mockdb

package module

v0.0.0-...-ca64ada Latest Latest Go to latest Published: Jul 18, 2019 License: MPL-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/petems/vault-plugin-database-mockdb

Links

Open Source Insights

README ¶

vault-database-plugin-mockdb

A Vault plugin for "MockDB"... which is just a mocked database that doesn't actually do anything!

Background

This is basically an example of how to write your own database secrets engine. It's largely based on the vault-plugin-database-oracle repo repo, with some other code taken from the InfluxDB secrets engine

Installation

The Vault plugin system is documented on the Vault documentation site.

You will need to define a plugin directory using the plugin_directory configuration directive, then place the mockdb executable generated above in the directory.

Inside this repo, you can do this with the following dev steps:

$ vault server -dev -dev-root-token-id=root -dev-plugin-dir=./vault/plugins &
$ export VAULT_ADDR='http://127.0.0.1:8200'
$ vault secrets enable database
$ vault write sys/plugins/catalog/database/mockdb \
  sha_256=$(MOCKDBSHASUM) \
  command="mockdb"
$ vault write database/config/mockdb \
  plugin_name="mockdb" \
  host=127.0.0.1 \
  username=mockdb-root \
  password=password123 \
  allowed_roles=my-role
$ vault write database/roles/my-role \
  db_name=mockdb \
  creation_statements="CREATE USER \"{{username}}\" WITH PASSWORD '{{password}}'; \
       GRANT ALL ON \"vault\" TO \"{{username}}\";" \
  default_ttl="1h" \
  max_ttl="24h"
$ vault read database/creds/my-role
Key                Value
---                -----
lease_id           database/creds/my-role/tXLr2KV5zhpuoSCszMChgsoQ
lease_duration     1h
lease_renewable    true
password           A1a-vJ10mm1hx0uSAjDe
username           v_token_my-role_HMxsjZcsAH6KQRW4OStz_1562877167

Or use the makefile steps:

$ make start-vault

New Terminal

$ make dev-flow
go build -o vault/plugins/mockdb plugin/main.go
vault secrets disable database
Success! Disabled the secrets engine (if it existed) at: database/
vault secrets enable database
Success! Enabled the database secrets engine at: database/
vault write sys/plugins/catalog/database/mockdb \
    sha_256=92b14b650aee1e0719e12e3a7ba423ef0b6316e4a956c87c52bdcc38ff9118ac \
    command="mockdb"
Success! Data written to: sys/plugins/catalog/database/mockdb
vault write database/config/mockdb \
     plugin_name="mockdb" \
     host=127.0.0.1 \
     username=mockdb-root \
     password=password123 \
     allowed_roles=my-role
vault write database/roles/my-role \
  	db_name=mockdb \
  	creation_statements="CREATE USER \"{{username}}\" WITH PASSWORD '{{password}}'; \
  	     GRANT ALL ON \"vault\" TO \"{{username}}\";" \
  	default_ttl="1h" \
  	max_ttl="24h"
Success! Data written to: database/roles/my-role
vault read database/creds/my-role
Key                Value
---                -----
lease_id           database/creds/my-role/Re0cSMdAxC5TojqBTR28kAtm
lease_duration     1h
lease_renewable    true
password           A1a-LOPIN4vNs84ZW4G0
username           v_token_my-role_nai3vEL6UOK2pJXmNu8O_1563449205

Documentation ¶

Index ¶

func New() (interface{}, error)
func Run(apiTLSConfig *api.TLSConfig) error
type Mockdb

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func New ¶

func New() (interface{}, error)

New implements builtinplugins.BuiltinFactory

func Run ¶

func Run(apiTLSConfig *api.TLSConfig) error

Run instantiates an Mockdb object, and runs the RPC server for the plugin

Types ¶

type Mockdb ¶

type Mockdb struct {
	credsutil.CredentialsProducer
	// contains filtered or unexported fields
}

func (Mockdb) Close ¶

func (i Mockdb) Close() error

func (Mockdb) Connection ¶

func (i Mockdb) Connection(_ context.Context) (interface{}, error)

func (*Mockdb) CreateUser ¶

func (m *Mockdb) CreateUser(ctx context.Context, statements dbplugin.Statements, usernameConfig dbplugin.UsernameConfig, expiration time.Time) (username string, password string, err error)

func (Mockdb) Init ¶

func (i Mockdb) Init(ctx context.Context, conf map[string]interface{}, verifyConnection bool) (map[string]interface{}, error)

func (Mockdb) Initialize ¶

func (i Mockdb) Initialize(ctx context.Context, conf map[string]interface{}, verifyConnection bool) error

func (*Mockdb) RenewUser ¶

func (m *Mockdb) RenewUser(ctx context.Context, statements dbplugin.Statements, username string, expiration time.Time) error

func (*Mockdb) RevokeUser ¶

func (m *Mockdb) RevokeUser(ctx context.Context, statements dbplugin.Statements, username string) error

func (*Mockdb) RotateRootCredentials ¶

func (m *Mockdb) RotateRootCredentials(ctx context.Context, statements []string) (map[string]interface{}, error)

func (Mockdb) SetCredentials ¶

func (i Mockdb) SetCredentials(ctx context.Context, statements dbplugin.Statements, staticUser dbplugin.StaticUserConfig) (username, password string, err error)

SetCredentials uses provided information to set/create a user in the database. Unlike CreateUser, this method requires a username be provided and uses the name given, instead of generating a name. This is used for creating and setting the password of static accounts, as well as rolling back passwords in the database in the event an updated database fails to save in Vault's storage.

func (*Mockdb) Type ¶

func (m *Mockdb) Type() (string, error)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
plugin

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL