Add Rotation Manager stubs for OSS

builtin/credential/ldap/backend.go

@@ -62,7 +62,7 @@ func Backend() *backend {
 
 		AuthRenew:   b.pathLoginRenew,
 		BackendType: logical.TypeCredential,
-		RotatePassword: func(ctx context.Context, req *logical.Request) error {
+		RotateCredential: func(ctx context.Context, req *logical.Request) error {
 			// lock the backend's state - really just the config state - for mutating
 			b.mu.Lock()
 			defer b.mu.Unlock()

builtin/credential/ldap/path_config_rotate_root.go

@@ -52,7 +52,7 @@ func (b *backend) pathConfigRotateRootUpdate(ctx context.Context, req *logical.R
 
 	b.mu.RUnlock()
 
-	err = b.RotatePassword(ctx, req)
+	err = b.RotateCredential(ctx, req)
 	if err != nil {
 		return nil, err
 	}

builtin/logical/aws/backend.go

@@ -65,8 +65,8 @@ func Backend(_ *logical.BackendConfig) *backend {
 		},
 
 		// placeholder
-		RotatePassword: func(ctx context.Context, request *logical.Request) error {
-			fmt.Print("aws.RotatePassword called\n")
+		RotateCredential: func(ctx context.Context, request *logical.Request) error {
+			fmt.Print("aws.RotateCredential called\n")
 			return nil
 		},
 

sdk/framework/backend.go

@@ -109,8 +109,9 @@ type Backend struct {
 	// RunningVersion is the optional version that will be self-reported
 	RunningVersion string
 
-	// Functions for rotating the root password of a backend if it exists
-	RotatePassword func(context.Context, *logical.Request) error // specific backend developer responsible for handling basically everything
+	// RotateCredential is the callback function used by the RotationManager
+	// to communicate with a plugin on when to rotate a credential
+	RotateCredential func(context.Context, *logical.Request) error
 
 	logger  log.Logger
 	system  logical.SystemView
@@ -668,13 +669,13 @@ func (b *Backend) handleRollback(ctx context.Context, req *logical.Request) (*lo
 	return resp, merr.ErrorOrNil()
 }
 
-// handleRotation invokes the RotatePassword func set on the backend.
+// handleRotation invokes the RotateCredential func set on the backend.
 func (b *Backend) handleRotation(ctx context.Context, req *logical.Request) (*logical.Response, error) {
-	if b.RotatePassword == nil {
+	if b.RotateCredential == nil {
 		return nil, logical.ErrUnsupportedOperation
 	}
 
-	err := b.RotatePassword(ctx, req)
+	err := b.RotateCredential(ctx, req)
 	if err != nil {
 		return nil, err
 	}

sdk/logical/system_view.go

@@ -101,6 +101,7 @@ type SystemView interface {
 	// GenerateIdentityToken returns an identity token for the requesting plugin.
 	GenerateIdentityToken(ctx context.Context, req *pluginutil.IdentityTokenRequest) (*pluginutil.IdentityTokenResponse, error)
 
+	// RegisterRotationJob returns a rotation ID for a requested plugin credential.
 	RegisterRotationJob(ctx context.Context, reqPath string, job *RotationJob) (rotationID string, err error)
 }
 
@@ -288,7 +289,6 @@ func (d StaticSystemView) APILockShouldBlockRequest() (bool, error) {
 	return d.APILockShouldBlockRequestVal, nil
 }
 
-func (d StaticSystemView) RegisterRotationJob(ctx context.Context, reqPath string, job *RotationJob) (rotationID string, err error) {
-	return "", nil
-	// return "", errors.New("RegisterRotationJob is not implemented in StaticSystemView")
+func (d StaticSystemView) RegisterRotationJob(_ context.Context, _ string, _ *RotationJob) (rotationID string, err error) {
+	return "", errors.New("RegisterRotationJob is not implemented in StaticSystemView")
 }

sdk/plugin/pb/backend.proto

@@ -625,13 +625,6 @@ message RotationJobInput {
   string name = 4;
 }
 
-//message RotationScheduleInput {
-//  google.protobuf.Struct schedule = 1;
-//  google.protobuf.Duration rotation_window = 2;
-//  string rotation_schedule = 3;
-//  google.protobuf.Struct next_vault_rotation = 4;
-//}
-
 // SystemView exposes system configuration information in a safe way for plugins
 // to consume. Plugins should implement the client for this service.
 service SystemView {

vault/dynamic_system_view.go

@@ -473,7 +473,7 @@ func (d dynamicSystemView) RegisterRotationJob(ctx context.Context, reqPath stri
 		path = ns.Path + "/" + reqPath
 	}
 
-	id, err := d.core.rotationManager.Register(namespace.ContextWithNamespace(ctx, job.Namespace), path, job)
+	id, err := d.core.RegisterRotationJob(namespace.ContextWithNamespace(ctx, job.Namespace), path, job)
 	if err != nil {
 		return "", fmt.Errorf("error registering rotation job: %s", err)
 	}