to
1d08c2d
Compare
This mirrors what DBv4 is doing, but with the updated interface
pcman312
force-pushed
the
dbpw-03-plugin
branch
from
1d08c2d to
dcd0677
Compare
| var _ plugin.GRPCPlugin = &GRPCDatabasePlugin{} | ||
|
|
||
| func (d GRPCDatabasePlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { | ||
| proto.RegisterDatabaseServer(s, gRPCServer{impl: d.Impl}) |
There was a problem hiding this comment.
We don't need to wrap d.Impl with DatabaseErrorSanitizerMiddleware?
There was a problem hiding this comment.
Unfortunately we can't at this point in the code. The DatabaseErrorSantizerMiddleware doesn't know what secret values to redact at this point. It only knows those values within the database plugin itself. Here's an example from the existing MongoDB plugin:
vault/plugins/database/mongodb/mongodb.go
Line 33 in 049c1a7
There was a problem hiding this comment.
I believe that in this case it's more of a passthrough/no-op in terms of sanitizing secret values, but sanitize is also performing an specific error check:
vault/sdk/database/dbplugin/databasemiddleware.go
Lines 313 to 315 in 7807d45
pcman312
changed the title
Overview
This PR is part of a larger feature adding support for password policies into the combined database engine. This feature is being split into multiple PRs to make for smaller reviews & earlier feedback.
Adds plugin serving/handling code for Database v5. This is nearly identical to the Database v4 code, but references the updated interface.
Database v4 version:
sdk/database/dbplugin/plugin.gosdk/database/dbplugin/server.gosdk/database/dbplugin/client.goPrerequisites
masterRelated PRs
Original password policies PR
1/X - Database interface & gRPC
2/X - Middleware
4/X - Database engine