diff --git a/go.mod b/go.mod index 1afd3d6f8..1fa8d4e4c 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/google/uuid v1.3.0 github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 - github.com/hashicorp/vault/api v1.8.2 + github.com/hashicorp/vault/api v1.8.3 github.com/kubernetes-csi/csi-lib-utils v0.11.0 github.com/kubernetes-csi/external-snapshotter/client/v6 v6.2.0 github.com/libopenstorage/secrets v0.0.0-20210908194121-a1d19aa9713a @@ -99,7 +99,7 @@ require ( github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/hashicorp/vault v1.4.2 // indirect - github.com/hashicorp/vault/sdk v0.6.0 // indirect + github.com/hashicorp/vault/sdk v0.7.0 // indirect github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect github.com/imdario/mergo v0.3.12 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect diff --git a/go.sum b/go.sum index e8ec226c0..3a6181734 100644 --- a/go.sum +++ b/go.sum @@ -582,7 +582,7 @@ github.com/hashicorp/go-secure-stdlib/password v0.1.1 h1:6JzmBqXprakgFEHwBgdchsj github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 h1:Yc026VyMyIpq1UWRnakHRG01U8fJm+nEfEmjoAb00n8= +github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 h1:phcbL8urUzF/kxA/Oj6awENaRwfWsjP59GW7u2qlDyY= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= @@ -645,8 +645,8 @@ github.com/hashicorp/vault/api v1.0.5-0.20191122173911-80fcc7907c78/go.mod h1:Uf github.com/hashicorp/vault/api v1.0.5-0.20200215224050-f6547fa8e820/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o= github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o= github.com/hashicorp/vault/api v1.0.5-0.20200902155336-f9d5ce5a171a/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk= -github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM= -github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE= +github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o= +github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg= github.com/hashicorp/vault/sdk v0.1.8/go.mod h1:tHZfc6St71twLizWNHvnnbiGFo1aq0eD2jGPLtP8kAU= github.com/hashicorp/vault/sdk v0.1.14-0.20190730042320-0dc007d98cc8/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M= github.com/hashicorp/vault/sdk v0.1.14-0.20191108161836-82f2b5571044/go.mod h1:PcekaFGiPJyHnFy+NZhP6ll650zEw51Ag7g/YEa+EOU= @@ -656,8 +656,8 @@ github.com/hashicorp/vault/sdk v0.1.14-0.20200317185738-82f498082f02/go.mod h1:W github.com/hashicorp/vault/sdk v0.1.14-0.20200427170607-03332aaf8d18/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= github.com/hashicorp/vault/sdk v0.1.14-0.20200429182704-29fce8f27ce4/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= -github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs= -github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc= +github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg= +github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= diff --git a/vendor/github.com/hashicorp/vault/api/client.go b/vendor/github.com/hashicorp/vault/api/client.go index c6843348e..26d291914 100644 --- a/vendor/github.com/hashicorp/vault/api/client.go +++ b/vendor/github.com/hashicorp/vault/api/client.go @@ -114,7 +114,11 @@ type Config struct { // of three tries). MaxRetries int - // Timeout is for setting custom timeout parameter in the HttpClient + // Timeout, given a non-negative value, will apply the request timeout + // to each request function unless an earlier deadline is passed to the + // request function through context.Context. Note that this timeout is + // not applicable to Logical().ReadRaw* (raw response) functions. + // Defaults to 60 seconds. Timeout time.Duration // If there is an error when creating the configuration, this will be the diff --git a/vendor/github.com/hashicorp/vault/api/logical.go b/vendor/github.com/hashicorp/vault/api/logical.go index d2e5bb5e5..e36fde8c9 100644 --- a/vendor/github.com/hashicorp/vault/api/logical.go +++ b/vendor/github.com/hashicorp/vault/api/logical.go @@ -66,6 +66,53 @@ func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data defer cancelFunc() resp, err := c.readRawWithDataWithContext(ctx, path, data) + return c.ParseRawResponseAndCloseBody(resp, err) +} + +// ReadRaw attempts to read the value stored at the given Vault path +// (without '/v1/' prefix) and returns a raw *http.Response. +// +// Note: the raw-response functions do not respect the client-configured +// request timeout; if a timeout is desired, please use ReadRawWithContext +// instead and set the timeout through context.WithTimeout or context.WithDeadline. +func (c *Logical) ReadRaw(path string) (*Response, error) { + return c.ReadRawWithDataWithContext(context.Background(), path, nil) +} + +// ReadRawWithContext attempts to read the value stored at the give Vault path +// (without '/v1/' prefix) and returns a raw *http.Response. +// +// Note: the raw-response functions do not respect the client-configured +// request timeout; if a timeout is desired, please set it through +// context.WithTimeout or context.WithDeadline. +func (c *Logical) ReadRawWithContext(ctx context.Context, path string) (*Response, error) { + return c.ReadRawWithDataWithContext(ctx, path, nil) +} + +// ReadRawWithData attempts to read the value stored at the given Vault +// path (without '/v1/' prefix) and returns a raw *http.Response. The 'data' map +// is added as query parameters to the request. +// +// Note: the raw-response functions do not respect the client-configured +// request timeout; if a timeout is desired, please use +// ReadRawWithDataWithContext instead and set the timeout through +// context.WithTimeout or context.WithDeadline. +func (c *Logical) ReadRawWithData(path string, data map[string][]string) (*Response, error) { + return c.ReadRawWithDataWithContext(context.Background(), path, data) +} + +// ReadRawWithDataWithContext attempts to read the value stored at the given +// Vault path (without '/v1/' prefix) and returns a raw *http.Response. The 'data' +// map is added as query parameters to the request. +// +// Note: the raw-response functions do not respect the client-configured +// request timeout; if a timeout is desired, please set it through +// context.WithTimeout or context.WithDeadline. +func (c *Logical) ReadRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) { + return c.readRawWithDataWithContext(ctx, path, data) +} + +func (c *Logical) ParseRawResponseAndCloseBody(resp *Response, err error) (*Secret, error) { if resp != nil { defer resp.Body.Close() } @@ -90,21 +137,6 @@ func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data return ParseSecret(resp.Body) } -func (c *Logical) ReadRaw(path string) (*Response, error) { - return c.ReadRawWithData(path, nil) -} - -func (c *Logical) ReadRawWithData(path string, data map[string][]string) (*Response, error) { - return c.ReadRawWithDataWithContext(context.Background(), path, data) -} - -func (c *Logical) ReadRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) { - ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) - defer cancelFunc() - - return c.readRawWithDataWithContext(ctx, path, data) -} - func (c *Logical) readRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) { r := c.c.NewRequest(http.MethodGet, "/v1/"+path) diff --git a/vendor/github.com/hashicorp/vault/api/plugin_helpers.go b/vendor/github.com/hashicorp/vault/api/plugin_helpers.go index 2b1b35c3b..6602a044b 100644 --- a/vendor/github.com/hashicorp/vault/api/plugin_helpers.go +++ b/vendor/github.com/hashicorp/vault/api/plugin_helpers.go @@ -63,6 +63,7 @@ var sudoPaths = map[string]*regexp.Regexp{ "/sys/revoke-force/{prefix}": regexp.MustCompile(`^/sys/revoke-force/.+$`), "/sys/revoke-prefix/{prefix}": regexp.MustCompile(`^/sys/revoke-prefix/.+$`), "/sys/rotate": regexp.MustCompile(`^/sys/rotate$`), + "/sys/internal/inspect/router/{tag}": regexp.MustCompile(`^/sys/internal/inspect/router/.+$`), // enterprise-only paths "/sys/replication/dr/primary/secondary-token": regexp.MustCompile(`^/sys/replication/dr/primary/secondary-token$`), diff --git a/vendor/github.com/hashicorp/vault/api/secret.go b/vendor/github.com/hashicorp/vault/api/secret.go index 77e3ee9a9..37e60892e 100644 --- a/vendor/github.com/hashicorp/vault/api/secret.go +++ b/vendor/github.com/hashicorp/vault/api/secret.go @@ -2,8 +2,11 @@ package api import ( "bytes" + "encoding/json" "fmt" "io" + "reflect" + "strings" "time" "github.com/hashicorp/errwrap" @@ -302,7 +305,15 @@ func ParseSecret(r io.Reader) (*Secret, error) { // First read the data into a buffer. Not super efficient but we want to // know if we actually have a body or not. var buf bytes.Buffer - _, err := buf.ReadFrom(r) + + // io.Reader is treated like a stream and cannot be read + // multiple times. Duplicating this stream using TeeReader + // to use this data in case there is no top-level data from + // api response + var teebuf bytes.Buffer + tee := io.TeeReader(r, &teebuf) + + _, err := buf.ReadFrom(tee) if err != nil { return nil, err } @@ -316,5 +327,38 @@ func ParseSecret(r io.Reader) (*Secret, error) { return nil, err } + // If the secret is null, add raw data to secret data if present + if reflect.DeepEqual(secret, Secret{}) { + data := make(map[string]interface{}) + if err := jsonutil.DecodeJSONFromReader(&teebuf, &data); err != nil { + return nil, err + } + errRaw, errPresent := data["errors"] + + // if only errors are present in the resp.Body return nil + // to return value not found as it does not have any raw data + if len(data) == 1 && errPresent { + return nil, nil + } + + // if errors are present along with raw data return the error + if errPresent { + var errStrArray []string + errBytes, err := json.Marshal(errRaw) + if err != nil { + return nil, err + } + if err := json.Unmarshal(errBytes, &errStrArray); err != nil { + return nil, err + } + return nil, fmt.Errorf(strings.Join(errStrArray, " ")) + } + + // if any raw data is present in resp.Body, add it to secret + if len(data) > 0 { + secret.Data = data + } + } + return &secret, nil } diff --git a/vendor/github.com/hashicorp/vault/api/sys_mounts.go b/vendor/github.com/hashicorp/vault/api/sys_mounts.go index 75173b4d8..f55133cec 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_mounts.go +++ b/vendor/github.com/hashicorp/vault/api/sys_mounts.go @@ -254,20 +254,20 @@ type MountInput struct { } type MountConfigInput struct { - Options map[string]string `json:"options" mapstructure:"options"` - DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"` - Description *string `json:"description,omitempty" mapstructure:"description"` - MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` - ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"` - AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"` - AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"` - ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"` - PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"` - AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"` - TokenType string `json:"token_type,omitempty" mapstructure:"token_type"` - AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"` - PluginVersion string `json:"plugin_version,omitempty"` - + Options map[string]string `json:"options" mapstructure:"options"` + DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"` + Description *string `json:"description,omitempty" mapstructure:"description"` + MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` + ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"` + AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"` + AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"` + ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"` + PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"` + AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"` + TokenType string `json:"token_type,omitempty" mapstructure:"token_type"` + AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"` + PluginVersion string `json:"plugin_version,omitempty"` + UserLockoutConfig *UserLockoutConfigInput `json:"user_lockout_config,omitempty"` // Deprecated: This field will always be blank for newer server responses. PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` } @@ -289,21 +289,35 @@ type MountOutput struct { } type MountConfigOutput struct { - DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"` - MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` - ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"` - AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"` - AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"` - ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"` - PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"` - AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"` - TokenType string `json:"token_type,omitempty" mapstructure:"token_type"` - AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"` - + DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"` + MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` + ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"` + AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"` + AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"` + ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"` + PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"` + AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"` + TokenType string `json:"token_type,omitempty" mapstructure:"token_type"` + AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"` + UserLockoutConfig *UserLockoutConfigOutput `json:"user_lockout_config,omitempty"` // Deprecated: This field will always be blank for newer server responses. PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` } +type UserLockoutConfigInput struct { + LockoutThreshold string `json:"lockout_threshold,omitempty" structs:"lockout_threshold" mapstructure:"lockout_threshold"` + LockoutDuration string `json:"lockout_duration,omitempty" structs:"lockout_duration" mapstructure:"lockout_duration"` + LockoutCounterResetDuration string `json:"lockout_counter_reset_duration,omitempty" structs:"lockout_counter_reset_duration" mapstructure:"lockout_counter_reset_duration"` + DisableLockout *bool `json:"lockout_disable,omitempty" structs:"lockout_disable" mapstructure:"lockout_disable"` +} + +type UserLockoutConfigOutput struct { + LockoutThreshold uint `json:"lockout_threshold,omitempty" structs:"lockout_threshold" mapstructure:"lockout_threshold"` + LockoutDuration int `json:"lockout_duration,omitempty" structs:"lockout_duration" mapstructure:"lockout_duration"` + LockoutCounterReset int `json:"lockout_counter_reset,omitempty" structs:"lockout_counter_reset" mapstructure:"lockout_counter_reset"` + DisableLockout *bool `json:"disable_lockout,omitempty" structs:"disable_lockout" mapstructure:"disable_lockout"` +} + type MountMigrationOutput struct { MigrationID string `mapstructure:"migration_id"` } diff --git a/vendor/github.com/hashicorp/vault/api/sys_seal.go b/vendor/github.com/hashicorp/vault/api/sys_seal.go index c772ae0fc..0522f2a42 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_seal.go +++ b/vendor/github.com/hashicorp/vault/api/sys_seal.go @@ -93,22 +93,23 @@ func sealStatusRequestWithContext(ctx context.Context, c *Sys, r *Request) (*Sea } type SealStatusResponse struct { - Type string `json:"type"` - Initialized bool `json:"initialized"` - Sealed bool `json:"sealed"` - T int `json:"t"` - N int `json:"n"` - Progress int `json:"progress"` - Nonce string `json:"nonce"` - Version string `json:"version"` - BuildDate string `json:"build_date"` - Migration bool `json:"migration"` - ClusterName string `json:"cluster_name,omitempty"` - ClusterID string `json:"cluster_id,omitempty"` - RecoverySeal bool `json:"recovery_seal"` - StorageType string `json:"storage_type,omitempty"` - HCPLinkStatus string `json:"hcp_link_status,omitempty"` - HCPLinkResourceID string `json:"hcp_link_resource_ID,omitempty"` + Type string `json:"type"` + Initialized bool `json:"initialized"` + Sealed bool `json:"sealed"` + T int `json:"t"` + N int `json:"n"` + Progress int `json:"progress"` + Nonce string `json:"nonce"` + Version string `json:"version"` + BuildDate string `json:"build_date"` + Migration bool `json:"migration"` + ClusterName string `json:"cluster_name,omitempty"` + ClusterID string `json:"cluster_id,omitempty"` + RecoverySeal bool `json:"recovery_seal"` + StorageType string `json:"storage_type,omitempty"` + HCPLinkStatus string `json:"hcp_link_status,omitempty"` + HCPLinkResourceID string `json:"hcp_link_resource_ID,omitempty"` + Warnings []string `json:"warnings,omitempty"` } type UnsealOpts struct { diff --git a/vendor/github.com/hashicorp/vault/sdk/LICENSE b/vendor/github.com/hashicorp/vault/sdk/LICENSE index e87a115e4..f4f97ee58 100644 --- a/vendor/github.com/hashicorp/vault/sdk/LICENSE +++ b/vendor/github.com/hashicorp/vault/sdk/LICENSE @@ -1,3 +1,5 @@ +Copyright (c) 2015 HashiCorp, Inc. + Mozilla Public License, version 2.0 1. Definitions diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go b/vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go index 348c85f9d..eace1aafd 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go @@ -64,6 +64,20 @@ var SignatureAlgorithmNames = map[string]x509.SignatureAlgorithm{ "ed25519": x509.PureEd25519, // Duplicated for clarity; most won't expect the "Pure" prefix. } +// Mapping of constant values<->constant names for SignatureAlgorithm +var InvSignatureAlgorithmNames = map[x509.SignatureAlgorithm]string{ + x509.SHA256WithRSA: "SHA256WithRSA", + x509.SHA384WithRSA: "SHA384WithRSA", + x509.SHA512WithRSA: "SHA512WithRSA", + x509.ECDSAWithSHA256: "ECDSAWithSHA256", + x509.ECDSAWithSHA384: "ECDSAWithSHA384", + x509.ECDSAWithSHA512: "ECDSAWithSHA512", + x509.SHA256WithRSAPSS: "SHA256WithRSAPSS", + x509.SHA384WithRSAPSS: "SHA384WithRSAPSS", + x509.SHA512WithRSAPSS: "SHA512WithRSAPSS", + x509.PureEd25519: "Ed25519", +} + // OID for RFC 5280 Delta CRL Indicator CRL extension. // // > id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } @@ -86,13 +100,13 @@ func GetHexFormatted(buf []byte, sep string) string { func ParseHexFormatted(in, sep string) []byte { var ret bytes.Buffer var err error - var inBits int64 + var inBits uint64 inBytes := strings.Split(in, sep) for _, inByte := range inBytes { - if inBits, err = strconv.ParseInt(inByte, 16, 8); err != nil { + if inBits, err = strconv.ParseUint(inByte, 16, 8); err != nil { return nil } - ret.WriteByte(byte(inBits)) + ret.WriteByte(uint8(inBits)) } return ret.Bytes() } @@ -789,7 +803,7 @@ func CreateCertificateWithKeyGenerator(data *CreationBundle, randReader io.Reade return createCertificate(data, randReader, keyGenerator) } -// Set correct correct RSA sig algo +// Set correct RSA sig algo func certTemplateSetSigAlgo(certTemplate *x509.Certificate, data *CreationBundle) { if data.Params.UsePSS { switch data.Params.SignatureBits { @@ -812,6 +826,35 @@ func certTemplateSetSigAlgo(certTemplate *x509.Certificate, data *CreationBundle } } +// selectSignatureAlgorithmForRSA returns the proper x509.SignatureAlgorithm based on various properties set in the +// Creation Bundle parameter. This method will default to a SHA256 signature algorithm if the requested signature +// bits is not set/unknown. +func selectSignatureAlgorithmForRSA(data *CreationBundle) x509.SignatureAlgorithm { + if data.Params.UsePSS { + switch data.Params.SignatureBits { + case 256: + return x509.SHA256WithRSAPSS + case 384: + return x509.SHA384WithRSAPSS + case 512: + return x509.SHA512WithRSAPSS + default: + return x509.SHA256WithRSAPSS + } + } + + switch data.Params.SignatureBits { + case 256: + return x509.SHA256WithRSA + case 384: + return x509.SHA384WithRSA + case 512: + return x509.SHA512WithRSA + default: + return x509.SHA256WithRSA + } +} + func createCertificate(data *CreationBundle, randReader io.Reader, privateKeyGenerator KeyGenerator) (*ParsedCertBundle, error) { var err error result := &ParsedCertBundle{} @@ -878,7 +921,11 @@ func createCertificate(data *CreationBundle, randReader io.Reader, privateKeyGen var certBytes []byte if data.SigningBundle != nil { - switch data.SigningBundle.PrivateKeyType { + privateKeyType := data.SigningBundle.PrivateKeyType + if privateKeyType == ManagedPrivateKey { + privateKeyType = GetPrivateKeyTypeFromSigner(data.SigningBundle.PrivateKey) + } + switch privateKeyType { case RSAPrivateKey: certTemplateSetSigAlgo(certTemplate, data) case Ed25519PrivateKey: @@ -986,7 +1033,10 @@ func selectSignatureAlgorithmForECDSA(pub crypto.PublicKey, signatureBits int) x } } -var oidExtensionBasicConstraints = []int{2, 5, 29, 19} +var ( + oidExtensionBasicConstraints = []int{2, 5, 29, 19} + oidExtensionSubjectAltName = []int{2, 5, 29, 17} +) // CreateCSR creates a CSR with the default rand.Reader to // generate a cert/keypair. This is currently only meant @@ -1049,9 +1099,10 @@ func createCSR(data *CreationBundle, addBasicConstraints bool, randReader io.Rea switch data.Params.KeyType { case "rsa": - csrTemplate.SignatureAlgorithm = x509.SHA256WithRSA + // use specified RSA algorithm defaulting to the appropriate SHA256 RSA signature type + csrTemplate.SignatureAlgorithm = selectSignatureAlgorithmForRSA(data) case "ec": - csrTemplate.SignatureAlgorithm = x509.ECDSAWithSHA256 + csrTemplate.SignatureAlgorithm = selectSignatureAlgorithmForECDSA(result.PrivateKey.Public(), data.Params.SignatureBits) case "ed25519": csrTemplate.SignatureAlgorithm = x509.PureEd25519 } @@ -1067,6 +1118,10 @@ func createCSR(data *CreationBundle, addBasicConstraints bool, randReader io.Rea return nil, errutil.InternalError{Err: fmt.Sprintf("unable to parse created certificate: %v", err)} } + if err = result.CSR.CheckSignature(); err != nil { + return nil, errors.New("failed signature validation for CSR") + } + return result, nil } @@ -1127,7 +1182,12 @@ func signCertificate(data *CreationBundle, randReader io.Reader) (*ParsedCertBun certTemplate.NotBefore = time.Now().Add(-1 * data.Params.NotBeforeDuration) } - switch data.SigningBundle.PrivateKeyType { + privateKeyType := data.SigningBundle.PrivateKeyType + if privateKeyType == ManagedPrivateKey { + privateKeyType = GetPrivateKeyTypeFromSigner(data.SigningBundle.PrivateKey) + } + + switch privateKeyType { case RSAPrivateKey: certTemplateSetSigAlgo(certTemplate, data) case ECPrivateKey: @@ -1151,7 +1211,7 @@ func signCertificate(data *CreationBundle, randReader io.Reader) (*ParsedCertBun certTemplate.URIs = data.CSR.URIs for _, name := range data.CSR.Extensions { - if !name.Id.Equal(oidExtensionBasicConstraints) { + if !name.Id.Equal(oidExtensionBasicConstraints) && !(len(data.Params.OtherSANs) > 0 && name.Id.Equal(oidExtensionSubjectAltName)) { certTemplate.ExtraExtensions = append(certTemplate.ExtraExtensions, name) } } diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/certutil/types.go b/vendor/github.com/hashicorp/vault/sdk/helper/certutil/types.go index 03aba8499..15b816f0c 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/certutil/types.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/certutil/types.go @@ -148,16 +148,16 @@ type KeyBundle struct { } func GetPrivateKeyTypeFromSigner(signer crypto.Signer) PrivateKeyType { - switch signer.(type) { - case *rsa.PrivateKey: + // We look at the public key types to work-around limitations/typing of managed keys. + switch signer.Public().(type) { + case *rsa.PublicKey: return RSAPrivateKey - case *ecdsa.PrivateKey: + case *ecdsa.PublicKey: return ECPrivateKey - case ed25519.PrivateKey: + case ed25519.PublicKey: return Ed25519PrivateKey - default: - return UnknownPrivateKey } + return UnknownPrivateKey } // ToPEMBundle converts a string-based certificate bundle diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go b/vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go index 55be844e1..92207e3d8 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go @@ -4,7 +4,7 @@ package consts // endpoint. const AgentPathCacheClear = "/agent/v1/cache-clear" -// AgentPathMetrics is the path the the agent will use to expose its internal +// AgentPathMetrics is the path the agent will use to expose its internal // metrics. const AgentPathMetrics = "/agent/v1/metrics" diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go b/vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go index c431e2e59..a4b7c5040 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go @@ -34,4 +34,6 @@ const ( ReplicationResolverALPN = "replication_resolver_v1" VaultEnableFilePermissionsCheckEnv = "VAULT_ENABLE_FILE_PERMISSIONS_CHECK" + + VaultDisableUserLockout = "VAULT_DISABLE_USER_LOCKOUT" ) diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go b/vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go index 5591924a7..656d6cc99 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go @@ -1,6 +1,9 @@ package consts -const VaultAllowPendingRemovalMountsEnv = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS" +// EnvVaultAllowPendingRemovalMounts allows Pending Removal builtins to be +// mounted as if they are Deprecated to facilitate migration to supported +// builtin plugins. +const EnvVaultAllowPendingRemovalMounts = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS" // DeprecationStatus represents the current deprecation state for builtins type DeprecationStatus uint32 diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go b/vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go index 211a545e3..25de5a781 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go @@ -60,16 +60,13 @@ func ParseLogFormat(format string) (LogFormat, error) { case "json": return JSONFormat, nil default: - return UnspecifiedFormat, fmt.Errorf("Unknown log format: %s", format) + return UnspecifiedFormat, fmt.Errorf("unknown log format: %s", format) } } // ParseEnvLogFormat parses the log format from an environment variable. func ParseEnvLogFormat() LogFormat { logFormat := os.Getenv("VAULT_LOG_FORMAT") - if logFormat == "" { - logFormat = os.Getenv("LOGXI_FORMAT") - } switch strings.ToLower(logFormat) { case "json", "vault_json", "vault-json", "vaultjson": return JSONFormat diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.go b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.go index 9ebc78381..41316ec49 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.go @@ -2,6 +2,7 @@ package pluginutil import ( "context" + "errors" "fmt" "os" "strings" @@ -13,6 +14,8 @@ import ( "google.golang.org/grpc/status" ) +var ErrNoMultiplexingIDFound = errors.New("no multiplexing ID found") + type PluginMultiplexingServerImpl struct { UnimplementedPluginMultiplexingServer @@ -62,7 +65,9 @@ func GetMultiplexIDFromContext(ctx context.Context) (string, error) { } multiplexIDs := md[MultiplexingCtxKey] - if len(multiplexIDs) != 1 { + if len(multiplexIDs) == 0 { + return "", ErrNoMultiplexingIDFound + } else if len(multiplexIDs) != 1 { return "", fmt.Errorf("unexpected number of IDs in metadata: (%d)", len(multiplexIDs)) } diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go index d7073b10e..cfd463d6a 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.5 +// protoc v3.21.9 // source: sdk/helper/pluginutil/multiplexing.proto package pluginutil diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go index 3eb8fb2b2..f344ca979 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go @@ -10,7 +10,6 @@ import ( log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-plugin" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/version" ) type PluginClientConfig struct { @@ -46,7 +45,11 @@ func (rc runConfig) makeConfig(ctx context.Context) (*plugin.ClientConfig, error if rc.MLock || (rc.Wrapper != nil && rc.Wrapper.MlockEnabled()) { cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMlockEnabled, "true")) } - cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version.GetVersion().Version)) + version, err := rc.Wrapper.VaultVersion(ctx) + if err != nil { + return nil, err + } + cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version)) if rc.IsMetadataMode { rc.Logger = rc.Logger.With("metadata", "true") diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go index 631c4f3a2..886efe21f 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go @@ -27,6 +27,7 @@ type RunnerUtil interface { NewPluginClient(ctx context.Context, config PluginClientConfig) (PluginClient, error) ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error) MlockEnabled() bool + VaultVersion(ctx context.Context) (string, error) } // LookRunnerUtil defines the functions for both Looker and Wrapper diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/error.go b/vendor/github.com/hashicorp/vault/sdk/logical/error.go index 02f68dd91..68c8e1373 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/error.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/error.go @@ -17,6 +17,11 @@ var ( // ErrPermissionDenied is returned if the client is not authorized ErrPermissionDenied = errors.New("permission denied") + // ErrInvalidCredentials is returned when the provided credentials are incorrect + // This is used internally for user lockout purposes. This is not seen externally. + // The status code returned does not change because of this error + ErrInvalidCredentials = errors.New("invalid credentials") + // ErrMultiAuthzPending is returned if the the request needs more // authorizations ErrMultiAuthzPending = errors.New("request needs further approval") diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go b/vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go index 6c1c4b2c9..42c722afe 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.5 +// protoc v3.21.9 // source: sdk/logical/identity.proto package logical diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go b/vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go index e892c9cce..6f642ad57 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go @@ -34,9 +34,11 @@ type ManagedKey interface { } type ( - ManagedKeyConsumer func(context.Context, ManagedKey) error - ManagedSigningKeyConsumer func(context.Context, ManagedSigningKey) error - ManagedEncryptingKeyConsumer func(context.Context, ManagedEncryptingKey) error + ManagedKeyConsumer func(context.Context, ManagedKey) error + ManagedSigningKeyConsumer func(context.Context, ManagedSigningKey) error + ManagedEncryptingKeyConsumer func(context.Context, ManagedEncryptingKey) error + ManagedMACKeyConsumer func(context.Context, ManagedMACKey) error + ManagedKeyRandomSourceConsumer func(context.Context, ManagedKeyRandomSource) error ) type ManagedKeySystemView interface { @@ -59,6 +61,12 @@ type ManagedKeySystemView interface { // WithManagedSigningKeyByUUID retrieves an instantiated managed signing key for consumption by the given function, // with the same semantics as WithManagedKeyByUUID WithManagedEncryptingKeyByUUID(ctx context.Context, keyUuid, backendUUID string, f ManagedEncryptingKeyConsumer) error + // WithManagedMACKeyByName retrieves an instantiated managed MAC key by name for consumption by the given function, + // with the same semantics as WithManagedKeyByName. + WithManagedMACKeyByName(ctx context.Context, keyName, backendUUID string, f ManagedMACKeyConsumer) error + // WithManagedMACKeyByUUID retrieves an instantiated managed MAC key by UUID for consumption by the given function, + // with the same semantics as WithManagedKeyByUUID. + WithManagedMACKeyByUUID(ctx context.Context, keyUUID, backendUUID string, f ManagedMACKeyConsumer) error } type ManagedAsymmetricKey interface { @@ -95,3 +103,17 @@ type ManagedEncryptingKey interface { ManagedKey GetAEAD(iv []byte) (cipher.AEAD, error) } + +type ManagedMACKey interface { + ManagedKey + + // MAC generates a MAC tag using the provided algorithm for the provided value. + MAC(ctx context.Context, algorithm string, data []byte) ([]byte, error) +} + +type ManagedKeyRandomSource interface { + ManagedKey + + // GetRandomBytes returns a number (specified by the count parameter) of random bytes sourced from the target managed key. + GetRandomBytes(ctx context.Context, count int) ([]byte, error) +} diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go b/vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go index 03be5d3cb..f3a9ec52c 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.5 +// protoc v3.21.9 // source: sdk/logical/plugin.proto package logical diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/response.go b/vendor/github.com/hashicorp/vault/sdk/logical/response.go index 19194f524..0f8a2210e 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/response.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/response.go @@ -92,7 +92,8 @@ func (r *Response) AddWarning(warning string) { // IsError returns true if this response seems to indicate an error. func (r *Response) IsError() bool { - return r != nil && r.Data != nil && len(r.Data) == 1 && r.Data["error"] != nil + // If the response data contains only an 'error' element, or an 'error' and a 'data' element only + return r != nil && r.Data != nil && r.Data["error"] != nil && (len(r.Data) == 1 || (r.Data["data"] != nil && len(r.Data) == 2)) } func (r *Response) Error() error { diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/response_util.go b/vendor/github.com/hashicorp/vault/sdk/logical/response_util.go index 7454189f1..4a9f61d56 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/response_util.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/response_util.go @@ -122,6 +122,8 @@ func RespondErrorCommon(req *Request, resp *Response, err error) (int, error) { statusCode = http.StatusNotFound case errwrap.Contains(err, ErrRelativePath.Error()): statusCode = http.StatusBadRequest + case errwrap.Contains(err, ErrInvalidCredentials.Error()): + statusCode = http.StatusBadRequest } } @@ -180,3 +182,23 @@ func RespondError(w http.ResponseWriter, status int, err error) { enc := json.NewEncoder(w) enc.Encode(resp) } + +func RespondErrorAndData(w http.ResponseWriter, status int, data interface{}, err error) { + AdjustErrorStatusCode(&status, err) + + w.Header().Set("Content-Type", "application/json") + w.WriteHeader(status) + + type ErrorAndDataResponse struct { + Errors []string `json:"errors"` + Data interface{} `json:"data""` + } + resp := &ErrorAndDataResponse{Errors: make([]string, 0, 1)} + if err != nil { + resp.Errors = append(resp.Errors, err.Error()) + } + resp.Data = data + + enc := json.NewEncoder(w) + enc.Encode(resp) +} diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/system_view.go b/vendor/github.com/hashicorp/vault/sdk/logical/system_view.go index 4e5627b1c..fc7f30a7f 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/system_view.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/system_view.go @@ -83,6 +83,9 @@ type SystemView interface { // PluginEnv returns Vault environment information used by plugins PluginEnv(context.Context) (*PluginEnvironment, error) + // VaultVersion returns the version string for the currently running Vault. + VaultVersion(context.Context) (string, error) + // GeneratePasswordFromPolicy generates a password from the policy referenced. // If the policy does not exist, this will return an error. GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error) @@ -113,9 +116,9 @@ type StaticSystemView struct { EntityVal *Entity GroupsVal []*Group Features license.Features - VaultVersion string PluginEnvironment *PluginEnvironment PasswordPolicies map[string]PasswordGenerator + VersionString string } type noopAuditor struct{} @@ -204,6 +207,10 @@ func (d StaticSystemView) PluginEnv(_ context.Context) (*PluginEnvironment, erro return d.PluginEnvironment, nil } +func (d StaticSystemView) VaultVersion(_ context.Context) (string, error) { + return d.VersionString, nil +} + func (d StaticSystemView) GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error) { select { case <-ctx.Done(): diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/testing.go b/vendor/github.com/hashicorp/vault/sdk/logical/testing.go index 765f09826..8cb41e2e7 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/testing.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/testing.go @@ -73,6 +73,7 @@ func TestSystemView() *StaticSystemView { return &StaticSystemView{ DefaultLeaseTTLVal: defaultLeaseTTLVal, MaxLeaseTTLVal: maxLeaseTTLVal, + VersionString: "testVersionString", } } diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go b/vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go index 7845aeaf5..fb3ce8121 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.5 +// protoc v3.21.9 // source: sdk/logical/version.proto package logical diff --git a/vendor/github.com/hashicorp/vault/sdk/physical/cache.go b/vendor/github.com/hashicorp/vault/sdk/physical/cache.go index ffac33189..af40f5385 100644 --- a/vendor/github.com/hashicorp/vault/sdk/physical/cache.go +++ b/vendor/github.com/hashicorp/vault/sdk/physical/cache.go @@ -29,7 +29,6 @@ var cacheExceptionsPaths = []string{ "sys/expire/", "core/poison-pill", "core/raft/tls", - "core/license", } // CacheRefreshContext returns a context with an added value denoting if the diff --git a/vendor/github.com/hashicorp/vault/sdk/version/cgo.go b/vendor/github.com/hashicorp/vault/sdk/version/cgo.go deleted file mode 100644 index 5bc93e5bf..000000000 --- a/vendor/github.com/hashicorp/vault/sdk/version/cgo.go +++ /dev/null @@ -1,7 +0,0 @@ -//go:build cgo - -package version - -func init() { - CgoEnabled = true -} diff --git a/vendor/github.com/hashicorp/vault/sdk/version/version.go b/vendor/github.com/hashicorp/vault/sdk/version/version.go deleted file mode 100644 index 78b8eb829..000000000 --- a/vendor/github.com/hashicorp/vault/sdk/version/version.go +++ /dev/null @@ -1,80 +0,0 @@ -package version - -import ( - "bytes" - "fmt" -) - -// VersionInfo -type VersionInfo struct { - Revision string `json:"revision,omitempty"` - Version string `json:"version,omitempty"` - VersionPrerelease string `json:"version_prerelease,omitempty"` - VersionMetadata string `json:"version_metadata,omitempty"` - BuildDate string `json:"build_date,omitempty"` -} - -func GetVersion() *VersionInfo { - ver := Version - rel := VersionPrerelease - md := VersionMetadata - if GitDescribe != "" { - ver = GitDescribe - } - if GitDescribe == "" && rel == "" && VersionPrerelease != "" { - rel = "dev" - } - - return &VersionInfo{ - Revision: GitCommit, - Version: ver, - VersionPrerelease: rel, - VersionMetadata: md, - BuildDate: BuildDate, - } -} - -func (c *VersionInfo) VersionNumber() string { - if Version == "unknown" && VersionPrerelease == "unknown" { - return "(version unknown)" - } - - version := c.Version - - if c.VersionPrerelease != "" { - version = fmt.Sprintf("%s-%s", version, c.VersionPrerelease) - } - - if c.VersionMetadata != "" { - version = fmt.Sprintf("%s+%s", version, c.VersionMetadata) - } - - return version -} - -func (c *VersionInfo) FullVersionNumber(rev bool) string { - var versionString bytes.Buffer - - if Version == "unknown" && VersionPrerelease == "unknown" { - return "Vault (version unknown)" - } - - fmt.Fprintf(&versionString, "Vault v%s", c.Version) - if c.VersionPrerelease != "" { - fmt.Fprintf(&versionString, "-%s", c.VersionPrerelease) - } - - if c.VersionMetadata != "" { - fmt.Fprintf(&versionString, "+%s", c.VersionMetadata) - } - - if rev && c.Revision != "" { - fmt.Fprintf(&versionString, " (%s)", c.Revision) - } - - if c.BuildDate != "" { - fmt.Fprintf(&versionString, ", built %s", c.BuildDate) - } - - return versionString.String() -} diff --git a/vendor/github.com/hashicorp/vault/sdk/version/version_base.go b/vendor/github.com/hashicorp/vault/sdk/version/version_base.go deleted file mode 100644 index ebbc418e7..000000000 --- a/vendor/github.com/hashicorp/vault/sdk/version/version_base.go +++ /dev/null @@ -1,17 +0,0 @@ -package version - -var ( - // The git commit that was compiled. This will be filled in by the compiler. - GitCommit string - GitDescribe string - - // The compilation date. This will be filled in by the compiler. - BuildDate string - - // Whether cgo is enabled or not; set at build time - CgoEnabled bool - - Version = "1.12.0" - VersionPrerelease = "dev1" - VersionMetadata = "" -) diff --git a/vendor/modules.txt b/vendor/modules.txt index 3d5607ff4..501bcf297 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -329,10 +329,10 @@ github.com/hashicorp/hcl/json/token ## explicit; go 1.13 github.com/hashicorp/vault/command/agent/auth github.com/hashicorp/vault/command/agent/auth/kubernetes -# github.com/hashicorp/vault/api v1.8.2 +# github.com/hashicorp/vault/api v1.8.3 ## explicit; go 1.19 github.com/hashicorp/vault/api -# github.com/hashicorp/vault/sdk v0.6.0 +# github.com/hashicorp/vault/sdk v0.7.0 ## explicit; go 1.19 github.com/hashicorp/vault/sdk/helper/certutil github.com/hashicorp/vault/sdk/helper/compressutil @@ -351,7 +351,6 @@ github.com/hashicorp/vault/sdk/helper/wrapping github.com/hashicorp/vault/sdk/logical github.com/hashicorp/vault/sdk/physical github.com/hashicorp/vault/sdk/physical/inmem -github.com/hashicorp/vault/sdk/version # github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d ## explicit github.com/hashicorp/yamux