Merge branches 'arykalin-VEN-47354' and 'master' of github.com:Venafi…

…/vault-pki-backend-venafi into arykalin-VEN-47354

# Conflicts:
#	plugin/pki/backend_test.go

Makefile

@@ -287,3 +287,13 @@ cert_list:
 
 show_config: fake_config_read cloud_config_read tpp_config_read
 config: fake_config_write cloud_config_write tpp_config_write
+
+collect_artifacts:
+	mkdir -p artifcats
+	mv (PLUGIN_DIR)/linux/$(PLUGIN_NAME) artifcats/$(PLUGIN_NAME)-$(VERSION)_linux
+	mv (PLUGIN_DIR)/linux86/$(PLUGIN_NAME) artifcats/$(PLUGIN_NAME)-$(VERSION)_linux86
+	mv (PLUGIN_DIR)/darwin/$(PLUGIN_NAME) artifcats/$(PLUGIN_NAME)-$(VERSION)_darwin
+	mv (PLUGIN_DIR)/darwin86/$(PLUGIN_NAME) artifcats/$(PLUGIN_NAME)-$(VERSION)_darwin86
+	mv (PLUGIN_DIR)/windows/$(PLUGIN_NAME).exe artifcats/$(PLUGIN_NAME)-$(VERSION)_windows.exe
+	mv (PLUGIN_DIR)/windows86/$(PLUGIN_NAME).ext artifcats/$(PLUGIN_NAME)-$(VERSION)_windows86.exe
+	cd artifcats; sha1sum * > hashsums.sha1

plugin/pki/path_roles.go

@@ -2,11 +2,8 @@ package pki
 
 import (
 	"context"
-	"strings"
 	"time"
 
-	"github.com/hashicorp/vault/helper/consts"
-	"github.com/hashicorp/vault/helper/parseutil"
 	"github.com/hashicorp/vault/logical"
 	"github.com/hashicorp/vault/logical/framework"
 )
@@ -163,50 +160,6 @@ func (b *backend) getRole(ctx context.Context, s logical.Storage, n string) (*ro
 		return nil, err
 	}
 
-	// Migrate existing saved entries and save back if changed
-	modified := false
-	if len(result.DeprecatedTTL) == 0 && len(result.Lease) != 0 {
-		result.DeprecatedTTL = result.Lease
-		result.Lease = ""
-		modified = true
-	}
-	if result.TTL == 0 && len(result.DeprecatedTTL) != 0 {
-		parsed, err := parseutil.ParseDurationSecond(result.DeprecatedTTL)
-		if err != nil {
-			return nil, err
-		}
-		result.TTL = parsed
-		result.DeprecatedTTL = ""
-		modified = true
-	}
-	if len(result.DeprecatedMaxTTL) == 0 && len(result.LeaseMax) != 0 {
-		result.DeprecatedMaxTTL = result.LeaseMax
-		result.LeaseMax = ""
-		modified = true
-	}
-	if result.MaxTTL == 0 && len(result.DeprecatedMaxTTL) != 0 {
-		parsed, err := parseutil.ParseDurationSecond(result.DeprecatedMaxTTL)
-		if err != nil {
-			return nil, err
-		}
-		result.MaxTTL = parsed
-		result.DeprecatedMaxTTL = ""
-		modified = true
-	}
-
-	if modified && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary)) {
-		jsonEntry, err := logical.StorageEntryJSON("role/"+n, &result)
-		if err != nil {
-			return nil, err
-		}
-		if err := s.Put(ctx, jsonEntry); err != nil {
-			// Only perform upgrades on replication primary
-			if !strings.Contains(err.Error(), logical.ErrReadOnly.Error()) {
-				return nil, err
-			}
-		}
-	}
-
 	return &result, nil
 }
 

plugin/pki/path_venafi_fetch.go

@@ -3,6 +3,7 @@ package pki
 import (
 	"context"
 	"encoding/pem"
+	"fmt"
 	"strings"
 
 	"github.com/hashicorp/vault/helper/errutil"
@@ -152,6 +153,27 @@ reply:
 	return
 }
 
+func fetchCertBySerial(ctx context.Context, req *logical.Request, prefix, serial string) (*logical.StorageEntry, error) {
+	var path string
+	var err error
+	var certEntry *logical.StorageEntry
+
+	hyphenSerial := normalizeSerial(serial)
+	path = "certs/" + hyphenSerial
+
+	certEntry, err = req.Storage.Get(ctx, path)
+	if err != nil {
+		return nil, errutil.InternalError{Err: fmt.Sprintf("error fetching certificate %s: %s", serial, err)}
+	}
+	if certEntry != nil {
+		if certEntry.Value == nil || len(certEntry.Value) == 0 {
+			return nil, errutil.InternalError{Err: fmt.Sprintf("returned certificate bytes for serial %s were empty", serial)}
+		}
+		return certEntry, nil
+	}
+	return certEntry, nil
+}
+
 const pathVenafiFetchHelpSyn = `
 This allows certificates to be fetched.
 `