-
-VCert is a Go library, SDK, and command line utility designed to simplify key generation and enrollment of machine identities
-(also known as SSL/TLS certificates and keys) that comply with enterprise security policy by using the
-[Venafi Platform](https://www.venafi.com/platform/trust-protection-platform) or [Venafi Cloud](https://pki.venafi.com/venafi-cloud/).
-
-## Installation
-
-1. Configure your Go environment according to https://golang.org/doc/install.
-2. Verify that GOPATH environment variable is set correctly
-3. Download the source code:
-
-```sh
-go get github.com/Venafi/vcert
-```
-
-or
-
-```sh
-git clone https://github.com/Venafi/vcert.git $GOPATH/src/github.com/Venafi/vcert
-```
-4. Build the command line utilities for Linux, MacOS, and Windows:
-
-```sh
-make build
-```
-
-## Usage example
-
-For code samples of programmatic use, please review the files in [/example](/example).
-
-1. In your main.go file, make the following import declarations: `github.com/Venafi/vcert`, `github.com/Venafi/vcert/pkg/certificate`, and `github.com/Venafi/vcert/pkg/endpoint`.
-2. Create a configuration object of type `&vcert.Config` that specifies the Venafi connection details. Solutions are typically designed to get those details from a secrets vault, .ini file, environment variables, or command line parameters.
-3. Instantiate a client by calling the `NewClient` method of the vcert class with the configuration object.
-4. Compose a certiticate request object of type `&certificate.Request`.
-5. Generate a key pair and CSR for the certificate request by calling the `GenerateRequest` method of the client.
-6. Submit the request by passing the certificate request object to the `RequestCertificate` method of the client.
-7. Use the request ID to pickup the certificate using the `RetrieveCertificate` method of the client.
-
-Samples are in a state where you can build/execute them using the following commands (after setting the environment variables discussed later):
-
-```sh
-go build -o cli ./example
-go test -v ./example -run TestRequestCertificate
-```
-
-For command line examples, please see the [Knowledge Base at support.venafi.com](https://support.venafi.com/hc/en-us/articles/217991528-Introducing-VCert-API-Abstraction-for-DevOpsSec).
-
-## Prerequisites for using with Trust Protection Platform
-
-1. A user account that has been granted WebSDK Access
-2. A folder (zone) where the user has been granted the following permissions: View, Read, Write, Create, Revoke (for the revoke action), and Private Key Read (for the pickup action when CSR is service generated)
-3. Policy applied to the folder which specifies:
- 1. CA Template that Trust Protection Platform will use to enroll certificate requests submitted by VCert
- 2. Subject DN values for Organizational Unit (OU), Organization (O), City (L), State (ST) and Country (C)
- 3. Management Type not locked or locked to 'Enrollment'
- 4. Certificate Signing Request (CSR) Generation not locked or locked to 'Service Generated CSR'
- 5. Generate Key/CSR on Application not locked or locked to 'No'
- 6. (Recommended) Disable Automatic Renewal set to 'Yes'
- 7. (Recommended) Key Bit Strength set to 2048 or higher
- 8. (Recommended) Domain Whitelisting policy appropriately assigned
-
-## Testing with Trust Protection Platform and Cloud
-
-Unit tests:
-
-```sh
-make test
-```
-
-Integration tests for Trust Protection Platform and Cloud products require endpoint connection variables:
-
-```sh
-export VCERT_TPP_URL=https://tpp.venafi.example/vedsdk
-export VCERT_TPP_USER=tpp-user
-export VCERT_TPP_PASSWORD=tpp-password
-export VCERT_TPP_ZONE='some\policy'
-
-make tpp_test
-```
-
-```sh
-export VCERT_CLOUD_URL=https://api.venafi.cloud/v1
-export VCERT_CLOUD_APIKEY=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
-export VCERT_CLOUD_ZONE=Default
-
-make cloud_test
-```
-
-Command line utility tests make use of [Cucumber & Aruba](https://github.com/cucumber/aruba) feature files.
-
-- To run tests for all features in parallel:
-
-```sh
-make cucumber
-```
-
-- To run tests only for a specific feature (e.g. basic, config, enroll, format, gencsr, renew, or revoke):
-
-```sh
-make cucumber FEATURE=./features/basic/version.feature
-```
-
-When run, these tests will be executed in their own Docker container using the Ruby version of Cucumber.
-The completed test run will report on the number of test "scenarios" and "steps" that passed, failed, or were skipped.
-
-## Contributing to VCert
-
-1. Fork it to your account (https://github.com/Venafi/vcert/fork)
-2. Clone your fork (`git clone git@github.com:youracct/vcert.git`)
-3. Create a feature branch (`git checkout -b your-branch-name`)
-4. Implement and test your changes
-5. Commit your changes (`git commit -am 'Added some cool functionality'`)
-6. Push to the branch (`git push origin your-branch-name`)
-7. Create a new Pull Request (https://github.com/youracct/vcert/pull/new/working-branch)
-
-## Release History
-
-- 3.18.3.1
- - First open source release
-
-## License
-
-Copyright © Venafi, Inc. All rights reserved.
-
-VCert is licensed under the Apache License, Version 2.0. See `LICENSE` for the full license text.
-
-Please direct questions/comments to opensource@venafi.com.
diff --git a/vendor/github.com/Venafi/vcert/client.go b/vendor/github.com/Venafi/vcert/client.go
deleted file mode 100644
index 552d5d4a..00000000
--- a/vendor/github.com/Venafi/vcert/client.go
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package vcert
-
-import (
- "crypto/x509"
- "fmt"
- "github.com/Venafi/vcert/pkg/endpoint"
- "github.com/Venafi/vcert/pkg/venafi/cloud"
- "github.com/Venafi/vcert/pkg/venafi/fake"
- "github.com/Venafi/vcert/pkg/venafi/tpp"
-)
-
-func NewClient(cfg *Config) (endpoint.Connector, error) {
- var err error
-
- var connectionTrustBundle *x509.CertPool
- if cfg.ConnectionTrust != "" {
- connectionTrustBundle = x509.NewCertPool()
- if !connectionTrustBundle.AppendCertsFromPEM([]byte(cfg.ConnectionTrust)) {
- return nil, fmt.Errorf("failed to parse PEM trust bundle")
- }
- }
-
- var connector endpoint.Connector
- switch cfg.ConnectorType {
- case endpoint.ConnectorTypeCloud:
- connector = cloud.NewConnector(cfg.LogVerbose, connectionTrustBundle)
- case endpoint.ConnectorTypeTPP:
- connector = tpp.NewConnector(cfg.LogVerbose, connectionTrustBundle)
- case endpoint.ConnectorTypeFake:
- connector = fake.NewConnector(cfg.LogVerbose, connectionTrustBundle)
- default:
- return nil, fmt.Errorf("ConnectorType is not defined")
- }
-
- if cfg.BaseUrl != "" {
- connector.SetBaseURL(cfg.BaseUrl)
- }
- connector.SetZone(cfg.Zone)
-
- err = connector.Authenticate(cfg.Credentials)
- if err != nil {
- return nil, err
- }
- return connector, nil
-}
diff --git a/vendor/github.com/Venafi/vcert/config.go b/vendor/github.com/Venafi/vcert/config.go
deleted file mode 100644
index e4f74ceb..00000000
--- a/vendor/github.com/Venafi/vcert/config.go
+++ /dev/null
@@ -1,214 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package vcert
-
-import (
- "fmt"
- "github.com/Venafi/vcert/pkg/endpoint"
- "gopkg.in/ini.v1"
- "io/ioutil"
- "log"
- "os/user"
- "path/filepath"
-)
-
-type Config struct {
- ConnectorType endpoint.ConnectorType
- BaseUrl string
- Zone string
- Credentials *endpoint.Authentication
- ConnectionTrust string // *x509.CertPool
- LogVerbose bool
- ConfigFile string
- ConfigSection string
-}
-
-func (cfg *Config) LoadFromFile() error {
- if cfg.ConfigSection == "" {
- cfg.ConfigSection = ini.DEFAULT_SECTION
- }
- log.Printf("Loading configuration from %s section %s", cfg.ConfigFile, cfg.ConfigSection)
-
- fname, err := expand(cfg.ConfigFile)
- if err != nil {
- return fmt.Errorf("failed to load config: %s", err)
- }
-
- iniFile, err := ini.Load(fname)
- if err != nil {
- return fmt.Errorf("failed to load config: %s", err)
- }
-
- err = validateFile(iniFile)
- if err != nil {
- return fmt.Errorf("failed to load config: %s", err)
- }
-
- ok := func() bool {
- for _, section := range iniFile.Sections() {
- if section.Name() == cfg.ConfigSection {
- return true
- }
- }
- return false
- }()
- if !ok {
- return fmt.Errorf("section %s has not been found in %s", cfg.ConfigSection, cfg.ConfigFile)
- }
-
- var m Dict = iniFile.Section(cfg.ConfigSection).KeysHash()
-
- var connectorType endpoint.ConnectorType
- var baseUrl string
- var auth = &endpoint.Authentication{}
- if m.has("tpp_url") {
- connectorType = endpoint.ConnectorTypeTPP
- baseUrl = m["tpp_url"]
- auth.User = m["tpp_user"]
- auth.Password = m["tpp_password"]
- if m.has("tpp_zone") {
- cfg.Zone = m["tpp_zone"]
- }
- if m.has("cloud_zone") {
- cfg.Zone = m["cloud_zone"]
- }
- } else if m.has("cloud_apikey") {
- connectorType = endpoint.ConnectorTypeCloud
- if m.has("cloud_url") {
- baseUrl = m["cloud_url"]
- }
- auth.APIKey = m["cloud_apikey"]
- if m.has("cloud_zone") {
- cfg.Zone = m["cloud_zone"]
- }
- } else if m.has("test_mode") && m["test_mode"] == "true" {
- connectorType = endpoint.ConnectorTypeFake
- } else {
- return fmt.Errorf("failed to load config: connector type cannot be defined")
- }
-
- if m.has("trust_bundle") {
- fname, err := expand(m["trust_bundle"])
- if err != nil {
- return fmt.Errorf("failed to load trust-bundle: %s", err)
- }
- data, err := ioutil.ReadFile(fname)
- if err != nil {
- return fmt.Errorf("failed to load trust-bundle: %s", err)
- }
- cfg.ConnectionTrust = string(data)
- }
-
- cfg.ConnectorType = connectorType
- cfg.Credentials = auth
- cfg.BaseUrl = baseUrl
-
- return nil
-}
-
-func expand(path string) (string, error) {
- if len(path) == 0 || path[0] != '~' {
- return path, nil
- }
- usr, err := user.Current()
- if err != nil {
- return "", err
- }
- return filepath.Join(usr.HomeDir, path[1:]), nil
-}
-
-type Dict map[string]string
-
-func (d Dict) has(key string) bool {
- if _, ok := d[key]; ok {
- return true
- }
- return false
-}
-
-type Set map[string]bool
-
-func (d Set) has(key string) bool {
- if _, ok := d[key]; ok {
- return true
- }
- return false
-}
-
-func validateSection(s *ini.Section) error {
- var TPPValidKeys Set = map[string]bool{
- "tpp_url": true,
- "tpp_user": true,
- "tpp_password": true,
- "tpp_zone": true,
- "trust_bundle": true,
- }
- var CloudValidKeys Set = map[string]bool{
- "trust_bundle": true,
- "cloud_url": true,
- "cloud_apikey": true,
- "cloud_zone": true,
- }
-
- log.Printf("Validating configuration section %s", s.Name())
- var m Dict = s.KeysHash()
-
- if m.has("tpp_url") {
- // looks like TPP config section
- for k, _ := range m {
- if !TPPValidKeys.has(k) {
- return fmt.Errorf("illegal key '%s' in TPP section %s", k, s.Name())
- }
- }
- if !m.has("tpp_user") {
- return fmt.Errorf("configuration issue in section %s: missing TPP user", s.Name())
- }
- if !m.has("tpp_password") {
- return fmt.Errorf("configuration issue in section %s: missing TPP password", s.Name())
- }
- } else if m.has("cloud_apikey") {
- // looks like Cloud config section
- for k, _ := range m {
- if !CloudValidKeys.has(k) {
- return fmt.Errorf("illegal key '%s' in Cloud section %s", k, s.Name())
- }
- }
- } else if m.has("test_mode") {
- // it's ok
- } else {
- return fmt.Errorf("section %s looks empty", s.Name())
- }
- return nil
-}
-
-func validateFile(f *ini.File) error {
-
- for _, section := range f.Sections() {
- if len(section.Keys()) == 0 {
- if len(f.Sections()) > 1 {
- // empty section is not valid. skipping it if there are more sections in the file
- log.Printf("Warning: empty section %s", section.Name())
- continue
- }
- }
- err := validateSection(section)
- if err != nil {
- return err
- }
- }
- return nil
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/certificate/certificate.go b/vendor/github.com/Venafi/vcert/pkg/certificate/certificate.go
deleted file mode 100644
index 025b96c9..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/certificate/certificate.go
+++ /dev/null
@@ -1,312 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package certificate
-
-import (
- "crypto/ecdsa"
- "crypto/elliptic"
- "crypto/rand"
- "crypto/rsa"
- "crypto/x509"
- "crypto/x509/pkix"
- "encoding/pem"
- "fmt"
- "net"
- "strings"
- "time"
-)
-
-//EllipticCurve represents the types of supported elliptic curves
-type EllipticCurve int
-
-func (ec *EllipticCurve) String() string {
- switch *ec {
- case EllipticCurveP521:
- return "P521"
- case EllipticCurveP384:
- return "P384"
- case EllipticCurveP256:
- return "P256"
- case EllipticCurveP224:
- return "P224"
- default:
- return ""
- }
-}
-
-//Set the elliptic cuve value via a string
-func (ec *EllipticCurve) Set(value string) error {
- switch strings.ToLower(value) {
- case "p521":
- *ec = EllipticCurveP521
- case "p384":
- *ec = EllipticCurveP384
- case "p256":
- *ec = EllipticCurveP256
- case "p224":
- *ec = EllipticCurveP224
- default:
- *ec = EllipticCurveP521
- }
-
- return nil
-}
-
-const (
- //EllipticCurveP521 represents the P521 curve
- EllipticCurveP521 EllipticCurve = iota
- //EllipticCurveP224 represents the P224 curve
- EllipticCurveP224
- //EllipticCurveP256 represents the P256 curve
- EllipticCurveP256
- //EllipticCurveP384 represents the P384 curve
- EllipticCurveP384
-)
-
-//KeyType represents the types of supported keys
-type KeyType int
-
-func (kt *KeyType) String() string {
- switch *kt {
- case KeyTypeRSA:
- return "RSA"
- case KeyTypeECDSA:
- return "ECDSA"
- default:
- return ""
- }
-}
-
-//Set the key type via a string
-func (kt *KeyType) Set(value string) error {
- switch strings.ToLower(value) {
- case "rsa":
- *kt = KeyTypeRSA
- case "ecdsa":
- *kt = KeyTypeECDSA
- default:
- *kt = KeyTypeECDSA
- }
-
- return nil
-}
-
-const (
- //KeyTypeRSA represents a key type of RSA
- KeyTypeRSA KeyType = iota
- //KeyTypeECDSA represents a key type of ECDSA
- KeyTypeECDSA
-)
-
-type CSrOriginOption int
-
-const (
- LocalGeneratedCSR CSrOriginOption = iota // local generation is default.
- ServiceGeneratedCSR
- UserProvidedCSR
-)
-
-//Request contains data needed to generate a certificate request
-type Request struct {
- Subject pkix.Name
- DNSNames []string
- EmailAddresses []string
- IPAddresses []net.IP
- Attributes []pkix.AttributeTypeAndValueSET
- SignatureAlgorithm x509.SignatureAlgorithm
- PublicKeyAlgorithm x509.PublicKeyAlgorithm
- FriendlyName string
- KeyType KeyType
- KeyLength int
- KeyCurve EllipticCurve
- CSR []byte
- PrivateKey interface{}
- CsrOrigin CSrOriginOption
- PickupID string
- ChainOption ChainOption
- KeyPassword string
- FetchPrivateKey bool
- Thumbprint string /* this one is here because *Request is used in RetrieveCertificate(),
- it should be refactored so that RetrieveCertificate() uses
- some abstract search object, instead of *Request{PickupID} */
- Timeout time.Duration
-}
-
-type RevocationRequest struct {
- CertificateDN string
- Thumbprint string
- Reason string
- Comments string
- Disable bool
-}
-
-type RenewalRequest struct {
- CertificateDN string // these fields are for certificate lookup on remote
- Thumbprint string
- CertificateRequest *Request // here CSR should be filled
-}
-
-type ImportRequest struct {
- PolicyDN string `json:",omitempty"`
- ObjectName string `json:",omitempty"`
- CertificateData string `json:",omitempty"`
- PrivateKeyData string `json:",omitempty"`
- Password string `json:",omitempty"`
- Reconcile bool `json:",omitempty"`
- CASpecificAttributes map[string]string `json:",omitempty"`
-}
-
-type ImportResponse struct {
- CertificateDN string `json:",omitempty"`
- CertificateVaultId int `json:",omitempty"`
- Guid string `json:",omitempty"`
- PrivateKeyVaultId int `json:",omitempty"`
-}
-
-//GenerateRequest generates a certificate request
-func GenerateRequest(request *Request, privateKey interface{}) error {
- certificateRequest := x509.CertificateRequest{}
- certificateRequest.Subject = request.Subject
- certificateRequest.DNSNames = request.DNSNames
- certificateRequest.EmailAddresses = request.EmailAddresses
- certificateRequest.IPAddresses = request.IPAddresses
- certificateRequest.Attributes = request.Attributes
-
- csr, err := x509.CreateCertificateRequest(rand.Reader, &certificateRequest, privateKey)
- if err != nil {
- csr = nil
- }
- request.CSR = csr
-
- return err
-}
-
-func publicKey(priv interface{}) interface{} {
- switch k := priv.(type) {
- case *rsa.PrivateKey:
- return &k.PublicKey
- case *ecdsa.PrivateKey:
- return &k.PublicKey
- default:
- return nil
- }
-}
-
-func PublicKey(priv interface{}) interface{} {
- return publicKey(priv)
-}
-
-//GetPrivateKeyPEMBock gets the private key as a PEM data block
-func GetPrivateKeyPEMBock(key interface{}) (*pem.Block, error) {
- switch k := key.(type) {
- case *rsa.PrivateKey:
- return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)}, nil
- case *ecdsa.PrivateKey:
- b, err := x509.MarshalECPrivateKey(k)
- if err != nil {
- return nil, err
- }
- return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b}, nil
- default:
- return nil, fmt.Errorf("Unable to format Key")
- }
-}
-
-//GetEncryptedPrivateKeyPEMBock gets the private key as an encrypted PEM data block
-func GetEncryptedPrivateKeyPEMBock(key interface{}, password []byte) (*pem.Block, error) {
- switch k := key.(type) {
- case *rsa.PrivateKey:
- return x509.EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", x509.MarshalPKCS1PrivateKey(k), password, x509.PEMCipherAES256)
- case *ecdsa.PrivateKey:
- b, err := x509.MarshalECPrivateKey(k)
- if err != nil {
- return nil, err
- }
- return x509.EncryptPEMBlock(rand.Reader, "EC PRIVATE KEY", b, password, x509.PEMCipherAES256)
- default:
- return nil, fmt.Errorf("Unable to format Key")
- }
-}
-
-//GetCertificatePEMBlock gets the certificate as a PEM data block
-func GetCertificatePEMBlock(cert []byte) *pem.Block {
- return &pem.Block{Type: "CERTIFICATE", Bytes: cert}
-}
-
-//GetCertificateRequestPEMBlock gets the certificate request as a PEM data block
-func GetCertificateRequestPEMBlock(request []byte) *pem.Block {
- return &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: request}
-}
-
-//GenerateECDSAPrivateKey generates a new ecdsa private key using the curve specified
-func GenerateECDSAPrivateKey(curve EllipticCurve) (*ecdsa.PrivateKey, error) {
- var priv *ecdsa.PrivateKey
- var c elliptic.Curve
- var err error
-
- switch curve {
- case EllipticCurveP521:
- c = elliptic.P521()
- case EllipticCurveP384:
- c = elliptic.P384()
- case EllipticCurveP256:
- c = elliptic.P256()
- case EllipticCurveP224:
- c = elliptic.P224()
- }
-
- priv, err = ecdsa.GenerateKey(c, rand.Reader)
- if err != nil {
- return nil, err
- }
-
- return priv, nil
-}
-
-//GenerateRSAPrivateKey generates a new rsa private key using the size specified
-func GenerateRSAPrivateKey(size int) (*rsa.PrivateKey, error) {
- priv, err := rsa.GenerateKey(rand.Reader, size)
- if err != nil {
- return nil, err
- }
-
- return priv, nil
-}
-
-func NewRequest(cert *x509.Certificate) *Request {
- req := &Request{}
- // 1st fill with *cert content
-
- req.Subject = cert.Subject
- req.DNSNames = cert.DNSNames
- req.EmailAddresses = cert.EmailAddresses
- req.IPAddresses = cert.IPAddresses
- req.SignatureAlgorithm = cert.SignatureAlgorithm
- req.PublicKeyAlgorithm = cert.PublicKeyAlgorithm
- switch pub := cert.PublicKey.(type) {
- case *rsa.PublicKey:
- req.KeyType = KeyTypeRSA
- req.KeyLength = pub.N.BitLen()
- case *ecdsa.PublicKey:
- req.KeyType = KeyTypeECDSA
- req.KeyLength = pub.Curve.Params().BitSize
- // TODO: req.KeyCurve = pub.Curve.Params().Name...
- default: // case *dsa.PublicKey:
- // vcert only works with RSA & ECDSA
- }
- return req
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/certificate/certificateCollection.go b/vendor/github.com/Venafi/vcert/pkg/certificate/certificateCollection.go
deleted file mode 100644
index 9cdff5ac..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/certificate/certificateCollection.go
+++ /dev/null
@@ -1,167 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package certificate
-
-import (
- "crypto/x509"
- "encoding/pem"
- "fmt"
- "strings"
-)
-
-//ChainOption represents the options to be used with the certificate chain
-type ChainOption int
-
-const (
- //ChainOptionRootLast specifies the root certificate should be in the last position of the chain
- ChainOptionRootLast ChainOption = iota
- //ChainOptionRootFirst specifies the root certificate should be in the first position of the chain
- ChainOptionRootFirst
- //ChainOptionIgnore specifies the chain should be ignored
- ChainOptionIgnore
-)
-
-//ChainOptionFromString converts the string to the corresponding ChainOption
-func ChainOptionFromString(order string) ChainOption {
- switch strings.ToLower(order) {
- case "root-first":
- return ChainOptionRootFirst
- case "ignore":
- return ChainOptionIgnore
- default:
- return ChainOptionRootLast
- }
-}
-
-//PEMCollection represents a collection of PEM data
-type PEMCollection struct {
- Certificate string `json:",omitempty"`
- PrivateKey string `json:",omitempty"`
- Chain []string `json:",omitempty"`
-}
-
-//NewPEMCollection creates a PEMCollection based on the data being passed in
-func NewPEMCollection(certificate *x509.Certificate, privateKey interface{}, privateKeyPassword []byte) (*PEMCollection, error) {
- collection := PEMCollection{}
- if certificate != nil {
- collection.Certificate = string(pem.EncodeToMemory(GetCertificatePEMBlock(certificate.Raw)))
- }
- if privateKey != nil {
- var p *pem.Block
- var err error
- if privateKeyPassword != nil && len(privateKeyPassword) > 0 {
- p, err = GetEncryptedPrivateKeyPEMBock(privateKey, privateKeyPassword)
- } else {
- p, err = GetPrivateKeyPEMBock(privateKey)
- }
- if err != nil {
- return nil, err
- }
- collection.PrivateKey = string(pem.EncodeToMemory(p))
- }
- return &collection, nil
-}
-
-//PEMCollectionFromBytes creates a PEMCollection based on the data passed in
-func PEMCollectionFromBytes(certBytes []byte, chainOrder ChainOption) (*PEMCollection, error) {
- var (
- current []byte
- remaining []byte
- p *pem.Block
- cert *x509.Certificate
- chain []*x509.Certificate
- privPEM string
- err error
- collection *PEMCollection
- )
- current = certBytes
-
- for {
- p, remaining = pem.Decode(current)
- if p == nil {
- break
- }
- switch p.Type {
- case "CERTIFICATE":
- cert, err = x509.ParseCertificate(p.Bytes)
- if err != nil {
- return nil, err
- }
- chain = append(chain, cert)
- case "RSA PRIVATE KEY", "EC PRIVATE KEY":
- privPEM = string(current)
- }
- current = remaining
- }
-
- if len(chain) > 0 {
- switch chainOrder {
- case ChainOptionRootFirst:
- collection, err = NewPEMCollection(chain[len(chain)-1], nil, nil)
- if len(chain) > 1 && chainOrder != ChainOptionIgnore {
- for _, caCert := range chain[:len(chain)-1] {
- collection.AddChainElement(caCert)
- }
- }
- default:
- collection, err = NewPEMCollection(chain[0], nil, nil)
- if len(chain) > 1 && chainOrder != ChainOptionIgnore {
- for _, caCert := range chain[1:] {
- collection.AddChainElement(caCert)
- }
- }
- }
- if err != nil {
- return nil, err
- }
- } else {
- collection = &PEMCollection{}
- }
- collection.PrivateKey = privPEM
-
- return collection, nil
-}
-
-//AddPrivateKey adds a Private Key to the PEMCollection. Note that the collection can only contain one private key
-func (col *PEMCollection) AddPrivateKey(privateKey interface{}, privateKeyPassword []byte) error {
- if col.PrivateKey != "" {
- return fmt.Errorf("The PEM Collection can only contain one private key")
- }
- var p *pem.Block
- var err error
- if privateKeyPassword != nil && len(privateKeyPassword) > 0 {
- p, err = GetEncryptedPrivateKeyPEMBock(privateKey, privateKeyPassword)
- } else {
- p, err = GetPrivateKeyPEMBock(privateKey)
- }
- if err != nil {
- return err
- }
- col.PrivateKey = string(pem.EncodeToMemory(p))
- return nil
-}
-
-//AddChainElement adds a chain element to the collection
-func (col *PEMCollection) AddChainElement(certificate *x509.Certificate) error {
- if certificate == nil {
- return fmt.Errorf("Certificate cannot be nil")
- }
- pemChain := col.Chain
- pemChain = append(pemChain, string(pem.EncodeToMemory(GetCertificatePEMBlock(certificate.Raw))))
- col.Chain = pemChain
- return nil
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/endpoint/endpoint.go b/vendor/github.com/Venafi/vcert/pkg/endpoint/endpoint.go
deleted file mode 100644
index 763906e2..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/endpoint/endpoint.go
+++ /dev/null
@@ -1,321 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package endpoint
-
-import (
- "crypto/x509"
- "fmt"
- "github.com/Venafi/vcert/pkg/certificate"
- "regexp"
- "sort"
- "strings"
-)
-
-// ConnectorType represents the available connectors
-type ConnectorType int
-
-const (
- ConnectorTypeUndefined ConnectorType = iota
- // ConnectorTypeFake is a fake connector for tests
- ConnectorTypeFake
- // ConnectorTypeCloud represents the Cloud connector type
- ConnectorTypeCloud
- // ConnectorTypeTPP represents the TPP connector type
- ConnectorTypeTPP
-)
-
-func (t ConnectorType) String() string {
- switch t {
- case ConnectorTypeUndefined:
- return "Undefined Endpoint"
- case ConnectorTypeFake:
- return "Fake Endpoint"
- case ConnectorTypeCloud:
- return "Venafi Cloud"
- case ConnectorTypeTPP:
- return "TPP"
- default:
- return fmt.Sprintf("unexpected connector type: %d", t)
- }
-}
-
-// Connector provides a common interface for external communications with TPP or Venafi Cloud
-type Connector interface {
- GetType() ConnectorType
- SetBaseURL(url string) (err error)
- SetZone(z string)
- Ping() (err error)
- Register(email string) (err error)
- Authenticate(auth *Authentication) (err error)
- ReadZoneConfiguration(zone string) (config *ZoneConfiguration, err error)
- GenerateRequest(config *ZoneConfiguration, req *certificate.Request) (err error)
- RequestCertificate(req *certificate.Request, zone string) (requestID string, err error)
- RetrieveCertificate(req *certificate.Request) (certificates *certificate.PEMCollection, err error)
- RevokeCertificate(req *certificate.RevocationRequest) error
- RenewCertificate(req *certificate.RenewalRequest) (requestID string, err error)
- ImportCertificate(req *certificate.ImportRequest) (*certificate.ImportResponse, error)
-}
-
-// Authentication provides a data construct for authentication data
-type Authentication struct {
- User string
- Password string
- APIKey string
-}
-
-// ErrRetrieveCertificateTimeout provides a common error structure for a timeout while retrieving a certificate
-type ErrRetrieveCertificateTimeout struct {
- CertificateID string
-}
-
-func (err ErrRetrieveCertificateTimeout) Error() string {
- return fmt.Sprintf("Operation timed out. You may try retrieving the certificate later using Pickup ID: %s", err.CertificateID)
-}
-
-// ErrCertificatePending provides a common error structure for a timeout while retrieving a certificate
-type ErrCertificatePending struct {
- CertificateID string
- Status string
-}
-
-func (err ErrCertificatePending) Error() string {
- if err.Status == "" {
- return fmt.Sprintf("Issuance is pending. You may try retrieving the certificate later using Pickup ID: %s", err.CertificateID)
- }
- return fmt.Sprintf("Issuance is pending. You may try retrieving the certificate later using Pickup ID: %s\n\tStatus: %s", err.CertificateID, err.Status)
-}
-
-// ZoneConfiguration provides a common structure for certificate request data provided by the remote endpoint
-type ZoneConfiguration struct {
- Organization string
- OrganizationLocked bool
- OrganizationalUnit []string
- Country string
- CountryLocked bool
- Province string
- ProvinceLocked bool
- Locality string
- LocalityLocked bool
-
- SubjectCNRegexes []string
- SubjectORegexes []string
- SubjectOURegexes []string
- SubjectSTRegexes []string
- SubjectLRegexes []string
- SubjectCRegexes []string
- SANRegexes []string
-
- AllowedKeyConfigurations []AllowedKeyConfiguration
- KeySizeLocked bool
-
- HashAlgorithm x509.SignatureAlgorithm
-
- CustomAttributeValues map[string]string
-}
-
-// AllowedKeyConfiguration contains an allowed key type with its sizes or curves
-type AllowedKeyConfiguration struct {
- KeyType certificate.KeyType
- KeySizes []int
- KeyCurves []certificate.EllipticCurve
-}
-
-// NewZoneConfiguration creates a new zone configuration which creates the map used in the configuration
-func NewZoneConfiguration() *ZoneConfiguration {
- zc := ZoneConfiguration{}
- zc.CustomAttributeValues = make(map[string]string)
-
- return &zc
-}
-
-// ValidateCertificateRequest validates the request against the zone configuration
-func (z *ZoneConfiguration) ValidateCertificateRequest(request *certificate.Request) error {
- if !isComponentValid(z.SubjectCNRegexes, []string{request.Subject.CommonName}) {
- return fmt.Errorf("The requested CN does not match any of the allowed CN regular expressions")
- }
- if !isComponentValid(z.SubjectORegexes, request.Subject.Organization) {
- return fmt.Errorf("The requested Organization does not match any of the allowed Organization regular expressions")
- }
- if !isComponentValid(z.SubjectOURegexes, request.Subject.OrganizationalUnit) {
- return fmt.Errorf("The requested Organizational Unit does not match any of the allowed Organization Unit regular expressions")
- }
- if !isComponentValid(z.SubjectSTRegexes, request.Subject.Province) {
- return fmt.Errorf("The requested State/Province does not match any of the allowed State/Province regular expressions")
- }
- if !isComponentValid(z.SubjectLRegexes, request.Subject.Locality) {
- return fmt.Errorf("The requested Locality does not match any of the allowed Locality regular expressions")
- }
- if !isComponentValid(z.SubjectCRegexes, request.Subject.Country) {
- return fmt.Errorf("The requested Country does not match any of the allowed Country regular expressions")
- }
- if !isComponentValid(z.SANRegexes, request.DNSNames) {
- return fmt.Errorf("The requested Subject Alternative Name does not match any of the allowed Country regular expressions")
- }
-
- if z.AllowedKeyConfigurations != nil && len(z.AllowedKeyConfigurations) > 0 {
- match := false
- for _, keyConf := range z.AllowedKeyConfigurations {
- if keyConf.KeyType == request.KeyType {
- if request.KeyLength > 0 {
- for _, size := range keyConf.KeySizes {
- if size == request.KeyLength {
- match = true
- break
- }
- }
- } else {
- match = true
- }
- }
- if match {
- break
- }
- }
- if !match {
- return fmt.Errorf("The requested Key Type and Size do not match any of the allowed Key Types and Sizes")
- }
- }
-
- return nil
-}
-
-func isComponentValid(regexes []string, component []string) bool {
- if regexes != nil && len(regexes) > 0 && component != nil {
- regexOk := false
- for _, subReg := range regexes {
- matchedAny := false
- reg := regexp.MustCompile(subReg)
- for _, c := range component {
- if reg.FindStringIndex(c) != nil {
- matchedAny = true
- break
- }
- }
- if matchedAny {
- regexOk = true
- break
- }
- }
- return regexOk
- }
- return true
-}
-
-// UpdateCertificateRequest updates a certificate request based on the zone configurataion retrieved from the remote endpoint
-func (z *ZoneConfiguration) UpdateCertificateRequest(request *certificate.Request) {
- if (request.Subject.Organization == nil || len(request.Subject.Organization) == 0) && z.Organization != "" {
- request.Subject.Organization = []string{z.Organization}
- } else {
- if z.OrganizationLocked && !strings.EqualFold(request.Subject.Organization[0], z.Organization) {
- request.Subject.Organization = []string{z.Organization}
- }
- }
- if (request.Subject.OrganizationalUnit == nil || len(request.Subject.OrganizationalUnit) == 0) && z.OrganizationalUnit != nil {
- request.Subject.OrganizationalUnit = z.OrganizationalUnit
- }
-
- if (request.Subject.Country == nil || len(request.Subject.Country) == 0) && z.Country != "" {
- request.Subject.Country = []string{z.Country}
- } else {
- if z.CountryLocked && !strings.EqualFold(request.Subject.Country[0], z.Country) {
- request.Subject.Country = []string{z.Country}
- }
- }
- if (request.Subject.Province == nil || len(request.Subject.Province) == 0) && z.Province != "" {
- request.Subject.Province = []string{z.Province}
- } else {
- if z.ProvinceLocked && !strings.EqualFold(request.Subject.Province[0], z.Province) {
- request.Subject.Province = []string{z.Province}
- }
- }
- if (request.Subject.Locality == nil || len(request.Subject.Locality) == 0) && z.Locality != "" {
- request.Subject.Locality = []string{z.Locality}
- } else {
- if z.LocalityLocked && !strings.EqualFold(request.Subject.Locality[0], z.Locality) {
- request.Subject.Locality = []string{z.Locality}
- }
- }
- if z.HashAlgorithm != 0 {
- request.SignatureAlgorithm = z.HashAlgorithm
- } else {
- request.SignatureAlgorithm = x509.SHA256WithRSA
- }
-
- if z.KeySizeLocked {
- for _, keyConf := range z.AllowedKeyConfigurations {
- if keyConf.KeyType == request.KeyType {
- sort.Sort(sort.Reverse(sort.IntSlice(keyConf.KeySizes)))
- request.KeyLength = keyConf.KeySizes[0]
- }
- }
- } else if z.AllowedKeyConfigurations != nil {
- foundMatch := false
- for _, keyConf := range z.AllowedKeyConfigurations {
- if keyConf.KeyType == request.KeyType {
- foundMatch = true
- switch request.KeyType {
- case certificate.KeyTypeECDSA:
- if z.AllowedKeyConfigurations[0].KeyCurves != nil {
- request.KeyCurve = z.AllowedKeyConfigurations[0].KeyCurves[0]
- } else {
- request.KeyCurve = certificate.EllipticCurveP256
- }
- case certificate.KeyTypeRSA:
- if keyConf.KeySizes != nil {
- sizeOK := false
- for _, size := range keyConf.KeySizes {
- if size == request.KeyLength {
- sizeOK = true
- }
- }
- if !sizeOK {
- sort.Sort(sort.Reverse(sort.IntSlice(keyConf.KeySizes)))
- request.KeyLength = keyConf.KeySizes[0]
- }
- } else {
- request.KeyLength = 2048
- }
- }
- }
- }
- if !foundMatch {
- request.KeyType = z.AllowedKeyConfigurations[0].KeyType
- switch request.KeyType {
- case certificate.KeyTypeECDSA:
- if z.AllowedKeyConfigurations[0].KeyCurves != nil {
- request.KeyCurve = z.AllowedKeyConfigurations[0].KeyCurves[0]
- } else {
- request.KeyCurve = certificate.EllipticCurveP256
- }
- case certificate.KeyTypeRSA:
- if z.AllowedKeyConfigurations[0].KeySizes != nil {
- sort.Sort(sort.Reverse(sort.IntSlice(z.AllowedKeyConfigurations[0].KeySizes)))
- request.KeyLength = z.AllowedKeyConfigurations[0].KeySizes[0]
- } else {
- request.KeyLength = 2048
- }
- }
- }
- } else {
- // Zone config has no key length parameters, so we just pass user's -key-size or fall to default 2048
- if request.KeyType == certificate.KeyTypeRSA && request.KeyLength == 0 {
- request.KeyLength = 2048
- }
- }
-
- return
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/certificatePolicies.go b/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/certificatePolicies.go
deleted file mode 100644
index 5c58df96..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/certificatePolicies.go
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cloud
-
-import "time"
-
-type certificatePolicy struct {
- CertificatePolicyType certificatePolicyType `json:"certificatePolicyType,omitempty"`
- ID string `json:"id,omitempty"`
- CompanyID string `json:"companyId,omitempty"`
- Name string `json:"name,omitempty"`
- SystemGenerated bool `json:"systemGeneratedate,omitempty"`
- CreationDateString string `json:"creationDate,omitempty"`
- CreationDate time.Time `json:"-"`
- CertificateProviderID string `json:"certificateProviderId,omitempty"`
- SubjectCNRegexes []string `json:"subjectCNRegexes,omitempty"`
- SubjectORegexes []string `json:"subjectORegexes,omitempty"`
- SubjectOURegexes []string `json:"subjectOURegexes,omitempty"`
- SubjectSTRegexes []string `json:"subjectSTRegexes,omitempty"`
- SubjectLRegexes []string `json:"subjectLRegexes,omitempty"`
- SubjectCRegexes []string `json:"subjectCRegexes,omitempty"`
- SANRegexes []string `json:"sanRegexes,omitempty"`
- KeyTypes []allowedKeyType `json:"keyTypes,omitempty"`
- KeyReuse bool `json:"keyReuse,omitempty"`
-}
-
-type allowedKeyType struct {
- KeyType keyType
- KeyLengths []int
-}
-
-type certificatePolicyType string
-
-const (
- certificatePolicyTypeIdentity certificatePolicyType = "CERTIFICATE_IDENTITY"
- certificatePolicyTypeUse = "CERTIFICATE_USE"
-)
-
-type keyType string
-
-const (
- keyTypeRSA keyType = "RSA"
- keyTypeDSA = "DSA"
- keyTypeEC = "EC"
- keyTypeGost3410 = "GOST3410"
- keyTypeECGost3410 = "ECGOST3410"
- keyTypeReserved3 = "RESERVED3"
- keyTypeUnknown = "UNKNOWN"
-)
-
-/*
-"signatureAlgorithm":{"type":"string","enum":["MD2_WITH_RSA_ENCRYPTION","MD5_WITH_RSA_ENCRYPTION","SHA1_WITH_RSA_ENCRYPTION","SHA1_WITH_RSA_ENCRYPTION2","SHA256_WITH_RSA_ENCRYPTION","SHA384_WITH_RSA_ENCRYPTION","SHA512_WITH_RSA_ENCRYPTION","ID_DSA_WITH_SHA1","dsaWithSHA1","EC_DSA_WITH_SHA1","EC_DSA_WITH_SHA224","EC_DSA_WITH_SHA256","EC_DSA_WITH_SHA384","EC_DSA_WITH_SHA512","UNKNOWN","SHA1_WITH_RSAandMGF1","GOST_R3411_94_WITH_GOST_R3410_2001","GOST_R3411_94_WITH_GOST_R3410_94"]},
-"signatureHashAlgorithm":{"type":"string","enum":["MD5","SHA1","MD2","SHA224","SHA256","SHA384","SHA512","UNKNOWN","GOSTR3411_94"]}
-*/
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/cloud.go b/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/cloud.go
deleted file mode 100644
index 2bcd1d7e..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/cloud.go
+++ /dev/null
@@ -1,352 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cloud
-
-import (
- "encoding/json"
- "encoding/pem"
- "fmt"
- "github.com/Venafi/vcert/pkg/certificate"
- "github.com/Venafi/vcert/pkg/endpoint"
- "net/http"
- "regexp"
- "strings"
- "time"
-)
-
-type apiKey struct {
- Username string `json:"username,omitempty"`
- APITypes []string `json:"apitypes,omitempty"`
- APIVersion string `json:"apiVersion,omitempty"`
- APIKeyStatus string `json:"apiKeyStatus,omitempty"`
- CreationDateString string `json:"creationDate,omitempty"`
- CreationDate time.Time `json:"-"`
- ValidityStartDateString string `json:"validityStartDate,omitempty"`
- ValidityStartDate time.Time `json:"-"`
- ValidityEndDateString string `json:"validityEndDate,omitempty"`
- ValidityEndDate time.Time `json:"-"`
-}
-
-type userDetails struct {
- User *user `json:"user,omitempty"`
- Company *company `json:"company,omitempty"`
- APIKey *apiKey `json:"apiKey,omitempty"`
-}
-
-type certificateRequestResponse struct {
- CertificateRequests []certificateRequestResponseData `json:"certificateRequests,omitempty"`
-}
-
-type certificateRequestResponseData struct {
- ID string `json:"id,omitempty"`
- ZoneID string `json:"zoneId,omitempty"`
- Status string `json:"status,omitempty"`
- SubjectDN string `json:"subjectDN,omitempty"`
- GeneratedKey bool `json:"generatedKey,omitempty"`
- DefaultKeyPassword bool `json:"defaultKeyPassword,omitempty"`
- CertificateInstanceIDs []string `json:"certificateInstanceIds,omitempty"`
- CreationDateString string `json:"creationDate,omitempty"`
- CreationDate time.Time `json:"-"`
- PEM string `json:"pem,omitempty"`
- DER string `json:"der,omitempty"`
-}
-
-type certificateRequest struct { // TODO: this is actually certificate request object (sent with POST)
- //CompanyID string `json:"companyId,omitempty"`
- CSR string `json:"certificateSigningRequest,omitempty"`
- ZoneID string `json:"zoneId,omitempty"`
- ExistingManagedCertificateId string `json:"existingManagedCertificateId,omitempty"`
- ReuseCSR bool `json:"reuseCSR,omitempty"`
- //DownloadFormat string `json:"downloadFormat,omitempty"`
-}
-
-type certificateStatus struct { // TODO: this is actually the same certificate request object (received with GET)
- Id string `json:"Id,omitempty"`
- ManagedCertificateId string `json:"managedCertificateId,omitempty"`
- ZoneId string `json:"zoneId,omitempty"`
- Status string `json:"status,omitempty"`
- ErrorInformation CertificateStatusErrorInformation `json:"errorInformation,omitempty"`
- CreationDate string `json:"creationDate,omitempty"`
- ModificationDate string `json:"modificationDate,omitempty"`
- CertificateSigningRequest string `json:"certificateSigningRequest,omitempty"`
- SubjectDN string `json:"subjectDN,omitempty"`
-}
-
-type CertificateStatusErrorInformation struct {
- Type string `json:"type,omitempty"`
- Code int `json:"code,omitempty"`
- Message string `json:"message,omitempty"`
- Args []string `json:"args,omitempty"`
-}
-
-//GenerateRequest generates a CertificateRequest based on the zone configuration, and returns the request along with the private key.
-func (c *Connector) GenerateRequest(config *endpoint.ZoneConfiguration, req *certificate.Request) (err error) {
- switch req.CsrOrigin {
- case certificate.LocalGeneratedCSR:
- var pk interface{}
- if config == nil {
- config, err = c.ReadZoneConfiguration(c.zone)
- if err != nil {
- return fmt.Errorf("could not read zone configuration: %s", err)
- }
- }
- err = config.ValidateCertificateRequest(req)
- if err != nil {
- return err
- }
- config.UpdateCertificateRequest(req)
- switch req.KeyType {
- case certificate.KeyTypeECDSA:
- pk, err = certificate.GenerateECDSAPrivateKey(req.KeyCurve)
- case certificate.KeyTypeRSA:
- pk, err = certificate.GenerateRSAPrivateKey(req.KeyLength)
- default:
- return fmt.Errorf("Unable to generate certificate request, key type %s is not supported", req.KeyType.String())
- }
- if err != nil {
- return err
- }
- req.PrivateKey = pk
- err = certificate.GenerateRequest(req, pk)
- if err != nil {
- return err
- }
- req.CSR = pem.EncodeToMemory(certificate.GetCertificateRequestPEMBlock(req.CSR))
- return nil
-
- case certificate.UserProvidedCSR:
- if req.CSR == nil || len(req.CSR) == 0 {
- return fmt.Errorf("CSR was supposed to be provided by user, but it's empty")
- }
- return nil
-
- case certificate.ServiceGeneratedCSR:
- req.CSR = nil
- return nil
-
- default:
- return fmt.Errorf("unrecognised req.CsrOrigin %v", req.CsrOrigin)
- }
-}
-
-//SetBaseURL allows overriding the default URL used to communicate with Venafi Cloud
-func (c *Connector) SetBaseURL(url string) error {
- if url == "" {
- return fmt.Errorf("base URL cannot be empty")
- }
- modified := strings.ToLower(url)
- reg := regexp.MustCompile("^http(|s)://")
- if reg.FindStringIndex(modified) == nil {
- modified = "https://" + modified
- } else {
- modified = reg.ReplaceAllString(modified, "https://")
- }
- reg = regexp.MustCompile("/v1(|/)$")
- if reg.FindStringIndex(modified) == nil {
- modified += "v1/"
- } else {
- modified = reg.ReplaceAllString(modified, "/v1/")
- }
- c.baseURL = modified
- return nil
-}
-
-func (c *Connector) getURL(resource urlResource) string {
- return fmt.Sprintf("%s%s", c.baseURL, resource)
-}
-
-func parseUserDetailsResult(expectedStatusCode int, httpStatusCode int, httpStatus string, body []byte) (*userDetails, error) {
- if httpStatusCode == expectedStatusCode {
- resp, err := parseUserDetailsData(body)
- if err != nil {
- return nil, err
- }
- return resp, nil
- }
-
- switch httpStatusCode {
- case http.StatusConflict, http.StatusPreconditionFailed:
- respErrors, err := parseResponseErrors(body)
- if err != nil {
- return nil, err
- }
-
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud registration. Status: %s\n", httpStatus)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- default:
- if body != nil {
- respErrors, err := parseResponseErrors(body)
- if err == nil {
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud registration. Status: %s\n", httpStatus)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- }
- }
- return nil, fmt.Errorf("Unexpected status code on Venafi Cloud registration. Status: %s", httpStatus)
- }
-}
-
-func parseUserDetailsData(b []byte) (*userDetails, error) {
- var data userDetails
- err := json.Unmarshal(b, &data)
- if err != nil {
- return nil, err
- }
-
- return &data, nil
-}
-
-func parseZoneConfigurationResult(httpStatusCode int, httpStatus string, body []byte) (*zone, error) {
- switch httpStatusCode {
- case http.StatusOK:
- z, err := parseZoneConfigurationData(body)
- if err != nil {
- return nil, err
- }
- return z, nil
- case http.StatusBadRequest, http.StatusPreconditionFailed, http.StatusNotFound:
- respErrors, err := parseResponseErrors(body)
- if err != nil {
- return nil, err
- }
-
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud zone read. Status: %s\n", httpStatus)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- default:
- if body != nil {
- respErrors, err := parseResponseErrors(body)
- if err == nil {
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud zone read. Status: %s\n", httpStatus)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- }
- }
- return nil, fmt.Errorf("Unexpected status code on Venafi Cloud zone read. Status: %s", httpStatus)
- }
-}
-
-func parseZoneConfigurationData(b []byte) (*zone, error) {
- var data zone
- err := json.Unmarshal(b, &data)
- if err != nil {
- return nil, err
- }
-
- return &data, nil
-}
-
-func parseCertificatePolicyResult(httpStatusCode int, httpStatus string, body []byte) (*certificatePolicy, error) {
- switch httpStatusCode {
- case http.StatusOK:
- p, err := parseCertificatePolicyData(body)
- if err != nil {
- return nil, err
- }
- return p, nil
- case http.StatusBadRequest, http.StatusPreconditionFailed, http.StatusNotFound:
- respErrors, err := parseResponseErrors(body)
- if err != nil {
- return nil, err
- }
-
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud policy read. Status: %s\n", httpStatus)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- default:
- if body != nil {
- respErrors, err := parseResponseErrors(body)
- if err == nil {
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud policy read. Status: %s\n", httpStatus)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- }
- }
- return nil, fmt.Errorf("Unexpected status code on Venafi Cloud policy read. Status: %s", httpStatus)
- }
-}
-
-func parseCertificatePolicyData(b []byte) (*certificatePolicy, error) {
- var data certificatePolicy
- err := json.Unmarshal(b, &data)
- if err != nil {
- return nil, err
- }
-
- return &data, nil
-}
-
-func parseCertificateRequestResult(httpStatusCode int, httpStatus string, body []byte) (*certificateRequestResponse, error) {
- switch httpStatusCode {
- case http.StatusCreated:
- z, err := parseCertificateRequestData(body)
- if err != nil {
- return nil, err
- }
- return z, nil
- case http.StatusBadRequest, http.StatusPreconditionFailed:
- respErrors, err := parseResponseErrors(body)
- if err != nil {
- return nil, err
- }
-
- respError := fmt.Sprintf("Certificate request failed with server error. Status: %s\n", httpStatus)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- default:
- if body != nil {
- respErrors, err := parseResponseErrors(body)
- if err == nil {
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud certificate request. Status: %s\n", httpStatus)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- }
- }
- return nil, fmt.Errorf("Unexpected status code on Venafi Cloud certificate request. Status: %s", httpStatus)
- }
-}
-
-func parseCertificateRequestData(b []byte) (*certificateRequestResponse, error) {
- var data certificateRequestResponse
- err := json.Unmarshal(b, &data)
- if err != nil {
- return nil, err
- }
-
- return &data, nil
-}
-
-func newPEMCollectionFromResponse(data []byte, chainOrder certificate.ChainOption) (*certificate.PEMCollection, error) {
- return certificate.PEMCollectionFromBytes(data, chainOrder)
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/company.go b/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/company.go
deleted file mode 100644
index 6f566157..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/company.go
+++ /dev/null
@@ -1,113 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cloud
-
-import (
- "fmt"
- "github.com/Venafi/vcert/pkg/certificate"
- "github.com/Venafi/vcert/pkg/endpoint"
- "time"
-)
-
-type company struct {
- ID string `json:"id,omitempty"`
- Name string `json:"name,omitempty"`
- CompanyType string `json:"companyType,omitempty"`
- Active bool `json:"active,omitempty"`
- CreationDateString string `json:"creationDate,omitempty"`
- CreationDate time.Time `json:"-"`
- Domains []string `json:"domains,omitempty"`
-}
-
-type zone struct {
- ID string `json:"id,omitempty"`
- CompanyID string `json:"companyId,omitempty"`
- Tag string `json:"tag,omitempty"`
- ZoneType string `json:"zoneType,omitempty"`
- CertificatePolicyIDs certificatePolicyID `json:"certificatePolicyIds,omitempty"`
- DefaultCertificateIdentityPolicy string `json:"defaultCertificateIdentityPolicyId,omitempty"`
- DefaultCertificateUsePolicy string `json:"defaultCertificateUsePolicyId,omitempty"`
- SystemGenerated bool `json:"systemGeneratedate,omitempty"`
- CreationDateString string `json:"creationDate,omitempty"`
- CreationDate time.Time `json:"-"`
-}
-
-type certificatePolicyID struct {
- CertificateIdentity []string `json:"CERTIFICATE_IDENTITY,omitempty"`
- CertificateUse []string `json:"CERTIFICATE_USE,omitempty"`
-}
-
-func (z *zone) GetZoneConfiguration(ud *userDetails, policy *certificatePolicy) *endpoint.ZoneConfiguration {
- zoneConfig := endpoint.ZoneConfiguration{}
-
- if policy != nil {
- if policy.KeyTypes != nil {
- certKeyType := certificate.KeyTypeRSA
- for _, kt := range policy.KeyTypes {
- certKeyType.Set(fmt.Sprintf("%s", kt.KeyType))
- keyConfiguration := endpoint.AllowedKeyConfiguration{}
- keyConfiguration.KeyType = certKeyType
- for _, size := range kt.KeyLengths {
- keyConfiguration.KeySizes = append(keyConfiguration.KeySizes, size)
- }
- zoneConfig.AllowedKeyConfigurations = append(zoneConfig.AllowedKeyConfigurations, keyConfiguration)
- }
- }
- }
- return &zoneConfig
-}
-
-const (
- zoneKeyGeneratorDeviceKeyGeneration = "DEVICE_KEY_GENERATION"
- zoneKeyGeneratorCentralKeyGeneration = "CENTRAL_KEY_GENERATION"
- zoneKeyGeneratorUnknown = "UNKNOWN"
-)
-
-const (
- zoneEncryptionTypeRSA = "RSA"
- zoneEncryptionTypeDSA = "DSA"
- zoneEncryptionTypeEC = "EC"
- zoneEncryptionTypeGOST3410 = "GOST3410"
- zoneEncryptionTypeECGOST3410 = "ECGOST3410"
- zoneEncryptionTypeRESERVED3 = "RESERVED3"
- zoneEncryptionTypeUnknown = "UNKNOWN"
-)
-
-const (
- zoneHashAlgorithmMD5 = "MD5"
- zoneHashAlgorithmSHA1 = "SHA1"
- zoneHashAlgorithmMD2 = "MD2"
- zoneHashAlgorithmSHA224 = "SHA224"
- zoneHashAlgorithmSHA256 = "SHA256"
- zoneHashAlgorithmSHA384 = "SHA384"
- zoneHashAlgorithmSHA512 = "SHA512"
- zoneHashAlgorithmUnknown = "UNKNOWN"
- zoneHashAlgorithmGOSTR341194 = "GOSTR3411_94"
-)
-
-const (
- zoneValidityPeriodLTE90 = "LTE_90_DAYS"
- zoneValidityPeriodGT90 = "GT_90_DAYS"
- zoneValidityPeriodOther = "OTHER"
-)
-
-const (
- zoneCertificateAuthorityTypeCondorTest = "CONDOR_TEST_CA"
- zoneCertificateAuthorityTypePublic = "PUBLIC_CA"
- zoneCertificateAuthorityTypePrivate = "PRIVATE_CA"
- zoneCertificateAuthorityTypeOther = "OTHER"
-)
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/connector.go b/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/connector.go
deleted file mode 100644
index 0c2fa481..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/connector.go
+++ /dev/null
@@ -1,710 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cloud
-
-import (
- "bytes"
- "crypto/x509"
- "encoding/json"
- "fmt"
- "github.com/Venafi/vcert/pkg/certificate"
- "github.com/Venafi/vcert/pkg/endpoint"
- "io/ioutil"
- "log"
- "net/http"
- "strings"
- "time"
-)
-
-const apiURL = "api.venafi.cloud/v1/"
-
-type urlResource string
-
-const (
- urlResourceUserAccounts urlResource = "useraccounts"
- urlResourcePing = "ping"
- urlResourceZones = "zones"
- urlResourceZoneByTag = urlResourceZones + "/tag/%s"
- urlResourceCertificatePolicies = "certificatepolicies"
- urlResourcePoliciesByID = urlResourceCertificatePolicies + "%s"
- urlResourcePoliciesForZoneByID = urlResourceCertificatePolicies + "?zoneId=%s"
- urlResourceCertificateRequests = "certificaterequests"
- urlResourceCertificateStatus = urlResourceCertificateRequests + "/%s"
- urlResourceCertificateRetrieve = urlResourceCertificateRequests + "/%s/certificate"
- urlResourceCertificateSearch = "certificatesearch"
- urlResourceManagedCertificates = "managedcertificates"
- urlResourceManagedCertificateById = urlResourceManagedCertificates + "/%s"
-)
-
-type condorChainOption string
-
-const (
- condorChainOptionRootFirst condorChainOption = "ROOT_FIRST"
- condorChainOptionRootLast = "EE_FIRST"
-)
-
-// Connector contains the base data needed to communicate with the Venafi Cloud servers
-type Connector struct {
- baseURL string
- apiKey string
- verbose bool
- user *userDetails
- trust *x509.CertPool
- zone string
-}
-
-// NewConnector creates a new Venafi Cloud Connector object used to communicate with Venafi Cloud
-func NewConnector(verbose bool, trust *x509.CertPool) *Connector {
- c := Connector{verbose: verbose, trust: trust}
- c.SetBaseURL(apiURL)
- return &c
-}
-
-func (c *Connector) SetZone(z string) {
- c.zone = z
-}
-
-func (c *Connector) GetType() endpoint.ConnectorType {
- return endpoint.ConnectorTypeCloud
-}
-
-//Ping attempts to connect to the Venafi Cloud API and returns an errror if it cannot
-func (c *Connector) Ping() (err error) {
- url := c.getURL(urlResourcePing)
-
- resp, err := http.Get(url)
- if err != nil {
- return err
- }
- if resp.StatusCode != http.StatusOK {
- err = fmt.Errorf("Unexpected status code on Venafi Cloud ping. Status: %d %s", resp.StatusCode, resp.Status)
- }
- return err
-}
-
-//Authenticate authenticates the user with Venafi Cloud using the provided API Key
-func (c *Connector) Authenticate(auth *endpoint.Authentication) (err error) {
- if auth == nil {
- return fmt.Errorf("failed to authenticate: missing credentials")
- }
- c.apiKey = auth.APIKey
- url := c.getURL(urlResourceUserAccounts)
- b := []byte{}
- reader := bytes.NewReader(b)
- request, err := http.NewRequest("GET", url, reader)
- if err != nil {
- return err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return err
- }
-
- ud, err := parseUserDetailsResult(http.StatusOK, resp.StatusCode, resp.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", url, b)
- }
-
- return err
- }
- c.user = ud
- return nil
-}
-
-//Register registers a new user with Venafi Cloud
-func (c *Connector) Register(email string) (err error) {
- b, err := json.Marshal(userAccount{Username: email, UserAccountType: "API"})
-
- url := c.getURL(urlResourceUserAccounts)
-
- reader := bytes.NewReader(b)
- resp, err := http.Post(url, "application/json", reader)
- if err != nil {
- return err
- }
- defer resp.Body.Close()
-
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return err
- }
-
- //the user has already been registered and there is nothing to parse
- if resp.StatusCode == http.StatusAccepted {
- return nil
- }
- ud, err := parseUserDetailsResult(http.StatusCreated, resp.StatusCode, resp.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", url, b)
- }
-
- return err
- }
- c.user = ud
- return nil
-}
-
-//ReadZoneConfiguration reads the Zone information needed for generating and requesting a certificate from Venafi Cloud
-func (c *Connector) ReadZoneConfiguration(zone string) (config *endpoint.ZoneConfiguration, err error) {
- z, err := c.getZoneByTag(zone)
- if err != nil {
- return nil, err
- }
- p, err := c.getPoliciesByID([]string{z.DefaultCertificateIdentityPolicy, z.DefaultCertificateUsePolicy})
- config = z.GetZoneConfiguration(c.user, p)
- return config, nil
-}
-
-//RequestCertificate submits the CSR to the Venafi Cloud API for processing
-func (c *Connector) RequestCertificate(req *certificate.Request, zone string) (requestID string, err error) {
-
- if zone == "" {
- zone = c.zone
- }
-
- if req.CsrOrigin == certificate.ServiceGeneratedCSR {
- return "", fmt.Errorf("service generated CSR is not supported by Saas service")
- }
-
- url := c.getURL(urlResourceCertificateRequests)
- if c.user == nil || c.user.Company == nil {
- return "", fmt.Errorf("Must be autheticated to request a certificate")
- }
- z, err := c.getZoneByTag(zone)
- if err != nil {
- return "", err
- }
- b, _ := json.Marshal(certificateRequest{ZoneID: z.ID, CSR: string(req.CSR)})
- reader := bytes.NewReader(b)
- request, err := http.NewRequest("POST", url, reader)
- if err != nil {
- return "", err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- request.Header.Add("content-type", "application/json")
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return "", err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return "", err
- }
-
- cr, err := parseCertificateRequestResult(resp.StatusCode, resp.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", url, b)
- }
-
- return "", err
- }
- requestID = cr.CertificateRequests[0].ID
- req.PickupID = requestID
- return requestID, nil
-}
-
-func (c *Connector) getCertificateStatus(requestID string) (*certificateStatus, error) {
- var err error
- url := c.getURL(urlResourceCertificateStatus)
- if c.user == nil || c.user.Company == nil {
- err = fmt.Errorf("Must be autheticated to retieve certificate")
- return nil, err
- }
- url = fmt.Sprintf(url, requestID)
-
- b := []byte{}
- reader := bytes.NewReader(b)
- request, err := http.NewRequest("GET", url, reader)
- if err != nil {
- return nil, err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- request.Header.Add("Accept", "application/json")
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
-
- switch resp.StatusCode {
- case http.StatusOK:
- var data = &certificateStatus{}
- err = json.Unmarshal(body, data)
- if err != nil {
- return nil, fmt.Errorf("failed to parse certificate request status response: %s", err)
- }
- return data, nil
- default:
- if body != nil {
- respErrors, err := parseResponseErrors(body)
- if err == nil {
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud certificate search. Status: %d\n", resp.StatusCode)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- }
- }
- return nil, fmt.Errorf("Unexpected status code on Venafi Cloud certificate search. Status: %d", resp.StatusCode)
- }
-}
-
-//RetrieveCertificate retrieves the certificate for the specified ID
-func (c *Connector) RetrieveCertificate(req *certificate.Request) (certificates *certificate.PEMCollection, err error) {
-
- if req.FetchPrivateKey {
- return nil, fmt.Errorf("Failed to retrieve private key from Venafi Cloud service: not supported")
- }
-
- if req.PickupID == "" && req.Thumbprint != "" {
- // search cert by Thumbprint and fill pickupID
- var certificateRequestId string
- searchResult, err := c.searchCertificatesByFingerprint(req.Thumbprint)
- if err != nil {
- return nil, fmt.Errorf("Failed to retrieve certificate: %s", err)
- }
- if len(searchResult.Certificates) == 0 {
- return nil, fmt.Errorf("No certifiate found using fingerprint %s", req.Thumbprint)
- }
-
- reqIds := []string{}
- isOnlyOneCertificateRequestId := true
- for _, c := range searchResult.Certificates {
- reqIds = append(reqIds, c.CertificateRequestId)
- if certificateRequestId != "" && certificateRequestId != c.CertificateRequestId {
- isOnlyOneCertificateRequestId = false
- }
- certificateRequestId = c.CertificateRequestId
- }
- if !isOnlyOneCertificateRequestId {
- return nil, fmt.Errorf("More than one CertificateRequestId was found with the same Fingerprint: %s", reqIds)
- }
-
- req.PickupID = certificateRequestId
- }
-
- startTime := time.Now()
- for {
- status, err := c.getCertificateStatus(req.PickupID)
- if err != nil {
- return nil, fmt.Errorf("unable to retrieve: %s", err)
- }
- if status.Status == "ISSUED" {
- break // to fetch the cert itself
- } else if status.Status == "FAILED" {
- return nil, fmt.Errorf("Failed to retrieve certificate. Status: %v", status)
- }
- // status.Status == "REQUESTED" || status.Status == "PENDING"
- if req.Timeout == 0 {
- return nil, endpoint.ErrCertificatePending{CertificateID: req.PickupID, Status: status.Status}
- }
- if time.Now().After(startTime.Add(req.Timeout)) {
- return nil, endpoint.ErrRetrieveCertificateTimeout{CertificateID: req.PickupID}
- }
- // fmt.Printf("pending... %s\n", status.Status)
- time.Sleep(2 * time.Second)
- }
-
- url := c.getURL(urlResourceCertificateRetrieve)
- if c.user == nil || c.user.Company == nil {
- return nil, fmt.Errorf("Must be autheticated to retieve certificate")
- }
- url = fmt.Sprintf(url, req.PickupID)
- url += "?chainOrder=%s&format=PEM"
- switch req.ChainOption {
- case certificate.ChainOptionRootFirst:
- url = fmt.Sprintf(url, condorChainOptionRootFirst)
- default:
- url = fmt.Sprintf(url, condorChainOptionRootLast)
- }
- b := []byte{}
- reader := bytes.NewReader(b)
- request, err := http.NewRequest("GET", url, reader)
- if err != nil {
- return nil, err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- request.Header.Add("Accept", "text/plain")
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
- if resp.StatusCode == http.StatusOK {
- return newPEMCollectionFromResponse(body, req.ChainOption)
- } else if resp.StatusCode == http.StatusConflict { // Http Status Code 409 means the certificate has not been signed by the ca yet.
- return nil, endpoint.ErrCertificatePending{CertificateID: req.PickupID}
- } else {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", url, b)
- }
- return nil, fmt.Errorf("Failed to retrieve certificate. StatusCode: %d -- Status: %s -- Server Data: %s", resp.StatusCode, resp.Status, body)
- }
-}
-
-// RevokeCertificate attempts to revoke the certificate
-func (c *Connector) RevokeCertificate(revReq *certificate.RevocationRequest) (err error) {
- return fmt.Errorf("not supported by endpoint")
-}
-
-// RenewCertificate attempts to renew the certificate
-func (c *Connector) RenewCertificate(renewReq *certificate.RenewalRequest) (requestID string, err error) {
-
- /* 1st step is to get CertificateRequestId which is required to lookup managedCertificateId and zoneId */
- var certificateRequestId string
-
- if renewReq.Thumbprint != "" {
- // by Thumbprint (aka Fingerprint)
- searchResult, err := c.searchCertificatesByFingerprint(renewReq.Thumbprint)
- if err != nil {
- return "", fmt.Errorf("Failed to create renewal request: %s", err)
- }
- if len(searchResult.Certificates) == 0 {
- return "", fmt.Errorf("No certifiate found using fingerprint %s", renewReq.Thumbprint)
- }
-
- reqIds := []string{}
- isOnlyOneCertificateRequestId := true
- for _, c := range searchResult.Certificates {
- reqIds = append(reqIds, c.CertificateRequestId)
- if certificateRequestId != "" && certificateRequestId != c.CertificateRequestId {
- isOnlyOneCertificateRequestId = false
- }
- certificateRequestId = c.CertificateRequestId
- }
- if !isOnlyOneCertificateRequestId {
- return "", fmt.Errorf("Error: more than one CertificateRequestId was found with the same Fingerprint: %s", reqIds)
- }
- } else if renewReq.CertificateDN != "" {
- // by CertificateDN (which is the same as CertificateRequestId for current implementation)
- certificateRequestId = renewReq.CertificateDN
- } else {
- return "", fmt.Errorf("failed to create renewal request: CertificateDN or Thumbprint required")
- }
-
- /* 2nd step is to get ManagedCertificateId & ZoneId by looking up certificate request record */
- previousRequest, err := c.getCertificateStatus(certificateRequestId)
- if err != nil {
- return "", fmt.Errorf("certificate renew failed: %s", err)
- }
- var zoneId = previousRequest.ZoneId
- var managedCertificateId = previousRequest.ManagedCertificateId
-
- if managedCertificateId == "" {
- return "", fmt.Errorf("failed to submit renewal request for certificate: ManagedCertificateId is empty, certificate status is %s", previousRequest.Status)
- }
-
- if managedCertificateId == "" {
- return "", fmt.Errorf("failed to submit renewal request for certificate: ZoneId is empty, certificate status is %s", previousRequest.Status)
- }
-
- /* 3rd step is to get ManagedCertificate Object by id
- and check if latestCertificateRequestId there equals to certificateRequestId from 1st step */
- managedCertificate, err := c.getManagedCertificate(managedCertificateId)
- if err != nil {
- return "", fmt.Errorf("failed to renew certificate: %s", err)
- }
- if managedCertificate.LatestCertificateRequestId != certificateRequestId {
- withThumbprint := ""
- if renewReq.Thumbprint != "" {
- withThumbprint = fmt.Sprintf("with thumbprint %s ", renewReq.Thumbprint)
- }
- return "", fmt.Errorf(
- "Certificate under requestId %s "+withThumbprint+
- "is not the latest under ManagedCertificateId %s. The latest request is %s. "+
- "This error may happen when revoked certificate is requested to be renewed.",
- certificateRequestId, managedCertificateId, managedCertificate.LatestCertificateRequestId)
- }
-
- /* 4th step is to send renewal request */
- url := c.getURL(urlResourceCertificateRequests)
- if c.user == nil || c.user.Company == nil {
- return "", fmt.Errorf("Must be autheticated to request a certificate")
- }
-
- req := certificateRequest{
- ZoneID: zoneId,
- ExistingManagedCertificateId: managedCertificateId,
- }
- if renewReq.CertificateRequest != nil && 0 < len(renewReq.CertificateRequest.CSR) {
- req.CSR = string(renewReq.CertificateRequest.CSR)
- req.ReuseCSR = false
- } else {
- req.ReuseCSR = true
- }
- b, _ := json.Marshal(req)
- reader := bytes.NewReader(b)
- request, err := http.NewRequest("POST", url, reader)
- if err != nil {
- return "", err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- request.Header.Add("content-type", "application/json")
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return "", err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return "", err
- }
-
- cr, err := parseCertificateRequestResult(resp.StatusCode, resp.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", url, b)
- }
-
- return "", fmt.Errorf("Failed to renew certificate: %s", err)
- }
- return cr.CertificateRequests[0].ID, nil
-}
-
-func (c *Connector) getZoneByTag(tag string) (*zone, error) {
- url := c.getURL(urlResourceZoneByTag)
- if c.user == nil {
- return nil, fmt.Errorf("Must be autheticated to read the zone configuration")
- }
- url = fmt.Sprintf(url, tag)
- b := []byte{}
- reader := bytes.NewReader(b)
- request, err := http.NewRequest("GET", url, reader)
- if err != nil {
- return nil, err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
- z, err := parseZoneConfigurationResult(resp.StatusCode, resp.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", url, b)
- }
-
- return nil, err
- }
- return z, nil
-}
-
-func (c *Connector) getPoliciesByID(ids []string) (*certificatePolicy, error) {
- policy := new(certificatePolicy)
- url := c.getURL(urlResourcePoliciesByID)
- if c.user == nil {
- return nil, fmt.Errorf("Must be autheticated to read the zone configuration")
- }
- for _, id := range ids {
- url = fmt.Sprintf(url, id)
- b := []byte{}
- reader := bytes.NewReader(b)
- request, err := http.NewRequest("GET", url, reader)
- if err != nil {
- return nil, err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
- p, err := parseCertificatePolicyResult(resp.StatusCode, resp.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", url, b)
- }
-
- return nil, err
- }
- switch p.CertificatePolicyType {
- case certificatePolicyTypeIdentity:
- policy.SubjectCNRegexes = p.SubjectCNRegexes
- policy.SubjectORegexes = p.SubjectORegexes
- policy.SubjectOURegexes = p.SubjectOURegexes
- policy.SubjectSTRegexes = p.SubjectSTRegexes
- policy.SubjectLRegexes = p.SubjectLRegexes
- policy.SubjectCRegexes = p.SubjectCRegexes
- policy.SANRegexes = p.SANRegexes
- break
- case certificatePolicyTypeUse:
- policy.KeyTypes = p.KeyTypes
- policy.KeyReuse = p.KeyReuse
- break
- }
- }
- return policy, nil
-}
-
-func (c *Connector) searchCertificates(req *SearchRequest) (*CertificateSearchResponse, error) {
-
- var err error
-
- url := c.getURL(urlResourceCertificateSearch)
- if c.user == nil || c.user.Company == nil {
- err = fmt.Errorf("Must be autheticated")
- return nil, err
- }
-
- b, _ := json.Marshal(req)
- reader := bytes.NewReader(b)
- request, err := http.NewRequest("POST", url, reader)
- if err != nil {
- return nil, err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- request.Header.Add("content-type", "application/json")
- request.Header.Add("accept", "application/json")
-
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
- if c.verbose {
- fmt.Printf("REQ: %s\n", b)
- fmt.Printf("RES: %s\n", body)
- }
-
- searchResult, err := ParseCertificateSearchResponse(resp.StatusCode, body)
- if err != nil {
- return nil, err
- }
- return searchResult, nil
-}
-
-func (c *Connector) searchCertificatesByFingerprint(fp string) (*CertificateSearchResponse, error) {
- fp = strings.Replace(fp, ":", "", -1)
- fp = strings.Replace(fp, ".", "", -1)
- fp = strings.ToUpper(fp)
- req := &SearchRequest{
- Expression: &Expression{
- Operands: []Operand{
- {
- "fingerprint",
- MATCH,
- fp,
- },
- },
- },
- }
- return c.searchCertificates(req)
-}
-
-/*
- "id": "32a656d1-69b1-11e8-93d8-71014a32ec53",
- "companyId": "b5ed6d60-22c4-11e7-ac27-035f0608fd2c",
- "latestCertificateRequestId": "0e546560-69b1-11e8-9102-a1f1c55d36fb",
- "ownerUserId": "593cdba0-2124-11e8-8219-0932652c1da0",
- "certificateIds": [
- "32a656d0-69b1-11e8-93d8-71014a32ec53"
- ],
- "certificateName": "cn=svc6.venafi.example.com",
-
-*/
-type managedCertificate struct {
- Id string `json:"id"`
- CompanyId string `json:"companyId"`
- LatestCertificateRequestId string `json:"latestCertificateRequestId"`
- CertificateName string `json:"certificateName"`
-}
-
-func (c *Connector) getManagedCertificate(managedCertId string) (*managedCertificate, error) {
- var err error
- url := c.getURL(urlResourceManagedCertificateById)
- url = fmt.Sprintf(url, managedCertId)
- if c.user == nil || c.user.Company == nil {
- err = fmt.Errorf("Must be autheticated")
- return nil, err
- }
-
- request, err := http.NewRequest("GET", url, nil)
- if err != nil {
- return nil, err
- }
- request.Header.Add("tppl-api-key", c.apiKey)
- request.Header.Add("accept", "application/json")
-
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
- if c.verbose {
- fmt.Printf("REQ: %s\n", url)
- fmt.Printf("RES: %s\n", body)
- }
-
- switch resp.StatusCode {
- case http.StatusOK:
- var res = &managedCertificate{}
- err = json.Unmarshal(body, res)
- if err != nil {
- return nil, fmt.Errorf("Failed to parse search results: %s, body: %s", err, body)
- }
- return res, nil
- default:
- if body != nil {
- respErrors, err := parseResponseErrors(body)
- if err == nil {
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud certificate search. Status: %d\n", resp.StatusCode)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- }
- }
- return nil, fmt.Errorf("Unexpected status code on Venafi Cloud certificate search. Status: %d", resp.StatusCode)
- }
-
-}
-
-func (c *Connector) ImportCertificate(req *certificate.ImportRequest) (*certificate.ImportResponse, error) {
- return nil, fmt.Errorf("import is not supported")
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/error.go b/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/error.go
deleted file mode 100644
index 36339f2f..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/error.go
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cloud
-
-import (
- "encoding/json"
- "fmt"
-)
-
-type responseError struct {
- Code int `json:"code,omitempty"`
- Message string `json:"message,omitempty"`
- Args interface{} `json:"args,omitempty"`
-}
-
-type jsonData struct {
- Errors []responseError `json:"errors,omitempty"`
-}
-
-func parseResponseErrors(b []byte) ([]responseError, error) {
- var data jsonData
- err := json.Unmarshal(b, &data)
- if err != nil {
- return nil, err
- }
-
- return data.Errors, nil
-}
-
-func parseResponseError(b []byte) (responseError, error) {
- e := responseError{}
- err := json.Unmarshal(b, &e)
- if err != nil {
- return e, err
- }
-
- return e, nil
-}
-
-func (re *responseError) parseResponseArgs() (string, error) {
- if re.Args == nil {
- return "", nil
- }
- return fmt.Sprintf("%v", re.Args), nil
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/search.go b/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/search.go
deleted file mode 100644
index 50028976..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/search.go
+++ /dev/null
@@ -1,97 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cloud
-
-import (
- "encoding/json"
- "fmt"
- "net/http"
-)
-
-type SearchRequest struct {
- Expression *Expression `json:"expression"`
- Ordering *interface{} `json:"ordering,omitempty"`
- Paging *Paging `json:"paging,omitempty"`
- // ordering is not used here so far
- // "ordering": {"orders": [{"direction": "ASC", "field": "subjectCN"},{"direction": "DESC", "field": "keyStrength"}]},
-}
-
-type Expression struct {
- Operands []Operand `json:"operands,omitempty"`
-}
-
-type Operand struct {
- Field Field `json:"field"`
- Operator Operator `json:"operator"`
- Value interface{} `json:"value"`
-}
-
-type Field string
-type Operator string
-
-type Paging struct {
- PageNumber int `json:"pageNumber"`
- PageSize int `json:"pageSize"`
-}
-
-const (
- EQ Operator = "EQ"
- FIND = "FIND"
- GT = "GT"
- GTE = "GTE"
- IN = "IN"
- LT = "LT"
- LTE = "LTE"
- MATCH = "MATCH"
-)
-
-type CertificateSearchResponse struct {
- Count int `json:"count"`
- Certificates []Certificate `json:"certificates"`
-}
-
-type Certificate struct {
- Id string `json:"id"`
- ManagedCertificateId string `json:"managedCertificateId"`
- CertificateRequestId string `json:"certificateRequestId"`
- SubjectCN []string `json:"subjectCN"`
- /*...and many more fields... */
-}
-
-func ParseCertificateSearchResponse(httpStatusCode int, body []byte) (searchResult *CertificateSearchResponse, err error) {
- switch httpStatusCode {
- case http.StatusOK:
- var searchResult = &CertificateSearchResponse{}
- err = json.Unmarshal(body, searchResult)
- if err != nil {
- return nil, fmt.Errorf("Failed to parse search results: %s, body: %s", err, body)
- }
- return searchResult, nil
- default:
- if body != nil {
- respErrors, err := parseResponseErrors(body)
- if err == nil {
- respError := fmt.Sprintf("Unexpected status code on Venafi Cloud certificate search. Status: %d\n", httpStatusCode)
- for _, e := range respErrors {
- respError += fmt.Sprintf("Error Code: %d Error: %s\n", e.Code, e.Message)
- }
- return nil, fmt.Errorf(respError)
- }
- }
- return nil, fmt.Errorf("Unexpected status code on Venafi Cloud certificate search. Status: %d", httpStatusCode)
- }
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/user.go b/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/user.go
deleted file mode 100644
index 50bff338..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/cloud/user.go
+++ /dev/null
@@ -1,50 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package cloud
-
-import (
- "encoding/json"
- "time"
-)
-
-type user struct {
- Username string `json:"username,omitempty"`
- ID string `json:"id,omitempty"`
- CompanyID string `json:"companyId,omitempty"`
- EmailAddress string `json:"emailAddress,omitempty"`
- UserType string `json:"userType,omitempty"`
- UserAccountType string `json:"userAccountType,omitempty"`
- UserStatus string `json:"userStatus,omitempty"`
- CreationDateString string `json:"creationDate,omitempty"`
- CreationDate time.Time `json:"-"`
-}
-
-type userAccount struct {
- Username string `json:"username,omitempty"`
- Password string `json:"password,omitempty"`
- Firstname string `json:"firstname,omitempty"`
- Lastname string `json:"lastname,omitempty"`
- CompanyID string `json:"companyId,omitempty"`
- CompanyName string `json:"companyName,omitempty"`
- UserAccountType string `json:"userAccountType,omitempty"`
- GreCaptchaResponse string `json:"grecaptchaResponse,omitempty"`
-}
-
-func (u *user) encodeToJSON() ([]byte, error) {
- b, err := json.Marshal(u)
- return b, err
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/fake/ca.go b/vendor/github.com/Venafi/vcert/pkg/venafi/fake/ca.go
deleted file mode 100644
index bef59639..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/fake/ca.go
+++ /dev/null
@@ -1,82 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package fake
-
-import (
- "crypto/x509"
- "encoding/pem"
-)
-
-const caCertPEM = `-----BEGIN CERTIFICATE-----
-MIID1TCCAr2gAwIBAgIJAIOVTvMIMD7OMA0GCSqGSIb3DQEBCwUAMIGAMQswCQYD
-VQQGEwJVUzENMAsGA1UECAwEVXRhaDEXMBUGA1UEBwwOU2FsdCBMYWtlIENpdHkx
-DzANBgNVBAoMBlZlbmFmaTEbMBkGA1UECwwSTk9UIEZPUiBQUk9EVUNUSU9OMRsw
-GQYDVQQDDBJWQ2VydCBUZXN0IE1vZGUgQ0EwHhcNMTgwMzI3MTAyNTI5WhcNMzgw
-MzIyMTAyNTI5WjCBgDELMAkGA1UEBhMCVVMxDTALBgNVBAgMBFV0YWgxFzAVBgNV
-BAcMDlNhbHQgTGFrZSBDaXR5MQ8wDQYDVQQKDAZWZW5hZmkxGzAZBgNVBAsMEk5P
-VCBGT1IgUFJPRFVDVElPTjEbMBkGA1UEAwwSVkNlcnQgVGVzdCBNb2RlIENBMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0BobDKthxG5SuMfAp2heyDQN
-/IL9NTEnFJUUl/CkLEQTSQT68M9US7TCxi+FOizIoev2k4Nkovgk7uM0q94aygbh
-cHyTTL64uphHwcClu99ZQ6DIwzDH2gREsLWfj+KXw4bPsne+5tGxv2+0jG2at5or
-p/nOQWYD1C1HB6ZQqvP3PypDjou7Uh+Y00bOfXkbYWr8GkX4XAL6UtC0jUnsBEZX
-CuwO1BlIIoKNokhOV7Jcb3l/jurjzVWfem+tqwYb/Tkj6MI1YBqt6Yy2EsGsoAv1
-E5/IGcjSQnLEqDWhpY0s2fA4o+bAMzyakDFKJoQbF982QhS2fT+d87vQlnMi1QID
-AQABo1AwTjAdBgNVHQ4EFgQUzqRFDvLX0mz4AjPb45tLGavm8AcwHwYDVR0jBBgw
-FoAUzqRFDvLX0mz4AjPb45tLGavm8AcwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B
-AQsFAAOCAQEAWbRgS1qUyGMh3ToJ060s5cdoKzyx/ji5pRPXRxrmzzSxP+dlKX7h
-AKUgYOV9FU/k2f4C7TeCZSsir20x8fKRg4qs6r8vHTcWnkC6A08SNlT5kjyJl8vt
-qQTEsemnyBFis8ZFUfYdmNYqZXuWSb7ZBfNkR7qMVna8A87NyEmTtlTBkZYSTOaB
-NRuOli+/6akXg/OW/GfVUD11D413CtZsWNzKaxj1WH88mjBYwQx2pGRzMWHfWBka
-f6ZUnA9hhqxO4CHqQWmKPHftbGscwx5yg/J6J7TfG+rYd5ZVVhrr2un2xpOTctjO
-lriDCQa4FOwP9/x1OJRXEsSl5YFqBppX5A==
------END CERTIFICATE-----`
-
-const caKeyPEM = `-----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA0BobDKthxG5SuMfAp2heyDQN/IL9NTEnFJUUl/CkLEQTSQT6
-8M9US7TCxi+FOizIoev2k4Nkovgk7uM0q94aygbhcHyTTL64uphHwcClu99ZQ6DI
-wzDH2gREsLWfj+KXw4bPsne+5tGxv2+0jG2at5orp/nOQWYD1C1HB6ZQqvP3PypD
-jou7Uh+Y00bOfXkbYWr8GkX4XAL6UtC0jUnsBEZXCuwO1BlIIoKNokhOV7Jcb3l/
-jurjzVWfem+tqwYb/Tkj6MI1YBqt6Yy2EsGsoAv1E5/IGcjSQnLEqDWhpY0s2fA4
-o+bAMzyakDFKJoQbF982QhS2fT+d87vQlnMi1QIDAQABAoIBACDBuzhHUeBlrUfA
-yaaQWzsQVpNE2y6gShKHVPKFwpHlNVPtIML/H7m6/l3L5SC/I+W5Cts1d4XfoZCo
-2wWitHzQkHPwaA9Qhit5BPKOrIfiJF7s1C1FZHAA8/8M180CUflJIzBogPg8Ucpc
-fwMLzarQ7cZHIBxTPo8LgX7GwzPlYn/kSlys8w5+gfXCbPIqWHdHgJPIm52ePLZt
-0XfTF3Q+HSKzKHpdP/9kJJ3eknM/uEgyOKVPHdkq6U4HeJQq9lmp85X58cyHZOYT
-qeLIqgq63x+K3Rgc2EUEOHEbdoEU9aP2fsk9M4AOHf7CpPg7htwN/5m0l4dYpIb+
-tcxH+BECgYEA5u9Mtt67y37IIzwQxh80vVZ47LnZMmxKA3AOJOj3Q/fkt36TM+rM
-vRFKf6dR6Yolt7JtB6bGrLyGFFbmVDtfDjt9uvseKtG4PUrwjr+ayxICsPPidPlU
-hUYh2uu4+m/DK8BGV+PR6/5kwQ2cDF5pdFHECX4VY0uvBnsif1IcBDsCgYEA5rBh
-HeKNiUzmfIhP345tZaVM/SFDmAWDs5GZXpCnpMoI2QBg6nU3o6ssPflLjcDjnBrK
-VpDlGsTBldX+HhXuEFJzUFASbXXWPqdUyMPzcTQuJWRH+s7Pz94gu/FliNJwmYu2
-tsS/PuId4O7dA/Bkhp94sH7OW4iD451xyn4RVC8CgYBtlLu4QrSl+UEKxyPGf2RN
-O80ht4aC0LPGMdPkW8+JJwYWtC8xgYcpaB0Lud+6i90d78Kg0NiRetu8pwegjJOs
-czpUEXjdJKriGr9PXUgceC1ivjeE/hLHMuI5uYULASGBjzlR1z7zVsGEgeq8S8iK
-c4osXvHTLkSdNKzH8bRtpQKBgQDkOZlLHKjULi1VBPKohFr8lcYOJAugacw7Kg+m
-u8vvPyXzsekv69mo5Z72jR1PV4aXGPYXIHBYxFGU8Eng7+c/ZKLK0Pz6J/tWrus1
-WI8O7wW8XnLL0jFMQED4T0EZVMCrV8rjFNDz4HaY4xfrXrfFbB3V1w5HBk8dL9W0
-9HYmZwKBgQCN6xAb82gwFM0H1w4iu6MnA2LyLc/19xn8khgNynW3cUznvyKGQuQo
-ZEU0fw9VRRyQVwUwjAaLbIuME4cKhGjcJUvGPLftNamTlFS/TvtE1fwauGBXYc5o
-wWh1aVElz5xMF+SnGUCW7t02dvhK0i29mOfx/eG5jkSm33NvVBq/IA==
------END RSA PRIVATE KEY-----`
-
-var (
- caBlock, _ = pem.Decode([]byte(caCertPEM))
- caCrt, _ = x509.ParseCertificate(caBlock.Bytes)
-
- caKeyBlock, _ = pem.Decode([]byte(caKeyPEM))
- caKey, _ = x509.ParsePKCS1PrivateKey(caKeyBlock.Bytes)
-)
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/fake/connector.go b/vendor/github.com/Venafi/vcert/pkg/venafi/fake/connector.go
deleted file mode 100644
index 966caa68..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/fake/connector.go
+++ /dev/null
@@ -1,243 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package fake
-
-import (
- "crypto/rand"
- "crypto/x509"
- "encoding/base64"
- "encoding/json"
- "encoding/pem"
- "fmt"
- "github.com/Venafi/vcert/pkg/certificate"
- "github.com/Venafi/vcert/pkg/endpoint"
- "math/big"
- "strings"
- "time"
-)
-
-type Connector struct {
- verbose bool
-}
-
-func NewConnector(verbose bool, trust *x509.CertPool) *Connector {
- c := Connector{verbose: verbose}
- return &c
-}
-
-func (c *Connector) GetType() endpoint.ConnectorType {
- return endpoint.ConnectorTypeFake
-}
-
-func (c *Connector) SetZone(z string) {
- return
-}
-
-func (c *Connector) Ping() (err error) {
- return
-}
-
-func (c *Connector) Register(email string) (err error) {
- return
-}
-
-func (c *Connector) Authenticate(auth *endpoint.Authentication) (err error) {
- return
-}
-
-type fakeRequestID struct {
- Req *certificate.Request
- CSR string
-}
-
-func validateRequest(req *certificate.Request) error {
- if strings.HasSuffix(req.Subject.CommonName, "venafi.com") {
- return fmt.Errorf("%s certificate cannot be requested", req.Subject.CommonName)
- }
- return nil
-}
-
-func (c *Connector) RequestCertificate(req *certificate.Request, zone string) (requestID string, err error) {
-
- err = validateRequest(req)
- if err != nil {
- return "", fmt.Errorf("certificate request validation fail: %s", err)
- }
-
- var fakeRequest = fakeRequestID{}
-
- switch req.CsrOrigin {
- case certificate.LocalGeneratedCSR, certificate.UserProvidedCSR:
- // should return CSR as requestID payload
- fakeRequest.CSR = base64.StdEncoding.EncodeToString(req.CSR)
-
- case certificate.ServiceGeneratedCSR:
- // should return certificate.Request as requestID payload
- fakeRequest.Req = req
-
- default:
- return "", fmt.Errorf("Unexpected option in PrivateKeyOrigin")
- }
-
- js, err := json.Marshal(fakeRequest)
- if err != nil {
- return "", fmt.Errorf("failed to json.Marshal(certificate.Request: %v)", req)
- }
- pickupID := base64.StdEncoding.EncodeToString(js)
- req.PickupID = pickupID
- return pickupID, nil
-}
-
-func issueCertificate(csr *x509.CertificateRequest) ([]byte, error) {
- limit := new(big.Int).Lsh(big.NewInt(1), 128)
- serial, _ := rand.Int(rand.Reader, limit)
-
- if "disabled" == "CSR pre-precessing for HTTPS" {
- csr.DNSNames = append(csr.DNSNames, csr.Subject.CommonName)
-
- nameSet := map[string]bool{}
- for _, name := range csr.DNSNames {
- nameSet[name] = true
- }
- uniqNames := []string{}
- for name, _ := range nameSet {
- uniqNames = append(uniqNames, name)
- }
- csr.DNSNames = uniqNames
- }
-
- certRequest := x509.Certificate{
- SerialNumber: serial,
- }
- certRequest.Subject = csr.Subject
- certRequest.DNSNames = csr.DNSNames
- certRequest.EmailAddresses = csr.EmailAddresses
- certRequest.IPAddresses = csr.IPAddresses
- certRequest.SignatureAlgorithm = x509.SHA512WithRSA
- certRequest.PublicKeyAlgorithm = csr.PublicKeyAlgorithm
- certRequest.ExtKeyUsage = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
- certRequest.NotBefore = time.Now().Add(-24 * time.Hour)
- certRequest.NotAfter = certRequest.NotBefore.AddDate(0, 0, 90)
- certRequest.IsCA = false
- certRequest.BasicConstraintsValid = true
- // ku := x509.KeyUsageKeyEncipherment|x509.KeyUsageDigitalSignature|x509.KeyUsageCertSign
-
- derBytes, err := x509.CreateCertificate(rand.Reader, &certRequest, caCrt, csr.PublicKey, caKey)
- if err != nil {
- return nil, err
- }
-
- res := pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
- return res, nil
-}
-
-func (c *Connector) RetrieveCertificate(req *certificate.Request) (pcc *certificate.PEMCollection, err error) {
-
- bytes, err := base64.StdEncoding.DecodeString(req.PickupID)
- if err != nil {
- return nil, fmt.Errorf("Test-mode: could not parse requestID as base64 encoded fakeRequestID structure")
- }
-
- var fakeRequest = &fakeRequestID{}
- err = json.Unmarshal(bytes, fakeRequest)
- if err != nil {
- return nil, fmt.Errorf("failed to json.Unmarshal(fakeRequestId): %s\n", err)
- }
-
- var csrPEMbytes []byte
- var pk interface{}
-
- if fakeRequest.CSR != "" {
- csrPEMbytes, err = base64.StdEncoding.DecodeString(fakeRequest.CSR)
-
- } else {
- req := fakeRequest.Req
-
- switch req.KeyType {
- case certificate.KeyTypeECDSA:
- req.PrivateKey, err = certificate.GenerateECDSAPrivateKey(req.KeyCurve)
- case certificate.KeyTypeRSA:
- req.PrivateKey, err = certificate.GenerateRSAPrivateKey(req.KeyLength)
- default:
- return nil, fmt.Errorf("Unable to generate certificate request, key type %s is not supported", req.KeyType.String())
- }
- if err != nil {
- return
- }
-
- req.DNSNames = append(req.DNSNames, "fake-service-generated."+req.Subject.CommonName)
-
- err = certificate.GenerateRequest(req, req.PrivateKey)
- if err != nil {
- return
- }
- csrPEMbytes = pem.EncodeToMemory(certificate.GetCertificateRequestPEMBlock(req.CSR))
- pk = req.PrivateKey
- }
-
- var (
- csrBlock *pem.Block
- csr *x509.CertificateRequest
- )
- csrBlock, _ = pem.Decode([]byte(csrPEMbytes))
- if csrBlock == nil || csrBlock.Type != "CERTIFICATE REQUEST" {
- return nil, fmt.Errorf("Test-mode: could not parse requestID as base64 encoded certificate request block")
- }
-
- csr, err = x509.ParseCertificateRequest(csrBlock.Bytes)
- if err != nil {
- return nil, err
- }
-
- cert_pem, err := issueCertificate(csr)
- if err != nil {
- return nil, err
- }
-
- var certBytes []byte
- switch req.ChainOption {
- case certificate.ChainOptionRootFirst:
- certBytes = append([]byte(caCertPEM+"\n"), cert_pem...)
- default:
- certBytes = append(cert_pem, []byte(caCertPEM)...)
- }
- pcc, err = certificate.PEMCollectionFromBytes(certBytes, req.ChainOption)
-
- // no key password -- no key
- if pk != nil && req.KeyPassword != "" {
- pcc.AddPrivateKey(pk, []byte(req.KeyPassword))
- }
- return
-}
-
-// RevokeCertificate attempts to revoke the certificate
-func (c *Connector) RevokeCertificate(revReq *certificate.RevocationRequest) (err error) {
- return fmt.Errorf("revocation is not supported in -test-mode")
-}
-
-func (c *Connector) ReadZoneConfiguration(zone string) (config *endpoint.ZoneConfiguration, err error) {
- return endpoint.NewZoneConfiguration(), nil
-}
-
-// RenewCertificate attempts to renew the certificate
-func (c *Connector) RenewCertificate(revReq *certificate.RenewalRequest) (requestID string, err error) {
- return "", fmt.Errorf("renew is not supported in -test-mode")
-}
-
-func (c *Connector) ImportCertificate(req *certificate.ImportRequest) (*certificate.ImportResponse, error) {
- return nil, fmt.Errorf("import is not supported in -test-mode")
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/fake/fake.go b/vendor/github.com/Venafi/vcert/pkg/venafi/fake/fake.go
deleted file mode 100644
index cd80a96f..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/fake/fake.go
+++ /dev/null
@@ -1,68 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package fake
-
-import (
- "encoding/pem"
- "fmt"
- "github.com/Venafi/vcert/pkg/certificate"
- "github.com/Venafi/vcert/pkg/endpoint"
-)
-
-func (c *Connector) SetBaseURL(url string) error {
- return nil
-}
-
-//GenerateRequest creates a new certificate request, based on the zone/policy configuration and the user data
-func (c *Connector) GenerateRequest(config *endpoint.ZoneConfiguration, req *certificate.Request) (err error) {
-
- switch req.CsrOrigin {
- case certificate.LocalGeneratedCSR:
- switch req.KeyType {
- case certificate.KeyTypeECDSA:
- req.PrivateKey, err = certificate.GenerateECDSAPrivateKey(req.KeyCurve)
- case certificate.KeyTypeRSA:
- if req.KeyLength == 0 {
- req.KeyLength = 2048
- }
- req.PrivateKey, err = certificate.GenerateRSAPrivateKey(req.KeyLength)
- default:
- return fmt.Errorf("Unable to generate certificate request, key type %s is not supported", req.KeyType.String())
- }
- if err != nil {
- return err
- }
- err = certificate.GenerateRequest(req, req.PrivateKey)
- if err != nil {
- return err
- }
- req.CSR = pem.EncodeToMemory(certificate.GetCertificateRequestPEMBlock(req.CSR))
-
- case certificate.UserProvidedCSR:
- if req.CSR == nil {
- return fmt.Errorf("CSR was supposed to be provided by user, but it's empty")
- }
-
- case certificate.ServiceGeneratedCSR:
- req.CSR = nil
-
- default:
- return fmt.Errorf("Unexpected option in PrivateKeyOrigin")
- }
-
- return nil
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/connector.go b/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/connector.go
deleted file mode 100644
index efa99177..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/connector.go
+++ /dev/null
@@ -1,551 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package tpp
-
-import (
- "bytes"
- "crypto/x509"
- "encoding/json"
- "fmt"
- "github.com/Venafi/vcert/pkg/certificate"
- "github.com/Venafi/vcert/pkg/endpoint"
- "io/ioutil"
- "log"
- "net/http"
- "strconv"
- "strings"
- "time"
-)
-
-// Connector contains the base data needed to communicate with a TPP Server
-type Connector struct {
- baseURL string
- apiKey string
- verbose bool
- trust *x509.CertPool
- zone string
-}
-
-// NewConnector creates a new TPP Connector object used to communicate with TPP
-func NewConnector(verbose bool, trust *x509.CertPool) *Connector {
- c := Connector{trust: trust, verbose: verbose}
- return &c
-}
-
-func (c *Connector) SetZone(z string) {
- c.zone = z
-}
-
-func (c *Connector) GetType() endpoint.ConnectorType {
- return endpoint.ConnectorTypeTPP
-}
-
-//Ping attempts to connect to the TPP Server WebSDK API and returns an errror if it cannot
-func (c *Connector) Ping() (err error) {
- url, err := c.getURL("")
- if err != nil {
- return err
- }
- req, _ := http.NewRequest("GET", url, nil)
- req.Header.Add("content-type", "application/json")
- req.Header.Add("cache-control", "no-cache")
-
- res, err := c.getHTTPClient().Do(req)
- if err != nil {
- return err
- } else if res.StatusCode != http.StatusOK {
- defer res.Body.Close()
- body, _ := ioutil.ReadAll(res.Body)
- err = fmt.Errorf("%s", string(body))
- }
- return err
-}
-
-//Register does nothing for TPP
-func (c *Connector) Register(email string) (err error) {
- return nil
-}
-
-// Authenticate authenticates the user to the TPP
-func (c *Connector) Authenticate(auth *endpoint.Authentication) (err error) {
- if auth == nil {
- return fmt.Errorf("failed to authenticate: missing credentials")
- }
- url, err := c.getURL(urlResourceAuthorize)
- if err != nil {
- return err
- }
-
- b, _ := json.Marshal(authorizeResquest{Username: auth.User, Password: auth.Password})
- payload := bytes.NewReader(b)
- req, _ := http.NewRequest("POST", url, payload)
- req.Header.Add("content-type", "application/json")
- req.Header.Add("cache-control", "no-cache")
-
- res, err := c.getHTTPClient().Do(req)
- if err == nil {
- defer res.Body.Close()
- body, _ := ioutil.ReadAll(res.Body)
-
- key, err := parseAuthorizeResult(res.StatusCode, res.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", urlResourceAuthorize, strings.Replace(fmt.Sprintf("%s", b), auth.Password, "********", -1))
- }
- return err
- }
- c.apiKey = key
- return nil
- }
- return err
-}
-
-func wrapAltNames(req *certificate.Request) (items []sanItem) {
- for _, name := range req.EmailAddresses {
- items = append(items, sanItem{1, name})
- }
- for _, name := range req.DNSNames {
- items = append(items, sanItem{2, name})
- }
- for _, name := range req.IPAddresses {
- items = append(items, sanItem{7, name.String()})
- }
- return items
-}
-
-func wrapKeyType(kt certificate.KeyType) string {
- switch kt {
- case certificate.KeyTypeRSA:
- return "RSA"
- case certificate.KeyTypeECDSA:
- return "ECC"
- default:
- return kt.String()
- }
-}
-
-func prepareRequest(req *certificate.Request, zone string) (tppReq certificateRequest, err error) {
- switch req.CsrOrigin {
- case certificate.LocalGeneratedCSR, certificate.UserProvidedCSR:
- tppReq = certificateRequest{
- PolicyDN: getPolicyDN(zone),
- PKCS10: string(req.CSR),
- ObjectName: req.FriendlyName,
- DisableAutomaticRenewal: true}
-
- case certificate.ServiceGeneratedCSR:
- tppReq = certificateRequest{
- PolicyDN: getPolicyDN(zone),
- ObjectName: req.FriendlyName,
- Subject: req.Subject.CommonName, // TODO: there is some problem because Subject is not only CN
- SubjectAltNames: wrapAltNames(req),
- DisableAutomaticRenewal: true}
-
- default:
- return tppReq, fmt.Errorf("Unexpected option in PrivateKeyOrigin")
- }
-
- switch req.KeyType {
- case certificate.KeyTypeRSA:
- tppReq.KeyAlgorithm = "RSA"
- tppReq.KeyBitSize = req.KeyLength
- case certificate.KeyTypeECDSA:
- tppReq.KeyAlgorithm = "ECC"
- tppReq.EllipticCurve = req.KeyCurve.String()
- }
-
- return tppReq, err
-}
-
-// RequestCertificate submits the CSR to TPP returning the DN of the requested Certificate
-func (c *Connector) RequestCertificate(req *certificate.Request, zone string) (requestID string, err error) {
-
- if zone == "" {
- zone = c.zone
- }
-
- tppCertificateRequest, err := prepareRequest(req, zone)
- if err != nil {
- return "", err
- }
-
- b, _ := json.Marshal(tppCertificateRequest)
-
- url, err := c.getURL(urlResourceCertificateRequest)
- if err != nil {
- return "", err
- }
- payload := bytes.NewReader(b)
- request, _ := http.NewRequest("POST", url, payload)
- request.Header.Add("x-venafi-api-key", c.apiKey)
- request.Header.Add("content-type", "application/json")
- request.Header.Add("cache-control", "no-cache")
-
- res, err := c.getHTTPClient().Do(request)
-
- if err != nil {
- return "", err
- }
-
- defer res.Body.Close()
- body, _ := ioutil.ReadAll(res.Body)
- requestID, err = parseRequestResult(res.StatusCode, res.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", urlResourceCertificateRequest, b)
- }
- return "", fmt.Errorf("%s: %s", err, string(body))
- }
- req.PickupID = requestID
- return requestID, nil
-}
-
-// RetrieveCertificate attempts to retrieve the requested certificate
-func (c *Connector) RetrieveCertificate(req *certificate.Request) (certificates *certificate.PEMCollection, err error) {
-
- includeChain := req.ChainOption != certificate.ChainOptionIgnore
- rootFirstOrder := includeChain && req.ChainOption == certificate.ChainOptionRootFirst
-
- if req.PickupID == "" && req.Thumbprint != "" {
- // search cert by Thumbprint and fill pickupID
- searchResult, err := c.searchCertificatesByFingerprint(req.Thumbprint)
- if err != nil {
- return nil, fmt.Errorf("Failed to create renewal request: %s", err)
- }
- if len(searchResult.Certificates) == 0 {
- return nil, fmt.Errorf("No certifiate found using fingerprint %s", req.Thumbprint)
- }
- if len(searchResult.Certificates) > 1 {
- return nil, fmt.Errorf("Error: more than one CertificateRequestId was found with the same thumbprint")
- }
- req.PickupID = searchResult.Certificates[0].CertificateRequestId
- }
-
- certReq := certificateRetrieveRequest{
- CertificateDN: req.PickupID,
- Format: "base64",
- RootFirstOrder: rootFirstOrder,
- IncludeChain: includeChain,
- }
- if req.CsrOrigin == certificate.ServiceGeneratedCSR || req.FetchPrivateKey {
- certReq.IncludePrivateKey = true
- certReq.Password = req.KeyPassword
- }
-
- startTime := time.Now()
- for {
- retrieveResponse, err := c.retrieveCertificateOnce(certReq)
- if err != nil {
- return nil, fmt.Errorf("unable to retrieve: %s", err)
- }
- if retrieveResponse.CertificateData != "" {
- return newPEMCollectionFromResponse(retrieveResponse.CertificateData, req.ChainOption)
- }
- if req.Timeout == 0 {
- return nil, endpoint.ErrCertificatePending{CertificateID: req.PickupID, Status: retrieveResponse.Status}
- }
- if time.Now().After(startTime.Add(req.Timeout)) {
- return nil, endpoint.ErrRetrieveCertificateTimeout{CertificateID: req.PickupID}
- }
- time.Sleep(2 * time.Second)
- }
-}
-
-func (c *Connector) retrieveCertificateOnce(certReq certificateRetrieveRequest) (*certificateRetrieveResponse, error) {
- url, err := c.getURL(urlResourceCertificateRetrieve)
- if err != nil {
- return nil, err
- }
-
- b, _ := json.Marshal(certReq)
-
- payload := bytes.NewReader(b)
- r, _ := http.NewRequest("POST", url, payload)
- r.Header.Add("x-venafi-api-key", c.apiKey)
- r.Header.Add("content-type", "application/json")
- r.Header.Add("cache-control", "no-cache")
-
- res, err := c.getHTTPClient().Do(r)
-
- if err != nil {
- return nil, err
- }
-
- defer res.Body.Close()
- body, _ := ioutil.ReadAll(res.Body)
- retrieveResponse, err := parseRetrieveResult(res.StatusCode, res.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", urlResourceCertificateRetrieve, b)
- }
- return nil, err
- }
- return &retrieveResponse, nil
-}
-
-// RenewCertificate attempts to renew the certificate
-func (c *Connector) RenewCertificate(renewReq *certificate.RenewalRequest) (requestID string, err error) {
-
- if renewReq.Thumbprint != "" && renewReq.CertificateDN == "" {
- // search by Thumbprint and fill *renewReq.CertificateDN
- searchResult, err := c.searchCertificatesByFingerprint(renewReq.Thumbprint)
- if err != nil {
- return "", fmt.Errorf("Failed to create renewal request: %s", err)
- }
- if len(searchResult.Certificates) == 0 {
- return "", fmt.Errorf("No certifiate found using fingerprint %s", renewReq.Thumbprint)
- }
- if len(searchResult.Certificates) > 1 {
- return "", fmt.Errorf("Error: more than one CertificateRequestId was found with the same thumbprint")
- }
-
- renewReq.CertificateDN = searchResult.Certificates[0].CertificateRequestId
- }
- if renewReq.CertificateDN == "" {
- return "", fmt.Errorf("failed to create renewal request: CertificateDN or Thumbprint required")
- }
-
- url, err := c.getURL(urlResourceCertificateRenew)
- if err != nil {
- return "", err
- }
-
- var r = certificateRenewRequest{}
- r.CertificateDN = renewReq.CertificateDN
- if renewReq.CertificateRequest != nil && len(renewReq.CertificateRequest.CSR) > 0 {
- r.PKCS10 = string(renewReq.CertificateRequest.CSR)
- }
-
- b, _ := json.Marshal(r)
- payload := bytes.NewReader(b)
- req, _ := http.NewRequest("POST", url, payload)
- req.Header.Add("x-venafi-api-key", c.apiKey)
- req.Header.Add("content-type", "application/json")
- req.Header.Add("cache-control", "no-cache")
-
- res, err := c.getHTTPClient().Do(req)
-
- if err != nil {
- return "", err
- }
-
- defer res.Body.Close()
- body, _ := ioutil.ReadAll(res.Body)
- response, err := parseRenewResult(res.StatusCode, res.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", url, b)
- log.Printf("Response: %s", string(body))
- }
- return "", err
- }
- if !response.Success {
- return "", fmt.Errorf("Certificate Renewal error: %s", response.Error)
- }
- return renewReq.CertificateDN, nil
-}
-
-// RevokeCertificate attempts to revoke the certificate
-func (c *Connector) RevokeCertificate(revReq *certificate.RevocationRequest) (err error) {
- url, err := c.getURL(urlResourceCertificateRevoke)
- if err != nil {
- return err
- }
-
- reason, ok := RevocationReasonsMap[revReq.Reason]
- if !ok {
- return fmt.Errorf("could not parse revocation reason `%s`", revReq.Reason)
- }
-
- var r = certificateRevokeRequest{
- revReq.CertificateDN,
- revReq.Thumbprint,
- reason,
- revReq.Comments,
- revReq.Disable,
- }
-
- b, _ := json.Marshal(r)
- payload := bytes.NewReader(b)
- req, _ := http.NewRequest("POST", url, payload)
- req.Header.Add("x-venafi-api-key", c.apiKey)
- req.Header.Add("content-type", "application/json")
- req.Header.Add("cache-control", "no-cache")
-
- res, err := c.getHTTPClient().Do(req)
-
- if err != nil {
- return err
- }
-
- defer res.Body.Close()
- body, _ := ioutil.ReadAll(res.Body)
- revokeResponse, err := parseRevokeResult(res.StatusCode, res.Status, body)
- if err != nil {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", urlResourceCertificateRevoke, b)
- }
- return err
- }
- if !revokeResponse.Success {
- return fmt.Errorf("Revocation error: %s", revokeResponse.Error)
- }
- return
-}
-
-//ReadZoneConfiguration reads the policy data from TPP to get locked and pre-configured values for certificate requests
-func (c *Connector) ReadZoneConfiguration(zone string) (config *endpoint.ZoneConfiguration, err error) {
- zoneConfig := endpoint.NewZoneConfiguration()
- zoneConfig.HashAlgorithm = x509.SHA256WithRSA
- policyDN := getPolicyDN(zone)
- keyType := certificate.KeyTypeRSA
-
- url, err := c.getURL(urlResourceFindPolicy)
- if err != nil {
- return nil, err
- }
- attributes := []string{tppAttributeOrg, tppAttributeOrgUnit, tppAttributeCountry, tppAttributeState, tppAttributeLocality, tppAttributeKeyAlgorithm, tppAttributeKeySize, tppAttributeEllipticCurve, tppAttributeRequestHash, tppAttributeManagementType, tppAttributeManualCSR}
- for _, attrib := range attributes {
- b, _ := json.Marshal(policyRequest{ObjectDN: policyDN, Class: "X509 Certificate", AttributeName: attrib})
- payload := bytes.NewReader(b)
- req, _ := http.NewRequest("POST", url, payload)
- req.Header.Add("x-venafi-api-key", c.apiKey)
- req.Header.Add("content-type", "application/json")
- req.Header.Add("cache-control", "no-cache")
-
- res, err := c.getHTTPClient().Do(req)
-
- if err == nil {
- defer res.Body.Close()
- body, _ := ioutil.ReadAll(res.Body)
-
- tppData, err := parseConfigResult(res.StatusCode, res.Status, body)
- if tppData.Error == "" && (err != nil || tppData.Values == nil || len(tppData.Values) == 0) {
- continue
- } else if tppData.Error != "" && tppData.Result == 400 { //object does not exist
- return nil, fmt.Errorf(tppData.Error)
- }
-
- switch attrib {
- case tppAttributeOrg:
- zoneConfig.Organization = tppData.Values[0]
- zoneConfig.OrganizationLocked = tppData.Locked
- case tppAttributeOrgUnit:
- zoneConfig.OrganizationalUnit = tppData.Values
- case tppAttributeCountry:
- zoneConfig.Country = tppData.Values[0]
- zoneConfig.CountryLocked = tppData.Locked
- case tppAttributeState:
- zoneConfig.Province = tppData.Values[0]
- zoneConfig.ProvinceLocked = tppData.Locked
- case tppAttributeLocality:
- zoneConfig.Locality = tppData.Values[0]
- zoneConfig.LocalityLocked = tppData.Locked
- case tppAttributeKeyAlgorithm:
- err = keyType.Set(tppData.Values[0])
- if err == nil {
- zoneConfig.AllowedKeyConfigurations = []endpoint.AllowedKeyConfiguration{endpoint.AllowedKeyConfiguration{KeyType: keyType}}
- }
- case tppAttributeKeySize:
- temp, err := strconv.Atoi(tppData.Values[0])
- if err == nil {
- zoneConfig.AllowedKeyConfigurations = []endpoint.AllowedKeyConfiguration{endpoint.AllowedKeyConfiguration{KeyType: keyType, KeySizes: []int{temp}}}
- zoneConfig.KeySizeLocked = tppData.Locked
- }
- case tppAttributeEllipticCurve:
- curve := certificate.EllipticCurveP256
- err = curve.Set(tppData.Values[0])
- if err == nil {
- zoneConfig.AllowedKeyConfigurations = []endpoint.AllowedKeyConfiguration{endpoint.AllowedKeyConfiguration{KeyType: certificate.KeyTypeECDSA, KeyCurves: []certificate.EllipticCurve{curve}}}
- zoneConfig.KeySizeLocked = tppData.Locked
- }
- case tppAttributeRequestHash:
- alg, err := strconv.Atoi(tppData.Values[0])
- if err == nil {
- switch alg {
- case pkcs10HashAlgorithmSha1:
- zoneConfig.HashAlgorithm = x509.SHA1WithRSA
- case pkcs10HashAlgorithmSha384:
- zoneConfig.HashAlgorithm = x509.SHA384WithRSA
- case pkcs10HashAlgorithmSha512:
- zoneConfig.HashAlgorithm = x509.SHA512WithRSA
- default:
- zoneConfig.HashAlgorithm = x509.SHA256WithRSA
- }
- }
- case tppAttributeManagementType, tppAttributeManualCSR:
- if tppData.Locked {
- zoneConfig.CustomAttributeValues[attrib] = tppData.Values[0]
- }
- }
- } else {
- if c.verbose {
- log.Printf("JSON sent for %s\n%s", urlResourceFindPolicy, b)
- }
- return nil, err
- }
- }
-
- return zoneConfig, nil
-}
-
-func (c *Connector) ImportCertificate(r *certificate.ImportRequest) (*certificate.ImportResponse, error) {
- url, err := c.getURL(urlResourceCertificateImport)
- if err != nil {
- return nil, err
- }
-
- if r.PolicyDN == "" {
- r.PolicyDN = getPolicyDN(c.zone)
- }
-
- b, _ := json.Marshal(r)
- payload := bytes.NewReader(b)
- req, _ := http.NewRequest("POST", url, payload)
- req.Header.Add("x-venafi-api-key", c.apiKey)
- req.Header.Add("content-type", "application/json")
- req.Header.Add("cache-control", "no-cache")
-
- res, err := c.getHTTPClient().Do(req)
- if err != nil {
- return nil, err
- }
-
- defer res.Body.Close()
- body, _ := ioutil.ReadAll(res.Body)
-
- switch res.StatusCode {
- case http.StatusOK:
-
- var response = &certificate.ImportResponse{}
- err := json.Unmarshal(body, response)
- if err != nil {
- return nil, fmt.Errorf("failed to decode import response message: %s", err)
- }
- return response, nil
-
- case http.StatusBadRequest:
- var errorResponse = &struct{ Error string }{}
- err := json.Unmarshal(body, errorResponse)
- if err != nil {
- return nil, fmt.Errorf("failed to decode error message: %s", err)
- }
- return nil, fmt.Errorf("%s", errorResponse.Error)
- default:
- return nil, fmt.Errorf("unexpected response status %d: %s", res.StatusCode, string(b))
- }
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/error.go b/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/error.go
deleted file mode 100644
index 2f4955d5..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/error.go
+++ /dev/null
@@ -1,42 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package tpp
-
-import (
- "encoding/json"
- "fmt"
-)
-
-type responseError struct {
- ErrorDetails string `json:"ErrorDetails,omitempty"`
-}
-
-func NewResponseError(b []byte) error {
- if len(b) == 0 {
- return fmt.Errorf("failed to parser empty error message")
- }
- var data = &responseError{}
- err := json.Unmarshal(b, data)
- if err != nil {
- return fmt.Errorf("failed to parser server error: %s", err)
- }
- return data
-}
-
-func (e *responseError) Error() string {
- return e.ErrorDetails
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/search.go b/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/search.go
deleted file mode 100644
index e9e4b13f..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/search.go
+++ /dev/null
@@ -1,105 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package tpp
-
-import (
- "encoding/json"
- "fmt"
- "io/ioutil"
- "net/http"
- "strings"
-)
-
-type SearchRequest []string
-
-type CertificateSearchResponse struct {
- Certificates []Certificate `json:"Certificates"`
- Count int `json:"TotalCount"`
-}
-
-type Certificate struct {
- //Id string `json:"DN"`
- //ManagedCertificateId string `json:"DN"`
- CertificateRequestId string `json:"DN"`
- /*...and some more fields... */
-}
-
-func (c *Connector) searchCertificatesByFingerprint(fp string) (*CertificateSearchResponse, error) {
- fp = strings.Replace(fp, ":", "", -1)
- fp = strings.Replace(fp, ".", "", -1)
- fp = strings.ToUpper(fp)
-
- var req SearchRequest
- req = append(req, fmt.Sprintf("Thumbprint=%s", fp))
-
- return c.searchCertificates(&req)
-}
-
-func (c *Connector) searchCertificates(req *SearchRequest) (*CertificateSearchResponse, error) {
-
- var err error
-
- url, _ := c.getURL(urlResourceCertificateSearch)
-
- url = fmt.Sprintf("%s?%s", url, strings.Join(*req, "&"))
-
- request, err := http.NewRequest("GET", url, nil)
- if err != nil {
- return nil, err
- }
- request.Header.Add("x-venafi-api-key", c.apiKey)
- request.Header.Add("cache-control", "no-cache")
- request.Header.Add("accept", "application/json")
-
- resp, err := http.DefaultClient.Do(request)
- if err != nil {
- return nil, err
- }
- defer resp.Body.Close()
- body, err := ioutil.ReadAll(resp.Body)
- if err != nil {
- return nil, err
- }
- if c.verbose {
- fmt.Printf("REQ: %s\n", url)
- fmt.Printf("RES: %s\n", body)
- }
-
- searchResult, err := ParseCertificateSearchResponse(resp.StatusCode, body)
- if err != nil {
- return nil, err
- }
- return searchResult, nil
-}
-
-func ParseCertificateSearchResponse(httpStatusCode int, body []byte) (searchResult *CertificateSearchResponse, err error) {
- switch httpStatusCode {
- case http.StatusOK:
- var searchResult = &CertificateSearchResponse{}
- err = json.Unmarshal(body, searchResult)
- if err != nil {
- return nil, fmt.Errorf("Failed to parse search results: %s, body: %s", err, body)
- }
- return searchResult, nil
- default:
- if body != nil {
- return nil, NewResponseError(body)
- } else {
- return nil, fmt.Errorf("Unexpected status code on certificate search. Status: %d", httpStatusCode)
- }
- }
-}
diff --git a/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/tpp.go b/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/tpp.go
deleted file mode 100644
index 07e774e0..00000000
--- a/vendor/github.com/Venafi/vcert/pkg/venafi/tpp/tpp.go
+++ /dev/null
@@ -1,456 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package tpp
-
-import (
- "crypto/tls"
- "crypto/x509"
- "encoding/base64"
- "encoding/json"
- "encoding/pem"
- "fmt"
- "github.com/Venafi/vcert/pkg/certificate"
- "github.com/Venafi/vcert/pkg/endpoint"
- "net/http"
- "regexp"
- "strings"
-)
-
-const defaultKeySize = 2048
-const defaultSignatureAlgorithm = x509.SHA256WithRSA
-
-type certificateRequest struct {
- PolicyDN string `json:",omitempty"`
- CADN string `json:",omitempty"`
- ObjectName string `json:",omitempty"`
- Subject string `json:",omitempty"`
- OrganizationalUnit string `json:",omitempty"`
- Organization string `json:",omitempty"`
- City string `json:",omitempty"`
- State string `json:",omitempty"`
- Country string `json:",omitempty"`
- SubjectAltNames []sanItem `json:",omitempty"`
- Contact string `json:",omitempty"`
- CASpecificAttributes []nameValuePair `json:",omitempty"`
- PKCS10 string `json:",omitempty"`
- KeyAlgorithm string `json:",omitempty"`
- KeyBitSize int `json:",omitempty"`
- EllipticCurve string `json:",omitempty"`
- DisableAutomaticRenewal bool `json:",omitempty"`
-}
-
-type certificateRetrieveRequest struct {
- CertificateDN string `json:",omitempty"`
- Format string `json:",omitempty"`
- Password string `json:",omitempty"`
- IncludePrivateKey bool `json:",omitempty"`
- IncludeChain bool `json:",omitempty"`
- FriendlyName string `json:",omitempty"`
- RootFirstOrder bool `json:",omitempty"`
-}
-
-type certificateRetrieveResponse struct {
- CertificateData string `json:",omitempty"`
- Format string `json:",omitempty"`
- Filename string `json:",omitempty"`
- Status string `json:",omitempty"`
- Stage int `json:",omitempty"`
-}
-
-type RevocationReason int
-
-// this maps *certificate.RevocationRequest.Reason to TPP-specific webSDK codes
-var RevocationReasonsMap = map[string]RevocationReason{
- "": 0, // NoReason
- "none": 0, //
- "key-compromise": 1, // UserKeyCompromised
- "ca-compromise": 2, // CAKeyCompromised
- "affiliation-changed": 3, // UserChangedAffiliation
- "superseded": 4, // CertificateSuperseded
- "cessation-of-operation": 5, // OriginalUseNoLongerValid
-}
-
-type certificateRevokeRequest struct {
- CertificateDN string `json:",omitempty"`
- Thumbprint string `json:",omitempty"`
- Reason RevocationReason `json:",omitempty"`
- Comments string `json:",omitempty"`
- Disable bool `json:",omitempty"`
-}
-
-/* {Requested:true Success:true Error:} -- means requested
- {Requested:false Success:true Error:} -- means already revoked */
-type certificateRevokeResponse struct {
- Requested bool `json:",omitempty"`
- Success bool `json:",omitempty"`
- Error string `json:",omitempty"`
-}
-
-type certificateRenewRequest struct {
- CertificateDN string `json:",omitempty"`
- PKCS10 string `json:",omitempty"`
-}
-
-type certificateRenewResponse struct {
- Success bool `json:",omitempty"`
- Error string `json:",omitempty"`
-}
-
-type sanItem struct {
- Type int `json:",omitempty"`
- Name string `json:",omitempty"`
-}
-
-type nameValuePair struct {
- Name string `json:",omitempty"`
- Value string `json:",omitempty"`
-}
-
-type certificateRequestResponse struct {
- CertificateDN string `json:",omitempty"`
- Error string `json:",omitempty"`
-}
-
-type authorizeResponse struct {
- APIKey string `json:",omitempty"`
- ValidUntil string `json:",omitempty"`
-}
-
-type authorizeResquest struct {
- Username string `json:",omitempty"`
- Password string `json:",omitempty"`
-}
-
-type policyRequest struct {
- ObjectDN string `json:",omitempty"`
- Class string `json:",omitempty"`
- AttributeName string `json:",omitempty"`
-}
-
-type urlResource string
-
-const (
- urlResourceAuthorize urlResource = "authorize/"
- urlResourceCertificateRequest = "certificates/request"
- urlResourceCertificateRetrieve = "certificates/retrieve"
- urlResourceFindPolicy = "config/findpolicy"
- urlResourceCertificateRevoke = "certificates/revoke"
- urlResourceCertificateRenew = "certificates/renew"
- urlResourceCertificateSearch = "certificates/"
- urlResourceCertificateImport = "certificates/import"
-)
-
-const (
- tppAttributeOrg = "Organization"
- tppAttributeOrgUnit = "Organizational Unit"
- tppAttributeCountry = "Country"
- tppAttributeState = "State"
- tppAttributeLocality = "City"
- tppAttributeKeyAlgorithm = "Key Algorithm"
- tppAttributeKeySize = "Key Bit Strength"
- tppAttributeEllipticCurve = "Elliptic Curve"
- tppAttributeRequestHash = "PKCS10 Hash Algorithm"
- tppAttributeManagementType = "Management Type"
- tppAttributeManualCSR = "Manual Csr"
-)
-
-type tppPolicyData struct {
- Error string `json:",omitempty"`
- Result int `json:",omitempty"`
- Values []string `json:",omitempty"`
- Locked bool `json:",omitempty"`
-}
-
-type retrieveChainOption int
-
-const (
- retrieveChainOptionRootLast retrieveChainOption = iota
- retrieveChainOptionRootFirst
- retrieveChainOptionIgnore
-)
-
-const (
- pkcs10HashAlgorithmSha1 = 0
- pkcs10HashAlgorithmSha256 = 1
- pkcs10HashAlgorithmSha384 = 2
- pkcs10HashAlgorithmSha512 = 3
-)
-
-func retrieveChainOptionFromString(order string) retrieveChainOption {
- switch strings.ToLower(order) {
- case "root-first":
- return retrieveChainOptionRootFirst
- case "ignore":
- return retrieveChainOptionIgnore
- default:
- return retrieveChainOptionRootLast
- }
-}
-
-// SetBaseURL sets the base URL used to cummuncate with TPP
-func (c *Connector) SetBaseURL(url string) error {
- modified := strings.ToLower(url)
- reg := regexp.MustCompile("^http(|s)://")
- if reg.FindStringIndex(modified) == nil {
- modified = "https://" + modified
- } else {
- modified = reg.ReplaceAllString(modified, "https://")
- }
- reg = regexp.MustCompile("^https://.+?/")
- if reg.FindStringIndex(modified) == nil {
- modified = modified + "/"
- }
-
- reg = regexp.MustCompile("/vedsdk(|/)$")
- if reg.FindStringIndex(modified) == nil {
- modified += "vedsdk/"
- } else {
- modified = reg.ReplaceAllString(modified, "/vedsdk/")
- }
-
- reg = regexp.MustCompile("^https://[a-z\\d]+[-a-z\\d.]+[a-z\\d][:\\d]*/vedsdk/$")
- if loc := reg.FindStringIndex(modified); loc == nil {
- return fmt.Errorf("The specified TPP URL is invalid. %s\nExpected TPP URL format 'https://tpp.company.com/vedsdk/'", url)
- }
-
- c.baseURL = modified
- return nil
-}
-
-func (c *Connector) getURL(resource urlResource) (string, error) {
- if c.baseURL == "" {
- return "", fmt.Errorf("The Host URL has not been set")
- }
- return fmt.Sprintf("%s%s", c.baseURL, resource), nil
-}
-
-func (c *Connector) getHTTPClient() *http.Client {
- if c.trust != nil {
- tr := &http.Transport{TLSClientConfig: &tls.Config{RootCAs: c.trust}}
- return &http.Client{Transport: tr}
- }
-
- return http.DefaultClient
-}
-
-//GenerateRequest creates a new certificate request, based on the zone/policy configuration and the user data
-func (c *Connector) GenerateRequest(config *endpoint.ZoneConfiguration, req *certificate.Request) (err error) {
- if config == nil {
- config, err = c.ReadZoneConfiguration(c.zone)
- if err != nil {
- return fmt.Errorf("could not read zone configuration: %s", err)
- }
- }
-
- tppMgmtType := config.CustomAttributeValues[tppAttributeManagementType]
- if tppMgmtType == "Monitoring" || tppMgmtType == "Unassigned" {
- return fmt.Errorf("Unable to request certificate from TPP, current TPP configuration would not allow the request to be processed")
- }
-
- config.UpdateCertificateRequest(req)
-
- switch req.CsrOrigin {
- case certificate.LocalGeneratedCSR:
- if config.CustomAttributeValues[tppAttributeManualCSR] == "0" {
- return fmt.Errorf("Unable to request certificate by local generated CSR when zone configuration is 'Manual Csr' = 0")
- }
- switch req.KeyType {
- case certificate.KeyTypeECDSA:
- req.PrivateKey, err = certificate.GenerateECDSAPrivateKey(req.KeyCurve)
- case certificate.KeyTypeRSA:
- req.PrivateKey, err = certificate.GenerateRSAPrivateKey(req.KeyLength)
- default:
- return fmt.Errorf("Unable to generate certificate request, key type %s is not supported", req.KeyType.String())
- }
- if err != nil {
- return err
- }
- err = certificate.GenerateRequest(req, req.PrivateKey)
- if err != nil {
- return err
- }
- req.CSR = pem.EncodeToMemory(certificate.GetCertificateRequestPEMBlock(req.CSR))
-
- case certificate.UserProvidedCSR:
- if config.CustomAttributeValues[tppAttributeManualCSR] == "0" {
- return fmt.Errorf("Unable to request certificate with user provided CSR when zone configuration is 'Manual Csr' = 0")
- }
- if req.CSR == nil || len(req.CSR) == 0 {
- return fmt.Errorf("CSR was supposed to be provided by user, but it's empty")
- }
-
- case certificate.ServiceGeneratedCSR:
- req.CSR = nil
- }
- return nil
-}
-
-func getPolicyDN(zone string) string {
- modified := zone
- reg := regexp.MustCompile("^\\\\VED\\\\Policy")
- if reg.FindStringIndex(modified) == nil {
- reg = regexp.MustCompile("^\\\\")
- if reg.FindStringIndex(modified) == nil {
- modified = "\\" + modified
- }
- modified = "\\VED\\Policy" + modified
- }
- return modified
-}
-
-func parseAuthorizeResult(httpStatusCode int, httpStatus string, body []byte) (string, error) {
- switch httpStatusCode {
- case http.StatusOK:
- auth, err := parseAuthorizeData(body)
- if err != nil {
- return "", err
- }
- return auth.APIKey, nil
- default:
- return "", fmt.Errorf("Unexpected status code on TPP Authorize. Status: %s", httpStatus)
- }
-}
-
-func parseAuthorizeData(b []byte) (authorizeResponse, error) {
- var data authorizeResponse
- err := json.Unmarshal(b, &data)
- if err != nil {
- return data, err
- }
-
- return data, nil
-}
-
-func parseConfigResult(httpStatusCode int, httpStatus string, body []byte) (tppData tppPolicyData, err error) {
- tppData = tppPolicyData{}
- switch httpStatusCode {
- case http.StatusOK:
- tppData, err := parseConfigData(body)
- if err != nil {
- return tppData, err
- }
- return tppData, nil
- default:
- return tppData, fmt.Errorf("Unexpected status code on TPP Config Operation. Status: %s", httpStatus)
- }
-}
-
-func parseConfigData(b []byte) (tppPolicyData, error) {
- var data tppPolicyData
- err := json.Unmarshal(b, &data)
- if err != nil {
- return data, err
- }
-
- return data, nil
-}
-
-func parseRequestResult(httpStatusCode int, httpStatus string, body []byte) (string, error) {
- switch httpStatusCode {
- case http.StatusOK, http.StatusCreated:
- reqData, err := parseRequestData(body)
- if err != nil {
- return "", err
- }
- return reqData.CertificateDN, nil
- default:
- return "", fmt.Errorf("Unexpected status code on TPP Certificate Request. Status: %s. Body: %s", httpStatus, body)
- }
-}
-
-func parseRequestData(b []byte) (certificateRequestResponse, error) {
- var data certificateRequestResponse
- err := json.Unmarshal(b, &data)
- if err != nil {
- return data, err
- }
-
- return data, nil
-}
-
-func parseRetrieveResult(httpStatusCode int, httpStatus string, body []byte) (certificateRetrieveResponse, error) {
- var retrieveResponse certificateRetrieveResponse
- switch httpStatusCode {
- case http.StatusOK, http.StatusAccepted:
- retrieveResponse, err := parseRetrieveData(body)
- if err != nil {
- return retrieveResponse, err
- }
- return retrieveResponse, nil
- default:
- return retrieveResponse, fmt.Errorf("Unexpected status code on TPP Certificate Retrieval. Status: %s", httpStatus)
- }
-}
-
-func parseRetrieveData(b []byte) (certificateRetrieveResponse, error) {
- var data certificateRetrieveResponse
- err := json.Unmarshal(b, &data)
- if err != nil {
- return data, err
- }
- // fmt.Printf("\n\n%s\n\n%+v\n\n", string(b), data)
- return data, nil
-}
-
-func parseRevokeResult(httpStatusCode int, httpStatus string, body []byte) (certificateRevokeResponse, error) {
- var revokeResponse certificateRevokeResponse
- switch httpStatusCode {
- case http.StatusOK, http.StatusAccepted:
- revokeResponse, err := parseRevokeData(body)
- if err != nil {
- return revokeResponse, err
- }
- return revokeResponse, nil
- default:
- return revokeResponse, fmt.Errorf("Unexpected status code on TPP Certificate Revocation. Status: %s", httpStatus)
- }
-}
-
-func parseRevokeData(b []byte) (certificateRevokeResponse, error) {
- var data certificateRevokeResponse
- err := json.Unmarshal(b, &data)
- if err != nil {
- return data, err
- }
- return data, nil
-}
-
-func parseRenewResult(httpStatusCode int, httpStatus string, body []byte) (resp certificateRenewResponse, err error) {
- resp, err = parseRenewData(body)
- if err != nil {
- return resp, fmt.Errorf("failed to parse certificate renewal response. status: %s", httpStatus)
- }
- return resp, nil
-}
-
-func parseRenewData(b []byte) (certificateRenewResponse, error) {
- var data certificateRenewResponse
- err := json.Unmarshal(b, &data)
- return data, err
-}
-
-func newPEMCollectionFromResponse(base64Response string, chainOrder certificate.ChainOption) (*certificate.PEMCollection, error) {
- if base64Response != "" {
- certBytes, err := base64.StdEncoding.DecodeString(base64Response)
- if err != nil {
- return nil, err
- }
-
- return certificate.PEMCollectionFromBytes(certBytes, chainOrder)
- }
- return nil, nil
-}
diff --git a/vendor/github.com/Venafi/vcert/test/context.go b/vendor/github.com/Venafi/vcert/test/context.go
deleted file mode 100644
index a4fc0d67..00000000
--- a/vendor/github.com/Venafi/vcert/test/context.go
+++ /dev/null
@@ -1,66 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package test
-
-import (
- "flag"
- "os"
-)
-
-type Context struct {
- TPPurl string
- TPPuser string
- TPPPassword string
- TPPZone string
- CloudUrl string
- CloudAPIkey string
- CloudZone string
-}
-
-func GetContext() *Context {
-
- c := &Context{}
-
- flag.StringVar(&c.TPPurl, "tpp-url", "", "")
- flag.StringVar(&c.TPPuser, "tpp-user", "", "")
- flag.StringVar(&c.TPPPassword, "tpp-password", "", "")
- flag.StringVar(&c.TPPZone, "tpp-zone", "", "")
-
- flag.StringVar(&c.CloudUrl, "cloud-url", "", "")
- flag.StringVar(&c.CloudAPIkey, "cloud-api-key", "", "")
- flag.StringVar(&c.CloudZone, "cloud-zone", "", "")
-
- flag.Parse()
-
- return c
-}
-
-func GetEnvContext() *Context {
-
- c := &Context{}
-
- c.TPPurl = os.Getenv("VCERT_TPP_URL")
- c.TPPuser = os.Getenv("VCERT_TPP_USER")
- c.TPPPassword = os.Getenv("VCERT_TPP_PASSWORD")
- c.TPPZone = os.Getenv("VCERT_TPP_ZONE")
-
- c.CloudUrl = os.Getenv("VCERT_CLOUD_URL")
- c.CloudAPIkey = os.Getenv("VCERT_CLOUD_APIKEY")
- c.CloudZone = os.Getenv("VCERT_CLOUD_ZONE")
-
- return c
-}
diff --git a/vendor/github.com/Venafi/vcert/test/fixtures.go b/vendor/github.com/Venafi/vcert/test/fixtures.go
deleted file mode 100644
index 7179782b..00000000
--- a/vendor/github.com/Venafi/vcert/test/fixtures.go
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package test
-
-import (
- "fmt"
- "math/rand"
- "time"
-)
-
-func init() {
- rand.Seed(time.Now().UnixNano())
-}
-
-func randRunes(n int) string {
- var letterRunes = []rune("abcdefghijklmnopqrstuvwxyz")
- b := make([]rune, n)
- for i := range b {
- b[i] = letterRunes[rand.Intn(len(letterRunes))]
- }
- return string(b)
-}
-
-func RandCN() string {
- return fmt.Sprintf("t%d-%s.venafi.example.com", time.Now().Unix(), randRunes(4))
-}
diff --git a/vendor/github.com/Venafi/vcert/vcert.go b/vendor/github.com/Venafi/vcert/vcert.go
deleted file mode 100644
index daadfaa3..00000000
--- a/vendor/github.com/Venafi/vcert/vcert.go
+++ /dev/null
@@ -1,45 +0,0 @@
-/*
- * Copyright 2018 Venafi, Inc.
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package vcert
-
-import (
- "fmt"
-)
-
-//ProjectName contains the friendly name of the vcert utiltity
-const ProjectName string = "Venafi Certificate Utility"
-
-var (
- versionString string
- versionBuildTimeStamp string
-)
-
-//GetFormattedVersionString gets a friendly printable string to represent the version
-func GetFormattedVersionString() string {
- if versionBuildTimeStamp != "" {
- versionBuildTimeStamp = fmt.Sprintf("\tBuild Timestamp: %s\n", versionBuildTimeStamp)
- }
- return fmt.Sprintf("%s\n\tVersion: %s\n%s", ProjectName, GetVersionString(), versionBuildTimeStamp)
-}
-
-//GetVersionString gets a simple version string
-func GetVersionString() string {
- if versionString == "" {
- versionString = "3.18.3.1"
- }
- return versionString
-}
diff --git a/vendor/github.com/armon/go-metrics/.gitignore b/vendor/github.com/armon/go-metrics/.gitignore
deleted file mode 100644
index 8c03ec11..00000000
--- a/vendor/github.com/armon/go-metrics/.gitignore
+++ /dev/null
@@ -1,24 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-
-/metrics.out
diff --git a/vendor/github.com/armon/go-metrics/LICENSE b/vendor/github.com/armon/go-metrics/LICENSE
deleted file mode 100644
index 106569e5..00000000
--- a/vendor/github.com/armon/go-metrics/LICENSE
+++ /dev/null
@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2013 Armon Dadgar
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/armon/go-metrics/README.md b/vendor/github.com/armon/go-metrics/README.md
deleted file mode 100644
index aa73348c..00000000
--- a/vendor/github.com/armon/go-metrics/README.md
+++ /dev/null
@@ -1,91 +0,0 @@
-go-metrics
-==========
-
-This library provides a `metrics` package which can be used to instrument code,
-expose application metrics, and profile runtime performance in a flexible manner.
-
-Current API: [](https://godoc.org/github.com/armon/go-metrics)
-
-Sinks
------
-
-The `metrics` package makes use of a `MetricSink` interface to support delivery
-to any type of backend. Currently the following sinks are provided:
-
-* StatsiteSink : Sinks to a [statsite](https://github.com/armon/statsite/) instance (TCP)
-* StatsdSink: Sinks to a [StatsD](https://github.com/etsy/statsd/) / statsite instance (UDP)
-* PrometheusSink: Sinks to a [Prometheus](http://prometheus.io/) metrics endpoint (exposed via HTTP for scrapes)
-* InmemSink : Provides in-memory aggregation, can be used to export stats
-* FanoutSink : Sinks to multiple sinks. Enables writing to multiple statsite instances for example.
-* BlackholeSink : Sinks to nowhere
-
-In addition to the sinks, the `InmemSignal` can be used to catch a signal,
-and dump a formatted output of recent metrics. For example, when a process gets
-a SIGUSR1, it can dump to stderr recent performance metrics for debugging.
-
-Labels
-------
-
-Most metrics do have an equivalent ending with `WithLabels`, such methods
-allow to push metrics with labels and use some features of underlying Sinks
-(ex: translated into Prometheus labels).
-
-Since some of these labels may increase greatly cardinality of metrics, the
-library allow to filter labels using a blacklist/whitelist filtering system
-which is global to all metrics.
-
-* If `Config.AllowedLabels` is not nil, then only labels specified in this value will be sent to underlying Sink, otherwise, all labels are sent by default.
-* If `Config.BlockedLabels` is not nil, any label specified in this value will not be sent to underlying Sinks.
-
-By default, both `Config.AllowedLabels` and `Config.BlockedLabels` are nil, meaning that
-no tags are filetered at all, but it allow to a user to globally block some tags with high
-cardinality at application level.
-
-Examples
---------
-
-Here is an example of using the package:
-
-```go
-func SlowMethod() {
- // Profiling the runtime of a method
- defer metrics.MeasureSince([]string{"SlowMethod"}, time.Now())
-}
-
-// Configure a statsite sink as the global metrics sink
-sink, _ := metrics.NewStatsiteSink("statsite:8125")
-metrics.NewGlobal(metrics.DefaultConfig("service-name"), sink)
-
-// Emit a Key/Value pair
-metrics.EmitKey([]string{"questions", "meaning of life"}, 42)
-```
-
-Here is an example of setting up a signal handler:
-
-```go
-// Setup the inmem sink and signal handler
-inm := metrics.NewInmemSink(10*time.Second, time.Minute)
-sig := metrics.DefaultInmemSignal(inm)
-metrics.NewGlobal(metrics.DefaultConfig("service-name"), inm)
-
-// Run some code
-inm.SetGauge([]string{"foo"}, 42)
-inm.EmitKey([]string{"bar"}, 30)
-
-inm.IncrCounter([]string{"baz"}, 42)
-inm.IncrCounter([]string{"baz"}, 1)
-inm.IncrCounter([]string{"baz"}, 80)
-
-inm.AddSample([]string{"method", "wow"}, 42)
-inm.AddSample([]string{"method", "wow"}, 100)
-inm.AddSample([]string{"method", "wow"}, 22)
-
-....
-```
-
-When a signal comes in, output like the following will be dumped to stderr:
-
- [2014-01-28 14:57:33.04 -0800 PST][G] 'foo': 42.000
- [2014-01-28 14:57:33.04 -0800 PST][P] 'bar': 30.000
- [2014-01-28 14:57:33.04 -0800 PST][C] 'baz': Count: 3 Min: 1.000 Mean: 41.000 Max: 80.000 Stddev: 39.509
- [2014-01-28 14:57:33.04 -0800 PST][S] 'method.wow': Count: 3 Min: 22.000 Mean: 54.667 Max: 100.000 Stddev: 40.513
\ No newline at end of file
diff --git a/vendor/github.com/armon/go-metrics/const_unix.go b/vendor/github.com/armon/go-metrics/const_unix.go
deleted file mode 100644
index 31098dd5..00000000
--- a/vendor/github.com/armon/go-metrics/const_unix.go
+++ /dev/null
@@ -1,12 +0,0 @@
-// +build !windows
-
-package metrics
-
-import (
- "syscall"
-)
-
-const (
- // DefaultSignal is used with DefaultInmemSignal
- DefaultSignal = syscall.SIGUSR1
-)
diff --git a/vendor/github.com/armon/go-metrics/const_windows.go b/vendor/github.com/armon/go-metrics/const_windows.go
deleted file mode 100644
index 38136af3..00000000
--- a/vendor/github.com/armon/go-metrics/const_windows.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// +build windows
-
-package metrics
-
-import (
- "syscall"
-)
-
-const (
- // DefaultSignal is used with DefaultInmemSignal
- // Windows has no SIGUSR1, use SIGBREAK
- DefaultSignal = syscall.Signal(21)
-)
diff --git a/vendor/github.com/armon/go-metrics/inmem.go b/vendor/github.com/armon/go-metrics/inmem.go
deleted file mode 100644
index 4e2d6a70..00000000
--- a/vendor/github.com/armon/go-metrics/inmem.go
+++ /dev/null
@@ -1,348 +0,0 @@
-package metrics
-
-import (
- "bytes"
- "fmt"
- "math"
- "net/url"
- "strings"
- "sync"
- "time"
-)
-
-// InmemSink provides a MetricSink that does in-memory aggregation
-// without sending metrics over a network. It can be embedded within
-// an application to provide profiling information.
-type InmemSink struct {
- // How long is each aggregation interval
- interval time.Duration
-
- // Retain controls how many metrics interval we keep
- retain time.Duration
-
- // maxIntervals is the maximum length of intervals.
- // It is retain / interval.
- maxIntervals int
-
- // intervals is a slice of the retained intervals
- intervals []*IntervalMetrics
- intervalLock sync.RWMutex
-
- rateDenom float64
-}
-
-// IntervalMetrics stores the aggregated metrics
-// for a specific interval
-type IntervalMetrics struct {
- sync.RWMutex
-
- // The start time of the interval
- Interval time.Time
-
- // Gauges maps the key to the last set value
- Gauges map[string]GaugeValue
-
- // Points maps the string to the list of emitted values
- // from EmitKey
- Points map[string][]float32
-
- // Counters maps the string key to a sum of the counter
- // values
- Counters map[string]SampledValue
-
- // Samples maps the key to an AggregateSample,
- // which has the rolled up view of a sample
- Samples map[string]SampledValue
-}
-
-// NewIntervalMetrics creates a new IntervalMetrics for a given interval
-func NewIntervalMetrics(intv time.Time) *IntervalMetrics {
- return &IntervalMetrics{
- Interval: intv,
- Gauges: make(map[string]GaugeValue),
- Points: make(map[string][]float32),
- Counters: make(map[string]SampledValue),
- Samples: make(map[string]SampledValue),
- }
-}
-
-// AggregateSample is used to hold aggregate metrics
-// about a sample
-type AggregateSample struct {
- Count int // The count of emitted pairs
- Rate float64 // The values rate per time unit (usually 1 second)
- Sum float64 // The sum of values
- SumSq float64 `json:"-"` // The sum of squared values
- Min float64 // Minimum value
- Max float64 // Maximum value
- LastUpdated time.Time `json:"-"` // When value was last updated
-}
-
-// Computes a Stddev of the values
-func (a *AggregateSample) Stddev() float64 {
- num := (float64(a.Count) * a.SumSq) - math.Pow(a.Sum, 2)
- div := float64(a.Count * (a.Count - 1))
- if div == 0 {
- return 0
- }
- return math.Sqrt(num / div)
-}
-
-// Computes a mean of the values
-func (a *AggregateSample) Mean() float64 {
- if a.Count == 0 {
- return 0
- }
- return a.Sum / float64(a.Count)
-}
-
-// Ingest is used to update a sample
-func (a *AggregateSample) Ingest(v float64, rateDenom float64) {
- a.Count++
- a.Sum += v
- a.SumSq += (v * v)
- if v < a.Min || a.Count == 1 {
- a.Min = v
- }
- if v > a.Max || a.Count == 1 {
- a.Max = v
- }
- a.Rate = float64(a.Sum) / rateDenom
- a.LastUpdated = time.Now()
-}
-
-func (a *AggregateSample) String() string {
- if a.Count == 0 {
- return "Count: 0"
- } else if a.Stddev() == 0 {
- return fmt.Sprintf("Count: %d Sum: %0.3f LastUpdated: %s", a.Count, a.Sum, a.LastUpdated)
- } else {
- return fmt.Sprintf("Count: %d Min: %0.3f Mean: %0.3f Max: %0.3f Stddev: %0.3f Sum: %0.3f LastUpdated: %s",
- a.Count, a.Min, a.Mean(), a.Max, a.Stddev(), a.Sum, a.LastUpdated)
- }
-}
-
-// NewInmemSinkFromURL creates an InmemSink from a URL. It is used
-// (and tested) from NewMetricSinkFromURL.
-func NewInmemSinkFromURL(u *url.URL) (MetricSink, error) {
- params := u.Query()
-
- interval, err := time.ParseDuration(params.Get("interval"))
- if err != nil {
- return nil, fmt.Errorf("Bad 'interval' param: %s", err)
- }
-
- retain, err := time.ParseDuration(params.Get("retain"))
- if err != nil {
- return nil, fmt.Errorf("Bad 'retain' param: %s", err)
- }
-
- return NewInmemSink(interval, retain), nil
-}
-
-// NewInmemSink is used to construct a new in-memory sink.
-// Uses an aggregation interval and maximum retention period.
-func NewInmemSink(interval, retain time.Duration) *InmemSink {
- rateTimeUnit := time.Second
- i := &InmemSink{
- interval: interval,
- retain: retain,
- maxIntervals: int(retain / interval),
- rateDenom: float64(interval.Nanoseconds()) / float64(rateTimeUnit.Nanoseconds()),
- }
- i.intervals = make([]*IntervalMetrics, 0, i.maxIntervals)
- return i
-}
-
-func (i *InmemSink) SetGauge(key []string, val float32) {
- i.SetGaugeWithLabels(key, val, nil)
-}
-
-func (i *InmemSink) SetGaugeWithLabels(key []string, val float32, labels []Label) {
- k, name := i.flattenKeyLabels(key, labels)
- intv := i.getInterval()
-
- intv.Lock()
- defer intv.Unlock()
- intv.Gauges[k] = GaugeValue{Name: name, Value: val, Labels: labels}
-}
-
-func (i *InmemSink) EmitKey(key []string, val float32) {
- k := i.flattenKey(key)
- intv := i.getInterval()
-
- intv.Lock()
- defer intv.Unlock()
- vals := intv.Points[k]
- intv.Points[k] = append(vals, val)
-}
-
-func (i *InmemSink) IncrCounter(key []string, val float32) {
- i.IncrCounterWithLabels(key, val, nil)
-}
-
-func (i *InmemSink) IncrCounterWithLabels(key []string, val float32, labels []Label) {
- k, name := i.flattenKeyLabels(key, labels)
- intv := i.getInterval()
-
- intv.Lock()
- defer intv.Unlock()
-
- agg, ok := intv.Counters[k]
- if !ok {
- agg = SampledValue{
- Name: name,
- AggregateSample: &AggregateSample{},
- Labels: labels,
- }
- intv.Counters[k] = agg
- }
- agg.Ingest(float64(val), i.rateDenom)
-}
-
-func (i *InmemSink) AddSample(key []string, val float32) {
- i.AddSampleWithLabels(key, val, nil)
-}
-
-func (i *InmemSink) AddSampleWithLabels(key []string, val float32, labels []Label) {
- k, name := i.flattenKeyLabels(key, labels)
- intv := i.getInterval()
-
- intv.Lock()
- defer intv.Unlock()
-
- agg, ok := intv.Samples[k]
- if !ok {
- agg = SampledValue{
- Name: name,
- AggregateSample: &AggregateSample{},
- Labels: labels,
- }
- intv.Samples[k] = agg
- }
- agg.Ingest(float64(val), i.rateDenom)
-}
-
-// Data is used to retrieve all the aggregated metrics
-// Intervals may be in use, and a read lock should be acquired
-func (i *InmemSink) Data() []*IntervalMetrics {
- // Get the current interval, forces creation
- i.getInterval()
-
- i.intervalLock.RLock()
- defer i.intervalLock.RUnlock()
-
- n := len(i.intervals)
- intervals := make([]*IntervalMetrics, n)
-
- copy(intervals[:n-1], i.intervals[:n-1])
- current := i.intervals[n-1]
-
- // make its own copy for current interval
- intervals[n-1] = &IntervalMetrics{}
- copyCurrent := intervals[n-1]
- current.RLock()
- *copyCurrent = *current
-
- copyCurrent.Gauges = make(map[string]GaugeValue, len(current.Gauges))
- for k, v := range current.Gauges {
- copyCurrent.Gauges[k] = v
- }
- // saved values will be not change, just copy its link
- copyCurrent.Points = make(map[string][]float32, len(current.Points))
- for k, v := range current.Points {
- copyCurrent.Points[k] = v
- }
- copyCurrent.Counters = make(map[string]SampledValue, len(current.Counters))
- for k, v := range current.Counters {
- copyCurrent.Counters[k] = v
- }
- copyCurrent.Samples = make(map[string]SampledValue, len(current.Samples))
- for k, v := range current.Samples {
- copyCurrent.Samples[k] = v
- }
- current.RUnlock()
-
- return intervals
-}
-
-func (i *InmemSink) getExistingInterval(intv time.Time) *IntervalMetrics {
- i.intervalLock.RLock()
- defer i.intervalLock.RUnlock()
-
- n := len(i.intervals)
- if n > 0 && i.intervals[n-1].Interval == intv {
- return i.intervals[n-1]
- }
- return nil
-}
-
-func (i *InmemSink) createInterval(intv time.Time) *IntervalMetrics {
- i.intervalLock.Lock()
- defer i.intervalLock.Unlock()
-
- // Check for an existing interval
- n := len(i.intervals)
- if n > 0 && i.intervals[n-1].Interval == intv {
- return i.intervals[n-1]
- }
-
- // Add the current interval
- current := NewIntervalMetrics(intv)
- i.intervals = append(i.intervals, current)
- n++
-
- // Truncate the intervals if they are too long
- if n >= i.maxIntervals {
- copy(i.intervals[0:], i.intervals[n-i.maxIntervals:])
- i.intervals = i.intervals[:i.maxIntervals]
- }
- return current
-}
-
-// getInterval returns the current interval to write to
-func (i *InmemSink) getInterval() *IntervalMetrics {
- intv := time.Now().Truncate(i.interval)
- if m := i.getExistingInterval(intv); m != nil {
- return m
- }
- return i.createInterval(intv)
-}
-
-// Flattens the key for formatting, removes spaces
-func (i *InmemSink) flattenKey(parts []string) string {
- buf := &bytes.Buffer{}
- replacer := strings.NewReplacer(" ", "_")
-
- if len(parts) > 0 {
- replacer.WriteString(buf, parts[0])
- }
- for _, part := range parts[1:] {
- replacer.WriteString(buf, ".")
- replacer.WriteString(buf, part)
- }
-
- return buf.String()
-}
-
-// Flattens the key for formatting along with its labels, removes spaces
-func (i *InmemSink) flattenKeyLabels(parts []string, labels []Label) (string, string) {
- buf := &bytes.Buffer{}
- replacer := strings.NewReplacer(" ", "_")
-
- if len(parts) > 0 {
- replacer.WriteString(buf, parts[0])
- }
- for _, part := range parts[1:] {
- replacer.WriteString(buf, ".")
- replacer.WriteString(buf, part)
- }
-
- key := buf.String()
-
- for _, label := range labels {
- replacer.WriteString(buf, fmt.Sprintf(";%s=%s", label.Name, label.Value))
- }
-
- return buf.String(), key
-}
diff --git a/vendor/github.com/armon/go-metrics/inmem_endpoint.go b/vendor/github.com/armon/go-metrics/inmem_endpoint.go
deleted file mode 100644
index 504f1b37..00000000
--- a/vendor/github.com/armon/go-metrics/inmem_endpoint.go
+++ /dev/null
@@ -1,118 +0,0 @@
-package metrics
-
-import (
- "fmt"
- "net/http"
- "sort"
- "time"
-)
-
-// MetricsSummary holds a roll-up of metrics info for a given interval
-type MetricsSummary struct {
- Timestamp string
- Gauges []GaugeValue
- Points []PointValue
- Counters []SampledValue
- Samples []SampledValue
-}
-
-type GaugeValue struct {
- Name string
- Hash string `json:"-"`
- Value float32
-
- Labels []Label `json:"-"`
- DisplayLabels map[string]string `json:"Labels"`
-}
-
-type PointValue struct {
- Name string
- Points []float32
-}
-
-type SampledValue struct {
- Name string
- Hash string `json:"-"`
- *AggregateSample
- Mean float64
- Stddev float64
-
- Labels []Label `json:"-"`
- DisplayLabels map[string]string `json:"Labels"`
-}
-
-// DisplayMetrics returns a summary of the metrics from the most recent finished interval.
-func (i *InmemSink) DisplayMetrics(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
- data := i.Data()
-
- var interval *IntervalMetrics
- n := len(data)
- switch {
- case n == 0:
- return nil, fmt.Errorf("no metric intervals have been initialized yet")
- case n == 1:
- // Show the current interval if it's all we have
- interval = i.intervals[0]
- default:
- // Show the most recent finished interval if we have one
- interval = i.intervals[n-2]
- }
-
- summary := MetricsSummary{
- Timestamp: interval.Interval.Round(time.Second).UTC().String(),
- Gauges: make([]GaugeValue, 0, len(interval.Gauges)),
- Points: make([]PointValue, 0, len(interval.Points)),
- }
-
- // Format and sort the output of each metric type, so it gets displayed in a
- // deterministic order.
- for name, points := range interval.Points {
- summary.Points = append(summary.Points, PointValue{name, points})
- }
- sort.Slice(summary.Points, func(i, j int) bool {
- return summary.Points[i].Name < summary.Points[j].Name
- })
-
- for hash, value := range interval.Gauges {
- value.Hash = hash
- value.DisplayLabels = make(map[string]string)
- for _, label := range value.Labels {
- value.DisplayLabels[label.Name] = label.Value
- }
- value.Labels = nil
-
- summary.Gauges = append(summary.Gauges, value)
- }
- sort.Slice(summary.Gauges, func(i, j int) bool {
- return summary.Gauges[i].Hash < summary.Gauges[j].Hash
- })
-
- summary.Counters = formatSamples(interval.Counters)
- summary.Samples = formatSamples(interval.Samples)
-
- return summary, nil
-}
-
-func formatSamples(source map[string]SampledValue) []SampledValue {
- output := make([]SampledValue, 0, len(source))
- for hash, sample := range source {
- displayLabels := make(map[string]string)
- for _, label := range sample.Labels {
- displayLabels[label.Name] = label.Value
- }
-
- output = append(output, SampledValue{
- Name: sample.Name,
- Hash: hash,
- AggregateSample: sample.AggregateSample,
- Mean: sample.AggregateSample.Mean(),
- Stddev: sample.AggregateSample.Stddev(),
- DisplayLabels: displayLabels,
- })
- }
- sort.Slice(output, func(i, j int) bool {
- return output[i].Hash < output[j].Hash
- })
-
- return output
-}
diff --git a/vendor/github.com/armon/go-metrics/inmem_signal.go b/vendor/github.com/armon/go-metrics/inmem_signal.go
deleted file mode 100644
index 0937f4ae..00000000
--- a/vendor/github.com/armon/go-metrics/inmem_signal.go
+++ /dev/null
@@ -1,117 +0,0 @@
-package metrics
-
-import (
- "bytes"
- "fmt"
- "io"
- "os"
- "os/signal"
- "strings"
- "sync"
- "syscall"
-)
-
-// InmemSignal is used to listen for a given signal, and when received,
-// to dump the current metrics from the InmemSink to an io.Writer
-type InmemSignal struct {
- signal syscall.Signal
- inm *InmemSink
- w io.Writer
- sigCh chan os.Signal
-
- stop bool
- stopCh chan struct{}
- stopLock sync.Mutex
-}
-
-// NewInmemSignal creates a new InmemSignal which listens for a given signal,
-// and dumps the current metrics out to a writer
-func NewInmemSignal(inmem *InmemSink, sig syscall.Signal, w io.Writer) *InmemSignal {
- i := &InmemSignal{
- signal: sig,
- inm: inmem,
- w: w,
- sigCh: make(chan os.Signal, 1),
- stopCh: make(chan struct{}),
- }
- signal.Notify(i.sigCh, sig)
- go i.run()
- return i
-}
-
-// DefaultInmemSignal returns a new InmemSignal that responds to SIGUSR1
-// and writes output to stderr. Windows uses SIGBREAK
-func DefaultInmemSignal(inmem *InmemSink) *InmemSignal {
- return NewInmemSignal(inmem, DefaultSignal, os.Stderr)
-}
-
-// Stop is used to stop the InmemSignal from listening
-func (i *InmemSignal) Stop() {
- i.stopLock.Lock()
- defer i.stopLock.Unlock()
-
- if i.stop {
- return
- }
- i.stop = true
- close(i.stopCh)
- signal.Stop(i.sigCh)
-}
-
-// run is a long running routine that handles signals
-func (i *InmemSignal) run() {
- for {
- select {
- case <-i.sigCh:
- i.dumpStats()
- case <-i.stopCh:
- return
- }
- }
-}
-
-// dumpStats is used to dump the data to output writer
-func (i *InmemSignal) dumpStats() {
- buf := bytes.NewBuffer(nil)
-
- data := i.inm.Data()
- // Skip the last period which is still being aggregated
- for j := 0; j < len(data)-1; j++ {
- intv := data[j]
- intv.RLock()
- for _, val := range intv.Gauges {
- name := i.flattenLabels(val.Name, val.Labels)
- fmt.Fprintf(buf, "[%v][G] '%s': %0.3f\n", intv.Interval, name, val.Value)
- }
- for name, vals := range intv.Points {
- for _, val := range vals {
- fmt.Fprintf(buf, "[%v][P] '%s': %0.3f\n", intv.Interval, name, val)
- }
- }
- for _, agg := range intv.Counters {
- name := i.flattenLabels(agg.Name, agg.Labels)
- fmt.Fprintf(buf, "[%v][C] '%s': %s\n", intv.Interval, name, agg.AggregateSample)
- }
- for _, agg := range intv.Samples {
- name := i.flattenLabels(agg.Name, agg.Labels)
- fmt.Fprintf(buf, "[%v][S] '%s': %s\n", intv.Interval, name, agg.AggregateSample)
- }
- intv.RUnlock()
- }
-
- // Write out the bytes
- i.w.Write(buf.Bytes())
-}
-
-// Flattens the key for formatting along with its labels, removes spaces
-func (i *InmemSignal) flattenLabels(name string, labels []Label) string {
- buf := bytes.NewBufferString(name)
- replacer := strings.NewReplacer(" ", "_", ":", "_")
-
- for _, label := range labels {
- replacer.WriteString(buf, ".")
- replacer.WriteString(buf, label.Value)
- }
-
- return buf.String()
-}
diff --git a/vendor/github.com/armon/go-metrics/metrics.go b/vendor/github.com/armon/go-metrics/metrics.go
deleted file mode 100644
index cf9def74..00000000
--- a/vendor/github.com/armon/go-metrics/metrics.go
+++ /dev/null
@@ -1,278 +0,0 @@
-package metrics
-
-import (
- "runtime"
- "strings"
- "time"
-
- "github.com/hashicorp/go-immutable-radix"
-)
-
-type Label struct {
- Name string
- Value string
-}
-
-func (m *Metrics) SetGauge(key []string, val float32) {
- m.SetGaugeWithLabels(key, val, nil)
-}
-
-func (m *Metrics) SetGaugeWithLabels(key []string, val float32, labels []Label) {
- if m.HostName != "" {
- if m.EnableHostnameLabel {
- labels = append(labels, Label{"host", m.HostName})
- } else if m.EnableHostname {
- key = insert(0, m.HostName, key)
- }
- }
- if m.EnableTypePrefix {
- key = insert(0, "gauge", key)
- }
- if m.ServiceName != "" {
- if m.EnableServiceLabel {
- labels = append(labels, Label{"service", m.ServiceName})
- } else {
- key = insert(0, m.ServiceName, key)
- }
- }
- allowed, labelsFiltered := m.allowMetric(key, labels)
- if !allowed {
- return
- }
- m.sink.SetGaugeWithLabels(key, val, labelsFiltered)
-}
-
-func (m *Metrics) EmitKey(key []string, val float32) {
- if m.EnableTypePrefix {
- key = insert(0, "kv", key)
- }
- if m.ServiceName != "" {
- key = insert(0, m.ServiceName, key)
- }
- allowed, _ := m.allowMetric(key, nil)
- if !allowed {
- return
- }
- m.sink.EmitKey(key, val)
-}
-
-func (m *Metrics) IncrCounter(key []string, val float32) {
- m.IncrCounterWithLabels(key, val, nil)
-}
-
-func (m *Metrics) IncrCounterWithLabels(key []string, val float32, labels []Label) {
- if m.HostName != "" && m.EnableHostnameLabel {
- labels = append(labels, Label{"host", m.HostName})
- }
- if m.EnableTypePrefix {
- key = insert(0, "counter", key)
- }
- if m.ServiceName != "" {
- if m.EnableServiceLabel {
- labels = append(labels, Label{"service", m.ServiceName})
- } else {
- key = insert(0, m.ServiceName, key)
- }
- }
- allowed, labelsFiltered := m.allowMetric(key, labels)
- if !allowed {
- return
- }
- m.sink.IncrCounterWithLabels(key, val, labelsFiltered)
-}
-
-func (m *Metrics) AddSample(key []string, val float32) {
- m.AddSampleWithLabels(key, val, nil)
-}
-
-func (m *Metrics) AddSampleWithLabels(key []string, val float32, labels []Label) {
- if m.HostName != "" && m.EnableHostnameLabel {
- labels = append(labels, Label{"host", m.HostName})
- }
- if m.EnableTypePrefix {
- key = insert(0, "sample", key)
- }
- if m.ServiceName != "" {
- if m.EnableServiceLabel {
- labels = append(labels, Label{"service", m.ServiceName})
- } else {
- key = insert(0, m.ServiceName, key)
- }
- }
- allowed, labelsFiltered := m.allowMetric(key, labels)
- if !allowed {
- return
- }
- m.sink.AddSampleWithLabels(key, val, labelsFiltered)
-}
-
-func (m *Metrics) MeasureSince(key []string, start time.Time) {
- m.MeasureSinceWithLabels(key, start, nil)
-}
-
-func (m *Metrics) MeasureSinceWithLabels(key []string, start time.Time, labels []Label) {
- if m.HostName != "" && m.EnableHostnameLabel {
- labels = append(labels, Label{"host", m.HostName})
- }
- if m.EnableTypePrefix {
- key = insert(0, "timer", key)
- }
- if m.ServiceName != "" {
- if m.EnableServiceLabel {
- labels = append(labels, Label{"service", m.ServiceName})
- } else {
- key = insert(0, m.ServiceName, key)
- }
- }
- allowed, labelsFiltered := m.allowMetric(key, labels)
- if !allowed {
- return
- }
- now := time.Now()
- elapsed := now.Sub(start)
- msec := float32(elapsed.Nanoseconds()) / float32(m.TimerGranularity)
- m.sink.AddSampleWithLabels(key, msec, labelsFiltered)
-}
-
-// UpdateFilter overwrites the existing filter with the given rules.
-func (m *Metrics) UpdateFilter(allow, block []string) {
- m.UpdateFilterAndLabels(allow, block, m.AllowedLabels, m.BlockedLabels)
-}
-
-// UpdateFilterAndLabels overwrites the existing filter with the given rules.
-func (m *Metrics) UpdateFilterAndLabels(allow, block, allowedLabels, blockedLabels []string) {
- m.filterLock.Lock()
- defer m.filterLock.Unlock()
-
- m.AllowedPrefixes = allow
- m.BlockedPrefixes = block
-
- if allowedLabels == nil {
- // Having a white list means we take only elements from it
- m.allowedLabels = nil
- } else {
- m.allowedLabels = make(map[string]bool)
- for _, v := range allowedLabels {
- m.allowedLabels[v] = true
- }
- }
- m.blockedLabels = make(map[string]bool)
- for _, v := range blockedLabels {
- m.blockedLabels[v] = true
- }
- m.AllowedLabels = allowedLabels
- m.BlockedLabels = blockedLabels
-
- m.filter = iradix.New()
- for _, prefix := range m.AllowedPrefixes {
- m.filter, _, _ = m.filter.Insert([]byte(prefix), true)
- }
- for _, prefix := range m.BlockedPrefixes {
- m.filter, _, _ = m.filter.Insert([]byte(prefix), false)
- }
-}
-
-// labelIsAllowed return true if a should be included in metric
-// the caller should lock m.filterLock while calling this method
-func (m *Metrics) labelIsAllowed(label *Label) bool {
- labelName := (*label).Name
- if m.blockedLabels != nil {
- _, ok := m.blockedLabels[labelName]
- if ok {
- // If present, let's remove this label
- return false
- }
- }
- if m.allowedLabels != nil {
- _, ok := m.allowedLabels[labelName]
- return ok
- }
- // Allow by default
- return true
-}
-
-// filterLabels return only allowed labels
-// the caller should lock m.filterLock while calling this method
-func (m *Metrics) filterLabels(labels []Label) []Label {
- if labels == nil {
- return nil
- }
- toReturn := labels[:0]
- for _, label := range labels {
- if m.labelIsAllowed(&label) {
- toReturn = append(toReturn, label)
- }
- }
- return toReturn
-}
-
-// Returns whether the metric should be allowed based on configured prefix filters
-// Also return the applicable labels
-func (m *Metrics) allowMetric(key []string, labels []Label) (bool, []Label) {
- m.filterLock.RLock()
- defer m.filterLock.RUnlock()
-
- if m.filter == nil || m.filter.Len() == 0 {
- return m.Config.FilterDefault, m.filterLabels(labels)
- }
-
- _, allowed, ok := m.filter.Root().LongestPrefix([]byte(strings.Join(key, ".")))
- if !ok {
- return m.Config.FilterDefault, m.filterLabels(labels)
- }
-
- return allowed.(bool), m.filterLabels(labels)
-}
-
-// Periodically collects runtime stats to publish
-func (m *Metrics) collectStats() {
- for {
- time.Sleep(m.ProfileInterval)
- m.emitRuntimeStats()
- }
-}
-
-// Emits various runtime statsitics
-func (m *Metrics) emitRuntimeStats() {
- // Export number of Goroutines
- numRoutines := runtime.NumGoroutine()
- m.SetGauge([]string{"runtime", "num_goroutines"}, float32(numRoutines))
-
- // Export memory stats
- var stats runtime.MemStats
- runtime.ReadMemStats(&stats)
- m.SetGauge([]string{"runtime", "alloc_bytes"}, float32(stats.Alloc))
- m.SetGauge([]string{"runtime", "sys_bytes"}, float32(stats.Sys))
- m.SetGauge([]string{"runtime", "malloc_count"}, float32(stats.Mallocs))
- m.SetGauge([]string{"runtime", "free_count"}, float32(stats.Frees))
- m.SetGauge([]string{"runtime", "heap_objects"}, float32(stats.HeapObjects))
- m.SetGauge([]string{"runtime", "total_gc_pause_ns"}, float32(stats.PauseTotalNs))
- m.SetGauge([]string{"runtime", "total_gc_runs"}, float32(stats.NumGC))
-
- // Export info about the last few GC runs
- num := stats.NumGC
-
- // Handle wrap around
- if num < m.lastNumGC {
- m.lastNumGC = 0
- }
-
- // Ensure we don't scan more than 256
- if num-m.lastNumGC >= 256 {
- m.lastNumGC = num - 255
- }
-
- for i := m.lastNumGC; i < num; i++ {
- pause := stats.PauseNs[i%256]
- m.AddSample([]string{"runtime", "gc_pause_ns"}, float32(pause))
- }
- m.lastNumGC = num
-}
-
-// Inserts a string value at an index into the slice
-func insert(i int, v string, s []string) []string {
- s = append(s, "")
- copy(s[i+1:], s[i:])
- s[i] = v
- return s
-}
diff --git a/vendor/github.com/armon/go-metrics/sink.go b/vendor/github.com/armon/go-metrics/sink.go
deleted file mode 100644
index 0b7d6e4b..00000000
--- a/vendor/github.com/armon/go-metrics/sink.go
+++ /dev/null
@@ -1,115 +0,0 @@
-package metrics
-
-import (
- "fmt"
- "net/url"
-)
-
-// The MetricSink interface is used to transmit metrics information
-// to an external system
-type MetricSink interface {
- // A Gauge should retain the last value it is set to
- SetGauge(key []string, val float32)
- SetGaugeWithLabels(key []string, val float32, labels []Label)
-
- // Should emit a Key/Value pair for each call
- EmitKey(key []string, val float32)
-
- // Counters should accumulate values
- IncrCounter(key []string, val float32)
- IncrCounterWithLabels(key []string, val float32, labels []Label)
-
- // Samples are for timing information, where quantiles are used
- AddSample(key []string, val float32)
- AddSampleWithLabels(key []string, val float32, labels []Label)
-}
-
-// BlackholeSink is used to just blackhole messages
-type BlackholeSink struct{}
-
-func (*BlackholeSink) SetGauge(key []string, val float32) {}
-func (*BlackholeSink) SetGaugeWithLabels(key []string, val float32, labels []Label) {}
-func (*BlackholeSink) EmitKey(key []string, val float32) {}
-func (*BlackholeSink) IncrCounter(key []string, val float32) {}
-func (*BlackholeSink) IncrCounterWithLabels(key []string, val float32, labels []Label) {}
-func (*BlackholeSink) AddSample(key []string, val float32) {}
-func (*BlackholeSink) AddSampleWithLabels(key []string, val float32, labels []Label) {}
-
-// FanoutSink is used to sink to fanout values to multiple sinks
-type FanoutSink []MetricSink
-
-func (fh FanoutSink) SetGauge(key []string, val float32) {
- fh.SetGaugeWithLabels(key, val, nil)
-}
-
-func (fh FanoutSink) SetGaugeWithLabels(key []string, val float32, labels []Label) {
- for _, s := range fh {
- s.SetGaugeWithLabels(key, val, labels)
- }
-}
-
-func (fh FanoutSink) EmitKey(key []string, val float32) {
- for _, s := range fh {
- s.EmitKey(key, val)
- }
-}
-
-func (fh FanoutSink) IncrCounter(key []string, val float32) {
- fh.IncrCounterWithLabels(key, val, nil)
-}
-
-func (fh FanoutSink) IncrCounterWithLabels(key []string, val float32, labels []Label) {
- for _, s := range fh {
- s.IncrCounterWithLabels(key, val, labels)
- }
-}
-
-func (fh FanoutSink) AddSample(key []string, val float32) {
- fh.AddSampleWithLabels(key, val, nil)
-}
-
-func (fh FanoutSink) AddSampleWithLabels(key []string, val float32, labels []Label) {
- for _, s := range fh {
- s.AddSampleWithLabels(key, val, labels)
- }
-}
-
-// sinkURLFactoryFunc is an generic interface around the *SinkFromURL() function provided
-// by each sink type
-type sinkURLFactoryFunc func(*url.URL) (MetricSink, error)
-
-// sinkRegistry supports the generic NewMetricSink function by mapping URL
-// schemes to metric sink factory functions
-var sinkRegistry = map[string]sinkURLFactoryFunc{
- "statsd": NewStatsdSinkFromURL,
- "statsite": NewStatsiteSinkFromURL,
- "inmem": NewInmemSinkFromURL,
-}
-
-// NewMetricSinkFromURL allows a generic URL input to configure any of the
-// supported sinks. The scheme of the URL identifies the type of the sink, the
-// and query parameters are used to set options.
-//
-// "statsd://" - Initializes a StatsdSink. The host and port are passed through
-// as the "addr" of the sink
-//
-// "statsite://" - Initializes a StatsiteSink. The host and port become the
-// "addr" of the sink
-//
-// "inmem://" - Initializes an InmemSink. The host and port are ignored. The
-// "interval" and "duration" query parameters must be specified with valid
-// durations, see NewInmemSink for details.
-func NewMetricSinkFromURL(urlStr string) (MetricSink, error) {
- u, err := url.Parse(urlStr)
- if err != nil {
- return nil, err
- }
-
- sinkURLFactoryFunc := sinkRegistry[u.Scheme]
- if sinkURLFactoryFunc == nil {
- return nil, fmt.Errorf(
- "cannot create metric sink, unrecognized sink name: %q", u.Scheme)
- }
-
- return sinkURLFactoryFunc(u)
-}
diff --git a/vendor/github.com/armon/go-metrics/start.go b/vendor/github.com/armon/go-metrics/start.go
deleted file mode 100644
index 32a28c48..00000000
--- a/vendor/github.com/armon/go-metrics/start.go
+++ /dev/null
@@ -1,141 +0,0 @@
-package metrics
-
-import (
- "os"
- "sync"
- "sync/atomic"
- "time"
-
- "github.com/hashicorp/go-immutable-radix"
-)
-
-// Config is used to configure metrics settings
-type Config struct {
- ServiceName string // Prefixed with keys to separate services
- HostName string // Hostname to use. If not provided and EnableHostname, it will be os.Hostname
- EnableHostname bool // Enable prefixing gauge values with hostname
- EnableHostnameLabel bool // Enable adding hostname to labels
- EnableServiceLabel bool // Enable adding service to labels
- EnableRuntimeMetrics bool // Enables profiling of runtime metrics (GC, Goroutines, Memory)
- EnableTypePrefix bool // Prefixes key with a type ("counter", "gauge", "timer")
- TimerGranularity time.Duration // Granularity of timers.
- ProfileInterval time.Duration // Interval to profile runtime metrics
-
- AllowedPrefixes []string // A list of metric prefixes to allow, with '.' as the separator
- BlockedPrefixes []string // A list of metric prefixes to block, with '.' as the separator
- AllowedLabels []string // A list of metric labels to allow, with '.' as the separator
- BlockedLabels []string // A list of metric labels to block, with '.' as the separator
- FilterDefault bool // Whether to allow metrics by default
-}
-
-// Metrics represents an instance of a metrics sink that can
-// be used to emit
-type Metrics struct {
- Config
- lastNumGC uint32
- sink MetricSink
- filter *iradix.Tree
- allowedLabels map[string]bool
- blockedLabels map[string]bool
- filterLock sync.RWMutex // Lock filters and allowedLabels/blockedLabels access
-}
-
-// Shared global metrics instance
-var globalMetrics atomic.Value // *Metrics
-
-func init() {
- // Initialize to a blackhole sink to avoid errors
- globalMetrics.Store(&Metrics{sink: &BlackholeSink{}})
-}
-
-// DefaultConfig provides a sane default configuration
-func DefaultConfig(serviceName string) *Config {
- c := &Config{
- ServiceName: serviceName, // Use client provided service
- HostName: "",
- EnableHostname: true, // Enable hostname prefix
- EnableRuntimeMetrics: true, // Enable runtime profiling
- EnableTypePrefix: false, // Disable type prefix
- TimerGranularity: time.Millisecond, // Timers are in milliseconds
- ProfileInterval: time.Second, // Poll runtime every second
- FilterDefault: true, // Don't filter metrics by default
- }
-
- // Try to get the hostname
- name, _ := os.Hostname()
- c.HostName = name
- return c
-}
-
-// New is used to create a new instance of Metrics
-func New(conf *Config, sink MetricSink) (*Metrics, error) {
- met := &Metrics{}
- met.Config = *conf
- met.sink = sink
- met.UpdateFilterAndLabels(conf.AllowedPrefixes, conf.BlockedPrefixes, conf.AllowedLabels, conf.BlockedLabels)
-
- // Start the runtime collector
- if conf.EnableRuntimeMetrics {
- go met.collectStats()
- }
- return met, nil
-}
-
-// NewGlobal is the same as New, but it assigns the metrics object to be
-// used globally as well as returning it.
-func NewGlobal(conf *Config, sink MetricSink) (*Metrics, error) {
- metrics, err := New(conf, sink)
- if err == nil {
- globalMetrics.Store(metrics)
- }
- return metrics, err
-}
-
-// Proxy all the methods to the globalMetrics instance
-func SetGauge(key []string, val float32) {
- globalMetrics.Load().(*Metrics).SetGauge(key, val)
-}
-
-func SetGaugeWithLabels(key []string, val float32, labels []Label) {
- globalMetrics.Load().(*Metrics).SetGaugeWithLabels(key, val, labels)
-}
-
-func EmitKey(key []string, val float32) {
- globalMetrics.Load().(*Metrics).EmitKey(key, val)
-}
-
-func IncrCounter(key []string, val float32) {
- globalMetrics.Load().(*Metrics).IncrCounter(key, val)
-}
-
-func IncrCounterWithLabels(key []string, val float32, labels []Label) {
- globalMetrics.Load().(*Metrics).IncrCounterWithLabels(key, val, labels)
-}
-
-func AddSample(key []string, val float32) {
- globalMetrics.Load().(*Metrics).AddSample(key, val)
-}
-
-func AddSampleWithLabels(key []string, val float32, labels []Label) {
- globalMetrics.Load().(*Metrics).AddSampleWithLabels(key, val, labels)
-}
-
-func MeasureSince(key []string, start time.Time) {
- globalMetrics.Load().(*Metrics).MeasureSince(key, start)
-}
-
-func MeasureSinceWithLabels(key []string, start time.Time, labels []Label) {
- globalMetrics.Load().(*Metrics).MeasureSinceWithLabels(key, start, labels)
-}
-
-func UpdateFilter(allow, block []string) {
- globalMetrics.Load().(*Metrics).UpdateFilter(allow, block)
-}
-
-// UpdateFilterAndLabels set allow/block prefixes of metrics while allowedLabels
-// and blockedLabels - when not nil - allow filtering of labels in order to
-// block/allow globally labels (especially useful when having large number of
-// values for a given label). See README.md for more information about usage.
-func UpdateFilterAndLabels(allow, block, allowedLabels, blockedLabels []string) {
- globalMetrics.Load().(*Metrics).UpdateFilterAndLabels(allow, block, allowedLabels, blockedLabels)
-}
diff --git a/vendor/github.com/armon/go-metrics/statsd.go b/vendor/github.com/armon/go-metrics/statsd.go
deleted file mode 100644
index 1bfffce4..00000000
--- a/vendor/github.com/armon/go-metrics/statsd.go
+++ /dev/null
@@ -1,184 +0,0 @@
-package metrics
-
-import (
- "bytes"
- "fmt"
- "log"
- "net"
- "net/url"
- "strings"
- "time"
-)
-
-const (
- // statsdMaxLen is the maximum size of a packet
- // to send to statsd
- statsdMaxLen = 1400
-)
-
-// StatsdSink provides a MetricSink that can be used
-// with a statsite or statsd metrics server. It uses
-// only UDP packets, while StatsiteSink uses TCP.
-type StatsdSink struct {
- addr string
- metricQueue chan string
-}
-
-// NewStatsdSinkFromURL creates an StatsdSink from a URL. It is used
-// (and tested) from NewMetricSinkFromURL.
-func NewStatsdSinkFromURL(u *url.URL) (MetricSink, error) {
- return NewStatsdSink(u.Host)
-}
-
-// NewStatsdSink is used to create a new StatsdSink
-func NewStatsdSink(addr string) (*StatsdSink, error) {
- s := &StatsdSink{
- addr: addr,
- metricQueue: make(chan string, 4096),
- }
- go s.flushMetrics()
- return s, nil
-}
-
-// Close is used to stop flushing to statsd
-func (s *StatsdSink) Shutdown() {
- close(s.metricQueue)
-}
-
-func (s *StatsdSink) SetGauge(key []string, val float32) {
- flatKey := s.flattenKey(key)
- s.pushMetric(fmt.Sprintf("%s:%f|g\n", flatKey, val))
-}
-
-func (s *StatsdSink) SetGaugeWithLabels(key []string, val float32, labels []Label) {
- flatKey := s.flattenKeyLabels(key, labels)
- s.pushMetric(fmt.Sprintf("%s:%f|g\n", flatKey, val))
-}
-
-func (s *StatsdSink) EmitKey(key []string, val float32) {
- flatKey := s.flattenKey(key)
- s.pushMetric(fmt.Sprintf("%s:%f|kv\n", flatKey, val))
-}
-
-func (s *StatsdSink) IncrCounter(key []string, val float32) {
- flatKey := s.flattenKey(key)
- s.pushMetric(fmt.Sprintf("%s:%f|c\n", flatKey, val))
-}
-
-func (s *StatsdSink) IncrCounterWithLabels(key []string, val float32, labels []Label) {
- flatKey := s.flattenKeyLabels(key, labels)
- s.pushMetric(fmt.Sprintf("%s:%f|c\n", flatKey, val))
-}
-
-func (s *StatsdSink) AddSample(key []string, val float32) {
- flatKey := s.flattenKey(key)
- s.pushMetric(fmt.Sprintf("%s:%f|ms\n", flatKey, val))
-}
-
-func (s *StatsdSink) AddSampleWithLabels(key []string, val float32, labels []Label) {
- flatKey := s.flattenKeyLabels(key, labels)
- s.pushMetric(fmt.Sprintf("%s:%f|ms\n", flatKey, val))
-}
-
-// Flattens the key for formatting, removes spaces
-func (s *StatsdSink) flattenKey(parts []string) string {
- joined := strings.Join(parts, ".")
- return strings.Map(func(r rune) rune {
- switch r {
- case ':':
- fallthrough
- case ' ':
- return '_'
- default:
- return r
- }
- }, joined)
-}
-
-// Flattens the key along with labels for formatting, removes spaces
-func (s *StatsdSink) flattenKeyLabels(parts []string, labels []Label) string {
- for _, label := range labels {
- parts = append(parts, label.Value)
- }
- return s.flattenKey(parts)
-}
-
-// Does a non-blocking push to the metrics queue
-func (s *StatsdSink) pushMetric(m string) {
- select {
- case s.metricQueue <- m:
- default:
- }
-}
-
-// Flushes metrics
-func (s *StatsdSink) flushMetrics() {
- var sock net.Conn
- var err error
- var wait <-chan time.Time
- ticker := time.NewTicker(flushInterval)
- defer ticker.Stop()
-
-CONNECT:
- // Create a buffer
- buf := bytes.NewBuffer(nil)
-
- // Attempt to connect
- sock, err = net.Dial("udp", s.addr)
- if err != nil {
- log.Printf("[ERR] Error connecting to statsd! Err: %s", err)
- goto WAIT
- }
-
- for {
- select {
- case metric, ok := <-s.metricQueue:
- // Get a metric from the queue
- if !ok {
- goto QUIT
- }
-
- // Check if this would overflow the packet size
- if len(metric)+buf.Len() > statsdMaxLen {
- _, err := sock.Write(buf.Bytes())
- buf.Reset()
- if err != nil {
- log.Printf("[ERR] Error writing to statsd! Err: %s", err)
- goto WAIT
- }
- }
-
- // Append to the buffer
- buf.WriteString(metric)
-
- case <-ticker.C:
- if buf.Len() == 0 {
- continue
- }
-
- _, err := sock.Write(buf.Bytes())
- buf.Reset()
- if err != nil {
- log.Printf("[ERR] Error flushing to statsd! Err: %s", err)
- goto WAIT
- }
- }
- }
-
-WAIT:
- // Wait for a while
- wait = time.After(time.Duration(5) * time.Second)
- for {
- select {
- // Dequeue the messages to avoid backlog
- case _, ok := <-s.metricQueue:
- if !ok {
- goto QUIT
- }
- case <-wait:
- goto CONNECT
- }
- }
-QUIT:
- s.metricQueue = nil
-}
diff --git a/vendor/github.com/armon/go-metrics/statsite.go b/vendor/github.com/armon/go-metrics/statsite.go
deleted file mode 100644
index 6c0d284d..00000000
--- a/vendor/github.com/armon/go-metrics/statsite.go
+++ /dev/null
@@ -1,172 +0,0 @@
-package metrics
-
-import (
- "bufio"
- "fmt"
- "log"
- "net"
- "net/url"
- "strings"
- "time"
-)
-
-const (
- // We force flush the statsite metrics after this period of
- // inactivity. Prevents stats from getting stuck in a buffer
- // forever.
- flushInterval = 100 * time.Millisecond
-)
-
-// NewStatsiteSinkFromURL creates an StatsiteSink from a URL. It is used
-// (and tested) from NewMetricSinkFromURL.
-func NewStatsiteSinkFromURL(u *url.URL) (MetricSink, error) {
- return NewStatsiteSink(u.Host)
-}
-
-// StatsiteSink provides a MetricSink that can be used with a
-// statsite metrics server
-type StatsiteSink struct {
- addr string
- metricQueue chan string
-}
-
-// NewStatsiteSink is used to create a new StatsiteSink
-func NewStatsiteSink(addr string) (*StatsiteSink, error) {
- s := &StatsiteSink{
- addr: addr,
- metricQueue: make(chan string, 4096),
- }
- go s.flushMetrics()
- return s, nil
-}
-
-// Close is used to stop flushing to statsite
-func (s *StatsiteSink) Shutdown() {
- close(s.metricQueue)
-}
-
-func (s *StatsiteSink) SetGauge(key []string, val float32) {
- flatKey := s.flattenKey(key)
- s.pushMetric(fmt.Sprintf("%s:%f|g\n", flatKey, val))
-}
-
-func (s *StatsiteSink) SetGaugeWithLabels(key []string, val float32, labels []Label) {
- flatKey := s.flattenKeyLabels(key, labels)
- s.pushMetric(fmt.Sprintf("%s:%f|g\n", flatKey, val))
-}
-
-func (s *StatsiteSink) EmitKey(key []string, val float32) {
- flatKey := s.flattenKey(key)
- s.pushMetric(fmt.Sprintf("%s:%f|kv\n", flatKey, val))
-}
-
-func (s *StatsiteSink) IncrCounter(key []string, val float32) {
- flatKey := s.flattenKey(key)
- s.pushMetric(fmt.Sprintf("%s:%f|c\n", flatKey, val))
-}
-
-func (s *StatsiteSink) IncrCounterWithLabels(key []string, val float32, labels []Label) {
- flatKey := s.flattenKeyLabels(key, labels)
- s.pushMetric(fmt.Sprintf("%s:%f|c\n", flatKey, val))
-}
-
-func (s *StatsiteSink) AddSample(key []string, val float32) {
- flatKey := s.flattenKey(key)
- s.pushMetric(fmt.Sprintf("%s:%f|ms\n", flatKey, val))
-}
-
-func (s *StatsiteSink) AddSampleWithLabels(key []string, val float32, labels []Label) {
- flatKey := s.flattenKeyLabels(key, labels)
- s.pushMetric(fmt.Sprintf("%s:%f|ms\n", flatKey, val))
-}
-
-// Flattens the key for formatting, removes spaces
-func (s *StatsiteSink) flattenKey(parts []string) string {
- joined := strings.Join(parts, ".")
- return strings.Map(func(r rune) rune {
- switch r {
- case ':':
- fallthrough
- case ' ':
- return '_'
- default:
- return r
- }
- }, joined)
-}
-
-// Flattens the key along with labels for formatting, removes spaces
-func (s *StatsiteSink) flattenKeyLabels(parts []string, labels []Label) string {
- for _, label := range labels {
- parts = append(parts, label.Value)
- }
- return s.flattenKey(parts)
-}
-
-// Does a non-blocking push to the metrics queue
-func (s *StatsiteSink) pushMetric(m string) {
- select {
- case s.metricQueue <- m:
- default:
- }
-}
-
-// Flushes metrics
-func (s *StatsiteSink) flushMetrics() {
- var sock net.Conn
- var err error
- var wait <-chan time.Time
- var buffered *bufio.Writer
- ticker := time.NewTicker(flushInterval)
- defer ticker.Stop()
-
-CONNECT:
- // Attempt to connect
- sock, err = net.Dial("tcp", s.addr)
- if err != nil {
- log.Printf("[ERR] Error connecting to statsite! Err: %s", err)
- goto WAIT
- }
-
- // Create a buffered writer
- buffered = bufio.NewWriter(sock)
-
- for {
- select {
- case metric, ok := <-s.metricQueue:
- // Get a metric from the queue
- if !ok {
- goto QUIT
- }
-
- // Try to send to statsite
- _, err := buffered.Write([]byte(metric))
- if err != nil {
- log.Printf("[ERR] Error writing to statsite! Err: %s", err)
- goto WAIT
- }
- case <-ticker.C:
- if err := buffered.Flush(); err != nil {
- log.Printf("[ERR] Error flushing to statsite! Err: %s", err)
- goto WAIT
- }
- }
- }
-
-WAIT:
- // Wait for a while
- wait = time.After(time.Duration(5) * time.Second)
- for {
- select {
- // Dequeue the messages to avoid backlog
- case _, ok := <-s.metricQueue:
- if !ok {
- goto QUIT
- }
- case <-wait:
- goto CONNECT
- }
- }
-QUIT:
- s.metricQueue = nil
-}
diff --git a/vendor/github.com/armon/go-radix/.gitignore b/vendor/github.com/armon/go-radix/.gitignore
deleted file mode 100644
index 00268614..00000000
--- a/vendor/github.com/armon/go-radix/.gitignore
+++ /dev/null
@@ -1,22 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
diff --git a/vendor/github.com/armon/go-radix/.travis.yml b/vendor/github.com/armon/go-radix/.travis.yml
deleted file mode 100644
index 1a0bbea6..00000000
--- a/vendor/github.com/armon/go-radix/.travis.yml
+++ /dev/null
@@ -1,3 +0,0 @@
-language: go
-go:
- - tip
diff --git a/vendor/github.com/armon/go-radix/LICENSE b/vendor/github.com/armon/go-radix/LICENSE
deleted file mode 100644
index a5df10e6..00000000
--- a/vendor/github.com/armon/go-radix/LICENSE
+++ /dev/null
@@ -1,20 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2014 Armon Dadgar
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of
-this software and associated documentation files (the "Software"), to deal in
-the Software without restriction, including without limitation the rights to
-use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
-the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
-FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
-COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
-IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
-CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
diff --git a/vendor/github.com/armon/go-radix/README.md b/vendor/github.com/armon/go-radix/README.md
deleted file mode 100644
index 26f42a28..00000000
--- a/vendor/github.com/armon/go-radix/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-go-radix [](https://travis-ci.org/armon/go-radix)
-=========
-
-Provides the `radix` package that implements a [radix tree](http://en.wikipedia.org/wiki/Radix_tree).
-The package only provides a single `Tree` implementation, optimized for sparse nodes.
-
-As a radix tree, it provides the following:
- * O(k) operations. In many cases, this can be faster than a hash table since
- the hash function is an O(k) operation, and hash tables have very poor cache locality.
- * Minimum / Maximum value lookups
- * Ordered iteration
-
-For an immutable variant, see [go-immutable-radix](https://github.com/hashicorp/go-immutable-radix).
-
-Documentation
-=============
-
-The full documentation is available on [Godoc](http://godoc.org/github.com/armon/go-radix).
-
-Example
-=======
-
-Below is a simple example of usage
-
-```go
-// Create a tree
-r := radix.New()
-r.Insert("foo", 1)
-r.Insert("bar", 2)
-r.Insert("foobar", 2)
-
-// Find the longest prefix match
-m, _, _ := r.LongestPrefix("foozip")
-if m != "foo" {
- panic("should be foo")
-}
-```
-
diff --git a/vendor/github.com/armon/go-radix/go.mod b/vendor/github.com/armon/go-radix/go.mod
deleted file mode 100644
index 4336aa29..00000000
--- a/vendor/github.com/armon/go-radix/go.mod
+++ /dev/null
@@ -1 +0,0 @@
-module github.com/armon/go-radix
diff --git a/vendor/github.com/armon/go-radix/radix.go b/vendor/github.com/armon/go-radix/radix.go
deleted file mode 100644
index e2bb22eb..00000000
--- a/vendor/github.com/armon/go-radix/radix.go
+++ /dev/null
@@ -1,540 +0,0 @@
-package radix
-
-import (
- "sort"
- "strings"
-)
-
-// WalkFn is used when walking the tree. Takes a
-// key and value, returning if iteration should
-// be terminated.
-type WalkFn func(s string, v interface{}) bool
-
-// leafNode is used to represent a value
-type leafNode struct {
- key string
- val interface{}
-}
-
-// edge is used to represent an edge node
-type edge struct {
- label byte
- node *node
-}
-
-type node struct {
- // leaf is used to store possible leaf
- leaf *leafNode
-
- // prefix is the common prefix we ignore
- prefix string
-
- // Edges should be stored in-order for iteration.
- // We avoid a fully materialized slice to save memory,
- // since in most cases we expect to be sparse
- edges edges
-}
-
-func (n *node) isLeaf() bool {
- return n.leaf != nil
-}
-
-func (n *node) addEdge(e edge) {
- n.edges = append(n.edges, e)
- n.edges.Sort()
-}
-
-func (n *node) updateEdge(label byte, node *node) {
- num := len(n.edges)
- idx := sort.Search(num, func(i int) bool {
- return n.edges[i].label >= label
- })
- if idx < num && n.edges[idx].label == label {
- n.edges[idx].node = node
- return
- }
- panic("replacing missing edge")
-}
-
-func (n *node) getEdge(label byte) *node {
- num := len(n.edges)
- idx := sort.Search(num, func(i int) bool {
- return n.edges[i].label >= label
- })
- if idx < num && n.edges[idx].label == label {
- return n.edges[idx].node
- }
- return nil
-}
-
-func (n *node) delEdge(label byte) {
- num := len(n.edges)
- idx := sort.Search(num, func(i int) bool {
- return n.edges[i].label >= label
- })
- if idx < num && n.edges[idx].label == label {
- copy(n.edges[idx:], n.edges[idx+1:])
- n.edges[len(n.edges)-1] = edge{}
- n.edges = n.edges[:len(n.edges)-1]
- }
-}
-
-type edges []edge
-
-func (e edges) Len() int {
- return len(e)
-}
-
-func (e edges) Less(i, j int) bool {
- return e[i].label < e[j].label
-}
-
-func (e edges) Swap(i, j int) {
- e[i], e[j] = e[j], e[i]
-}
-
-func (e edges) Sort() {
- sort.Sort(e)
-}
-
-// Tree implements a radix tree. This can be treated as a
-// Dictionary abstract data type. The main advantage over
-// a standard hash map is prefix-based lookups and
-// ordered iteration,
-type Tree struct {
- root *node
- size int
-}
-
-// New returns an empty Tree
-func New() *Tree {
- return NewFromMap(nil)
-}
-
-// NewFromMap returns a new tree containing the keys
-// from an existing map
-func NewFromMap(m map[string]interface{}) *Tree {
- t := &Tree{root: &node{}}
- for k, v := range m {
- t.Insert(k, v)
- }
- return t
-}
-
-// Len is used to return the number of elements in the tree
-func (t *Tree) Len() int {
- return t.size
-}
-
-// longestPrefix finds the length of the shared prefix
-// of two strings
-func longestPrefix(k1, k2 string) int {
- max := len(k1)
- if l := len(k2); l < max {
- max = l
- }
- var i int
- for i = 0; i < max; i++ {
- if k1[i] != k2[i] {
- break
- }
- }
- return i
-}
-
-// Insert is used to add a newentry or update
-// an existing entry. Returns if updated.
-func (t *Tree) Insert(s string, v interface{}) (interface{}, bool) {
- var parent *node
- n := t.root
- search := s
- for {
- // Handle key exhaution
- if len(search) == 0 {
- if n.isLeaf() {
- old := n.leaf.val
- n.leaf.val = v
- return old, true
- }
-
- n.leaf = &leafNode{
- key: s,
- val: v,
- }
- t.size++
- return nil, false
- }
-
- // Look for the edge
- parent = n
- n = n.getEdge(search[0])
-
- // No edge, create one
- if n == nil {
- e := edge{
- label: search[0],
- node: &node{
- leaf: &leafNode{
- key: s,
- val: v,
- },
- prefix: search,
- },
- }
- parent.addEdge(e)
- t.size++
- return nil, false
- }
-
- // Determine longest prefix of the search key on match
- commonPrefix := longestPrefix(search, n.prefix)
- if commonPrefix == len(n.prefix) {
- search = search[commonPrefix:]
- continue
- }
-
- // Split the node
- t.size++
- child := &node{
- prefix: search[:commonPrefix],
- }
- parent.updateEdge(search[0], child)
-
- // Restore the existing node
- child.addEdge(edge{
- label: n.prefix[commonPrefix],
- node: n,
- })
- n.prefix = n.prefix[commonPrefix:]
-
- // Create a new leaf node
- leaf := &leafNode{
- key: s,
- val: v,
- }
-
- // If the new key is a subset, add to to this node
- search = search[commonPrefix:]
- if len(search) == 0 {
- child.leaf = leaf
- return nil, false
- }
-
- // Create a new edge for the node
- child.addEdge(edge{
- label: search[0],
- node: &node{
- leaf: leaf,
- prefix: search,
- },
- })
- return nil, false
- }
-}
-
-// Delete is used to delete a key, returning the previous
-// value and if it was deleted
-func (t *Tree) Delete(s string) (interface{}, bool) {
- var parent *node
- var label byte
- n := t.root
- search := s
- for {
- // Check for key exhaution
- if len(search) == 0 {
- if !n.isLeaf() {
- break
- }
- goto DELETE
- }
-
- // Look for an edge
- parent = n
- label = search[0]
- n = n.getEdge(label)
- if n == nil {
- break
- }
-
- // Consume the search prefix
- if strings.HasPrefix(search, n.prefix) {
- search = search[len(n.prefix):]
- } else {
- break
- }
- }
- return nil, false
-
-DELETE:
- // Delete the leaf
- leaf := n.leaf
- n.leaf = nil
- t.size--
-
- // Check if we should delete this node from the parent
- if parent != nil && len(n.edges) == 0 {
- parent.delEdge(label)
- }
-
- // Check if we should merge this node
- if n != t.root && len(n.edges) == 1 {
- n.mergeChild()
- }
-
- // Check if we should merge the parent's other child
- if parent != nil && parent != t.root && len(parent.edges) == 1 && !parent.isLeaf() {
- parent.mergeChild()
- }
-
- return leaf.val, true
-}
-
-// DeletePrefix is used to delete the subtree under a prefix
-// Returns how many nodes were deleted
-// Use this to delete large subtrees efficiently
-func (t *Tree) DeletePrefix(s string) int {
- return t.deletePrefix(nil, t.root, s)
-}
-
-// delete does a recursive deletion
-func (t *Tree) deletePrefix(parent, n *node, prefix string) int {
- // Check for key exhaustion
- if len(prefix) == 0 {
- // Remove the leaf node
- subTreeSize := 0
- //recursively walk from all edges of the node to be deleted
- recursiveWalk(n, func(s string, v interface{}) bool {
- subTreeSize++
- return false
- })
- if n.isLeaf() {
- n.leaf = nil
- }
- n.edges = nil // deletes the entire subtree
-
- // Check if we should merge the parent's other child
- if parent != nil && parent != t.root && len(parent.edges) == 1 && !parent.isLeaf() {
- parent.mergeChild()
- }
- t.size -= subTreeSize
- return subTreeSize
- }
-
- // Look for an edge
- label := prefix[0]
- child := n.getEdge(label)
- if child == nil || (!strings.HasPrefix(child.prefix, prefix) && !strings.HasPrefix(prefix, child.prefix)) {
- return 0
- }
-
- // Consume the search prefix
- if len(child.prefix) > len(prefix) {
- prefix = prefix[len(prefix):]
- } else {
- prefix = prefix[len(child.prefix):]
- }
- return t.deletePrefix(n, child, prefix)
-}
-
-func (n *node) mergeChild() {
- e := n.edges[0]
- child := e.node
- n.prefix = n.prefix + child.prefix
- n.leaf = child.leaf
- n.edges = child.edges
-}
-
-// Get is used to lookup a specific key, returning
-// the value and if it was found
-func (t *Tree) Get(s string) (interface{}, bool) {
- n := t.root
- search := s
- for {
- // Check for key exhaution
- if len(search) == 0 {
- if n.isLeaf() {
- return n.leaf.val, true
- }
- break
- }
-
- // Look for an edge
- n = n.getEdge(search[0])
- if n == nil {
- break
- }
-
- // Consume the search prefix
- if strings.HasPrefix(search, n.prefix) {
- search = search[len(n.prefix):]
- } else {
- break
- }
- }
- return nil, false
-}
-
-// LongestPrefix is like Get, but instead of an
-// exact match, it will return the longest prefix match.
-func (t *Tree) LongestPrefix(s string) (string, interface{}, bool) {
- var last *leafNode
- n := t.root
- search := s
- for {
- // Look for a leaf node
- if n.isLeaf() {
- last = n.leaf
- }
-
- // Check for key exhaution
- if len(search) == 0 {
- break
- }
-
- // Look for an edge
- n = n.getEdge(search[0])
- if n == nil {
- break
- }
-
- // Consume the search prefix
- if strings.HasPrefix(search, n.prefix) {
- search = search[len(n.prefix):]
- } else {
- break
- }
- }
- if last != nil {
- return last.key, last.val, true
- }
- return "", nil, false
-}
-
-// Minimum is used to return the minimum value in the tree
-func (t *Tree) Minimum() (string, interface{}, bool) {
- n := t.root
- for {
- if n.isLeaf() {
- return n.leaf.key, n.leaf.val, true
- }
- if len(n.edges) > 0 {
- n = n.edges[0].node
- } else {
- break
- }
- }
- return "", nil, false
-}
-
-// Maximum is used to return the maximum value in the tree
-func (t *Tree) Maximum() (string, interface{}, bool) {
- n := t.root
- for {
- if num := len(n.edges); num > 0 {
- n = n.edges[num-1].node
- continue
- }
- if n.isLeaf() {
- return n.leaf.key, n.leaf.val, true
- }
- break
- }
- return "", nil, false
-}
-
-// Walk is used to walk the tree
-func (t *Tree) Walk(fn WalkFn) {
- recursiveWalk(t.root, fn)
-}
-
-// WalkPrefix is used to walk the tree under a prefix
-func (t *Tree) WalkPrefix(prefix string, fn WalkFn) {
- n := t.root
- search := prefix
- for {
- // Check for key exhaution
- if len(search) == 0 {
- recursiveWalk(n, fn)
- return
- }
-
- // Look for an edge
- n = n.getEdge(search[0])
- if n == nil {
- break
- }
-
- // Consume the search prefix
- if strings.HasPrefix(search, n.prefix) {
- search = search[len(n.prefix):]
-
- } else if strings.HasPrefix(n.prefix, search) {
- // Child may be under our search prefix
- recursiveWalk(n, fn)
- return
- } else {
- break
- }
- }
-
-}
-
-// WalkPath is used to walk the tree, but only visiting nodes
-// from the root down to a given leaf. Where WalkPrefix walks
-// all the entries *under* the given prefix, this walks the
-// entries *above* the given prefix.
-func (t *Tree) WalkPath(path string, fn WalkFn) {
- n := t.root
- search := path
- for {
- // Visit the leaf values if any
- if n.leaf != nil && fn(n.leaf.key, n.leaf.val) {
- return
- }
-
- // Check for key exhaution
- if len(search) == 0 {
- return
- }
-
- // Look for an edge
- n = n.getEdge(search[0])
- if n == nil {
- return
- }
-
- // Consume the search prefix
- if strings.HasPrefix(search, n.prefix) {
- search = search[len(n.prefix):]
- } else {
- break
- }
- }
-}
-
-// recursiveWalk is used to do a pre-order walk of a node
-// recursively. Returns true if the walk should be aborted
-func recursiveWalk(n *node, fn WalkFn) bool {
- // Visit the leaf values if any
- if n.leaf != nil && fn(n.leaf.key, n.leaf.val) {
- return true
- }
-
- // Recurse on the children
- for _, e := range n.edges {
- if recursiveWalk(e.node, fn) {
- return true
- }
- }
- return false
-}
-
-// ToMap is used to walk the tree and convert it into a map
-func (t *Tree) ToMap() map[string]interface{} {
- out := make(map[string]interface{}, t.size)
- t.Walk(func(k string, v interface{}) bool {
- out[k] = v
- return false
- })
- return out
-}
diff --git a/vendor/github.com/elazarl/go-bindata-assetfs/LICENSE b/vendor/github.com/elazarl/go-bindata-assetfs/LICENSE
deleted file mode 100644
index 5782c726..00000000
--- a/vendor/github.com/elazarl/go-bindata-assetfs/LICENSE
+++ /dev/null
@@ -1,23 +0,0 @@
-Copyright (c) 2014, Elazar Leibovich
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-* Redistributions of source code must retain the above copyright notice, this
- list of conditions and the following disclaimer.
-
-* Redistributions in binary form must reproduce the above copyright notice,
- this list of conditions and the following disclaimer in the documentation
- and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
-SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
-CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
-OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
diff --git a/vendor/github.com/elazarl/go-bindata-assetfs/README.md b/vendor/github.com/elazarl/go-bindata-assetfs/README.md
deleted file mode 100644
index 27ee48f0..00000000
--- a/vendor/github.com/elazarl/go-bindata-assetfs/README.md
+++ /dev/null
@@ -1,46 +0,0 @@
-# go-bindata-assetfs
-
-Serve embedded files from [jteeuwen/go-bindata](https://github.com/jteeuwen/go-bindata) with `net/http`.
-
-[GoDoc](http://godoc.org/github.com/elazarl/go-bindata-assetfs)
-
-### Installation
-
-Install with
-
- $ go get github.com/jteeuwen/go-bindata/...
- $ go get github.com/elazarl/go-bindata-assetfs/...
-
-### Creating embedded data
-
-Usage is identical to [jteeuwen/go-bindata](https://github.com/jteeuwen/go-bindata) usage,
-instead of running `go-bindata` run `go-bindata-assetfs`.
-
-The tool will create a `bindata_assetfs.go` file, which contains the embedded data.
-
-A typical use case is
-
- $ go-bindata-assetfs data/...
-
-### Using assetFS in your code
-
-The generated file provides an `assetFS()` function that returns a `http.Filesystem`
-wrapping the embedded files. What you usually want to do is:
-
- http.Handle("/", http.FileServer(assetFS()))
-
-This would run an HTTP server serving the embedded files.
-
-## Without running binary tool
-
-You can always just run the `go-bindata` tool, and then
-
-use
-
- import "github.com/elazarl/go-bindata-assetfs"
- ...
- http.Handle("/",
- http.FileServer(
- &assetfs.AssetFS{Asset: Asset, AssetDir: AssetDir, AssetInfo: AssetInfo, Prefix: "data"}))
-
-to serve files embedded from the `data` directory.
diff --git a/vendor/github.com/elazarl/go-bindata-assetfs/assetfs.go b/vendor/github.com/elazarl/go-bindata-assetfs/assetfs.go
deleted file mode 100644
index 04f6d7a3..00000000
--- a/vendor/github.com/elazarl/go-bindata-assetfs/assetfs.go
+++ /dev/null
@@ -1,167 +0,0 @@
-package assetfs
-
-import (
- "bytes"
- "errors"
- "io"
- "io/ioutil"
- "net/http"
- "os"
- "path"
- "path/filepath"
- "strings"
- "time"
-)
-
-var (
- defaultFileTimestamp = time.Now()
-)
-
-// FakeFile implements os.FileInfo interface for a given path and size
-type FakeFile struct {
- // Path is the path of this file
- Path string
- // Dir marks of the path is a directory
- Dir bool
- // Len is the length of the fake file, zero if it is a directory
- Len int64
- // Timestamp is the ModTime of this file
- Timestamp time.Time
-}
-
-func (f *FakeFile) Name() string {
- _, name := filepath.Split(f.Path)
- return name
-}
-
-func (f *FakeFile) Mode() os.FileMode {
- mode := os.FileMode(0644)
- if f.Dir {
- return mode | os.ModeDir
- }
- return mode
-}
-
-func (f *FakeFile) ModTime() time.Time {
- return f.Timestamp
-}
-
-func (f *FakeFile) Size() int64 {
- return f.Len
-}
-
-func (f *FakeFile) IsDir() bool {
- return f.Mode().IsDir()
-}
-
-func (f *FakeFile) Sys() interface{} {
- return nil
-}
-
-// AssetFile implements http.File interface for a no-directory file with content
-type AssetFile struct {
- *bytes.Reader
- io.Closer
- FakeFile
-}
-
-func NewAssetFile(name string, content []byte, timestamp time.Time) *AssetFile {
- if timestamp.IsZero() {
- timestamp = defaultFileTimestamp
- }
- return &AssetFile{
- bytes.NewReader(content),
- ioutil.NopCloser(nil),
- FakeFile{name, false, int64(len(content)), timestamp}}
-}
-
-func (f *AssetFile) Readdir(count int) ([]os.FileInfo, error) {
- return nil, errors.New("not a directory")
-}
-
-func (f *AssetFile) Size() int64 {
- return f.FakeFile.Size()
-}
-
-func (f *AssetFile) Stat() (os.FileInfo, error) {
- return f, nil
-}
-
-// AssetDirectory implements http.File interface for a directory
-type AssetDirectory struct {
- AssetFile
- ChildrenRead int
- Children []os.FileInfo
-}
-
-func NewAssetDirectory(name string, children []string, fs *AssetFS) *AssetDirectory {
- fileinfos := make([]os.FileInfo, 0, len(children))
- for _, child := range children {
- _, err := fs.AssetDir(filepath.Join(name, child))
- fileinfos = append(fileinfos, &FakeFile{child, err == nil, 0, time.Time{}})
- }
- return &AssetDirectory{
- AssetFile{
- bytes.NewReader(nil),
- ioutil.NopCloser(nil),
- FakeFile{name, true, 0, time.Time{}},
- },
- 0,
- fileinfos}
-}
-
-func (f *AssetDirectory) Readdir(count int) ([]os.FileInfo, error) {
- if count <= 0 {
- return f.Children, nil
- }
- if f.ChildrenRead+count > len(f.Children) {
- count = len(f.Children) - f.ChildrenRead
- }
- rv := f.Children[f.ChildrenRead : f.ChildrenRead+count]
- f.ChildrenRead += count
- return rv, nil
-}
-
-func (f *AssetDirectory) Stat() (os.FileInfo, error) {
- return f, nil
-}
-
-// AssetFS implements http.FileSystem, allowing
-// embedded files to be served from net/http package.
-type AssetFS struct {
- // Asset should return content of file in path if exists
- Asset func(path string) ([]byte, error)
- // AssetDir should return list of files in the path
- AssetDir func(path string) ([]string, error)
- // AssetInfo should return the info of file in path if exists
- AssetInfo func(path string) (os.FileInfo, error)
- // Prefix would be prepended to http requests
- Prefix string
-}
-
-func (fs *AssetFS) Open(name string) (http.File, error) {
- name = path.Join(fs.Prefix, name)
- if len(name) > 0 && name[0] == '/' {
- name = name[1:]
- }
- if b, err := fs.Asset(name); err == nil {
- timestamp := defaultFileTimestamp
- if fs.AssetInfo != nil {
- if info, err := fs.AssetInfo(name); err == nil {
- timestamp = info.ModTime()
- }
- }
- return NewAssetFile(name, b, timestamp), nil
- }
- if children, err := fs.AssetDir(name); err == nil {
- return NewAssetDirectory(name, children, fs), nil
- } else {
- // If the error is not found, return an error that will
- // result in a 404 error. Otherwise the server returns
- // a 500 error for files not found.
- if strings.Contains(err.Error(), "not found") {
- return nil, os.ErrNotExist
- }
- return nil, err
- }
-}
diff --git a/vendor/github.com/elazarl/go-bindata-assetfs/doc.go b/vendor/github.com/elazarl/go-bindata-assetfs/doc.go
deleted file mode 100644
index a664249f..00000000
--- a/vendor/github.com/elazarl/go-bindata-assetfs/doc.go
+++ /dev/null
@@ -1,13 +0,0 @@
-// assetfs allows packages to serve static content embedded
-// with the go-bindata tool with the standard net/http package.
-//
-// See https://github.com/jteeuwen/go-bindata for more information
-// about embedding binary data with go-bindata.
-//
-// Usage example, after running
-// $ go-bindata data/...
-// use:
-// http.Handle("/",
-// http.FileServer(
-// &assetfs.AssetFS{Asset: Asset, AssetDir: AssetDir, Prefix: "data"}))
-package assetfs
diff --git a/vendor/github.com/go-sql-driver/mysql/.gitignore b/vendor/github.com/go-sql-driver/mysql/.gitignore
deleted file mode 100644
index 2de28da1..00000000
--- a/vendor/github.com/go-sql-driver/mysql/.gitignore
+++ /dev/null
@@ -1,9 +0,0 @@
-.DS_Store
-.DS_Store?
-._*
-.Spotlight-V100
-.Trashes
-Icon?
-ehthumbs.db
-Thumbs.db
-.idea
diff --git a/vendor/github.com/go-sql-driver/mysql/.travis.yml b/vendor/github.com/go-sql-driver/mysql/.travis.yml
deleted file mode 100644
index cc1268c3..00000000
--- a/vendor/github.com/go-sql-driver/mysql/.travis.yml
+++ /dev/null
@@ -1,107 +0,0 @@
-sudo: false
-language: go
-go:
- - 1.7.x
- - 1.8.x
- - 1.9.x
- - 1.10.x
- - master
-
-before_install:
- - go get golang.org/x/tools/cmd/cover
- - go get github.com/mattn/goveralls
-
-before_script:
- - echo -e "[server]\ninnodb_log_file_size=256MB\ninnodb_buffer_pool_size=512MB\nmax_allowed_packet=16MB" | sudo tee -a /etc/mysql/my.cnf
- - sudo service mysql restart
- - .travis/wait_mysql.sh
- - mysql -e 'create database gotest;'
-
-matrix:
- include:
- - env: DB=MYSQL8
- sudo: required
- dist: trusty
- go: 1.10.x
- services:
- - docker
- before_install:
- - go get golang.org/x/tools/cmd/cover
- - go get github.com/mattn/goveralls
- - docker pull mysql:8.0
- - docker run -d -p 127.0.0.1:3307:3306 --name mysqld -e MYSQL_DATABASE=gotest -e MYSQL_USER=gotest -e MYSQL_PASSWORD=secret -e MYSQL_ROOT_PASSWORD=verysecret
- mysql:8.0 --innodb_log_file_size=256MB --innodb_buffer_pool_size=512MB --max_allowed_packet=16MB --local-infile=1
- - cp .travis/docker.cnf ~/.my.cnf
- - .travis/wait_mysql.sh
- before_script:
- - export MYSQL_TEST_USER=gotest
- - export MYSQL_TEST_PASS=secret
- - export MYSQL_TEST_ADDR=127.0.0.1:3307
- - export MYSQL_TEST_CONCURRENT=1
-
- - env: DB=MYSQL57
- sudo: required
- dist: trusty
- go: 1.10.x
- services:
- - docker
- before_install:
- - go get golang.org/x/tools/cmd/cover
- - go get github.com/mattn/goveralls
- - docker pull mysql:5.7
- - docker run -d -p 127.0.0.1:3307:3306 --name mysqld -e MYSQL_DATABASE=gotest -e MYSQL_USER=gotest -e MYSQL_PASSWORD=secret -e MYSQL_ROOT_PASSWORD=verysecret
- mysql:5.7 --innodb_log_file_size=256MB --innodb_buffer_pool_size=512MB --max_allowed_packet=16MB --local-infile=1
- - cp .travis/docker.cnf ~/.my.cnf
- - .travis/wait_mysql.sh
- before_script:
- - export MYSQL_TEST_USER=gotest
- - export MYSQL_TEST_PASS=secret
- - export MYSQL_TEST_ADDR=127.0.0.1:3307
- - export MYSQL_TEST_CONCURRENT=1
-
- - env: DB=MARIA55
- sudo: required
- dist: trusty
- go: 1.10.x
- services:
- - docker
- before_install:
- - go get golang.org/x/tools/cmd/cover
- - go get github.com/mattn/goveralls
- - docker pull mariadb:5.5
- - docker run -d -p 127.0.0.1:3307:3306 --name mysqld -e MYSQL_DATABASE=gotest -e MYSQL_USER=gotest -e MYSQL_PASSWORD=secret -e MYSQL_ROOT_PASSWORD=verysecret
- mariadb:5.5 --innodb_log_file_size=256MB --innodb_buffer_pool_size=512MB --max_allowed_packet=16MB --local-infile=1
- - cp .travis/docker.cnf ~/.my.cnf
- - .travis/wait_mysql.sh
- before_script:
- - export MYSQL_TEST_USER=gotest
- - export MYSQL_TEST_PASS=secret
- - export MYSQL_TEST_ADDR=127.0.0.1:3307
- - export MYSQL_TEST_CONCURRENT=1
-
- - env: DB=MARIA10_1
- sudo: required
- dist: trusty
- go: 1.10.x
- services:
- - docker
- before_install:
- - go get golang.org/x/tools/cmd/cover
- - go get github.com/mattn/goveralls
- - docker pull mariadb:10.1
- - docker run -d -p 127.0.0.1:3307:3306 --name mysqld -e MYSQL_DATABASE=gotest -e MYSQL_USER=gotest -e MYSQL_PASSWORD=secret -e MYSQL_ROOT_PASSWORD=verysecret
- mariadb:10.1 --innodb_log_file_size=256MB --innodb_buffer_pool_size=512MB --max_allowed_packet=16MB --local-infile=1
- - cp .travis/docker.cnf ~/.my.cnf
- - .travis/wait_mysql.sh
- before_script:
- - export MYSQL_TEST_USER=gotest
- - export MYSQL_TEST_PASS=secret
- - export MYSQL_TEST_ADDR=127.0.0.1:3307
- - export MYSQL_TEST_CONCURRENT=1
-
-script:
- - go test -v -covermode=count -coverprofile=coverage.out
- - go vet ./...
- - .travis/gofmt.sh
-after_script:
- - $HOME/gopath/bin/goveralls -coverprofile=coverage.out -service=travis-ci
diff --git a/vendor/github.com/go-sql-driver/mysql/AUTHORS b/vendor/github.com/go-sql-driver/mysql/AUTHORS
deleted file mode 100644
index 73ff68fb..00000000
--- a/vendor/github.com/go-sql-driver/mysql/AUTHORS
+++ /dev/null
@@ -1,89 +0,0 @@
-# This is the official list of Go-MySQL-Driver authors for copyright purposes.
-
-# If you are submitting a patch, please add your name or the name of the
-# organization which holds the copyright to this list in alphabetical order.
-
-# Names should be added to this file as
-# Name To get Vault UI do one of the following:
-make release to create your own release binaries.
- make dev-ui to create a development binary with the UI.
-