diff --git a/go.mod b/go.mod index 239b9de48..241a2dc8c 100644 --- a/go.mod +++ b/go.mod @@ -12,7 +12,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azsecrets v1.3.1 github.com/IBM/keyprotect-go-client v0.15.1 github.com/aws/aws-sdk-go v1.55.7 - github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 + github.com/aws/aws-sdk-go-v2/service/sts v1.33.20 github.com/ceph/ceph-csi/api v0.0.0-00010101000000-000000000000 github.com/ceph/go-ceph v0.33.0 github.com/container-storage-interface/spec v1.11.0 @@ -23,10 +23,10 @@ require ( github.com/google/fscrypt v0.3.6-0.20240502174735-068b9f8f5dec github.com/google/uuid v1.6.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 - github.com/hashicorp/vault/api v1.16.0 + github.com/hashicorp/vault/api v1.20.0 github.com/kubernetes-csi/csi-lib-utils v0.22.0 github.com/libopenstorage/secrets v0.0.0-20231011182615-5f4b25ceede1 - github.com/pkg/xattr v0.4.10 + github.com/pkg/xattr v0.4.11 github.com/prometheus/client_golang v1.22.0 github.com/stretchr/testify v1.10.0 go.uber.org/automaxprocs v1.6.0 @@ -106,7 +106,7 @@ require ( github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.2 // indirect - github.com/hashicorp/hcl v1.0.1-vault-5 // indirect + github.com/hashicorp/hcl v1.0.1-vault-7 // indirect github.com/hashicorp/vault/api/auth/approle v0.5.0 // indirect github.com/hashicorp/vault/api/auth/kubernetes v0.5.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/go.sum b/go.sum index 79f3aed8d..5d5afb90c 100644 --- a/go.sum +++ b/go.sum @@ -116,8 +116,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3 h1:eAh2A4b github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.3/go.mod h1:0yKJC/kb8sAnmlYa6Zs3QVYqaC8ug2AbnNChv5Ox3uA= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 h1:dM9/92u2F1JbDaGooxTq18wmmFzbJRfXfVfy96/1CXM= github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15/go.mod h1:SwFBy2vjtA0vZbjjaFtfN045boopadnoVPhu4Fv66vY= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 h1:1XuUZ8mYJw9B6lzAkXhqHlJd/XvaX32evhproijJEZY= -github.com/aws/aws-sdk-go-v2/service/sts v1.33.19/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.20 h1:oIaQ1e17CSKaWmUTu62MtraRWVIosn/iONMuZt0gbqc= +github.com/aws/aws-sdk-go-v2/service/sts v1.33.20/go.mod h1:cQnB8CUnxbMU82JvlqjKR2HBOm3fe9pWorWBza6MBJ4= github.com/aws/smithy-go v1.22.3 h1:Z//5NuZCSW6R4PhQ93hShNbyBbn8BWCmCVCt+Q8Io5k= github.com/aws/smithy-go v1.22.3/go.mod h1:t1ufH5HMublsJYulve2RKmHDC15xu1f26kHCp/HgceI= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= @@ -412,11 +412,12 @@ github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjG github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/hashicorp/hcl v1.0.1-vault-7 h1:ag5OxFVy3QYTFTJODRzTKVZ6xvdfLLCA1cy/Y6xGI0I= +github.com/hashicorp/hcl v1.0.1-vault-7/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.10.0/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= -github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4= -github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA= +github.com/hashicorp/vault/api v1.20.0 h1:KQMHElgudOsr+IbJgmbjHnCTxEpKs9LnozA1D3nozU4= +github.com/hashicorp/vault/api v1.20.0/go.mod h1:GZ4pcjfzoOWpkJ3ijHNpEoAxKEsBJnVljyTe3jM2Sms= github.com/hashicorp/vault/api/auth/approle v0.5.0 h1:a1TK6VGwYqSAfkmX4y4dJ4WBxMU5dStIZqScW4EPXR8= github.com/hashicorp/vault/api/auth/approle v0.5.0/go.mod h1:CHOQIA1AZACfjTzHggmyfiOZ+xCSKNRFqe48FTCzH0k= github.com/hashicorp/vault/api/auth/kubernetes v0.5.0 h1:CXO0fD7M3iCGovP/UApeHhPcH4paDFKcu7AjEXi94rI= @@ -580,8 +581,8 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/xattr v0.4.10 h1:Qe0mtiNFHQZ296vRgUjRCoPHPqH7VdTOrZx3g0T+pGA= -github.com/pkg/xattr v0.4.10/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU= +github.com/pkg/xattr v0.4.11 h1:DA7usy0rTMNMGvm06b5LhZUwiPj708D89S8DkXpMB1E= +github.com/pkg/xattr v0.4.11/go.mod h1:di8WF84zAKk8jzR1UBTEWh9AUlIZZ7M/JNt8e9B6ktU= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md index 6656137c7..dc3d12761 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/CHANGELOG.md @@ -1,3 +1,7 @@ +# v1.33.20 (2025-06-06) + +* No change notes available for this release. + # v1.33.19 (2025-04-10) * No change notes available for this release. diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go index a984a2a6d..44e2944a5 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/go_module_metadata.go @@ -3,4 +3,4 @@ package sts // goModuleVersion is the tagged release for this module -const goModuleVersion = "1.33.19" +const goModuleVersion = "1.33.20" diff --git a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go index 8ee3eed85..3dfa51e5f 100644 --- a/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go +++ b/vendor/github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints/endpoints.go @@ -147,6 +147,9 @@ var defaultPartitions = endpoints.Partitions{ endpoints.EndpointKey{ Region: "ap-east-1", }: endpoints.Endpoint{}, + endpoints.EndpointKey{ + Region: "ap-east-2", + }: endpoints.Endpoint{}, endpoints.EndpointKey{ Region: "ap-northeast-1", }: endpoints.Endpoint{}, diff --git a/vendor/github.com/hashicorp/hcl/decoder.go b/vendor/github.com/hashicorp/hcl/decoder.go index d9a00f21d..39e56f222 100644 --- a/vendor/github.com/hashicorp/hcl/decoder.go +++ b/vendor/github.com/hashicorp/hcl/decoder.go @@ -24,7 +24,18 @@ var ( // Unmarshal accepts a byte slice as input and writes the // data to the value pointed to by v. func Unmarshal(bs []byte, v interface{}) error { - root, err := parse(bs) + root, err := parse(bs, false) + if err != nil { + return err + } + + return DecodeObject(v, root) +} + +// UnmarshalErrorOnDuplicates accepts a byte slice as input and writes the +// data to the value pointed to by v but errors on duplicate attribute key. +func UnmarshalErrorOnDuplicates(bs []byte, v interface{}) error { + root, err := parse(bs, true) if err != nil { return err } @@ -35,7 +46,19 @@ func Unmarshal(bs []byte, v interface{}) error { // Decode reads the given input and decodes it into the structure // given by `out`. func Decode(out interface{}, in string) error { - obj, err := Parse(in) + return decode(out, in, false) +} + +// DecodeErrorOnDuplicates reads the given input and decodes it into the structure but errrors on duplicate attribute key +// given by `out`. +func DecodeErrorOnDuplicates(out interface{}, in string) error { + return decode(out, in, true) +} + +// decode reads the given input and decodes it into the structure given by `out`. +// takes in a boolean to determine if it should error on duplicate attribute +func decode(out interface{}, in string, errorOnDuplicateAtributes bool) error { + obj, err := parse([]byte(in), errorOnDuplicateAtributes) if err != nil { return err } @@ -393,10 +416,16 @@ func (d *decoder) decodeMap(name string, node ast.Node, result reflect.Value) er // Set the final map if we can set.Set(resultMap) + return nil } func (d *decoder) decodePtr(name string, node ast.Node, result reflect.Value) error { + // if pointer is not nil, decode into existing value + if !result.IsNil() { + return d.decode(name, node, result.Elem()) + } + // Create an element of the concrete (non pointer) type and decode // into that. Then set the value of the pointer to this type. resultType := result.Type() diff --git a/vendor/github.com/hashicorp/hcl/hcl/parser/parser.go b/vendor/github.com/hashicorp/hcl/hcl/parser/parser.go index 64c83bcfb..0f5d929c6 100644 --- a/vendor/github.com/hashicorp/hcl/hcl/parser/parser.go +++ b/vendor/github.com/hashicorp/hcl/hcl/parser/parser.go @@ -27,22 +27,35 @@ type Parser struct { enableTrace bool indent int n int // buffer size (max = 1) + + errorOnDuplicateKeys bool } -func newParser(src []byte) *Parser { +func newParser(src []byte, errorOnDuplicateKeys bool) *Parser { return &Parser{ - sc: scanner.New(src), + sc: scanner.New(src), + errorOnDuplicateKeys: errorOnDuplicateKeys, } } // Parse returns the fully parsed source and returns the abstract syntax tree. func Parse(src []byte) (*ast.File, error) { + return parse(src, true) +} + +// Parse returns the fully parsed source and returns the abstract syntax tree. +func ParseDontErrorOnDuplicateKeys(src []byte) (*ast.File, error) { + return parse(src, false) +} + +// Parse returns the fully parsed source and returns the abstract syntax tree. +func parse(src []byte, errorOnDuplicateKeys bool) (*ast.File, error) { // normalize all line endings // since the scanner and output only work with "\n" line endings, we may // end up with dangling "\r" characters in the parsed data. src = bytes.Replace(src, []byte("\r\n"), []byte("\n"), -1) - p := newParser(src) + p := newParser(src, errorOnDuplicateKeys) return p.Parse() } @@ -65,6 +78,7 @@ func (p *Parser) Parse() (*ast.File, error) { } f.Comments = p.comments + return f, nil } @@ -76,6 +90,7 @@ func (p *Parser) objectList(obj bool) (*ast.ObjectList, error) { defer un(trace(p, "ParseObjectList")) node := &ast.ObjectList{} + seenKeys := map[string]struct{}{} for { if obj { tok := p.scan() @@ -83,11 +98,29 @@ func (p *Parser) objectList(obj bool) (*ast.ObjectList, error) { if tok.Type == token.RBRACE { break } + } n, err := p.objectItem() + if err == errEofToken { break // we are finished + } else if err != nil { + return nil, err + } + + if n.Assign.String() != "-" { + for _, key := range n.Keys { + if !p.errorOnDuplicateKeys { + break + } + _, ok := seenKeys[key.Token.Text] + if ok { + return nil, errors.New(fmt.Sprintf("The argument %q at %s was already set. Each argument can only be defined once", key.Token.Text, key.Token.Pos.String())) + + } + seenKeys[key.Token.Text] = struct{}{} + } } // we don't return a nil node, because might want to use already @@ -324,6 +357,8 @@ func (p *Parser) objectType() (*ast.ObjectType, error) { // not a RBRACE, it's an syntax error and we just return it. if err != nil && p.tok.Type != token.RBRACE { return nil, err + } else if err != nil { + return nil, err } // No error, scan and expect the ending to be a brace @@ -365,6 +400,7 @@ func (p *Parser) listType() (*ast.ListType, error) { } switch tok.Type { case token.BOOL, token.NUMBER, token.FLOAT, token.STRING, token.HEREDOC: + node, err := p.literalType() if err != nil { return nil, err diff --git a/vendor/github.com/hashicorp/hcl/parse.go b/vendor/github.com/hashicorp/hcl/parse.go index 1fca53c4c..f4cc1255e 100644 --- a/vendor/github.com/hashicorp/hcl/parse.go +++ b/vendor/github.com/hashicorp/hcl/parse.go @@ -12,17 +12,20 @@ import ( // // Input can be either JSON or HCL func ParseBytes(in []byte) (*ast.File, error) { - return parse(in) + return parse(in, true) } // ParseString accepts input as a string and returns ast tree. func ParseString(input string) (*ast.File, error) { - return parse([]byte(input)) + return parse([]byte(input), true) } -func parse(in []byte) (*ast.File, error) { +func parse(in []byte, errorOnDuplicateKeys bool) (*ast.File, error) { switch lexMode(in) { case lexModeHcl: + if !errorOnDuplicateKeys { + return hclParser.ParseDontErrorOnDuplicateKeys(in) + } return hclParser.Parse(in) case lexModeJson: return jsonParser.Parse(in) @@ -35,5 +38,5 @@ func parse(in []byte) (*ast.File, error) { // // The input format can be either HCL or JSON. func Parse(input string) (*ast.File, error) { - return parse([]byte(input)) + return parse([]byte(input), true) } diff --git a/vendor/github.com/hashicorp/vault/api/hcl_dup_attr_deprecation.go b/vendor/github.com/hashicorp/vault/api/hcl_dup_attr_deprecation.go new file mode 100644 index 000000000..49fb203f2 --- /dev/null +++ b/vendor/github.com/hashicorp/vault/api/hcl_dup_attr_deprecation.go @@ -0,0 +1,25 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package api + +import ( + "strings" + + "github.com/hashicorp/hcl" + "github.com/hashicorp/hcl/hcl/ast" + hclParser "github.com/hashicorp/hcl/hcl/parser" +) + +// parseAndCheckForDuplicateHclAttributes parses the input JSON/HCL file and if it is HCL it also checks +// for duplicate keys in the HCL file, allowing callers to handle the issue accordingly. In a future release we'll +// change the behavior to treat duplicate keys as an error and eventually remove this helper altogether. +// TODO (HCL_DUP_KEYS_DEPRECATION): remove once not used anymore +func parseAndCheckForDuplicateHclAttributes(input string) (res *ast.File, duplicate bool, err error) { + res, err = hcl.Parse(input) + if err != nil && strings.Contains(err.Error(), "Each argument can only be defined once") { + duplicate = true + res, err = hclParser.ParseDontErrorOnDuplicateKeys([]byte(input)) + } + return res, duplicate, err +} diff --git a/vendor/github.com/hashicorp/vault/api/logical.go b/vendor/github.com/hashicorp/vault/api/logical.go index 068e9068f..bddb8b076 100644 --- a/vendor/github.com/hashicorp/vault/api/logical.go +++ b/vendor/github.com/hashicorp/vault/api/logical.go @@ -64,6 +64,12 @@ func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret, return c.ReadWithDataWithContext(context.Background(), path, data) } +// ReadFromSnapshot reads the data at the given Vault path from a previously +// loaded snapshot. The snapshotID parameter is the ID of the loaded snapshot +func (c *Logical) ReadFromSnapshot(path string, snapshotID string) (*Secret, error) { + return c.ReadWithData(path, map[string][]string{"read_snapshot_id": {snapshotID}}) +} + func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Secret, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() @@ -104,6 +110,10 @@ func (c *Logical) ReadRawWithData(path string, data map[string][]string) (*Respo return c.ReadRawWithDataWithContext(context.Background(), path, data) } +func (c *Logical) ReadRawFromSnapshot(path string, snapshotID string) (*Response, error) { + return c.ReadRawWithDataWithContext(context.Background(), path, map[string][]string{"read_snapshot_id": {snapshotID}}) +} + // ReadRawWithDataWithContext attempts to read the value stored at the given // Vault path (without '/v1/' prefix) and returns a raw *http.Response. The 'data' // map is added as query parameters to the request. @@ -160,15 +170,26 @@ func (c *Logical) readRawWithDataWithContext(ctx context.Context, path string, d return c.c.RawRequestWithContext(ctx, r) } +// ListFromSnapshot lists from the Vault path using a previously loaded +// snapshot. The snapshotID parameter is the ID of the loaded snapshot +func (c *Logical) ListFromSnapshot(path string, snapshotID string) (*Secret, error) { + r := c.c.NewRequest("LIST", "/v1/"+path) + r.Params.Set("read_snapshot_id", snapshotID) + return c.list(context.Background(), r) +} + func (c *Logical) List(path string) (*Secret, error) { return c.ListWithContext(context.Background(), path) } func (c *Logical) ListWithContext(ctx context.Context, path string) (*Secret, error) { + return c.list(ctx, c.c.NewRequest("LIST", "/v1/"+path)) +} + +func (c *Logical) list(ctx context.Context, r *Request) (*Secret, error) { ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) defer cancelFunc() - r := c.c.NewRequest("LIST", "/v1/"+path) // Set this for broader compatibility, but we use LIST above to be able to // handle the wrapping lookup function r.Method = http.MethodGet @@ -223,6 +244,14 @@ func (c *Logical) WriteRawWithContext(ctx context.Context, path string, data []b return c.writeRaw(ctx, r) } +// Recover recovers the data at the given Vault path from a loaded snapshot. +// The snapshotID parameter is the ID of the loaded snapshot +func (c *Logical) Recover(ctx context.Context, path string, snapshotID string) (*Secret, error) { + r := c.c.NewRequest(http.MethodPut, "/v1/"+path) + r.Params.Set("recover_snapshot_id", snapshotID) + return c.write(ctx, path, r) +} + func (c *Logical) JSONMergePatch(ctx context.Context, path string, data map[string]interface{}) (*Secret, error) { r := c.c.NewRequest(http.MethodPatch, "/v1/"+path) r.Headers.Set("Content-Type", "application/merge-patch+json") diff --git a/vendor/github.com/hashicorp/vault/api/ssh_agent.go b/vendor/github.com/hashicorp/vault/api/ssh_agent.go index e61503772..8ee88de96 100644 --- a/vendor/github.com/hashicorp/vault/api/ssh_agent.go +++ b/vendor/github.com/hashicorp/vault/api/ssh_agent.go @@ -150,7 +150,9 @@ func LoadSSHHelperConfig(path string) (*SSHHelperConfig, error) { // ParseSSHHelperConfig parses the given contents as a string for the SSHHelper // configuration. func ParseSSHHelperConfig(contents string) (*SSHHelperConfig, error) { - root, err := hcl.Parse(string(contents)) + // TODO (HCL_DUP_KEYS_DEPRECATION): replace with simple call to hcl.Parse once deprecation of duplicate attributes + // is over, for now just ignore duplicates + root, _, err := parseAndCheckForDuplicateHclAttributes(contents) if err != nil { return nil, errwrap.Wrapf("error parsing config: {{err}}", err) } diff --git a/vendor/github.com/hashicorp/vault/api/sys_raft.go b/vendor/github.com/hashicorp/vault/api/sys_raft.go index f0e896271..07e764ccf 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_raft.go +++ b/vendor/github.com/hashicorp/vault/api/sys_raft.go @@ -13,6 +13,7 @@ import ( "io" "io/ioutil" "net/http" + "net/url" "sync" "time" @@ -443,3 +444,75 @@ func (c *Sys) PutRaftAutopilotConfigurationWithContext(ctx context.Context, opts return nil } + +// RaftLoadLocalSnapshot wraps RaftLoadLocalSnapshotWithContext using context.Background. +func (c *Sys) RaftLoadLocalSnapshot(snapReader io.Reader) (*Secret, error) { + return c.RaftLoadLocalSnapshotWithContext(context.Background(), snapReader) +} + +// RaftLoadLocalSnapshotWithContext loads a snapshot into the raft cluster. +// It accepts a reader that reads the snapshot file data. +func (c *Sys) RaftLoadLocalSnapshotWithContext(ctx context.Context, snapReader io.Reader) (*Secret, error) { + ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) + defer cancelFunc() + + r := c.c.NewRequest(http.MethodPost, "/v1/sys/storage/raft/snapshot-load") + r.Body = snapReader + + resp, err := c.c.rawRequestWithContext(ctx, r) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + return ParseSecret(resp.Body) +} + +// RaftLoadCloudSnapshot wraps RaftLoadCloudSnapshotWithContext using context.Background. +func (c *Sys) RaftLoadCloudSnapshot(name string, url *url.URL) (*Secret, error) { + return c.RaftLoadCloudSnapshotWithContext(context.Background(), name, url) +} + +// RaftLoadCloudSnapshotWithContext loads a snapshot from cloud storage into the raft cluster. +// It accepts a name for the cloud auto snapshot configuration and a URL to the snapshot location in cloud storage. +func (c *Sys) RaftLoadCloudSnapshotWithContext(ctx context.Context, name string, url *url.URL) (*Secret, error) { + ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) + defer cancelFunc() + + r := c.c.NewRequest(http.MethodPost, "/v1/sys/storage/raft/snapshot-auto/snapshot-load/"+name) + if err := r.SetJSONBody(map[string]interface{}{ + "url": url.String(), + }); err != nil { + return nil, err + } + + resp, err := c.c.rawRequestWithContext(ctx, r) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + return ParseSecret(resp.Body) +} + +// RaftUnloadSnapshot wraps RaftUnloadSnapshotWithContext using context.Background. +func (c *Sys) RaftUnloadSnapshot(snapID string) (*Secret, error) { + return c.RaftUnloadSnapshotWithContext(context.Background(), snapID) +} + +// RaftUnloadSnapshotWithContext unloads a snapshot from the raft cluster. +// It accepts a snapshot ID to identify the snapshot to be unloaded. +func (c *Sys) RaftUnloadSnapshotWithContext(ctx context.Context, snapID string) (*Secret, error) { + ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) + defer cancelFunc() + + r := c.c.NewRequest(http.MethodDelete, "/v1/sys/storage/raft/snapshot-load/"+snapID) + + resp, err := c.c.rawRequestWithContext(ctx, r) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + return ParseSecret(resp.Body) +} diff --git a/vendor/github.com/hashicorp/vault/api/sys_utilization_report.go b/vendor/github.com/hashicorp/vault/api/sys_utilization_report.go new file mode 100644 index 000000000..2a1ffcc6b --- /dev/null +++ b/vendor/github.com/hashicorp/vault/api/sys_utilization_report.go @@ -0,0 +1,93 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: MPL-2.0 + +package api + +import ( + "context" + "errors" + "net/http" + + "github.com/mitchellh/mapstructure" +) + +func (c *Sys) UtilizationReport() (*UtilizationReportOutput, error) { + return c.UtilizationReportWithContext(context.Background()) +} + +func (c *Sys) UtilizationReportWithContext(ctx context.Context) (*UtilizationReportOutput, error) { + ctx, cancelFunc := c.c.withConfiguredTimeout(ctx) + defer cancelFunc() + + r := c.c.NewRequest(http.MethodGet, "/v1/sys/utilization-report") + + resp, err := c.c.rawRequestWithContext(ctx, r) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + secret, err := ParseSecret(resp.Body) + if err != nil { + return nil, err + } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + + var result UtilizationReportOutput + err = mapstructure.Decode(secret.Data, &result) + if err != nil { + return nil, err + } + + return &result, err +} + +type UtilizationReportOutput struct { + Namespaces int `json:"namespaces,omitempty" structs:"namespaces" mapstructure:"namespaces"` + + KVV1Secrets int `json:"kvv1_secrets,omitempty" structs:"kvv1_secrets" mapstructure:"kvv1_secrets"` + KVV2Secrets int `json:"kvv2_secrets,omitempty" structs:"kvv2_secrets" mapstructure:"kvv2_secrets"` + + AuthMethods map[string]int `json:"auth_methods,omitempty" structs:"auth_methods" mapstructure:"auth_methods"` + SecretEngines map[string]int `json:"secret_engines,omitempty" structs:"secret_engines" mapstructure:"secret_engines"` + + LeasesByAuthMethod map[string]int `json:"leases_by_auth_method,omitempty" structs:"leases_by_auth_method" mapstructure:"leases_by_auth_method"` + + ReplicationStatus *UtilizationReportReplicationStatusInformation `json:"replication_status,omitempty" structs:"replication_status" mapstructure:"replication_status"` + + PKI *UtilizationReportPKIInformation `json:"pki,omitempty" structs:"pki" mapstructure:"pki"` + + SecretSync *UtilizationReportSecretSyncInformation `json:"secret_sync,omitempty" structs:"secret_sync" mapstructure:"secret_sync"` + + LeaseCountQuotas *UtilizationReportLeaseCountQuotaInformation `json:"lease_count_quotas,omitempty" structs:"lease_count_quotas" mapstructure:"lease_count_quotas"` +} + +type UtilizationReportReplicationStatusInformation struct { + DRPrimary bool `json:"dr_primary,omitempty" structs:"dr_primary" mapstructure:"dr_primary"` + DRState string `json:"dr_state,omitempty" structs:"dr_state" mapstructure:"dr_state"` + PRPrimary bool `json:"pr_primary,omitempty" structs:"pr_primary" mapstructure:"pr_primary"` + PRState string `json:"pr_state,omitempty" structs:"pr_state" mapstructure:"pr_state"` +} + +type UtilizationReportPKIInformation struct { + TotalRoles int `json:"total_roles,omitempty" structs:"total_roles" mapstructure:"total_roles"` + TotalIssuers int `json:"total_issuers,omitempty" structs:"total_issuers" mapstructure:"total_issuers"` +} + +type UtilizationReportSecretSyncInformation struct { + TotalSources int `json:"total_sources,omitempty" structs:"total_sources" mapstructure:"total_sources"` + TotalDestinations int `json:"total_destinations,omitempty" structs:"total_destinations" mapstructure:"total_destinations"` +} + +type UtilizationReportLeaseCountQuotaInformation struct { + TotalLeaseCountQuotas int `json:"total_lease_count_quotas,omitempty" structs:"total_lease_count_quotas" mapstructure:"total_lease_count_quotas"` + GlobalLeaseCountQuotaInformation *UtilizationReportGlobalLeaseCountQuotaInformation `json:"global_lease_count_quota,omitempty" structs:"global_lease_count_quota" mapstructure:"global_lease_count_quota"` +} + +type UtilizationReportGlobalLeaseCountQuotaInformation struct { + Name string `json:"name,omitempty" structs:"name" mapstructure:"name"` + Capacity int `json:"capacity,omitempty" structs:"capacity" mapstructure:"capacity"` + Count int `json:"count,omitempty" structs:"count" mapstructure:"count"` +} diff --git a/vendor/github.com/pkg/xattr/xattr_solaris.go b/vendor/github.com/pkg/xattr/xattr_solaris.go index 7c98b4afb..2823bca5e 100644 --- a/vendor/github.com/pkg/xattr/xattr_solaris.go +++ b/vendor/github.com/pkg/xattr/xattr_solaris.go @@ -4,8 +4,8 @@ package xattr import ( + "errors" "os" - "syscall" "golang.org/x/sys/unix" ) @@ -17,10 +17,11 @@ const ( XATTR_CREATE = 0x1 XATTR_REPLACE = 0x2 - // ENOATTR is not exported by the syscall package on Linux, because it is - // an alias for ENODATA. We export it here so it is available on all - // our supported platforms. - ENOATTR = syscall.ENODATA + // ENOATTR is not defined on Solaris. When attempting to open an + // extended attribute that doesn't exist, we'll get ENOENT. For + // compatibility with other platforms, we make ENOATTR available as + // an alias of unix.ENOENT. + ENOATTR = unix.ENOENT ) func getxattr(path string, name string, data []byte) (int, error) { @@ -132,7 +133,13 @@ func llistxattr(path string, data []byte) (int, error) { func flistxattr(f *os.File, data []byte) (int, error) { fd, err := unix.Openat(int(f.Fd()), ".", unix.O_RDONLY|unix.O_XATTR, 0) if err != nil { - return 0, unix.ENOTSUP + // When attempting to list extended attributes on a filesystem + // that doesn't support them (like as UFS and tmpfs), we'll get + // EINVAL. Translate this error to the more conventional ENOTSUP. + if errors.Is(err, unix.EINVAL) { + return 0, unix.ENOTSUP + } + return 0, err } xf := os.NewFile(uintptr(fd), f.Name()) defer func() { diff --git a/vendor/modules.txt b/vendor/modules.txt index 06e756a4e..c558e968d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -153,7 +153,7 @@ github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding # github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.15 ## explicit; go 1.22 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url -# github.com/aws/aws-sdk-go-v2/service/sts v1.33.19 +# github.com/aws/aws-sdk-go-v2/service/sts v1.33.20 ## explicit; go 1.22 github.com/aws/aws-sdk-go-v2/service/sts github.com/aws/aws-sdk-go-v2/service/sts/internal/endpoints @@ -350,7 +350,7 @@ github.com/hashicorp/go-secure-stdlib/strutil # github.com/hashicorp/go-sockaddr v1.0.2 ## explicit github.com/hashicorp/go-sockaddr -# github.com/hashicorp/hcl v1.0.1-vault-5 +# github.com/hashicorp/hcl v1.0.1-vault-7 ## explicit; go 1.15 github.com/hashicorp/hcl github.com/hashicorp/hcl/hcl/ast @@ -361,8 +361,8 @@ github.com/hashicorp/hcl/hcl/token github.com/hashicorp/hcl/json/parser github.com/hashicorp/hcl/json/scanner github.com/hashicorp/hcl/json/token -# github.com/hashicorp/vault/api v1.16.0 -## explicit; go 1.21 +# github.com/hashicorp/vault/api v1.20.0 +## explicit; go 1.23.0 github.com/hashicorp/vault/api # github.com/hashicorp/vault/api/auth/approle v0.5.0 ## explicit; go 1.16 @@ -443,7 +443,7 @@ github.com/pkg/browser # github.com/pkg/errors v0.9.1 ## explicit github.com/pkg/errors -# github.com/pkg/xattr v0.4.10 +# github.com/pkg/xattr v0.4.11 ## explicit; go 1.14 github.com/pkg/xattr # github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2