mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-17 20:00:23 +00:00
rebase: bump github.com/hashicorp/vault/api from 1.8.2 to 1.8.3
Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.8.2 to 1.8.3. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/vault/compare/v1.8.2...v1.8.3) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
parent
f852873e16
commit
a31426e37f
4
go.mod
4
go.mod
@ -18,7 +18,7 @@ require (
|
||||
github.com/google/uuid v1.3.0
|
||||
github.com/grpc-ecosystem/go-grpc-middleware v1.3.0
|
||||
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0
|
||||
github.com/hashicorp/vault/api v1.8.2
|
||||
github.com/hashicorp/vault/api v1.8.3
|
||||
github.com/kubernetes-csi/csi-lib-utils v0.11.0
|
||||
github.com/kubernetes-csi/external-snapshotter/client/v6 v6.2.0
|
||||
github.com/libopenstorage/secrets v0.0.0-20210908194121-a1d19aa9713a
|
||||
@ -99,7 +99,7 @@ require (
|
||||
github.com/hashicorp/golang-lru v0.5.4 // indirect
|
||||
github.com/hashicorp/hcl v1.0.0 // indirect
|
||||
github.com/hashicorp/vault v1.4.2 // indirect
|
||||
github.com/hashicorp/vault/sdk v0.6.0 // indirect
|
||||
github.com/hashicorp/vault/sdk v0.7.0 // indirect
|
||||
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect
|
||||
github.com/imdario/mergo v0.3.12 // indirect
|
||||
github.com/inconshreveable/mousetrap v1.0.0 // indirect
|
||||
|
10
go.sum
10
go.sum
@ -582,7 +582,7 @@ github.com/hashicorp/go-secure-stdlib/password v0.1.1 h1:6JzmBqXprakgFEHwBgdchsj
|
||||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
|
||||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts=
|
||||
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4=
|
||||
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 h1:Yc026VyMyIpq1UWRnakHRG01U8fJm+nEfEmjoAb00n8=
|
||||
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 h1:phcbL8urUzF/kxA/Oj6awENaRwfWsjP59GW7u2qlDyY=
|
||||
github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU=
|
||||
github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc=
|
||||
github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A=
|
||||
@ -645,8 +645,8 @@ github.com/hashicorp/vault/api v1.0.5-0.20191122173911-80fcc7907c78/go.mod h1:Uf
|
||||
github.com/hashicorp/vault/api v1.0.5-0.20200215224050-f6547fa8e820/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o=
|
||||
github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o=
|
||||
github.com/hashicorp/vault/api v1.0.5-0.20200902155336-f9d5ce5a171a/go.mod h1:R3Umvhlxi2TN7Ex2hzOowyeNb+SfbVWI973N+ctaFMk=
|
||||
github.com/hashicorp/vault/api v1.8.2 h1:C7OL9YtOtwQbTKI9ogB0A1wffRbCN+rH/LLCHO3d8HM=
|
||||
github.com/hashicorp/vault/api v1.8.2/go.mod h1:ML8aYzBIhY5m1MD1B2Q0JV89cC85YVH4t5kBaZiyVaE=
|
||||
github.com/hashicorp/vault/api v1.8.3 h1:cHQOLcMhBR+aVI0HzhPxO62w2+gJhIrKguQNONPzu6o=
|
||||
github.com/hashicorp/vault/api v1.8.3/go.mod h1:4g/9lj9lmuJQMtT6CmVMHC5FW1yENaVv+Nv4ZfG8fAg=
|
||||
github.com/hashicorp/vault/sdk v0.1.8/go.mod h1:tHZfc6St71twLizWNHvnnbiGFo1aq0eD2jGPLtP8kAU=
|
||||
github.com/hashicorp/vault/sdk v0.1.14-0.20190730042320-0dc007d98cc8/go.mod h1:B+hVj7TpuQY1Y/GPbCpffmgd+tSEwvhkWnjtSYCaS2M=
|
||||
github.com/hashicorp/vault/sdk v0.1.14-0.20191108161836-82f2b5571044/go.mod h1:PcekaFGiPJyHnFy+NZhP6ll650zEw51Ag7g/YEa+EOU=
|
||||
@ -656,8 +656,8 @@ github.com/hashicorp/vault/sdk v0.1.14-0.20200317185738-82f498082f02/go.mod h1:W
|
||||
github.com/hashicorp/vault/sdk v0.1.14-0.20200427170607-03332aaf8d18/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10=
|
||||
github.com/hashicorp/vault/sdk v0.1.14-0.20200429182704-29fce8f27ce4/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10=
|
||||
github.com/hashicorp/vault/sdk v0.1.14-0.20200519221838-e0cfd64bc267/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10=
|
||||
github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
|
||||
github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
|
||||
github.com/hashicorp/vault/sdk v0.7.0 h1:2pQRO40R1etpKkia5fb4kjrdYMx3BHklPxl1pxpxDHg=
|
||||
github.com/hashicorp/vault/sdk v0.7.0/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs=
|
||||
github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
|
||||
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ=
|
||||
github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
|
||||
|
6
vendor/github.com/hashicorp/vault/api/client.go
generated
vendored
6
vendor/github.com/hashicorp/vault/api/client.go
generated
vendored
@ -114,7 +114,11 @@ type Config struct {
|
||||
// of three tries).
|
||||
MaxRetries int
|
||||
|
||||
// Timeout is for setting custom timeout parameter in the HttpClient
|
||||
// Timeout, given a non-negative value, will apply the request timeout
|
||||
// to each request function unless an earlier deadline is passed to the
|
||||
// request function through context.Context. Note that this timeout is
|
||||
// not applicable to Logical().ReadRaw* (raw response) functions.
|
||||
// Defaults to 60 seconds.
|
||||
Timeout time.Duration
|
||||
|
||||
// If there is an error when creating the configuration, this will be the
|
||||
|
62
vendor/github.com/hashicorp/vault/api/logical.go
generated
vendored
62
vendor/github.com/hashicorp/vault/api/logical.go
generated
vendored
@ -66,6 +66,53 @@ func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data
|
||||
defer cancelFunc()
|
||||
|
||||
resp, err := c.readRawWithDataWithContext(ctx, path, data)
|
||||
return c.ParseRawResponseAndCloseBody(resp, err)
|
||||
}
|
||||
|
||||
// ReadRaw attempts to read the value stored at the given Vault path
|
||||
// (without '/v1/' prefix) and returns a raw *http.Response.
|
||||
//
|
||||
// Note: the raw-response functions do not respect the client-configured
|
||||
// request timeout; if a timeout is desired, please use ReadRawWithContext
|
||||
// instead and set the timeout through context.WithTimeout or context.WithDeadline.
|
||||
func (c *Logical) ReadRaw(path string) (*Response, error) {
|
||||
return c.ReadRawWithDataWithContext(context.Background(), path, nil)
|
||||
}
|
||||
|
||||
// ReadRawWithContext attempts to read the value stored at the give Vault path
|
||||
// (without '/v1/' prefix) and returns a raw *http.Response.
|
||||
//
|
||||
// Note: the raw-response functions do not respect the client-configured
|
||||
// request timeout; if a timeout is desired, please set it through
|
||||
// context.WithTimeout or context.WithDeadline.
|
||||
func (c *Logical) ReadRawWithContext(ctx context.Context, path string) (*Response, error) {
|
||||
return c.ReadRawWithDataWithContext(ctx, path, nil)
|
||||
}
|
||||
|
||||
// ReadRawWithData attempts to read the value stored at the given Vault
|
||||
// path (without '/v1/' prefix) and returns a raw *http.Response. The 'data' map
|
||||
// is added as query parameters to the request.
|
||||
//
|
||||
// Note: the raw-response functions do not respect the client-configured
|
||||
// request timeout; if a timeout is desired, please use
|
||||
// ReadRawWithDataWithContext instead and set the timeout through
|
||||
// context.WithTimeout or context.WithDeadline.
|
||||
func (c *Logical) ReadRawWithData(path string, data map[string][]string) (*Response, error) {
|
||||
return c.ReadRawWithDataWithContext(context.Background(), path, data)
|
||||
}
|
||||
|
||||
// ReadRawWithDataWithContext attempts to read the value stored at the given
|
||||
// Vault path (without '/v1/' prefix) and returns a raw *http.Response. The 'data'
|
||||
// map is added as query parameters to the request.
|
||||
//
|
||||
// Note: the raw-response functions do not respect the client-configured
|
||||
// request timeout; if a timeout is desired, please set it through
|
||||
// context.WithTimeout or context.WithDeadline.
|
||||
func (c *Logical) ReadRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) {
|
||||
return c.readRawWithDataWithContext(ctx, path, data)
|
||||
}
|
||||
|
||||
func (c *Logical) ParseRawResponseAndCloseBody(resp *Response, err error) (*Secret, error) {
|
||||
if resp != nil {
|
||||
defer resp.Body.Close()
|
||||
}
|
||||
@ -90,21 +137,6 @@ func (c *Logical) ReadWithDataWithContext(ctx context.Context, path string, data
|
||||
return ParseSecret(resp.Body)
|
||||
}
|
||||
|
||||
func (c *Logical) ReadRaw(path string) (*Response, error) {
|
||||
return c.ReadRawWithData(path, nil)
|
||||
}
|
||||
|
||||
func (c *Logical) ReadRawWithData(path string, data map[string][]string) (*Response, error) {
|
||||
return c.ReadRawWithDataWithContext(context.Background(), path, data)
|
||||
}
|
||||
|
||||
func (c *Logical) ReadRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) {
|
||||
ctx, cancelFunc := c.c.withConfiguredTimeout(ctx)
|
||||
defer cancelFunc()
|
||||
|
||||
return c.readRawWithDataWithContext(ctx, path, data)
|
||||
}
|
||||
|
||||
func (c *Logical) readRawWithDataWithContext(ctx context.Context, path string, data map[string][]string) (*Response, error) {
|
||||
r := c.c.NewRequest(http.MethodGet, "/v1/"+path)
|
||||
|
||||
|
1
vendor/github.com/hashicorp/vault/api/plugin_helpers.go
generated
vendored
1
vendor/github.com/hashicorp/vault/api/plugin_helpers.go
generated
vendored
@ -63,6 +63,7 @@ var sudoPaths = map[string]*regexp.Regexp{
|
||||
"/sys/revoke-force/{prefix}": regexp.MustCompile(`^/sys/revoke-force/.+$`),
|
||||
"/sys/revoke-prefix/{prefix}": regexp.MustCompile(`^/sys/revoke-prefix/.+$`),
|
||||
"/sys/rotate": regexp.MustCompile(`^/sys/rotate$`),
|
||||
"/sys/internal/inspect/router/{tag}": regexp.MustCompile(`^/sys/internal/inspect/router/.+$`),
|
||||
|
||||
// enterprise-only paths
|
||||
"/sys/replication/dr/primary/secondary-token": regexp.MustCompile(`^/sys/replication/dr/primary/secondary-token$`),
|
||||
|
46
vendor/github.com/hashicorp/vault/api/secret.go
generated
vendored
46
vendor/github.com/hashicorp/vault/api/secret.go
generated
vendored
@ -2,8 +2,11 @@ package api
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"io"
|
||||
"reflect"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/errwrap"
|
||||
@ -302,7 +305,15 @@ func ParseSecret(r io.Reader) (*Secret, error) {
|
||||
// First read the data into a buffer. Not super efficient but we want to
|
||||
// know if we actually have a body or not.
|
||||
var buf bytes.Buffer
|
||||
_, err := buf.ReadFrom(r)
|
||||
|
||||
// io.Reader is treated like a stream and cannot be read
|
||||
// multiple times. Duplicating this stream using TeeReader
|
||||
// to use this data in case there is no top-level data from
|
||||
// api response
|
||||
var teebuf bytes.Buffer
|
||||
tee := io.TeeReader(r, &teebuf)
|
||||
|
||||
_, err := buf.ReadFrom(tee)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@ -316,5 +327,38 @@ func ParseSecret(r io.Reader) (*Secret, error) {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// If the secret is null, add raw data to secret data if present
|
||||
if reflect.DeepEqual(secret, Secret{}) {
|
||||
data := make(map[string]interface{})
|
||||
if err := jsonutil.DecodeJSONFromReader(&teebuf, &data); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
errRaw, errPresent := data["errors"]
|
||||
|
||||
// if only errors are present in the resp.Body return nil
|
||||
// to return value not found as it does not have any raw data
|
||||
if len(data) == 1 && errPresent {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
// if errors are present along with raw data return the error
|
||||
if errPresent {
|
||||
var errStrArray []string
|
||||
errBytes, err := json.Marshal(errRaw)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if err := json.Unmarshal(errBytes, &errStrArray); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return nil, fmt.Errorf(strings.Join(errStrArray, " "))
|
||||
}
|
||||
|
||||
// if any raw data is present in resp.Body, add it to secret
|
||||
if len(data) > 0 {
|
||||
secret.Data = data
|
||||
}
|
||||
}
|
||||
|
||||
return &secret, nil
|
||||
}
|
||||
|
64
vendor/github.com/hashicorp/vault/api/sys_mounts.go
generated
vendored
64
vendor/github.com/hashicorp/vault/api/sys_mounts.go
generated
vendored
@ -254,20 +254,20 @@ type MountInput struct {
|
||||
}
|
||||
|
||||
type MountConfigInput struct {
|
||||
Options map[string]string `json:"options" mapstructure:"options"`
|
||||
DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
|
||||
Description *string `json:"description,omitempty" mapstructure:"description"`
|
||||
MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
|
||||
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
|
||||
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
|
||||
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
|
||||
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
|
||||
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
|
||||
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
|
||||
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
|
||||
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
|
||||
PluginVersion string `json:"plugin_version,omitempty"`
|
||||
|
||||
Options map[string]string `json:"options" mapstructure:"options"`
|
||||
DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
|
||||
Description *string `json:"description,omitempty" mapstructure:"description"`
|
||||
MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
|
||||
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
|
||||
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
|
||||
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
|
||||
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
|
||||
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
|
||||
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
|
||||
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
|
||||
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
|
||||
PluginVersion string `json:"plugin_version,omitempty"`
|
||||
UserLockoutConfig *UserLockoutConfigInput `json:"user_lockout_config,omitempty"`
|
||||
// Deprecated: This field will always be blank for newer server responses.
|
||||
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
|
||||
}
|
||||
@ -289,21 +289,35 @@ type MountOutput struct {
|
||||
}
|
||||
|
||||
type MountConfigOutput struct {
|
||||
DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
|
||||
MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
|
||||
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
|
||||
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
|
||||
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
|
||||
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
|
||||
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
|
||||
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
|
||||
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
|
||||
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
|
||||
|
||||
DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"`
|
||||
MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"`
|
||||
ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"`
|
||||
AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"`
|
||||
AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"`
|
||||
ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"`
|
||||
PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"`
|
||||
AllowedResponseHeaders []string `json:"allowed_response_headers,omitempty" mapstructure:"allowed_response_headers"`
|
||||
TokenType string `json:"token_type,omitempty" mapstructure:"token_type"`
|
||||
AllowedManagedKeys []string `json:"allowed_managed_keys,omitempty" mapstructure:"allowed_managed_keys"`
|
||||
UserLockoutConfig *UserLockoutConfigOutput `json:"user_lockout_config,omitempty"`
|
||||
// Deprecated: This field will always be blank for newer server responses.
|
||||
PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"`
|
||||
}
|
||||
|
||||
type UserLockoutConfigInput struct {
|
||||
LockoutThreshold string `json:"lockout_threshold,omitempty" structs:"lockout_threshold" mapstructure:"lockout_threshold"`
|
||||
LockoutDuration string `json:"lockout_duration,omitempty" structs:"lockout_duration" mapstructure:"lockout_duration"`
|
||||
LockoutCounterResetDuration string `json:"lockout_counter_reset_duration,omitempty" structs:"lockout_counter_reset_duration" mapstructure:"lockout_counter_reset_duration"`
|
||||
DisableLockout *bool `json:"lockout_disable,omitempty" structs:"lockout_disable" mapstructure:"lockout_disable"`
|
||||
}
|
||||
|
||||
type UserLockoutConfigOutput struct {
|
||||
LockoutThreshold uint `json:"lockout_threshold,omitempty" structs:"lockout_threshold" mapstructure:"lockout_threshold"`
|
||||
LockoutDuration int `json:"lockout_duration,omitempty" structs:"lockout_duration" mapstructure:"lockout_duration"`
|
||||
LockoutCounterReset int `json:"lockout_counter_reset,omitempty" structs:"lockout_counter_reset" mapstructure:"lockout_counter_reset"`
|
||||
DisableLockout *bool `json:"disable_lockout,omitempty" structs:"disable_lockout" mapstructure:"disable_lockout"`
|
||||
}
|
||||
|
||||
type MountMigrationOutput struct {
|
||||
MigrationID string `mapstructure:"migration_id"`
|
||||
}
|
||||
|
33
vendor/github.com/hashicorp/vault/api/sys_seal.go
generated
vendored
33
vendor/github.com/hashicorp/vault/api/sys_seal.go
generated
vendored
@ -93,22 +93,23 @@ func sealStatusRequestWithContext(ctx context.Context, c *Sys, r *Request) (*Sea
|
||||
}
|
||||
|
||||
type SealStatusResponse struct {
|
||||
Type string `json:"type"`
|
||||
Initialized bool `json:"initialized"`
|
||||
Sealed bool `json:"sealed"`
|
||||
T int `json:"t"`
|
||||
N int `json:"n"`
|
||||
Progress int `json:"progress"`
|
||||
Nonce string `json:"nonce"`
|
||||
Version string `json:"version"`
|
||||
BuildDate string `json:"build_date"`
|
||||
Migration bool `json:"migration"`
|
||||
ClusterName string `json:"cluster_name,omitempty"`
|
||||
ClusterID string `json:"cluster_id,omitempty"`
|
||||
RecoverySeal bool `json:"recovery_seal"`
|
||||
StorageType string `json:"storage_type,omitempty"`
|
||||
HCPLinkStatus string `json:"hcp_link_status,omitempty"`
|
||||
HCPLinkResourceID string `json:"hcp_link_resource_ID,omitempty"`
|
||||
Type string `json:"type"`
|
||||
Initialized bool `json:"initialized"`
|
||||
Sealed bool `json:"sealed"`
|
||||
T int `json:"t"`
|
||||
N int `json:"n"`
|
||||
Progress int `json:"progress"`
|
||||
Nonce string `json:"nonce"`
|
||||
Version string `json:"version"`
|
||||
BuildDate string `json:"build_date"`
|
||||
Migration bool `json:"migration"`
|
||||
ClusterName string `json:"cluster_name,omitempty"`
|
||||
ClusterID string `json:"cluster_id,omitempty"`
|
||||
RecoverySeal bool `json:"recovery_seal"`
|
||||
StorageType string `json:"storage_type,omitempty"`
|
||||
HCPLinkStatus string `json:"hcp_link_status,omitempty"`
|
||||
HCPLinkResourceID string `json:"hcp_link_resource_ID,omitempty"`
|
||||
Warnings []string `json:"warnings,omitempty"`
|
||||
}
|
||||
|
||||
type UnsealOpts struct {
|
||||
|
2
vendor/github.com/hashicorp/vault/sdk/LICENSE
generated
vendored
2
vendor/github.com/hashicorp/vault/sdk/LICENSE
generated
vendored
@ -1,3 +1,5 @@
|
||||
Copyright (c) 2015 HashiCorp, Inc.
|
||||
|
||||
Mozilla Public License, version 2.0
|
||||
|
||||
1. Definitions
|
||||
|
80
vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go
generated
vendored
80
vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go
generated
vendored
@ -64,6 +64,20 @@ var SignatureAlgorithmNames = map[string]x509.SignatureAlgorithm{
|
||||
"ed25519": x509.PureEd25519, // Duplicated for clarity; most won't expect the "Pure" prefix.
|
||||
}
|
||||
|
||||
// Mapping of constant values<->constant names for SignatureAlgorithm
|
||||
var InvSignatureAlgorithmNames = map[x509.SignatureAlgorithm]string{
|
||||
x509.SHA256WithRSA: "SHA256WithRSA",
|
||||
x509.SHA384WithRSA: "SHA384WithRSA",
|
||||
x509.SHA512WithRSA: "SHA512WithRSA",
|
||||
x509.ECDSAWithSHA256: "ECDSAWithSHA256",
|
||||
x509.ECDSAWithSHA384: "ECDSAWithSHA384",
|
||||
x509.ECDSAWithSHA512: "ECDSAWithSHA512",
|
||||
x509.SHA256WithRSAPSS: "SHA256WithRSAPSS",
|
||||
x509.SHA384WithRSAPSS: "SHA384WithRSAPSS",
|
||||
x509.SHA512WithRSAPSS: "SHA512WithRSAPSS",
|
||||
x509.PureEd25519: "Ed25519",
|
||||
}
|
||||
|
||||
// OID for RFC 5280 Delta CRL Indicator CRL extension.
|
||||
//
|
||||
// > id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 }
|
||||
@ -86,13 +100,13 @@ func GetHexFormatted(buf []byte, sep string) string {
|
||||
func ParseHexFormatted(in, sep string) []byte {
|
||||
var ret bytes.Buffer
|
||||
var err error
|
||||
var inBits int64
|
||||
var inBits uint64
|
||||
inBytes := strings.Split(in, sep)
|
||||
for _, inByte := range inBytes {
|
||||
if inBits, err = strconv.ParseInt(inByte, 16, 8); err != nil {
|
||||
if inBits, err = strconv.ParseUint(inByte, 16, 8); err != nil {
|
||||
return nil
|
||||
}
|
||||
ret.WriteByte(byte(inBits))
|
||||
ret.WriteByte(uint8(inBits))
|
||||
}
|
||||
return ret.Bytes()
|
||||
}
|
||||
@ -789,7 +803,7 @@ func CreateCertificateWithKeyGenerator(data *CreationBundle, randReader io.Reade
|
||||
return createCertificate(data, randReader, keyGenerator)
|
||||
}
|
||||
|
||||
// Set correct correct RSA sig algo
|
||||
// Set correct RSA sig algo
|
||||
func certTemplateSetSigAlgo(certTemplate *x509.Certificate, data *CreationBundle) {
|
||||
if data.Params.UsePSS {
|
||||
switch data.Params.SignatureBits {
|
||||
@ -812,6 +826,35 @@ func certTemplateSetSigAlgo(certTemplate *x509.Certificate, data *CreationBundle
|
||||
}
|
||||
}
|
||||
|
||||
// selectSignatureAlgorithmForRSA returns the proper x509.SignatureAlgorithm based on various properties set in the
|
||||
// Creation Bundle parameter. This method will default to a SHA256 signature algorithm if the requested signature
|
||||
// bits is not set/unknown.
|
||||
func selectSignatureAlgorithmForRSA(data *CreationBundle) x509.SignatureAlgorithm {
|
||||
if data.Params.UsePSS {
|
||||
switch data.Params.SignatureBits {
|
||||
case 256:
|
||||
return x509.SHA256WithRSAPSS
|
||||
case 384:
|
||||
return x509.SHA384WithRSAPSS
|
||||
case 512:
|
||||
return x509.SHA512WithRSAPSS
|
||||
default:
|
||||
return x509.SHA256WithRSAPSS
|
||||
}
|
||||
}
|
||||
|
||||
switch data.Params.SignatureBits {
|
||||
case 256:
|
||||
return x509.SHA256WithRSA
|
||||
case 384:
|
||||
return x509.SHA384WithRSA
|
||||
case 512:
|
||||
return x509.SHA512WithRSA
|
||||
default:
|
||||
return x509.SHA256WithRSA
|
||||
}
|
||||
}
|
||||
|
||||
func createCertificate(data *CreationBundle, randReader io.Reader, privateKeyGenerator KeyGenerator) (*ParsedCertBundle, error) {
|
||||
var err error
|
||||
result := &ParsedCertBundle{}
|
||||
@ -878,7 +921,11 @@ func createCertificate(data *CreationBundle, randReader io.Reader, privateKeyGen
|
||||
|
||||
var certBytes []byte
|
||||
if data.SigningBundle != nil {
|
||||
switch data.SigningBundle.PrivateKeyType {
|
||||
privateKeyType := data.SigningBundle.PrivateKeyType
|
||||
if privateKeyType == ManagedPrivateKey {
|
||||
privateKeyType = GetPrivateKeyTypeFromSigner(data.SigningBundle.PrivateKey)
|
||||
}
|
||||
switch privateKeyType {
|
||||
case RSAPrivateKey:
|
||||
certTemplateSetSigAlgo(certTemplate, data)
|
||||
case Ed25519PrivateKey:
|
||||
@ -986,7 +1033,10 @@ func selectSignatureAlgorithmForECDSA(pub crypto.PublicKey, signatureBits int) x
|
||||
}
|
||||
}
|
||||
|
||||
var oidExtensionBasicConstraints = []int{2, 5, 29, 19}
|
||||
var (
|
||||
oidExtensionBasicConstraints = []int{2, 5, 29, 19}
|
||||
oidExtensionSubjectAltName = []int{2, 5, 29, 17}
|
||||
)
|
||||
|
||||
// CreateCSR creates a CSR with the default rand.Reader to
|
||||
// generate a cert/keypair. This is currently only meant
|
||||
@ -1049,9 +1099,10 @@ func createCSR(data *CreationBundle, addBasicConstraints bool, randReader io.Rea
|
||||
|
||||
switch data.Params.KeyType {
|
||||
case "rsa":
|
||||
csrTemplate.SignatureAlgorithm = x509.SHA256WithRSA
|
||||
// use specified RSA algorithm defaulting to the appropriate SHA256 RSA signature type
|
||||
csrTemplate.SignatureAlgorithm = selectSignatureAlgorithmForRSA(data)
|
||||
case "ec":
|
||||
csrTemplate.SignatureAlgorithm = x509.ECDSAWithSHA256
|
||||
csrTemplate.SignatureAlgorithm = selectSignatureAlgorithmForECDSA(result.PrivateKey.Public(), data.Params.SignatureBits)
|
||||
case "ed25519":
|
||||
csrTemplate.SignatureAlgorithm = x509.PureEd25519
|
||||
}
|
||||
@ -1067,6 +1118,10 @@ func createCSR(data *CreationBundle, addBasicConstraints bool, randReader io.Rea
|
||||
return nil, errutil.InternalError{Err: fmt.Sprintf("unable to parse created certificate: %v", err)}
|
||||
}
|
||||
|
||||
if err = result.CSR.CheckSignature(); err != nil {
|
||||
return nil, errors.New("failed signature validation for CSR")
|
||||
}
|
||||
|
||||
return result, nil
|
||||
}
|
||||
|
||||
@ -1127,7 +1182,12 @@ func signCertificate(data *CreationBundle, randReader io.Reader) (*ParsedCertBun
|
||||
certTemplate.NotBefore = time.Now().Add(-1 * data.Params.NotBeforeDuration)
|
||||
}
|
||||
|
||||
switch data.SigningBundle.PrivateKeyType {
|
||||
privateKeyType := data.SigningBundle.PrivateKeyType
|
||||
if privateKeyType == ManagedPrivateKey {
|
||||
privateKeyType = GetPrivateKeyTypeFromSigner(data.SigningBundle.PrivateKey)
|
||||
}
|
||||
|
||||
switch privateKeyType {
|
||||
case RSAPrivateKey:
|
||||
certTemplateSetSigAlgo(certTemplate, data)
|
||||
case ECPrivateKey:
|
||||
@ -1151,7 +1211,7 @@ func signCertificate(data *CreationBundle, randReader io.Reader) (*ParsedCertBun
|
||||
certTemplate.URIs = data.CSR.URIs
|
||||
|
||||
for _, name := range data.CSR.Extensions {
|
||||
if !name.Id.Equal(oidExtensionBasicConstraints) {
|
||||
if !name.Id.Equal(oidExtensionBasicConstraints) && !(len(data.Params.OtherSANs) > 0 && name.Id.Equal(oidExtensionSubjectAltName)) {
|
||||
certTemplate.ExtraExtensions = append(certTemplate.ExtraExtensions, name)
|
||||
}
|
||||
}
|
||||
|
12
vendor/github.com/hashicorp/vault/sdk/helper/certutil/types.go
generated
vendored
12
vendor/github.com/hashicorp/vault/sdk/helper/certutil/types.go
generated
vendored
@ -148,16 +148,16 @@ type KeyBundle struct {
|
||||
}
|
||||
|
||||
func GetPrivateKeyTypeFromSigner(signer crypto.Signer) PrivateKeyType {
|
||||
switch signer.(type) {
|
||||
case *rsa.PrivateKey:
|
||||
// We look at the public key types to work-around limitations/typing of managed keys.
|
||||
switch signer.Public().(type) {
|
||||
case *rsa.PublicKey:
|
||||
return RSAPrivateKey
|
||||
case *ecdsa.PrivateKey:
|
||||
case *ecdsa.PublicKey:
|
||||
return ECPrivateKey
|
||||
case ed25519.PrivateKey:
|
||||
case ed25519.PublicKey:
|
||||
return Ed25519PrivateKey
|
||||
default:
|
||||
return UnknownPrivateKey
|
||||
}
|
||||
return UnknownPrivateKey
|
||||
}
|
||||
|
||||
// ToPEMBundle converts a string-based certificate bundle
|
||||
|
2
vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go
generated
vendored
2
vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go
generated
vendored
@ -4,7 +4,7 @@ package consts
|
||||
// endpoint.
|
||||
const AgentPathCacheClear = "/agent/v1/cache-clear"
|
||||
|
||||
// AgentPathMetrics is the path the the agent will use to expose its internal
|
||||
// AgentPathMetrics is the path the agent will use to expose its internal
|
||||
// metrics.
|
||||
const AgentPathMetrics = "/agent/v1/metrics"
|
||||
|
||||
|
2
vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go
generated
vendored
2
vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go
generated
vendored
@ -34,4 +34,6 @@ const (
|
||||
ReplicationResolverALPN = "replication_resolver_v1"
|
||||
|
||||
VaultEnableFilePermissionsCheckEnv = "VAULT_ENABLE_FILE_PERMISSIONS_CHECK"
|
||||
|
||||
VaultDisableUserLockout = "VAULT_DISABLE_USER_LOCKOUT"
|
||||
)
|
||||
|
5
vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go
generated
vendored
5
vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go
generated
vendored
@ -1,6 +1,9 @@
|
||||
package consts
|
||||
|
||||
const VaultAllowPendingRemovalMountsEnv = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS"
|
||||
// EnvVaultAllowPendingRemovalMounts allows Pending Removal builtins to be
|
||||
// mounted as if they are Deprecated to facilitate migration to supported
|
||||
// builtin plugins.
|
||||
const EnvVaultAllowPendingRemovalMounts = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS"
|
||||
|
||||
// DeprecationStatus represents the current deprecation state for builtins
|
||||
type DeprecationStatus uint32
|
||||
|
5
vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go
generated
vendored
5
vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go
generated
vendored
@ -60,16 +60,13 @@ func ParseLogFormat(format string) (LogFormat, error) {
|
||||
case "json":
|
||||
return JSONFormat, nil
|
||||
default:
|
||||
return UnspecifiedFormat, fmt.Errorf("Unknown log format: %s", format)
|
||||
return UnspecifiedFormat, fmt.Errorf("unknown log format: %s", format)
|
||||
}
|
||||
}
|
||||
|
||||
// ParseEnvLogFormat parses the log format from an environment variable.
|
||||
func ParseEnvLogFormat() LogFormat {
|
||||
logFormat := os.Getenv("VAULT_LOG_FORMAT")
|
||||
if logFormat == "" {
|
||||
logFormat = os.Getenv("LOGXI_FORMAT")
|
||||
}
|
||||
switch strings.ToLower(logFormat) {
|
||||
case "json", "vault_json", "vault-json", "vaultjson":
|
||||
return JSONFormat
|
||||
|
7
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.go
generated
vendored
7
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.go
generated
vendored
@ -2,6 +2,7 @@ package pluginutil
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"os"
|
||||
"strings"
|
||||
@ -13,6 +14,8 @@ import (
|
||||
"google.golang.org/grpc/status"
|
||||
)
|
||||
|
||||
var ErrNoMultiplexingIDFound = errors.New("no multiplexing ID found")
|
||||
|
||||
type PluginMultiplexingServerImpl struct {
|
||||
UnimplementedPluginMultiplexingServer
|
||||
|
||||
@ -62,7 +65,9 @@ func GetMultiplexIDFromContext(ctx context.Context) (string, error) {
|
||||
}
|
||||
|
||||
multiplexIDs := md[MultiplexingCtxKey]
|
||||
if len(multiplexIDs) != 1 {
|
||||
if len(multiplexIDs) == 0 {
|
||||
return "", ErrNoMultiplexingIDFound
|
||||
} else if len(multiplexIDs) != 1 {
|
||||
return "", fmt.Errorf("unexpected number of IDs in metadata: (%d)", len(multiplexIDs))
|
||||
}
|
||||
|
||||
|
2
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go
generated
vendored
2
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go
generated
vendored
@ -1,7 +1,7 @@
|
||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// versions:
|
||||
// protoc-gen-go v1.28.1
|
||||
// protoc v3.21.5
|
||||
// protoc v3.21.9
|
||||
// source: sdk/helper/pluginutil/multiplexing.proto
|
||||
|
||||
package pluginutil
|
||||
|
7
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go
generated
vendored
7
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go
generated
vendored
@ -10,7 +10,6 @@ import (
|
||||
log "github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-plugin"
|
||||
"github.com/hashicorp/vault/sdk/helper/consts"
|
||||
"github.com/hashicorp/vault/sdk/version"
|
||||
)
|
||||
|
||||
type PluginClientConfig struct {
|
||||
@ -46,7 +45,11 @@ func (rc runConfig) makeConfig(ctx context.Context) (*plugin.ClientConfig, error
|
||||
if rc.MLock || (rc.Wrapper != nil && rc.Wrapper.MlockEnabled()) {
|
||||
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMlockEnabled, "true"))
|
||||
}
|
||||
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version.GetVersion().Version))
|
||||
version, err := rc.Wrapper.VaultVersion(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version))
|
||||
|
||||
if rc.IsMetadataMode {
|
||||
rc.Logger = rc.Logger.With("metadata", "true")
|
||||
|
1
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go
generated
vendored
1
vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go
generated
vendored
@ -27,6 +27,7 @@ type RunnerUtil interface {
|
||||
NewPluginClient(ctx context.Context, config PluginClientConfig) (PluginClient, error)
|
||||
ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error)
|
||||
MlockEnabled() bool
|
||||
VaultVersion(ctx context.Context) (string, error)
|
||||
}
|
||||
|
||||
// LookRunnerUtil defines the functions for both Looker and Wrapper
|
||||
|
5
vendor/github.com/hashicorp/vault/sdk/logical/error.go
generated
vendored
5
vendor/github.com/hashicorp/vault/sdk/logical/error.go
generated
vendored
@ -17,6 +17,11 @@ var (
|
||||
// ErrPermissionDenied is returned if the client is not authorized
|
||||
ErrPermissionDenied = errors.New("permission denied")
|
||||
|
||||
// ErrInvalidCredentials is returned when the provided credentials are incorrect
|
||||
// This is used internally for user lockout purposes. This is not seen externally.
|
||||
// The status code returned does not change because of this error
|
||||
ErrInvalidCredentials = errors.New("invalid credentials")
|
||||
|
||||
// ErrMultiAuthzPending is returned if the the request needs more
|
||||
// authorizations
|
||||
ErrMultiAuthzPending = errors.New("request needs further approval")
|
||||
|
2
vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go
generated
vendored
2
vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go
generated
vendored
@ -1,7 +1,7 @@
|
||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// versions:
|
||||
// protoc-gen-go v1.28.1
|
||||
// protoc v3.21.5
|
||||
// protoc v3.21.9
|
||||
// source: sdk/logical/identity.proto
|
||||
|
||||
package logical
|
||||
|
28
vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go
generated
vendored
28
vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go
generated
vendored
@ -34,9 +34,11 @@ type ManagedKey interface {
|
||||
}
|
||||
|
||||
type (
|
||||
ManagedKeyConsumer func(context.Context, ManagedKey) error
|
||||
ManagedSigningKeyConsumer func(context.Context, ManagedSigningKey) error
|
||||
ManagedEncryptingKeyConsumer func(context.Context, ManagedEncryptingKey) error
|
||||
ManagedKeyConsumer func(context.Context, ManagedKey) error
|
||||
ManagedSigningKeyConsumer func(context.Context, ManagedSigningKey) error
|
||||
ManagedEncryptingKeyConsumer func(context.Context, ManagedEncryptingKey) error
|
||||
ManagedMACKeyConsumer func(context.Context, ManagedMACKey) error
|
||||
ManagedKeyRandomSourceConsumer func(context.Context, ManagedKeyRandomSource) error
|
||||
)
|
||||
|
||||
type ManagedKeySystemView interface {
|
||||
@ -59,6 +61,12 @@ type ManagedKeySystemView interface {
|
||||
// WithManagedSigningKeyByUUID retrieves an instantiated managed signing key for consumption by the given function,
|
||||
// with the same semantics as WithManagedKeyByUUID
|
||||
WithManagedEncryptingKeyByUUID(ctx context.Context, keyUuid, backendUUID string, f ManagedEncryptingKeyConsumer) error
|
||||
// WithManagedMACKeyByName retrieves an instantiated managed MAC key by name for consumption by the given function,
|
||||
// with the same semantics as WithManagedKeyByName.
|
||||
WithManagedMACKeyByName(ctx context.Context, keyName, backendUUID string, f ManagedMACKeyConsumer) error
|
||||
// WithManagedMACKeyByUUID retrieves an instantiated managed MAC key by UUID for consumption by the given function,
|
||||
// with the same semantics as WithManagedKeyByUUID.
|
||||
WithManagedMACKeyByUUID(ctx context.Context, keyUUID, backendUUID string, f ManagedMACKeyConsumer) error
|
||||
}
|
||||
|
||||
type ManagedAsymmetricKey interface {
|
||||
@ -95,3 +103,17 @@ type ManagedEncryptingKey interface {
|
||||
ManagedKey
|
||||
GetAEAD(iv []byte) (cipher.AEAD, error)
|
||||
}
|
||||
|
||||
type ManagedMACKey interface {
|
||||
ManagedKey
|
||||
|
||||
// MAC generates a MAC tag using the provided algorithm for the provided value.
|
||||
MAC(ctx context.Context, algorithm string, data []byte) ([]byte, error)
|
||||
}
|
||||
|
||||
type ManagedKeyRandomSource interface {
|
||||
ManagedKey
|
||||
|
||||
// GetRandomBytes returns a number (specified by the count parameter) of random bytes sourced from the target managed key.
|
||||
GetRandomBytes(ctx context.Context, count int) ([]byte, error)
|
||||
}
|
||||
|
2
vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go
generated
vendored
2
vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go
generated
vendored
@ -1,7 +1,7 @@
|
||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// versions:
|
||||
// protoc-gen-go v1.28.1
|
||||
// protoc v3.21.5
|
||||
// protoc v3.21.9
|
||||
// source: sdk/logical/plugin.proto
|
||||
|
||||
package logical
|
||||
|
3
vendor/github.com/hashicorp/vault/sdk/logical/response.go
generated
vendored
3
vendor/github.com/hashicorp/vault/sdk/logical/response.go
generated
vendored
@ -92,7 +92,8 @@ func (r *Response) AddWarning(warning string) {
|
||||
|
||||
// IsError returns true if this response seems to indicate an error.
|
||||
func (r *Response) IsError() bool {
|
||||
return r != nil && r.Data != nil && len(r.Data) == 1 && r.Data["error"] != nil
|
||||
// If the response data contains only an 'error' element, or an 'error' and a 'data' element only
|
||||
return r != nil && r.Data != nil && r.Data["error"] != nil && (len(r.Data) == 1 || (r.Data["data"] != nil && len(r.Data) == 2))
|
||||
}
|
||||
|
||||
func (r *Response) Error() error {
|
||||
|
22
vendor/github.com/hashicorp/vault/sdk/logical/response_util.go
generated
vendored
22
vendor/github.com/hashicorp/vault/sdk/logical/response_util.go
generated
vendored
@ -122,6 +122,8 @@ func RespondErrorCommon(req *Request, resp *Response, err error) (int, error) {
|
||||
statusCode = http.StatusNotFound
|
||||
case errwrap.Contains(err, ErrRelativePath.Error()):
|
||||
statusCode = http.StatusBadRequest
|
||||
case errwrap.Contains(err, ErrInvalidCredentials.Error()):
|
||||
statusCode = http.StatusBadRequest
|
||||
}
|
||||
}
|
||||
|
||||
@ -180,3 +182,23 @@ func RespondError(w http.ResponseWriter, status int, err error) {
|
||||
enc := json.NewEncoder(w)
|
||||
enc.Encode(resp)
|
||||
}
|
||||
|
||||
func RespondErrorAndData(w http.ResponseWriter, status int, data interface{}, err error) {
|
||||
AdjustErrorStatusCode(&status, err)
|
||||
|
||||
w.Header().Set("Content-Type", "application/json")
|
||||
w.WriteHeader(status)
|
||||
|
||||
type ErrorAndDataResponse struct {
|
||||
Errors []string `json:"errors"`
|
||||
Data interface{} `json:"data""`
|
||||
}
|
||||
resp := &ErrorAndDataResponse{Errors: make([]string, 0, 1)}
|
||||
if err != nil {
|
||||
resp.Errors = append(resp.Errors, err.Error())
|
||||
}
|
||||
resp.Data = data
|
||||
|
||||
enc := json.NewEncoder(w)
|
||||
enc.Encode(resp)
|
||||
}
|
||||
|
9
vendor/github.com/hashicorp/vault/sdk/logical/system_view.go
generated
vendored
9
vendor/github.com/hashicorp/vault/sdk/logical/system_view.go
generated
vendored
@ -83,6 +83,9 @@ type SystemView interface {
|
||||
// PluginEnv returns Vault environment information used by plugins
|
||||
PluginEnv(context.Context) (*PluginEnvironment, error)
|
||||
|
||||
// VaultVersion returns the version string for the currently running Vault.
|
||||
VaultVersion(context.Context) (string, error)
|
||||
|
||||
// GeneratePasswordFromPolicy generates a password from the policy referenced.
|
||||
// If the policy does not exist, this will return an error.
|
||||
GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error)
|
||||
@ -113,9 +116,9 @@ type StaticSystemView struct {
|
||||
EntityVal *Entity
|
||||
GroupsVal []*Group
|
||||
Features license.Features
|
||||
VaultVersion string
|
||||
PluginEnvironment *PluginEnvironment
|
||||
PasswordPolicies map[string]PasswordGenerator
|
||||
VersionString string
|
||||
}
|
||||
|
||||
type noopAuditor struct{}
|
||||
@ -204,6 +207,10 @@ func (d StaticSystemView) PluginEnv(_ context.Context) (*PluginEnvironment, erro
|
||||
return d.PluginEnvironment, nil
|
||||
}
|
||||
|
||||
func (d StaticSystemView) VaultVersion(_ context.Context) (string, error) {
|
||||
return d.VersionString, nil
|
||||
}
|
||||
|
||||
func (d StaticSystemView) GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error) {
|
||||
select {
|
||||
case <-ctx.Done():
|
||||
|
1
vendor/github.com/hashicorp/vault/sdk/logical/testing.go
generated
vendored
1
vendor/github.com/hashicorp/vault/sdk/logical/testing.go
generated
vendored
@ -73,6 +73,7 @@ func TestSystemView() *StaticSystemView {
|
||||
return &StaticSystemView{
|
||||
DefaultLeaseTTLVal: defaultLeaseTTLVal,
|
||||
MaxLeaseTTLVal: maxLeaseTTLVal,
|
||||
VersionString: "testVersionString",
|
||||
}
|
||||
}
|
||||
|
||||
|
2
vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go
generated
vendored
2
vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go
generated
vendored
@ -1,7 +1,7 @@
|
||||
// Code generated by protoc-gen-go. DO NOT EDIT.
|
||||
// versions:
|
||||
// protoc-gen-go v1.28.1
|
||||
// protoc v3.21.5
|
||||
// protoc v3.21.9
|
||||
// source: sdk/logical/version.proto
|
||||
|
||||
package logical
|
||||
|
1
vendor/github.com/hashicorp/vault/sdk/physical/cache.go
generated
vendored
1
vendor/github.com/hashicorp/vault/sdk/physical/cache.go
generated
vendored
@ -29,7 +29,6 @@ var cacheExceptionsPaths = []string{
|
||||
"sys/expire/",
|
||||
"core/poison-pill",
|
||||
"core/raft/tls",
|
||||
"core/license",
|
||||
}
|
||||
|
||||
// CacheRefreshContext returns a context with an added value denoting if the
|
||||
|
7
vendor/github.com/hashicorp/vault/sdk/version/cgo.go
generated
vendored
7
vendor/github.com/hashicorp/vault/sdk/version/cgo.go
generated
vendored
@ -1,7 +0,0 @@
|
||||
//go:build cgo
|
||||
|
||||
package version
|
||||
|
||||
func init() {
|
||||
CgoEnabled = true
|
||||
}
|
80
vendor/github.com/hashicorp/vault/sdk/version/version.go
generated
vendored
80
vendor/github.com/hashicorp/vault/sdk/version/version.go
generated
vendored
@ -1,80 +0,0 @@
|
||||
package version
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"fmt"
|
||||
)
|
||||
|
||||
// VersionInfo
|
||||
type VersionInfo struct {
|
||||
Revision string `json:"revision,omitempty"`
|
||||
Version string `json:"version,omitempty"`
|
||||
VersionPrerelease string `json:"version_prerelease,omitempty"`
|
||||
VersionMetadata string `json:"version_metadata,omitempty"`
|
||||
BuildDate string `json:"build_date,omitempty"`
|
||||
}
|
||||
|
||||
func GetVersion() *VersionInfo {
|
||||
ver := Version
|
||||
rel := VersionPrerelease
|
||||
md := VersionMetadata
|
||||
if GitDescribe != "" {
|
||||
ver = GitDescribe
|
||||
}
|
||||
if GitDescribe == "" && rel == "" && VersionPrerelease != "" {
|
||||
rel = "dev"
|
||||
}
|
||||
|
||||
return &VersionInfo{
|
||||
Revision: GitCommit,
|
||||
Version: ver,
|
||||
VersionPrerelease: rel,
|
||||
VersionMetadata: md,
|
||||
BuildDate: BuildDate,
|
||||
}
|
||||
}
|
||||
|
||||
func (c *VersionInfo) VersionNumber() string {
|
||||
if Version == "unknown" && VersionPrerelease == "unknown" {
|
||||
return "(version unknown)"
|
||||
}
|
||||
|
||||
version := c.Version
|
||||
|
||||
if c.VersionPrerelease != "" {
|
||||
version = fmt.Sprintf("%s-%s", version, c.VersionPrerelease)
|
||||
}
|
||||
|
||||
if c.VersionMetadata != "" {
|
||||
version = fmt.Sprintf("%s+%s", version, c.VersionMetadata)
|
||||
}
|
||||
|
||||
return version
|
||||
}
|
||||
|
||||
func (c *VersionInfo) FullVersionNumber(rev bool) string {
|
||||
var versionString bytes.Buffer
|
||||
|
||||
if Version == "unknown" && VersionPrerelease == "unknown" {
|
||||
return "Vault (version unknown)"
|
||||
}
|
||||
|
||||
fmt.Fprintf(&versionString, "Vault v%s", c.Version)
|
||||
if c.VersionPrerelease != "" {
|
||||
fmt.Fprintf(&versionString, "-%s", c.VersionPrerelease)
|
||||
}
|
||||
|
||||
if c.VersionMetadata != "" {
|
||||
fmt.Fprintf(&versionString, "+%s", c.VersionMetadata)
|
||||
}
|
||||
|
||||
if rev && c.Revision != "" {
|
||||
fmt.Fprintf(&versionString, " (%s)", c.Revision)
|
||||
}
|
||||
|
||||
if c.BuildDate != "" {
|
||||
fmt.Fprintf(&versionString, ", built %s", c.BuildDate)
|
||||
}
|
||||
|
||||
return versionString.String()
|
||||
}
|
17
vendor/github.com/hashicorp/vault/sdk/version/version_base.go
generated
vendored
17
vendor/github.com/hashicorp/vault/sdk/version/version_base.go
generated
vendored
@ -1,17 +0,0 @@
|
||||
package version
|
||||
|
||||
var (
|
||||
// The git commit that was compiled. This will be filled in by the compiler.
|
||||
GitCommit string
|
||||
GitDescribe string
|
||||
|
||||
// The compilation date. This will be filled in by the compiler.
|
||||
BuildDate string
|
||||
|
||||
// Whether cgo is enabled or not; set at build time
|
||||
CgoEnabled bool
|
||||
|
||||
Version = "1.12.0"
|
||||
VersionPrerelease = "dev1"
|
||||
VersionMetadata = ""
|
||||
)
|
5
vendor/modules.txt
vendored
5
vendor/modules.txt
vendored
@ -329,10 +329,10 @@ github.com/hashicorp/hcl/json/token
|
||||
## explicit; go 1.13
|
||||
github.com/hashicorp/vault/command/agent/auth
|
||||
github.com/hashicorp/vault/command/agent/auth/kubernetes
|
||||
# github.com/hashicorp/vault/api v1.8.2
|
||||
# github.com/hashicorp/vault/api v1.8.3
|
||||
## explicit; go 1.19
|
||||
github.com/hashicorp/vault/api
|
||||
# github.com/hashicorp/vault/sdk v0.6.0
|
||||
# github.com/hashicorp/vault/sdk v0.7.0
|
||||
## explicit; go 1.19
|
||||
github.com/hashicorp/vault/sdk/helper/certutil
|
||||
github.com/hashicorp/vault/sdk/helper/compressutil
|
||||
@ -351,7 +351,6 @@ github.com/hashicorp/vault/sdk/helper/wrapping
|
||||
github.com/hashicorp/vault/sdk/logical
|
||||
github.com/hashicorp/vault/sdk/physical
|
||||
github.com/hashicorp/vault/sdk/physical/inmem
|
||||
github.com/hashicorp/vault/sdk/version
|
||||
# github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d
|
||||
## explicit
|
||||
github.com/hashicorp/yamux
|
||||
|
Loading…
Reference in New Issue
Block a user