mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2024-09-19 15:09:56 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: bump github.com/hashicorp/vault/api from 1.8.2 to 1.8.3

Browse Source 
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.2 to 1.8.3.
- [Release notes](https://github.com/hashicorp/vault/releases)
- [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/vault/compare/v1.8.2...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/vault/api
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot] 2023-01-23 20:08:03 +00:00 committed by mergify[bot]
parent f852873e16
commit a31426e37f
33 changed files with 328 additions and 207 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
go.mod
View File

@ -18,7 +18,7 @@ require (
github.com/google/uuid v1.3.0
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
github.com/hashicorp/vault/api v1.8.2
github.com/hashicorp/vault/api v1.8.3
github.com/kubernetes-csi/csi-lib-utils v0.11.0
github.com/kubernetes-csi/external-snapshotter/client/v6 v6.2.0
github.com/libopenstorage/secrets v0.0.0-20210908194121-a1d19aa9713a
@ -99,7 +99,7 @@ require (
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/hashicorp/vault v1.4.2 // indirect
github.com/hashicorp/vault/sdk v0.6.0 // indirect
github.com/hashicorp/vault/sdk v0.7.0 // indirect
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
github.com/imdario/mergo v0.3.12 // indirect
github.com/inconshreveable/mousetrap v1.0.0 // indirect

10
go.sum
View File

@ -582,7 +582,7 @@ github.com/hashicorp/go-secure-stdlib/password v0.1.1 h1:6JzmBqXprakgFEHwBgdchsj
github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 h1:Yc026VyMyIpq1UWRnakHRG01U8fJm+nEfEmjoAb00n8=
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 h1:phcbL8urUzF/kxA/Oj6awENaRwfWsjP59GW7u2qlDyY=
github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
@ -645,8 +645,8 @@ github.com/hashicorp/vault/api v1.0.5-0.20191122173911-80fcc7907c78/go.mod h1:Uf
github.com/hashicorp/vault/api v1.0.5-0.20200215224050-f6547fa8e820/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o=
github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o=
github.com/hashicorp/vault/api v1.0.5-0.20200902155336-f9d5ce5a171a/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk=
github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o=
github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg=
github.com/hashicorp/vault/sdk v0.1.8/go.mod h1:tHZfc6St71twLizWNHvnnbiGFo1aq0eD2jGPLtP8kAU=
github.com/hashicorp/vault/sdk v0.1.14-0.20190730042320-0dc007d98cc8/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
github.com/hashicorp/vault/sdk v0.1.14-0.20191108161836-82f2b5571044/go.mod h1:PcekaFGiPJyHnFy+NZhP6ll650zEw51Ag7g/YEa+EOU=
@ -656,8 +656,8 @@ github.com/hashicorp/vault/sdk v0.1.14-0.20200317185738-82f498082f02/go.mod h1:W
github.com/hashicorp/vault/sdk v0.1.14-0.20200427170607-03332aaf8d18/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10=
github.com/hashicorp/vault/sdk v0.1.14-0.20200429182704-29fce8f27ce4/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10=
github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10=
github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=

6
vendor/github.com/hashicorp/vault/api/client.go generated vendored
View File

@ -114,7 +114,11 @@ type Config struct {
// of three tries).
MaxRetries int
// Timeout is for setting custom timeout parameter in the HttpClient
// Timeout, given a non-negative value, will apply the request timeout
// to each request function unless an earlier deadline is passed to the
// request function through context.Context. Note that this timeout is
// not applicable to Logical().ReadRaw* (raw response) functions.
// Defaults to 60 seconds.
Timeout time.Duration
// If there is an error when creating the configuration, this will be the

62
vendor/github.com/hashicorp/vault/api/logical.go generated vendored
View File

@ -66,6 +66,53 @@ func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data
defer cancelFunc()
resp, err := c.readRawWithDataWithContext(ctx, path, data)
return c.ParseRawResponseAndCloseBody(resp, err)
}
// ReadRaw attempts to read the value stored at the given Vault path
// (without '/v1/' prefix) and returns a raw *http.Response.
//
// Note: the raw-response functions do not respect the client-configured
// request timeout; if a timeout is desired, please use ReadRawWithContext
// instead and set the timeout through context.WithTimeout or context.WithDeadline.
func (c *Logical) ReadRaw(path string) (*Response, error) {
return c.ReadRawWithDataWithContext(context.Background(), path, nil)
}
// ReadRawWithContext attempts to read the value stored at the give Vault path
// (without '/v1/' prefix) and returns a raw *http.Response.
//
// Note: the raw-response functions do not respect the client-configured
// request timeout; if a timeout is desired, please set it through
// context.WithTimeout or context.WithDeadline.
func (c *Logical) ReadRawWithContext(ctx context.Context, path string) (*Response, error) {
return c.ReadRawWithDataWithContext(ctx, path, nil)
}
// ReadRawWithData attempts to read the value stored at the given Vault
// path (without '/v1/' prefix) and returns a raw *http.Response. The 'data' map
// is added as query parameters to the request.
//
// Note: the raw-response functions do not respect the client-configured
// request timeout; if a timeout is desired, please use
// ReadRawWithDataWithContext instead and set the timeout through
// context.WithTimeout or context.WithDeadline.
func (c *Logical) ReadRawWithData(path string, data map[string][]string) (*Response, error) {
return c.ReadRawWithDataWithContext(context.Background(), path, data)
}
// ReadRawWithDataWithContext attempts to read the value stored at the given
// Vault path (without '/v1/' prefix) and returns a raw *http.Response. The 'data'
// map is added as query parameters to the request.
//
// Note: the raw-response functions do not respect the client-configured
// request timeout; if a timeout is desired, please set it through
// context.WithTimeout or context.WithDeadline.
func (c *Logical) ReadRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) {
return c.readRawWithDataWithContext(ctx, path, data)
}
func (c *Logical) ParseRawResponseAndCloseBody(resp *Response, err error) (*Secret, error) {
if resp != nil {
defer resp.Body.Close()
}
@ -90,21 +137,6 @@ func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data
return ParseSecret(resp.Body)
}
func (c *Logical) ReadRaw(path string) (*Response, error) {
return c.ReadRawWithData(path, nil)
}
func (c *Logical) ReadRawWithData(path string, data map[string][]string) (*Response, error) {
return c.ReadRawWithDataWithContext(context.Background(), path, data)
}
func (c *Logical) ReadRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) {
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
defer cancelFunc()
return c.readRawWithDataWithContext(ctx, path, data)
}
func (c *Logical) readRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) {
r := c.c.NewRequest(http.MethodGet, "/v1/"+path)

1
vendor/github.com/hashicorp/vault/api/plugin_helpers.go generated vendored
View File

@ -63,6 +63,7 @@ var sudoPaths = map[string]*regexp.Regexp{
"/sys/revoke-force/{prefix}": regexp.MustCompile(`^/sys/revoke-force/.+$`),
"/sys/revoke-prefix/{prefix}": regexp.MustCompile(`^/sys/revoke-prefix/.+$`),
"/sys/rotate": regexp.MustCompile(`^/sys/rotate$`),
"/sys/internal/inspect/router/{tag}": regexp.MustCompile(`^/sys/internal/inspect/router/.+$`),
// enterprise-only paths
"/sys/replication/dr/primary/secondary-token": regexp.MustCompile(`^/sys/replication/dr/primary/secondary-token$`),

46
vendor/github.com/hashicorp/vault/api/secret.go generated vendored
View File

@ -2,8 +2,11 @@ package api
import (
"bytes"
"encoding/json"
"fmt"
"io"
"reflect"
"strings"
"time"
"github.com/hashicorp/errwrap"
@ -302,7 +305,15 @@ func ParseSecret(r io.Reader) (*Secret, error) {
// First read the data into a buffer. Not super efficient but we want to
// know if we actually have a body or not.
var buf bytes.Buffer
_, err := buf.ReadFrom(r)
// io.Reader is treated like a stream and cannot be read
// multiple times. Duplicating this stream using TeeReader
// to use this data in case there is no top-level data from
// api response
var teebuf bytes.Buffer
tee := io.TeeReader(r, &teebuf)
_, err := buf.ReadFrom(tee)
if err != nil {
return nil, err
}
@ -316,5 +327,38 @@ func ParseSecret(r io.Reader) (*Secret, error) {
return nil, err
}
// If the secret is null, add raw data to secret data if present
if reflect.DeepEqual(secret, Secret{}) {
data := make(map[string]interface{})
if err := jsonutil.DecodeJSONFromReader(&teebuf, &data); err != nil {
return nil, err
}
errRaw, errPresent := data["errors"]
// if only errors are present in the resp.Body return nil
// to return value not found as it does not have any raw data
if len(data) == 1 && errPresent {
return nil, nil
}
// if errors are present along with raw data return the error
if errPresent {
var errStrArray []string
errBytes, err := json.Marshal(errRaw)
if err != nil {
return nil, err
}
if err := json.Unmarshal(errBytes, &errStrArray); err != nil {
return nil, err
}
return nil, fmt.Errorf(strings.Join(errStrArray, " "))
}
// if any raw data is present in resp.Body, add it to secret
if len(data) > 0 {
secret.Data = data
}
}
return &secret, nil
}

64
vendor/github.com/hashicorp/vault/api/sys_mounts.go generated vendored
View File

@ -254,20 +254,20 @@ type MountInput struct {
}
type MountConfigInput struct {
Options map[string]string `json:"options" mapstructure:"options"`
DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
Description *string `json:"description,omitempty" mapstructure:"description"`
MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
PluginVersion string `json:"plugin_version,omitempty"`
Options map[string]string `json:"options" mapstructure:"options"`
DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
Description *string `json:"description,omitempty" mapstructure:"description"`
MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
PluginVersion string `json:"plugin_version,omitempty"`
UserLockoutConfig *UserLockoutConfigInput `json:"user_lockout_config,omitempty"`
// Deprecated: This field will always be blank for newer server responses.
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
}
@ -289,21 +289,35 @@ type MountOutput struct {
}
type MountConfigOutput struct {
DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
UserLockoutConfig *UserLockoutConfigOutput `json:"user_lockout_config,omitempty"`
// Deprecated: This field will always be blank for newer server responses.
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
}
type UserLockoutConfigInput struct {
LockoutThreshold string `json:"lockout_threshold,omitempty" structs:"lockout_threshold" mapstructure:"lockout_threshold"`
LockoutDuration string `json:"lockout_duration,omitempty" structs:"lockout_duration" mapstructure:"lockout_duration"`
LockoutCounterResetDuration string `json:"lockout_counter_reset_duration,omitempty" structs:"lockout_counter_reset_duration" mapstructure:"lockout_counter_reset_duration"`
DisableLockout *bool `json:"lockout_disable,omitempty" structs:"lockout_disable" mapstructure:"lockout_disable"`
}
type UserLockoutConfigOutput struct {
LockoutThreshold uint `json:"lockout_threshold,omitempty" structs:"lockout_threshold" mapstructure:"lockout_threshold"`
LockoutDuration int `json:"lockout_duration,omitempty" structs:"lockout_duration" mapstructure:"lockout_duration"`
LockoutCounterReset int `json:"lockout_counter_reset,omitempty" structs:"lockout_counter_reset" mapstructure:"lockout_counter_reset"`
DisableLockout *bool `json:"disable_lockout,omitempty" structs:"disable_lockout" mapstructure:"disable_lockout"`
}
type MountMigrationOutput struct {
MigrationID string `mapstructure:"migration_id"`
}

33
vendor/github.com/hashicorp/vault/api/sys_seal.go generated vendored
View File

@ -93,22 +93,23 @@ func sealStatusRequestWithContext(ctx context.Context, c *Sys, r *Request) (*Sea
}
type SealStatusResponse struct {
Type string `json:"type"`
Initialized bool `json:"initialized"`
Sealed bool `json:"sealed"`
T int `json:"t"`
N int `json:"n"`
Progress int `json:"progress"`
Nonce string `json:"nonce"`
Version string `json:"version"`
BuildDate string `json:"build_date"`
Migration bool `json:"migration"`
ClusterName string `json:"cluster_name,omitempty"`
ClusterID string `json:"cluster_id,omitempty"`
RecoverySeal bool `json:"recovery_seal"`
StorageType string `json:"storage_type,omitempty"`
HCPLinkStatus string `json:"hcp_link_status,omitempty"`
HCPLinkResourceID string `json:"hcp_link_resource_ID,omitempty"`
Type string `json:"type"`
Initialized bool `json:"initialized"`
Sealed bool `json:"sealed"`
T int `json:"t"`
N int `json:"n"`
Progress int `json:"progress"`
Nonce string `json:"nonce"`
Version string `json:"version"`
BuildDate string `json:"build_date"`
Migration bool `json:"migration"`
ClusterName string `json:"cluster_name,omitempty"`
ClusterID string `json:"cluster_id,omitempty"`
RecoverySeal bool `json:"recovery_seal"`
StorageType string `json:"storage_type,omitempty"`
HCPLinkStatus string `json:"hcp_link_status,omitempty"`
HCPLinkResourceID string `json:"hcp_link_resource_ID,omitempty"`
Warnings []string `json:"warnings,omitempty"`
}
type UnsealOpts struct {

2
vendor/github.com/hashicorp/vault/sdk/LICENSE generated vendored
View File

@ -1,3 +1,5 @@
Copyright (c) 2015 HashiCorp, Inc.
Mozilla Public License, version 2.0
1. Definitions

80
vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go generated vendored
View File

@ -64,6 +64,20 @@ var SignatureAlgorithmNames = map[string]x509.SignatureAlgorithm{
"ed25519": x509.PureEd25519, // Duplicated for clarity; most won't expect the "Pure" prefix.
}
// Mapping of constant values<->constant names for SignatureAlgorithm
var InvSignatureAlgorithmNames = map[x509.SignatureAlgorithm]string{
x509.SHA256WithRSA: "SHA256WithRSA",
x509.SHA384WithRSA: "SHA384WithRSA",
x509.SHA512WithRSA: "SHA512WithRSA",
x509.ECDSAWithSHA256: "ECDSAWithSHA256",
x509.ECDSAWithSHA384: "ECDSAWithSHA384",
x509.ECDSAWithSHA512: "ECDSAWithSHA512",
x509.SHA256WithRSAPSS: "SHA256WithRSAPSS",
x509.SHA384WithRSAPSS: "SHA384WithRSAPSS",
x509.SHA512WithRSAPSS: "SHA512WithRSAPSS",
x509.PureEd25519: "Ed25519",
}
// OID for RFC 5280 Delta CRL Indicator CRL extension.
//
// > id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
@ -86,13 +100,13 @@ func GetHexFormatted(buf []byte, sep string) string {
func ParseHexFormatted(in, sep string) []byte {
var ret bytes.Buffer
var err error
var inBits int64
var inBits uint64
inBytes := strings.Split(in, sep)
for _, inByte := range inBytes {
if inBits, err = strconv.ParseInt(inByte, 16, 8); err != nil {
if inBits, err = strconv.ParseUint(inByte, 16, 8); err != nil {
return nil
}
ret.WriteByte(byte(inBits))
ret.WriteByte(uint8(inBits))
}
return ret.Bytes()
}
@ -789,7 +803,7 @@ func CreateCertificateWithKeyGenerator(data *CreationBundle, randReader io.Reade
return createCertificate(data, randReader, keyGenerator)
}
// Set correct correct RSA sig algo
// Set correct RSA sig algo
func certTemplateSetSigAlgo(certTemplate *x509.Certificate, data *CreationBundle) {
if data.Params.UsePSS {
switch data.Params.SignatureBits {
@ -812,6 +826,35 @@ func certTemplateSetSigAlgo(certTemplate *x509.Certificate, data *CreationBundle
}
}
// selectSignatureAlgorithmForRSA returns the proper x509.SignatureAlgorithm based on various properties set in the
// Creation Bundle parameter. This method will default to a SHA256 signature algorithm if the requested signature
// bits is not set/unknown.
func selectSignatureAlgorithmForRSA(data *CreationBundle) x509.SignatureAlgorithm {
if data.Params.UsePSS {
switch data.Params.SignatureBits {
case 256:
return x509.SHA256WithRSAPSS
case 384:
return x509.SHA384WithRSAPSS
case 512:
return x509.SHA512WithRSAPSS
default:
return x509.SHA256WithRSAPSS
}
}
switch data.Params.SignatureBits {
case 256:
return x509.SHA256WithRSA
case 384:
return x509.SHA384WithRSA
case 512:
return x509.SHA512WithRSA
default:
return x509.SHA256WithRSA
}
}
func createCertificate(data *CreationBundle, randReader io.Reader, privateKeyGenerator KeyGenerator) (*ParsedCertBundle, error) {
var err error
result := &ParsedCertBundle{}
@ -878,7 +921,11 @@ func createCertificate(data *CreationBundle, randReader io.Reader, privateKeyGen
var certBytes []byte
if data.SigningBundle != nil {
switch data.SigningBundle.PrivateKeyType {
privateKeyType := data.SigningBundle.PrivateKeyType
if privateKeyType == ManagedPrivateKey {
privateKeyType = GetPrivateKeyTypeFromSigner(data.SigningBundle.PrivateKey)
}
switch privateKeyType {
case RSAPrivateKey:
certTemplateSetSigAlgo(certTemplate, data)
case Ed25519PrivateKey:
@ -986,7 +1033,10 @@ func selectSignatureAlgorithmForECDSA(pub crypto.PublicKey, signatureBits int) x
}
}
var oidExtensionBasicConstraints = []int{2, 5, 29, 19}
var (
oidExtensionBasicConstraints = []int{2, 5, 29, 19}
oidExtensionSubjectAltName = []int{2, 5, 29, 17}
)
// CreateCSR creates a CSR with the default rand.Reader to
// generate a cert/keypair. This is currently only meant
@ -1049,9 +1099,10 @@ func createCSR(data *CreationBundle, addBasicConstraints bool, randReader io.Rea
switch data.Params.KeyType {
case "rsa":
csrTemplate.SignatureAlgorithm = x509.SHA256WithRSA
// use specified RSA algorithm defaulting to the appropriate SHA256 RSA signature type
csrTemplate.SignatureAlgorithm = selectSignatureAlgorithmForRSA(data)
case "ec":
csrTemplate.SignatureAlgorithm = x509.ECDSAWithSHA256
csrTemplate.SignatureAlgorithm = selectSignatureAlgorithmForECDSA(result.PrivateKey.Public(), data.Params.SignatureBits)
case "ed25519":
csrTemplate.SignatureAlgorithm = x509.PureEd25519
}
@ -1067,6 +1118,10 @@ func createCSR(data *CreationBundle, addBasicConstraints bool, randReader io.Rea
return nil, errutil.InternalError{Err: fmt.Sprintf("unable to parse created certificate: %v", err)}
}
if err = result.CSR.CheckSignature(); err != nil {
return nil, errors.New("failed signature validation for CSR")
}
return result, nil
}
@ -1127,7 +1182,12 @@ func signCertificate(data *CreationBundle, randReader io.Reader) (*ParsedCertBun
certTemplate.NotBefore = time.Now().Add(-1 * data.Params.NotBeforeDuration)
}
switch data.SigningBundle.PrivateKeyType {
privateKeyType := data.SigningBundle.PrivateKeyType
if privateKeyType == ManagedPrivateKey {
privateKeyType = GetPrivateKeyTypeFromSigner(data.SigningBundle.PrivateKey)
}
switch privateKeyType {
case RSAPrivateKey:
certTemplateSetSigAlgo(certTemplate, data)
case ECPrivateKey:
@ -1151,7 +1211,7 @@ func signCertificate(data *CreationBundle, randReader io.Reader) (*ParsedCertBun
certTemplate.URIs = data.CSR.URIs
for _, name := range data.CSR.Extensions {
if !name.Id.Equal(oidExtensionBasicConstraints) {
if !name.Id.Equal(oidExtensionBasicConstraints) && !(len(data.Params.OtherSANs) > 0 && name.Id.Equal(oidExtensionSubjectAltName)) {
certTemplate.ExtraExtensions = append(certTemplate.ExtraExtensions, name)
}
}

12
vendor/github.com/hashicorp/vault/sdk/helper/certutil/types.go generated vendored
View File

@ -148,16 +148,16 @@ type KeyBundle struct {
}
func GetPrivateKeyTypeFromSigner(signer crypto.Signer) PrivateKeyType {
switch signer.(type) {
case *rsa.PrivateKey:
// We look at the public key types to work-around limitations/typing of managed keys.
switch signer.Public().(type) {
case *rsa.PublicKey:
return RSAPrivateKey
case *ecdsa.PrivateKey:
case *ecdsa.PublicKey:
return ECPrivateKey
case ed25519.PrivateKey:
case ed25519.PublicKey:
return Ed25519PrivateKey
default:
return UnknownPrivateKey
}
return UnknownPrivateKey
}
// ToPEMBundle converts a string-based certificate bundle

2
vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go generated vendored
View File

@ -4,7 +4,7 @@ package consts
// endpoint.
const AgentPathCacheClear = "/agent/v1/cache-clear"
// AgentPathMetrics is the path the the agent will use to expose its internal
// AgentPathMetrics is the path the agent will use to expose its internal
// metrics.
const AgentPathMetrics = "/agent/v1/metrics"

2
vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go generated vendored
View File

@ -34,4 +34,6 @@ const (
ReplicationResolverALPN = "replication_resolver_v1"
VaultEnableFilePermissionsCheckEnv = "VAULT_ENABLE_FILE_PERMISSIONS_CHECK"
VaultDisableUserLockout = "VAULT_DISABLE_USER_LOCKOUT"
)

5
vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go generated vendored
View File

@ -1,6 +1,9 @@
package consts
const VaultAllowPendingRemovalMountsEnv = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS"
// EnvVaultAllowPendingRemovalMounts allows Pending Removal builtins to be
// mounted as if they are Deprecated to facilitate migration to supported
// builtin plugins.
const EnvVaultAllowPendingRemovalMounts = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS"
// DeprecationStatus represents the current deprecation state for builtins
type DeprecationStatus uint32

5
vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go generated vendored
View File

@ -60,16 +60,13 @@ func ParseLogFormat(format string) (LogFormat, error) {
case "json":
return JSONFormat, nil
default:
return UnspecifiedFormat, fmt.Errorf("Unknown log format: %s", format)
return UnspecifiedFormat, fmt.Errorf("unknown log format: %s", format)
}
}
// ParseEnvLogFormat parses the log format from an environment variable.
func ParseEnvLogFormat() LogFormat {
logFormat := os.Getenv("VAULT_LOG_FORMAT")
if logFormat == "" {
logFormat = os.Getenv("LOGXI_FORMAT")
}
switch strings.ToLower(logFormat) {
case "json", "vault_json", "vault-json", "vaultjson":
return JSONFormat

7
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.go generated vendored
View File

@ -2,6 +2,7 @@ package pluginutil
import (
"context"
"errors"
"fmt"
"os"
"strings"
@ -13,6 +14,8 @@ import (
"google.golang.org/grpc/status"
)
var ErrNoMultiplexingIDFound = errors.New("no multiplexing ID found")
type PluginMultiplexingServerImpl struct {
UnimplementedPluginMultiplexingServer
@ -62,7 +65,9 @@ func GetMultiplexIDFromContext(ctx context.Context) (string, error) {
}
multiplexIDs := md[MultiplexingCtxKey]
if len(multiplexIDs) != 1 {
if len(multiplexIDs) == 0 {
return "", ErrNoMultiplexingIDFound
} else if len(multiplexIDs) != 1 {
return "", fmt.Errorf("unexpected number of IDs in metadata: (%d)", len(multiplexIDs))
}

2
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.28.1
// protoc v3.21.5
// protoc v3.21.9
// source: sdk/helper/pluginutil/multiplexing.proto
package pluginutil

7
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go generated vendored
View File

@ -10,7 +10,6 @@ import (
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-plugin"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/version"
)
type PluginClientConfig struct {
@ -46,7 +45,11 @@ func (rc runConfig) makeConfig(ctx context.Context) (*plugin.ClientConfig, error
if rc.MLock || (rc.Wrapper != nil && rc.Wrapper.MlockEnabled()) {
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMlockEnabled, "true"))
}
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version.GetVersion().Version))
version, err := rc.Wrapper.VaultVersion(ctx)
if err != nil {
return nil, err
}
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version))
if rc.IsMetadataMode {
rc.Logger = rc.Logger.With("metadata", "true")

1
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go generated vendored
View File

@ -27,6 +27,7 @@ type RunnerUtil interface {
NewPluginClient(ctx context.Context, config PluginClientConfig) (PluginClient, error)
ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error)
MlockEnabled() bool
VaultVersion(ctx context.Context) (string, error)
}
// LookRunnerUtil defines the functions for both Looker and Wrapper

5
vendor/github.com/hashicorp/vault/sdk/logical/error.go generated vendored
View File

@ -17,6 +17,11 @@ var (
// ErrPermissionDenied is returned if the client is not authorized
ErrPermissionDenied = errors.New("permission denied")
// ErrInvalidCredentials is returned when the provided credentials are incorrect
// This is used internally for user lockout purposes. This is not seen externally.
// The status code returned does not change because of this error
ErrInvalidCredentials = errors.New("invalid credentials")
// ErrMultiAuthzPending is returned if the the request needs more
// authorizations
ErrMultiAuthzPending = errors.New("request needs further approval")

2
vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.28.1
// protoc v3.21.5
// protoc v3.21.9
// source: sdk/logical/identity.proto
package logical

28
vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go generated vendored
View File

@ -34,9 +34,11 @@ type ManagedKey interface {
}
type (
ManagedKeyConsumer func(context.Context, ManagedKey) error
ManagedSigningKeyConsumer func(context.Context, ManagedSigningKey) error
ManagedEncryptingKeyConsumer func(context.Context, ManagedEncryptingKey) error
ManagedKeyConsumer func(context.Context, ManagedKey) error
ManagedSigningKeyConsumer func(context.Context, ManagedSigningKey) error
ManagedEncryptingKeyConsumer func(context.Context, ManagedEncryptingKey) error
ManagedMACKeyConsumer func(context.Context, ManagedMACKey) error
ManagedKeyRandomSourceConsumer func(context.Context, ManagedKeyRandomSource) error
)
type ManagedKeySystemView interface {
@ -59,6 +61,12 @@ type ManagedKeySystemView interface {
// WithManagedSigningKeyByUUID retrieves an instantiated managed signing key for consumption by the given function,
// with the same semantics as WithManagedKeyByUUID
WithManagedEncryptingKeyByUUID(ctx context.Context, keyUuid, backendUUID string, f ManagedEncryptingKeyConsumer) error
// WithManagedMACKeyByName retrieves an instantiated managed MAC key by name for consumption by the given function,
// with the same semantics as WithManagedKeyByName.
WithManagedMACKeyByName(ctx context.Context, keyName, backendUUID string, f ManagedMACKeyConsumer) error
// WithManagedMACKeyByUUID retrieves an instantiated managed MAC key by UUID for consumption by the given function,
// with the same semantics as WithManagedKeyByUUID.
WithManagedMACKeyByUUID(ctx context.Context, keyUUID, backendUUID string, f ManagedMACKeyConsumer) error
}
type ManagedAsymmetricKey interface {
@ -95,3 +103,17 @@ type ManagedEncryptingKey interface {
ManagedKey
GetAEAD(iv []byte) (cipher.AEAD, error)
}
type ManagedMACKey interface {
ManagedKey
// MAC generates a MAC tag using the provided algorithm for the provided value.
MAC(ctx context.Context, algorithm string, data []byte) ([]byte, error)
}
type ManagedKeyRandomSource interface {
ManagedKey
// GetRandomBytes returns a number (specified by the count parameter) of random bytes sourced from the target managed key.
GetRandomBytes(ctx context.Context, count int) ([]byte, error)
}

2
vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.28.1
// protoc v3.21.5
// protoc v3.21.9
// source: sdk/logical/plugin.proto
package logical

3
vendor/github.com/hashicorp/vault/sdk/logical/response.go generated vendored
View File

@ -92,7 +92,8 @@ func (r *Response) AddWarning(warning string) {
// IsError returns true if this response seems to indicate an error.
func (r *Response) IsError() bool {
return r != nil && r.Data != nil && len(r.Data) == 1 && r.Data["error"] != nil
// If the response data contains only an 'error' element, or an 'error' and a 'data' element only
return r != nil && r.Data != nil && r.Data["error"] != nil && (len(r.Data) == 1 || (r.Data["data"] != nil && len(r.Data) == 2))
}
func (r *Response) Error() error {

22
vendor/github.com/hashicorp/vault/sdk/logical/response_util.go generated vendored
View File

@ -122,6 +122,8 @@ func RespondErrorCommon(req *Request, resp *Response, err error) (int, error) {
statusCode = http.StatusNotFound
case errwrap.Contains(err, ErrRelativePath.Error()):
statusCode = http.StatusBadRequest
case errwrap.Contains(err, ErrInvalidCredentials.Error()):
statusCode = http.StatusBadRequest
}
}
@ -180,3 +182,23 @@ func RespondError(w http.ResponseWriter, status int, err error) {
enc := json.NewEncoder(w)
enc.Encode(resp)
}
func RespondErrorAndData(w http.ResponseWriter, status int, data interface{}, err error) {
AdjustErrorStatusCode(&status, err)
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(status)
type ErrorAndDataResponse struct {
Errors []string `json:"errors"`
Data interface{} `json:"data""`
}
resp := &ErrorAndDataResponse{Errors: make([]string, 0, 1)}
if err != nil {
resp.Errors = append(resp.Errors, err.Error())
}
resp.Data = data
enc := json.NewEncoder(w)
enc.Encode(resp)
}

9
vendor/github.com/hashicorp/vault/sdk/logical/system_view.go generated vendored
View File

@ -83,6 +83,9 @@ type SystemView interface {
// PluginEnv returns Vault environment information used by plugins
PluginEnv(context.Context) (*PluginEnvironment, error)
// VaultVersion returns the version string for the currently running Vault.
VaultVersion(context.Context) (string, error)
// GeneratePasswordFromPolicy generates a password from the policy referenced.
// If the policy does not exist, this will return an error.
GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error)
@ -113,9 +116,9 @@ type StaticSystemView struct {
EntityVal *Entity
GroupsVal []*Group
Features license.Features
VaultVersion string
PluginEnvironment *PluginEnvironment
PasswordPolicies map[string]PasswordGenerator
VersionString string
}
type noopAuditor struct{}
@ -204,6 +207,10 @@ func (d StaticSystemView) PluginEnv(_ context.Context) (*PluginEnvironment, erro
return d.PluginEnvironment, nil
}
func (d StaticSystemView) VaultVersion(_ context.Context) (string, error) {
return d.VersionString, nil
}
func (d StaticSystemView) GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error) {
select {
case <-ctx.Done():

1
vendor/github.com/hashicorp/vault/sdk/logical/testing.go generated vendored
View File

@ -73,6 +73,7 @@ func TestSystemView() *StaticSystemView {
return &StaticSystemView{
DefaultLeaseTTLVal: defaultLeaseTTLVal,
MaxLeaseTTLVal: maxLeaseTTLVal,
VersionString: "testVersionString",
}
}

2
vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go generated vendored
View File

@ -1,7 +1,7 @@
// Code generated by protoc-gen-go. DO NOT EDIT.
// versions:
// protoc-gen-go v1.28.1
// protoc v3.21.5
// protoc v3.21.9
// source: sdk/logical/version.proto
package logical

1
vendor/github.com/hashicorp/vault/sdk/physical/cache.go generated vendored
View File

@ -29,7 +29,6 @@ var cacheExceptionsPaths = []string{
"sys/expire/",
"core/poison-pill",
"core/raft/tls",
"core/license",
}
// CacheRefreshContext returns a context with an added value denoting if the

7
vendor/github.com/hashicorp/vault/sdk/version/cgo.go generated vendored
View File

@ -1,7 +0,0 @@
//go:build cgo
package version
func init() {
CgoEnabled = true
}

80
vendor/github.com/hashicorp/vault/sdk/version/version.go generated vendored
View File

@ -1,80 +0,0 @@
package version
import (
"bytes"
"fmt"
)
// VersionInfo
type VersionInfo struct {
Revision string `json:"revision,omitempty"`
Version string `json:"version,omitempty"`
VersionPrerelease string `json:"version_prerelease,omitempty"`
VersionMetadata string `json:"version_metadata,omitempty"`
BuildDate string `json:"build_date,omitempty"`
}
func GetVersion() *VersionInfo {
ver := Version
rel := VersionPrerelease
md := VersionMetadata
if GitDescribe != "" {
ver = GitDescribe
}
if GitDescribe == "" && rel == "" && VersionPrerelease != "" {
rel = "dev"
}
return &VersionInfo{
Revision: GitCommit,
Version: ver,
VersionPrerelease: rel,
VersionMetadata: md,
BuildDate: BuildDate,
}
}
func (c *VersionInfo) VersionNumber() string {
if Version == "unknown" && VersionPrerelease == "unknown" {
return "(version unknown)"
}
version := c.Version
if c.VersionPrerelease != "" {
version = fmt.Sprintf("%s-%s", version, c.VersionPrerelease)
}
if c.VersionMetadata != "" {
version = fmt.Sprintf("%s+%s", version, c.VersionMetadata)
}
return version
}
func (c *VersionInfo) FullVersionNumber(rev bool) string {
var versionString bytes.Buffer
if Version == "unknown" && VersionPrerelease == "unknown" {
return "Vault (version unknown)"
}
fmt.Fprintf(&versionString, "Vault v%s", c.Version)
if c.VersionPrerelease != "" {
fmt.Fprintf(&versionString, "-%s", c.VersionPrerelease)
}
if c.VersionMetadata != "" {
fmt.Fprintf(&versionString, "+%s", c.VersionMetadata)
}
if rev && c.Revision != "" {
fmt.Fprintf(&versionString, " (%s)", c.Revision)
}
if c.BuildDate != "" {
fmt.Fprintf(&versionString, ", built %s", c.BuildDate)
}
return versionString.String()
}

17
vendor/github.com/hashicorp/vault/sdk/version/version_base.go generated vendored
View File

@ -1,17 +0,0 @@
package version
var (
// The git commit that was compiled. This will be filled in by the compiler.
GitCommit string
GitDescribe string
// The compilation date. This will be filled in by the compiler.
BuildDate string
// Whether cgo is enabled or not; set at build time
CgoEnabled bool
Version = "1.12.0"
VersionPrerelease = "dev1"
VersionMetadata = ""
)

5
vendor/modules.txt vendored
View File

@ -329,10 +329,10 @@ github.com/hashicorp/hcl/json/token
## explicit; go 1.13
github.com/hashicorp/vault/command/agent/auth
github.com/hashicorp/vault/command/agent/auth/kubernetes
# github.com/hashicorp/vault/api v1.8.2
# github.com/hashicorp/vault/api v1.8.3
## explicit; go 1.19
github.com/hashicorp/vault/api
# github.com/hashicorp/vault/sdk v0.6.0
# github.com/hashicorp/vault/sdk v0.7.0
## explicit; go 1.19
github.com/hashicorp/vault/sdk/helper/certutil
github.com/hashicorp/vault/sdk/helper/compressutil
@ -351,7 +351,6 @@ github.com/hashicorp/vault/sdk/helper/wrapping
github.com/hashicorp/vault/sdk/logical
github.com/hashicorp/vault/sdk/physical
github.com/hashicorp/vault/sdk/physical/inmem
github.com/hashicorp/vault/sdk/version
# github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d
## explicit
github.com/hashicorp/yamux