From 9681d6ee2cb7fc98e22c37923bd31a0c4d9b3398 Mon Sep 17 00:00:00 2001 From: Denis Subbotin Date: Fri, 30 Nov 2018 15:25:09 +0000 Subject: [PATCH 1/6] fix logging to readable formats --- plugin/pki/path_venafi_cert_enroll.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugin/pki/path_venafi_cert_enroll.go b/plugin/pki/path_venafi_cert_enroll.go index 3dc11665..70962b3f 100644 --- a/plugin/pki/path_venafi_cert_enroll.go +++ b/plugin/pki/path_venafi_cert_enroll.go @@ -100,7 +100,7 @@ func (b *backend) pathVenafiCertObtain(ctx context.Context, req *logical.Request return logical.ErrorResponse(err.Error()), nil } } - log.Printf("Certificate is %s", cert) + log.Printf("Certificate is %s", *cert) log.Printf("successfully got certificate: cn=%q altNames=%+v", commonName, altNames) break } @@ -109,7 +109,7 @@ func (b *backend) pathVenafiCertObtain(ctx context.Context, req *logical.Request cs := append([]string{cert.Certificate}, cert.Chain...) chain := strings.Join(cs, "\n") log.Println("certificate: ", chain) - log.Println("private_key: ", certReq.PrivateKey) + log.Printf("private_key: %+v\n", certReq.PrivateKey) //Parsing certificate and getting it's serial number pemBlock, _ := pem.Decode([]byte(certificate)) @@ -117,7 +117,7 @@ func (b *backend) pathVenafiCertObtain(ctx context.Context, req *logical.Request serialNumber := getHexFormatted(parsedCertificate.SerialNumber.Bytes(), ":") encoded_key := encodePKCS1PrivateKey(pkey) - log.Println("Writing chain:", chain, "And key: ", encoded_key) + log.Println("Writing chain:", chain, "And key: ", string(encoded_key)) var entry *logical.StorageEntry From be0f0af4d57c82e2c0dd1f7121a67785781c1b3d Mon Sep 17 00:00:00 2001 From: Denis Subbotin Date: Fri, 30 Nov 2018 19:02:50 +0000 Subject: [PATCH 2/6] update vendoring to vault 1.0.0 --- Gopkg.lock | 92 ++- Gopkg.toml | 37 +- vendor/github.com/SermoDigital/jose/README.md | 2 +- .../github.com/Venafi/vault-pki-vcert/LICENSE | 362 ----------- .../vault-pki-vcert/plugin/pki/backend.go | 67 -- .../vault-pki-vcert/plugin/pki/cert_util.go | 149 ----- .../vault-pki-vcert/plugin/pki/path_roles.go | 311 --------- .../plugin/pki/path_venafi_cert_enroll.go | 279 -------- .../plugin/pki/path_venafi_cert_read.go | 64 -- .../plugin/pki/path_venafi_cert_revoke.go | 32 - .../plugin/pki/path_venafi_fetch.go | 161 ----- .../plugin/pki/secret_certs.go | 32 - .../Venafi/vault-pki-vcert/plugin/pki/util.go | 57 -- .../vault-pki-vcert/plugin/pki/vcert.go | 92 --- .../golang/protobuf/proto/decode.go | 1 + .../golang/protobuf/proto/deprecated.go | 38 -- .../golang/protobuf/proto/extensions.go | 2 +- .../github.com/golang/protobuf/proto/lib.go | 20 + .../golang/protobuf/proto/properties.go | 9 + .../golang/protobuf/proto/table_marshal.go | 2 +- .../golang/protobuf/proto/table_unmarshal.go | 2 +- .../golang/protobuf/ptypes/any/any.pb.go | 22 +- .../protobuf/ptypes/duration/duration.pb.go | 24 +- .../protobuf/ptypes/timestamp/timestamp.pb.go | 24 +- .../github.com/hashicorp/go-plugin/README.md | 20 +- .../hashicorp/go-retryablehttp/client.go | 8 +- .../hashicorp/go-retryablehttp/go.mod | 3 + .../hashicorp/go-retryablehttp/go.sum | 2 + vendor/github.com/hashicorp/hcl/.gitignore | 18 +- vendor/github.com/hashicorp/hcl/Makefile | 36 +- vendor/github.com/hashicorp/hcl/decoder.go | 15 +- .../hashicorp/vault/api/auth_token.go | 1 + .../github.com/hashicorp/vault/api/client.go | 8 +- .../hashicorp/vault/api/sys_auth.go | 48 +- .../hashicorp/vault/api/sys_mounts.go | 17 +- .../hashicorp/vault/api/sys_plugins.go | 127 +++- .../hashicorp/vault/api/sys_policy.go | 10 +- .../hashicorp/vault/api/sys_seal.go | 16 + .../vault/helper/pluginutil/runner.go | 6 +- .../hashicorp/vault/logical/auth.go | 3 + .../vault/logical/framework/backend.go | 29 +- .../vault/logical/framework/openapi.go | 613 ++++++++++++++++++ .../hashicorp/vault/logical/framework/path.go | 114 +++- .../vault/logical/plugin/grpc_system.go | 8 +- .../vault/logical/plugin/pb/backend.pb.go | 331 +++++----- .../vault/logical/plugin/pb/backend.proto | 8 +- .../vault/logical/plugin/pb/translation.go | 4 + .../hashicorp/vault/logical/plugin/plugin.go | 25 +- .../hashicorp/vault/logical/plugin/system.go | 2 +- .../hashicorp/vault/logical/response.go | 3 +- .../hashicorp/vault/logical/system_view.go | 4 +- .../hashicorp/vault/logical/token.go | 53 ++ .../vault/logical/translate_response.go | 8 + .../hashicorp/vault/physical/testing.go | 6 +- .../hashicorp/vault/physical/types.pb.go | 198 +++++- .../hashicorp/vault/physical/types.proto | 30 +- .../app/templates/components/license-info.hbs | 16 +- .../integration/components/license-test.js | 7 +- .../hashicorp/vault/version/version_base.go | 4 +- .../website/source/api/system/license.html.md | 2 +- vendor/github.com/hpcloud/tail/.travis.yml | 5 +- vendor/github.com/hpcloud/tail/README.md | 2 +- .../hpcloud/tail/ratelimiter/memory.go | 10 +- vendor/github.com/hpcloud/tail/tail.go | 11 +- .../hpcloud/tail/watch/filechanges.go | 2 +- .../github.com/hpcloud/tail/watch/inotify.go | 11 +- .../hpcloud/tail/watch/inotify_tracker.go | 88 +-- vendor/github.com/ryanuber/go-glob/glob.go | 27 +- vendor/golang.org/x/sys/unix/mkall.sh | 22 +- vendor/golang.org/x/sys/unix/mksyscall.go | 367 +++++++++++ vendor/golang.org/x/sys/unix/mksyscall.pl | 341 ---------- .../x/sys/unix/zsyscall_darwin_386.go | 2 +- .../x/sys/unix/zsyscall_darwin_amd64.go | 2 +- .../x/sys/unix/zsyscall_darwin_arm.go | 2 +- .../x/sys/unix/zsyscall_darwin_arm64.go | 2 +- .../x/sys/unix/zsyscall_dragonfly_amd64.go | 2 +- .../x/sys/unix/zsyscall_freebsd_386.go | 2 +- .../x/sys/unix/zsyscall_freebsd_amd64.go | 2 +- .../x/sys/unix/zsyscall_freebsd_arm.go | 2 +- .../x/sys/unix/zsyscall_linux_386.go | 2 +- .../x/sys/unix/zsyscall_linux_amd64.go | 2 +- .../x/sys/unix/zsyscall_linux_arm.go | 2 +- .../x/sys/unix/zsyscall_linux_arm64.go | 2 +- .../x/sys/unix/zsyscall_linux_mips.go | 2 +- .../x/sys/unix/zsyscall_linux_mips64.go | 2 +- .../x/sys/unix/zsyscall_linux_mips64le.go | 2 +- .../x/sys/unix/zsyscall_linux_mipsle.go | 2 +- .../x/sys/unix/zsyscall_linux_ppc64.go | 2 +- .../x/sys/unix/zsyscall_linux_ppc64le.go | 2 +- .../x/sys/unix/zsyscall_linux_riscv64.go | 2 +- .../x/sys/unix/zsyscall_linux_s390x.go | 2 +- .../x/sys/unix/zsyscall_linux_sparc64.go | 204 +++++- .../x/sys/unix/zsyscall_netbsd_386.go | 2 +- .../x/sys/unix/zsyscall_netbsd_amd64.go | 2 +- .../x/sys/unix/zsyscall_netbsd_arm.go | 2 +- .../x/sys/unix/zsyscall_openbsd_386.go | 2 +- .../x/sys/unix/zsyscall_openbsd_amd64.go | 2 +- .../x/sys/unix/zsyscall_openbsd_arm.go | 2 +- vendor/golang.org/x/time/rate/rate.go | 16 +- vendor/golang.org/x/time/rate/rate_go16.go | 21 - vendor/golang.org/x/time/rate/rate_go17.go | 21 - vendor/google.golang.org/grpc/clientconn.go | 59 +- .../google.golang.org/grpc/health/health.go | 60 +- .../grpc/internal/internal.go | 4 + .../grpc/internal/transport/http_util.go | 10 + vendor/google.golang.org/grpc/version.go | 2 +- .../{fsnotify => }/fsnotify.v1/.editorconfig | 0 .../{fsnotify => }/fsnotify.v1/.gitignore | 0 .../{fsnotify => }/fsnotify.v1/.travis.yml | 0 .../{fsnotify => }/fsnotify.v1/AUTHORS | 0 .../{fsnotify => }/fsnotify.v1/CHANGELOG.md | 0 .../fsnotify.v1/CONTRIBUTING.md | 0 .../{fsnotify => }/fsnotify.v1/LICENSE | 0 .../{fsnotify => }/fsnotify.v1/README.md | 0 .../{fsnotify => }/fsnotify.v1/fen.go | 0 .../{fsnotify => }/fsnotify.v1/fsnotify.go | 0 .../{fsnotify => }/fsnotify.v1/inotify.go | 0 .../fsnotify.v1/inotify_poller.go | 0 .../{fsnotify => }/fsnotify.v1/kqueue.go | 0 .../fsnotify.v1/open_mode_bsd.go | 0 .../fsnotify.v1/open_mode_darwin.go | 0 .../{fsnotify => }/fsnotify.v1/windows.go | 0 vendor/gopkg.in/ini.v1/.travis.yml | 1 + vendor/gopkg.in/ini.v1/README.md | 2 + vendor/gopkg.in/ini.v1/file.go | 10 +- vendor/gopkg.in/ini.v1/ini.go | 8 +- vendor/gopkg.in/ini.v1/parser.go | 8 +- vendor/gopkg.in/tomb.v1/tomb.go | 2 +- vendor/gopkg.in/yaml.v2/encode.go | 28 + 129 files changed, 2369 insertions(+), 2709 deletions(-) delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/LICENSE delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/backend.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/cert_util.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_roles.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_enroll.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_read.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_revoke.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_fetch.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/secret_certs.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/util.go delete mode 100644 vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/vcert.go delete mode 100644 vendor/github.com/golang/protobuf/proto/deprecated.go create mode 100644 vendor/github.com/hashicorp/go-retryablehttp/go.mod create mode 100644 vendor/github.com/hashicorp/go-retryablehttp/go.sum create mode 100644 vendor/github.com/hashicorp/vault/logical/framework/openapi.go create mode 100644 vendor/golang.org/x/sys/unix/mksyscall.go delete mode 100755 vendor/golang.org/x/sys/unix/mksyscall.pl delete mode 100644 vendor/golang.org/x/time/rate/rate_go16.go delete mode 100644 vendor/golang.org/x/time/rate/rate_go17.go rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/.editorconfig (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/.gitignore (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/.travis.yml (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/AUTHORS (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/CHANGELOG.md (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/CONTRIBUTING.md (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/LICENSE (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/README.md (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/fen.go (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/fsnotify.go (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/inotify.go (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/inotify_poller.go (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/kqueue.go (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/open_mode_bsd.go (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/open_mode_darwin.go (100%) rename vendor/gopkg.in/{fsnotify => }/fsnotify.v1/windows.go (100%) diff --git a/Gopkg.lock b/Gopkg.lock index 7194a881..b7a95664 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,8 +2,7 @@ [[projects]] - branch = "master" - digest = "1:e26170d7ec7d444d7b74a5b1dbd6437fd8e552d27efce9327f733311737c4ae9" + digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" name = "github.com/SermoDigital/jose" packages = [ ".", @@ -12,15 +11,8 @@ "jwt", ] pruneopts = "UT" - revision = "803625baeddc3526d01d321b5066029f53eafc81" - -[[projects]] - digest = "1:c3130f9a1fe7b8dbcb30e167ecd55dd13638142cacfab47bbfaa5c9e6447f0be" - name = "github.com/Venafi/vault-pki-vcert" - packages = ["plugin/pki"] - pruneopts = "UT" - revision = "3f2671ad871d03b3dbec833ad13e0cb91f42d9da" - version = "0.2" + revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" + version = "1.1" [[projects]] branch = "master" @@ -47,7 +39,7 @@ version = "v1.0.0" [[projects]] - digest = "1:f26d410f706e6bdfb1576cacf9e4bbd3add8b55a298bf90ab20f588854bad6e0" + digest = "1:4c0989ca0bcd10799064318923b9bc2db6b4d6338dd75f3f2d86c3511aaaf5cf" name = "github.com/golang/protobuf" packages = [ "proto", @@ -57,7 +49,8 @@ "ptypes/timestamp", ] pruneopts = "UT" - revision = "ddf22928ea3c56eb4292a0adbbf5001b1e8e7d0d" + revision = "aa810b61a9c79d51363740d207bb46cf8e620ed5" + version = "v1.2.0" [[projects]] branch = "master" @@ -108,18 +101,20 @@ version = "v1.0.0" [[projects]] - digest = "1:880e48599e7f65dd85eed8092d63ebcbc73715491aec1a857adbce6d9d51d1ac" + branch = "master" + digest = "1:12fd3b73c54592003bf5214e9efff0092abaa173eedfc5390ed17431ed5dde1e" name = "github.com/hashicorp/go-plugin" packages = ["."] pruneopts = "UT" - revision = "314501b665e0b2cc71bbd829783179fc38840a85" + revision = "54b6ff97d8180dbbd93d2010dd4a92c86f604bb8" [[projects]] - digest = "1:183f00c472fb9b2446659618eebf4899872fa267b92f926539411abdc8b941df" + digest = "1:4112546e6964796e1c92a9ffdea8fd7ae81ffbf81eda4f946f50937e178f53da" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "UT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "4502c0ecdaf0b50d857611af23831260f99be6bf" + version = "v0.5.0" [[projects]] branch = "master" @@ -165,8 +160,7 @@ version = "v0.5.0" [[projects]] - branch = "master" - digest = "1:01c267930c063d047b1044d6b2bff0ad967faf37ba639a3eec16a013a16d5f3d" + digest = "1:ea40c24cdbacd054a6ae9de03e62c5f252479b96c716375aace5c120d68647c8" name = "github.com/hashicorp/hcl" packages = [ ".", @@ -180,10 +174,11 @@ "json/token", ] pruneopts = "UT" - revision = "65a6292f0157eff210d03ed1bf6c59b190b8b906" + revision = "8cb6e5b959231cc1119e43259c4a608f9c51a241" + version = "v1.0.0" [[projects]] - digest = "1:38312566de7eb1c5b686f7d30af6f2c2a661dd2b26fbcebf49bd36b88e4bfad0" + digest = "1:17e1085503022dd8118ec101e4364f6de7a2ba8b9fd39a0b7356d2d217c31796" name = "github.com/hashicorp/vault" packages = [ "api", @@ -212,8 +207,8 @@ "version", ] pruneopts = "UT" - revision = "a59ffa4a0f09bbf198241fe6793a96722789b639" - version = "v0.11.5" + revision = "74da0d392ec88726fecc4920fb75e744a247f70a" + version = "v1.0.0-rc1" [[projects]] branch = "master" @@ -224,8 +219,7 @@ revision = "2f1d1f20f75d5404f53b9edf6b53ed5505508675" [[projects]] - branch = "master" - digest = "1:59392ed8afb901aab4287d4894df8191722e34f3957716f4350c8c133ce99046" + digest = "1:a1038ef593beb4771c8f0f9c26e8b00410acd800af5c6864651d9bf160ea1813" name = "github.com/hpcloud/tail" packages = [ ".", @@ -235,7 +229,8 @@ "winfile", ] pruneopts = "UT" - revision = "a1dbeea552b7c8df4b542c66073e393de198a800" + revision = "a30252cb686a21eb2d0b98132633053ec2f7f1e5" + version = "v1.0.0" [[projects]] digest = "1:78bbb1ba5b7c3f2ed0ea1eab57bdd3859aec7e177811563edc41198a760b06af" @@ -337,12 +332,12 @@ revision = "6283090d169f51a2410b4e260341a01c9a4c0ca7" [[projects]] - branch = "master" - digest = "1:5b92d232e81c3e8eec282c92dcaa2e0e1ad3c23157be19a01b3e33f7e6e8d137" + digest = "1:0e792eea6c96ec55ff302ef33886acbaa5006e900fefe82689e88d96439dcd84" name = "github.com/ryanuber/go-glob" packages = ["."] pruneopts = "UT" - revision = "256dc444b735e061061cf46c809487313d5b0065" + revision = "572520ed46dbddaed19ea3d9541bdd0494163693" + version = "v0.1" [[projects]] branch = "master" @@ -361,15 +356,15 @@ "trace", ] pruneopts = "UT" - revision = "adae6a3d119ae4890b46832a2e88a95adc62b8e7" + revision = "fae4c4e3ad76c295c3d6d259f898136b4bf833a8" [[projects]] branch = "master" - digest = "1:225564f71149334315118db714e1ea87513e4a11cf4acb27e26bc7577cebfa0b" + digest = "1:8775d8a768d9e65e8b659172804aac5db1fc8d563ba766470a6c2698c57c61a7" name = "golang.org/x/sys" packages = ["unix"] pruneopts = "UT" - revision = "0cf1ed9e522b7dbb416f080a5c8003de9b702bf4" + revision = "4ed8d59d0b35e1e29334a206d1b3f38b1e5dfb31" [[projects]] digest = "1:436b24586f8fee329e0dd65fd67c817681420cda1d7f934345c13fe78c212a73" @@ -407,11 +402,12 @@ version = "v0.3.0" [[projects]] - digest = "1:c9e7a4b4d47c0ed205d257648b0e5b0440880cb728506e318f8ac7cd36270bc4" + branch = "master" + digest = "1:9fdc2b55e8e0fafe4b41884091e51e77344f7dc511c5acedcfd98200003bff90" name = "golang.org/x/time" packages = ["rate"] pruneopts = "UT" - revision = "fbb02b2291d28baffd63558aa44b4b56f178d650" + revision = "85acf8d2951cb2a3bde7632f9ff273ef0379bcbd" [[projects]] branch = "master" @@ -419,10 +415,10 @@ name = "google.golang.org/genproto" packages = ["googleapis/rpc/status"] pruneopts = "UT" - revision = "b5d43981345bdb2c233eb4bf3277847b48c6fdc6" + revision = "31ac5d88444a9e7ad18077db9a165d793ad06a2e" [[projects]] - digest = "1:6b155865b5e73d16adff506349d08e9e857cf48ea88a17dd1e5a6f8f8c738ba2" + digest = "1:95550b4aa2a79019c2a832c1a7d6a5446b046e3ee8cce12a042778ac0ac47baf" name = "google.golang.org/grpc" packages = [ ".", @@ -455,44 +451,46 @@ "tap", ] pruneopts = "UT" - revision = "1da8e51941b9a2c8f4bc3271acc30393c29e9cc0" + revision = "2e463a05d100327ca47ac218281906921038fd95" + version = "v1.16.0" [[projects]] digest = "1:abeb38ade3f32a92943e5be54f55ed6d6e3b6602761d74b4aab4c9dd45c18abd" - name = "gopkg.in/fsnotify/fsnotify.v1" + name = "gopkg.in/fsnotify.v1" packages = ["."] pruneopts = "UT" revision = "c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9" + source = "https://github.com/fsnotify/fsnotify/archive/v1.4.7.tar.gz" version = "v1.4.7" [[projects]] - digest = "1:5abd6a22805b1919f6a6bca0ae58b13cef1f3412812f38569978f43ef02743d4" + digest = "1:15e27372d379b45b18ac917b9dafc45c45485239490ece18cca97a12f9591146" name = "gopkg.in/ini.v1" packages = ["."] pruneopts = "UT" - revision = "5cf292cae48347c2490ac1a58fe36735fb78df7e" - version = "v1.38.2" + revision = "9c8236e659b76e87bf02044d06fde8683008ff3e" + version = "v1.39.0" [[projects]] - digest = "1:3c839a777de0e6da035c9de900b60cbec463b0a89351192c1ea083eaf9e0fce0" + branch = "v1" + digest = "1:0caa92e17bc0b65a98c63e5bc76a9e844cd5e56493f8fdbb28fad101a16254d9" name = "gopkg.in/tomb.v1" packages = ["."] pruneopts = "UT" - revision = "c131134a1947e9afd9cecfe11f4c6dff0732ae58" + revision = "dd632973f1e7218eb1089048e0798ec9ae7dceb8" [[projects]] - digest = "1:342378ac4dcb378a5448dd723f0784ae519383532f5e70ade24132c4c8693202" + digest = "1:4d2e5a73dc1500038e504a8d78b986630e3626dc027bc030ba5c75da257cdb96" name = "gopkg.in/yaml.v2" packages = ["."] pruneopts = "UT" - revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183" - version = "v2.2.1" + revision = "51d6538a90f86fe93ac480b35f37b2be17fef232" + version = "v2.2.2" [solve-meta] analyzer-name = "dep" analyzer-version = 1 input-imports = [ - "github.com/Venafi/vault-pki-vcert/plugin/pki", "github.com/Venafi/vcert", "github.com/Venafi/vcert/pkg/certificate", "github.com/Venafi/vcert/pkg/endpoint", diff --git a/Gopkg.toml b/Gopkg.toml index a5a00650..dfe3f588 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -1,41 +1,10 @@ -# Gopkg.toml example -# -# Refer to https://golang.github.io/dep/docs/Gopkg.toml.html -# for detailed Gopkg.toml documentation. -# -# required = ["github.com/user/thing/cmd/thing"] -# ignored = ["github.com/user/project/pkgX", "bitbucket.org/user/project/pkgA/pkgY"] -# -# [[constraint]] -# name = "github.com/user/project" -# version = "1.0.0" -# -# [[constraint]] -# name = "github.com/user/project2" -# branch = "dev" -# source = "github.com/myfork/project2" -# -# [[override]] -# name = "github.com/x/y" -# version = "2.4.0" -# -# [prune] -# non-go = false -# go-tests = true -# unused-packages = true - - -[[constraint]] - name = "github.com/Venafi/vault-pki-vcert" - version = "0.2.0" - [[constraint]] branch = "master" name = "github.com/Venafi/vcert" [[constraint]] name = "github.com/hashicorp/vault" - version = "0.11.5" + version = "1.0.0-rc1" [[constraint]] name = "github.com/onsi/ginkgo" @@ -49,6 +18,10 @@ branch = "master" name = "github.com/rendon/testcli" +[[override]] + source = "https://github.com/fsnotify/fsnotify/archive/v1.4.7.tar.gz" + name = "gopkg.in/fsnotify.v1" + [prune] go-tests = true unused-packages = true diff --git a/vendor/github.com/SermoDigital/jose/README.md b/vendor/github.com/SermoDigital/jose/README.md index 621862ef..44edd54a 100644 --- a/vendor/github.com/SermoDigital/jose/README.md +++ b/vendor/github.com/SermoDigital/jose/README.md @@ -23,7 +23,7 @@ JWE is currently unimplemented. The docs can be found at [godoc.org] [docs], as usual. A gopkg.in mirror can be found at https://gopkg.in/jose.v1, thanks to -@zia-newversion. (For context, see issue #30.) +@zia-newversion. (For context, see #30.) ### [JWS RFC][jws] ### [JWE RFC][jwe] diff --git a/vendor/github.com/Venafi/vault-pki-vcert/LICENSE b/vendor/github.com/Venafi/vault-pki-vcert/LICENSE deleted file mode 100644 index be2cc4df..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/LICENSE +++ /dev/null @@ -1,362 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. "Contributor" - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. "Contributor Version" - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor's Contribution. - -1.3. "Contribution" - - means Covered Software of a particular Contributor. - -1.4. "Covered Software" - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. "Incompatible With Secondary Licenses" - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of - version 1.1 or earlier of the License, but not also under the terms of - a Secondary License. - -1.6. "Executable Form" - - means any form of the work other than Source Code Form. - -1.7. "Larger Work" - - means a work that combines Covered Software with other material, in a - separate file or files, that is not Covered Software. - -1.8. "License" - - means this document. - -1.9. "Licensable" - - means having the right to grant, to the maximum extent possible, whether - at the time of the initial grant or subsequently, any and all of the - rights conveyed by this License. - -1.10. "Modifications" - - means any of the following: - - a. any file in Source Code Form that results from an addition to, - deletion from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. "Patent Claims" of a Contributor - - means any patent claim(s), including without limitation, method, - process, and apparatus claims, in any patent Licensable by such - Contributor that would be infringed, but for the grant of the License, - by the making, using, selling, offering for sale, having made, import, - or transfer of either its Contributions or its Contributor Version. - -1.12. "Secondary License" - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. "Source Code Form" - - means the form of the work preferred for making modifications. - -1.14. "You" (or "Your") - - means an individual or a legal entity exercising rights under this - License. For legal entities, "You" includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, "control" means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or - as part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its - Contributions or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution - become effective for each Contribution on the date the Contributor first - distributes such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under - this License. No additional rights or licenses will be implied from the - distribution or licensing of Covered Software under this License. - Notwithstanding Section 2.1(b) above, no patent license is granted by a - Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party's - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of - its Contributions. - - This License does not grant any rights in the trademarks, service marks, - or logos of any Contributor (except as may be necessary to comply with - the notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this - License (see Section 10.2) or under the terms of a Secondary License (if - permitted under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its - Contributions are its original creation(s) or it has sufficient rights to - grant the rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under - applicable copyright doctrines of fair use, fair dealing, or other - equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under - the terms of this License. You must inform recipients that the Source - Code Form of the Covered Software is governed by the terms of this - License, and how they can obtain a copy of this License. You may not - attempt to alter or restrict the recipients' rights in the Source Code - Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this - License, or sublicense it under different terms, provided that the - license for the Executable Form does not attempt to limit or alter the - recipients' rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for - the Covered Software. If the Larger Work is a combination of Covered - Software with a work governed by one or more Secondary Licenses, and the - Covered Software is not Incompatible With Secondary Licenses, this - License permits You to additionally distribute such Covered Software - under the terms of such Secondary License(s), so that the recipient of - the Larger Work may, at their option, further distribute the Covered - Software under the terms of either this License or such Secondary - License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices - (including copyright notices, patent notices, disclaimers of warranty, or - limitations of liability) contained within the Source Code Form of the - Covered Software, except that You may alter any license notices to the - extent required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on - behalf of any Contributor. You must make it absolutely clear that any - such warranty, support, indemnity, or liability obligation is offered by - You alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, - judicial order, or regulation then You must: (a) comply with the terms of - this License to the maximum extent possible; and (b) describe the - limitations and the code they affect. Such description must be placed in a - text file included with all distributions of the Covered Software under - this License. Except to the extent prohibited by statute or regulation, - such description must be sufficiently detailed for a recipient of ordinary - skill to be able to understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing - basis, if such Contributor fails to notify You of the non-compliance by - some reasonable means prior to 60 days after You have come back into - compliance. Moreover, Your grants from a particular Contributor are - reinstated on an ongoing basis if such Contributor notifies You of the - non-compliance by some reasonable means, this is the first time You have - received notice of non-compliance with this License from such - Contributor, and You become compliant prior to 30 days after Your receipt - of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, - counter-claims, and cross-claims) alleging that a Contributor Version - directly or indirectly infringes any patent, then the rights granted to - You by any and all Contributors for the Covered Software under Section - 2.1 of this License shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an "as is" basis, - without warranty of any kind, either expressed, implied, or statutory, - including, without limitation, warranties that the Covered Software is free - of defects, merchantable, fit for a particular purpose or non-infringing. - The entire risk as to the quality and performance of the Covered Software - is with You. Should any Covered Software prove defective in any respect, - You (not any Contributor) assume the cost of any necessary servicing, - repair, or correction. This disclaimer of warranty constitutes an essential - part of this License. No use of any Covered Software is authorized under - this License except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from - such party's negligence to the extent applicable law prohibits such - limitation. Some jurisdictions do not allow the exclusion or limitation of - incidental or consequential damages, so this exclusion and limitation may - not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts - of a jurisdiction where the defendant maintains its principal place of - business and such litigation shall be governed by laws of that - jurisdiction, without reference to its conflict-of-law provisions. Nothing - in this Section shall prevent a party's ability to bring cross-claims or - counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject - matter hereof. If any provision of this License is held to be - unenforceable, such provision shall be reformed only to the extent - necessary to make it enforceable. Any law or regulation which provides that - the language of a contract shall be construed against the drafter shall not - be used to construe this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version - of the License under which You originally received the Covered Software, - or under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a - modified version of this License if you rename the license and remove - any references to the name of the license steward (except to note that - such modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary - Licenses If You choose to distribute Source Code Form that is - Incompatible With Secondary Licenses under the terms of this version of - the License, the notice described in Exhibit B of this License must be - attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, -then You may include the notice in a location (such as a LICENSE file in a -relevant directory) where a recipient would be likely to look for such a -notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - "Incompatible With Secondary Licenses" Notice - - This Source Code Form is "Incompatible - With Secondary Licenses", as defined by - the Mozilla Public License, v. 2.0. diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/backend.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/backend.go deleted file mode 100644 index 772c4b57..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/backend.go +++ /dev/null @@ -1,67 +0,0 @@ -package pki - -import ( - "context" - "strings" - "sync" - "time" - - "github.com/hashicorp/vault/logical" - "github.com/hashicorp/vault/logical/framework" -) - -// Factory creates a new backend implementing the logical.Backend interface -func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, error) { - b := Backend() - if err := b.Setup(ctx, conf); err != nil { - return nil, err - } - return b, nil -} - -// Backend returns a new Backend framework struct -func Backend() *backend { - var b backend - b.Backend = &framework.Backend{ - Help: strings.TrimSpace(backendHelp), - - PathsSpecial: &logical.Paths{ - SealWrapStorage: []string{ - "roles/", - }, - }, - - Paths: []*framework.Path{ - pathListRoles(&b), - pathRoles(&b), - pathVenafiCertEnroll(&b), - pathVenafiCertRead(&b), - pathVenafiCertRevoke(&b), - pathVenafiFetchValid(&b), - pathVenafiFetchListCerts(&b), - }, - - Secrets: []*framework.Secret{ - secretCerts(&b), - }, - - BackendType: logical.TypeLogical, - } - - b.crlLifetime = time.Hour * 72 - - return &b -} - -type backend struct { - *framework.Backend - - crlLifetime time.Duration - revokeStorageLock sync.RWMutex -} - -const backendHelp = ` -The Venafi certificates backend plugin requests certificates from TPP of Condor. - -After mounting this backend create a role using role/ path. -` diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/cert_util.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/cert_util.go deleted file mode 100644 index 6fb1e101..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/cert_util.go +++ /dev/null @@ -1,149 +0,0 @@ -package pki - -import ( - "context" - "encoding/asn1" - "fmt" - "github.com/hashicorp/vault/helper/errutil" - "github.com/hashicorp/vault/logical" - "regexp" - "strconv" - "strings" -) - -var ( - // A note on hostnameRegex: although we set the StrictDomainName option - // when doing the idna conversion, this appears to only affect output, not - // input, so it will allow e.g. host^123.example.com straight through. So - // we still need to use this to check the output. - hostnameRegex = regexp.MustCompile(`^(\*\.)?(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])$`) - oidExtensionBasicConstraints = []int{2, 5, 29, 19} -) - -func validateKeyTypeLength(keyType string, keyBits int) *logical.Response { - switch keyType { - case "rsa": - switch keyBits { - case 2048: - case 4096: - case 8192: - default: - return logical.ErrorResponse(fmt.Sprintf( - "unsupported bit length for RSA key: %d", keyBits)) - } - case "ec": - switch keyBits { - case 224: - case 256: - case 384: - case 521: - default: - return logical.ErrorResponse(fmt.Sprintf( - "unsupported bit length for EC key: %d", keyBits)) - } - case "any": - default: - return logical.ErrorResponse(fmt.Sprintf( - "unknown key type %s", keyType)) - } - - return nil -} - -// Allows fetching certificates from the backend; it handles the slightly -// separate pathing for CA, CRL, and revoked certificates. -func fetchCertBySerial(ctx context.Context, req *logical.Request, prefix, serial string) (*logical.StorageEntry, error) { - var path, legacyPath string - var err error - var certEntry *logical.StorageEntry - - hyphenSerial := normalizeSerial(serial) - colonSerial := strings.Replace(strings.ToLower(serial), "-", ":", -1) - - switch { - // Revoked goes first as otherwise ca/crl get hardcoded paths which fail if - // we actually want revocation info - case strings.HasPrefix(prefix, "revoked/"): - legacyPath = "revoked/" + colonSerial - path = "revoked/" + hyphenSerial - case serial == "ca": - path = "ca" - case serial == "crl": - path = "crl" - default: - legacyPath = "certs/" + colonSerial - path = "certs/" + hyphenSerial - } - - certEntry, err = req.Storage.Get(ctx, path) - if err != nil { - return nil, errutil.InternalError{Err: fmt.Sprintf("error fetching certificate %s: %s", serial, err)} - } - if certEntry != nil { - if certEntry.Value == nil || len(certEntry.Value) == 0 { - return nil, errutil.InternalError{Err: fmt.Sprintf("returned certificate bytes for serial %s were empty", serial)} - } - return certEntry, nil - } - - // If legacyPath is unset, it's going to be a CA or CRL; return immediately - if legacyPath == "" { - return nil, nil - } - - // Retrieve the old-style path - certEntry, err = req.Storage.Get(ctx, legacyPath) - if err != nil { - return nil, errutil.InternalError{Err: fmt.Sprintf("error fetching certificate %s: %s", serial, err)} - } - if certEntry == nil { - return nil, nil - } - if certEntry.Value == nil || len(certEntry.Value) == 0 { - return nil, errutil.InternalError{Err: fmt.Sprintf("returned certificate bytes for serial %s were empty", serial)} - } - - // Update old-style paths to new-style paths - certEntry.Key = path - if err = req.Storage.Put(ctx, certEntry); err != nil { - return nil, errutil.InternalError{Err: fmt.Sprintf("error saving certificate with serial %s to new location", serial)} - } - if err = req.Storage.Delete(ctx, legacyPath); err != nil { - return nil, errutil.InternalError{Err: fmt.Sprintf("error deleting certificate with serial %s from old location", serial)} - } - - return certEntry, nil -} - -func parseOtherSANs(others []string) (map[string][]string, error) { - result := map[string][]string{} - for _, other := range others { - splitOther := strings.SplitN(other, ";", 2) - if len(splitOther) != 2 { - return nil, fmt.Errorf("expected a semicolon in other SAN %q", other) - } - splitType := strings.SplitN(splitOther[1], ":", 2) - if len(splitType) != 2 { - return nil, fmt.Errorf("expected a colon in other SAN %q", other) - } - if strings.ToLower(splitType[0]) != "utf8" { - return nil, fmt.Errorf("only utf8 other SANs are supported; found non-supported type in other SAN %q", other) - } - result[splitOther[0]] = append(result[splitOther[0]], splitType[1]) - } - - return result, nil -} - -func stringToOid(in string) (asn1.ObjectIdentifier, error) { - split := strings.Split(in, ".") - ret := make(asn1.ObjectIdentifier, 0, len(split)) - for _, v := range split { - i, err := strconv.Atoi(v) - if err != nil { - return nil, err - } - ret = append(ret, i) - } - return asn1.ObjectIdentifier(ret), nil -} diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_roles.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_roles.go deleted file mode 100644 index 963eb60c..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_roles.go +++ /dev/null @@ -1,311 +0,0 @@ -package pki - -import ( - "context" - "strings" - "time" - - "github.com/hashicorp/vault/helper/consts" - "github.com/hashicorp/vault/helper/parseutil" - "github.com/hashicorp/vault/logical" - "github.com/hashicorp/vault/logical/framework" -) - -func pathListRoles(b *backend) *framework.Path { - return &framework.Path{ - Pattern: "roles/?$", - - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ListOperation: b.pathRoleList, - }, - - HelpSynopsis: pathListRolesHelpSyn, - HelpDescription: pathListRolesHelpDesc, - } -} - -func pathRoles(b *backend) *framework.Path { - return &framework.Path{ - Pattern: "roles/" + framework.GenericNameRegex("name"), - Fields: map[string]*framework.FieldSchema{ - "name": &framework.FieldSchema{ - Type: framework.TypeString, - Description: "Name of the role", - }, - "tpp_url": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `URL of Venafi Platfrom. Example: https://tpp.venafi.example/vedsdk`, - }, - - "cloud_url": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `URL for Venafi Cloud. Set it only if you want to use non production Cloud`, - }, - - "zone": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `Name of Venafi Platfrom or Cloud policy. -Example for Platform: testpolicy\\vault -Example for Venafi Cloud: Default`, - }, - - "tpp_user": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `web API user for Venafi Platfrom Example: admin`, - }, - "tpp_password": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `Password for web API user Example: password`, - }, - "trust_bundle_file": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `Use to specify a PEM formatted file with certificates to be used as trust anchors when communicating with the remote server. -Example: - trust_bundle_file = "/full/path/to/chain.pem""`, - }, - "apikey": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `API key for Venafi Cloud. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d`, - }, - "fakemode": &framework.FieldSchema{ - Type: framework.TypeBool, - Description: `Set it to true to use face CA instead of Cloud or Platform to issue certificates. Useful for testing.`, - }, - - "store_by_cn": &framework.FieldSchema{ - Type: framework.TypeBool, - Description: `Set it to true to store certificates by CN in certs/ path`, - }, - - "store_by_serial": &framework.FieldSchema{ - Type: framework.TypeBool, - Description: `Set it to true to store certificates by unique serial number in certs/ path`, - }, - - "store_pkey": &framework.FieldSchema{ - Type: framework.TypeBool, - Description: `Set it to true to store certificates privates key in certificate fields`, - }, - - "ttl": &framework.FieldSchema{ - Type: framework.TypeDurationSecond, - Description: `The lease duration if no specific lease duration is -requested. The lease duration controls the expiration -of certificates issued by this backend. Defaults to -the value of max_ttl.`, - }, - - "max_ttl": &framework.FieldSchema{ - Type: framework.TypeDurationSecond, - Description: "The maximum allowed lease duration", - }, - - "generate_lease": &framework.FieldSchema{ - Type: framework.TypeBool, - Description: ` -If set, certificates issued/signed against this role will have Vault leases -attached to them. Defaults to "false".`, - }, - }, - - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ReadOperation: b.pathRoleRead, - logical.UpdateOperation: b.pathRoleCreate, - logical.DeleteOperation: b.pathRoleDelete, - }, - - HelpSynopsis: pathRoleHelpSyn, - HelpDescription: pathRoleHelpDesc, - } -} - -func (b *backend) getRole(ctx context.Context, s logical.Storage, n string) (*roleEntry, error) { - entry, err := s.Get(ctx, "role/"+n) - if err != nil { - return nil, err - } - if entry == nil { - return nil, nil - } - - var result roleEntry - if err := entry.DecodeJSON(&result); err != nil { - return nil, err - } - - // Migrate existing saved entries and save back if changed - modified := false - if len(result.DeprecatedTTL) == 0 && len(result.Lease) != 0 { - result.DeprecatedTTL = result.Lease - result.Lease = "" - modified = true - } - if result.TTL == 0 && len(result.DeprecatedTTL) != 0 { - parsed, err := parseutil.ParseDurationSecond(result.DeprecatedTTL) - if err != nil { - return nil, err - } - result.TTL = parsed - result.DeprecatedTTL = "" - modified = true - } - if len(result.DeprecatedMaxTTL) == 0 && len(result.LeaseMax) != 0 { - result.DeprecatedMaxTTL = result.LeaseMax - result.LeaseMax = "" - modified = true - } - if result.MaxTTL == 0 && len(result.DeprecatedMaxTTL) != 0 { - parsed, err := parseutil.ParseDurationSecond(result.DeprecatedMaxTTL) - if err != nil { - return nil, err - } - result.MaxTTL = parsed - result.DeprecatedMaxTTL = "" - modified = true - } - - if modified && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary)) { - jsonEntry, err := logical.StorageEntryJSON("role/"+n, &result) - if err != nil { - return nil, err - } - if err := s.Put(ctx, jsonEntry); err != nil { - // Only perform upgrades on replication primary - if !strings.Contains(err.Error(), logical.ErrReadOnly.Error()) { - return nil, err - } - } - } - - return &result, nil -} - -func (b *backend) pathRoleDelete(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - err := req.Storage.Delete(ctx, "role/"+data.Get("name").(string)) - if err != nil { - return nil, err - } - - return nil, nil -} - -func (b *backend) pathRoleRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - roleName := data.Get("name").(string) - if roleName == "" { - return logical.ErrorResponse("missing role name"), nil - } - - role, err := b.getRole(ctx, req.Storage, roleName) - if err != nil { - return nil, err - } - if role == nil { - return nil, nil - } - - resp := &logical.Response{ - Data: role.ToResponseData(), - } - return resp, nil -} - -func (b *backend) pathRoleList(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { - entries, err := req.Storage.List(ctx, "role/") - if err != nil { - return nil, err - } - - return logical.ListResponse(entries), nil -} - -func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - var err error - name := data.Get("name").(string) - - entry := &roleEntry{ - TPPURL: data.Get("tpp_url").(string), - CloudURL: data.Get("cloud_url").(string), - Zone: data.Get("zone").(string), - TPPPassword: data.Get("tpp_password").(string), - Apikey: data.Get("apikey").(string), - TPPUser: data.Get("tpp_user").(string), - TrustBundleFile: data.Get("trust_bundle_file").(string), - Fakemode: data.Get("fakemode").(bool), - StoreByCN: data.Get("store_by_cn").(bool), - StoreBySerial: data.Get("store_by_serial").(bool), - StorePrivateKey: data.Get("store_pkey").(bool), - MaxTTL: time.Duration(data.Get("max_ttl").(int)) * time.Second, - TTL: time.Duration(data.Get("ttl").(int)) * time.Second, - GenerateLease: data.Get("generate_lease").(bool), - } - - if entry.MaxTTL > 0 && entry.TTL > entry.MaxTTL { - return logical.ErrorResponse( - `"ttl" value must be less than "max_ttl" value`, - ), nil - } - - // Store it - jsonEntry, err := logical.StorageEntryJSON("role/"+name, entry) - if err != nil { - return nil, err - } - if err := req.Storage.Put(ctx, jsonEntry); err != nil { - return nil, err - } - - return nil, nil -} - -type roleEntry struct { - - //Venafi values - TPPURL string `json:"tpp_url"` - CloudURL string `json:"cloud_url"` - Zone string `json:"zone"` - TPPPassword string `json:"tpp_password"` - Apikey string `json:"apikey"` - TPPUser string `json:"tpp_user"` - TrustBundleFile string `json:"trust_bundle_file"` - Fakemode bool `json:"fakemode"` - StoreByCN bool `json:"store_by_cn"` - StoreBySerial bool `json:"store_by_serial"` - StorePrivateKey bool `json:"store_pkey"` - LeaseMax string `json:"lease_max"` - Lease string `json:"lease"` - TTL time.Duration `json:"ttl_duration" mapstructure:"ttl_duration"` - MaxTTL time.Duration `json:"max_ttl_duration" mapstructure:"max_ttl_duration"` - GenerateLease bool `json:"generate_lease,omitempty"` - DeprecatedMaxTTL string `json:"max_ttl" mapstructure:"max_ttl"` - DeprecatedTTL string `json:"ttl" mapstructure:"ttl"` -} - -func (r *roleEntry) ToResponseData() map[string]interface{} { - responseData := map[string]interface{}{ - //Venafi - "tpp_url": r.TPPURL, - "cloud_url": r.CloudURL, - "zone": r.Zone, - //We shouldn't show credentials - //"tpp_password": r.TPPPassword, - //"apikey": r.Apikey, - "tpp_user": r.TPPUser, - "trust_bundle_file": r.TrustBundleFile, - "fakemode": r.Fakemode, - "store_by_cn": r.StoreByCN, - "store_by_serial": r.StoreBySerial, - "store_pkey": r.StorePrivateKey, - "ttl": int64(r.TTL.Seconds()), - "max_ttl": int64(r.MaxTTL.Seconds()), - "generate_lease": r.GenerateLease, - } - return responseData -} - -const pathListRolesHelpSyn = `List the existing roles in this backend` - -const pathListRolesHelpDesc = `Roles will be listed by the role name.` - -const pathRoleHelpSyn = `Manage the roles that can be created with this backend.` - -const pathRoleHelpDesc = `This path lets you manage the roles that can be created with this backend.` diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_enroll.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_enroll.go deleted file mode 100644 index 3dc11665..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_enroll.go +++ /dev/null @@ -1,279 +0,0 @@ -package pki - -import ( - "context" - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "encoding/pem" - "fmt" - vcertificate "github.com/Venafi/vcert/pkg/certificate" - "github.com/Venafi/vcert/pkg/endpoint" - "github.com/hashicorp/vault/logical" - "github.com/hashicorp/vault/logical/framework" - "log" - "strings" - "time" -) - -func pathVenafiCertEnroll(b *backend) *framework.Path { - return &framework.Path{ - Pattern: "issue/" + framework.GenericNameRegex("role"), - Fields: map[string]*framework.FieldSchema{ - "role": { - Type: framework.TypeString, - Description: `The desired role with configuration for this request`, - }, - "common_name": { - Type: framework.TypeString, - Description: "Common name for created certificate", - }, - "alt_names": { - Type: framework.TypeCommaStringSlice, - Description: "Alternative names for created certificate", - }, - }, - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.UpdateOperation: b.pathVenafiCertObtain, - }, - - HelpSynopsis: pathConfigRootHelpSyn, - HelpDescription: pathConfigRootHelpDesc, - } -} - -func (b *backend) pathVenafiCertObtain(ctx context.Context, req *logical.Request, data *framework.FieldData) ( - *logical.Response, error) { - - log.Printf("Getting the role\n") - roleName := data.Get("role").(string) - - role, err := b.getRole(ctx, req.Storage, roleName) - if err != nil { - return nil, err - } - if role == nil { - return nil, fmt.Errorf("Unknown role +%v", role) - } - - commonName := data.Get("common_name").(string) - altNames := data.Get("alt_names").([]string) - if len(commonName) == 0 && len(altNames) == 0 { - return logical.ErrorResponse("no domains specified on certificate"), nil - } - if len(commonName) == 0 && len(altNames) > 0 { - commonName = altNames[0] - } - - log.Println("Signing certificate " + commonName) - log.Printf("ALTNAMES is is %T %p %s", altNames, &altNames, altNames) - log.Println("Running venafi client:") - cl, err := b.ClientVenafi(ctx, req.Storage, data, req, roleName) - if err != nil { - return logical.ErrorResponse(err.Error()), nil - } - log.Println(cl) - certReq, pkey, err := createVenafiCSR(commonName, altNames, 2048) - if err != nil { - return logical.ErrorResponse(err.Error()), nil - } - log.Printf("Running enroll request") - id, err := cl.RequestCertificate(certReq, "") - if err != nil { - return logical.ErrorResponse(err.Error()), nil - } - - certReq.PickupID = id - - var cert *vcertificate.PEMCollection - for { - cert, err = cl.RetrieveCertificate(certReq) - if err != nil { - _, pending := err.(endpoint.ErrCertificatePending) - _, timeout := err.(endpoint.ErrRetrieveCertificateTimeout) - - if pending || timeout { - log.Printf("Certificate %s Issue pending with id %s", commonName, id) - time.Sleep(5 * time.Second) - continue - } else { - return logical.ErrorResponse(err.Error()), nil - } - } - log.Printf("Certificate is %s", cert) - log.Printf("successfully got certificate: cn=%q altNames=%+v", commonName, altNames) - break - } - - certificate := strings.Join([]string{cert.Certificate}, "\n") - cs := append([]string{cert.Certificate}, cert.Chain...) - chain := strings.Join(cs, "\n") - log.Println("certificate: ", chain) - log.Println("private_key: ", certReq.PrivateKey) - - //Parsing certificate and getting it's serial number - pemBlock, _ := pem.Decode([]byte(certificate)) - parsedCertificate, err := x509.ParseCertificate(pemBlock.Bytes) - serialNumber := getHexFormatted(parsedCertificate.SerialNumber.Bytes(), ":") - - encoded_key := encodePKCS1PrivateKey(pkey) - log.Println("Writing chain:", chain, "And key: ", encoded_key) - - var entry *logical.StorageEntry - - if role.StorePrivateKey { - entry, err = logical.StorageEntryJSON("", VenafiCert{ - Certificate: certificate, - CertificateChain: chain, - PrivateKey: string(encoded_key), - SerialNumber: serialNumber, - }) - } else { - entry, err = logical.StorageEntryJSON("", VenafiCert{ - Certificate: certificate, - CertificateChain: chain, - SerialNumber: serialNumber, - }) - } - - if role.StoreByCN { - - //Writing certificate to the storage with CN - log.Println("Putting certificate to the certs/" + commonName) - entry.Key = "certs/" + commonName - - if err := req.Storage.Put(ctx, entry); err != nil { - log.Println("Error putting entry to storage") - return nil, err - } - } - - if role.StoreBySerial { - - //Writing certificate to the storage with Serial Number - log.Println("Putting certificate to the certs/", normalizeSerial(serialNumber)) - entry.Key = "certs/" + normalizeSerial(serialNumber) - - if err := req.Storage.Put(ctx, entry); err != nil { - log.Println("Error putting entry to storage") - return nil, err - } - } - - respData := map[string]interface{}{ - "common_name": commonName, - "serial_number": serialNumber, - "certificate_chain": chain, - "certificate": certificate, - "private_key": string(encoded_key), - } - - var logResp *logical.Response - switch { - case role.GenerateLease == false: - // If lease generation is disabled do not populate `Secret` field in - // the response - logResp = &logical.Response{ - Data: respData, - } - default: - logResp = b.Secret(SecretCertsType).Response( - respData, - map[string]interface{}{ - "serial_number": serialNumber, - }) - TTL := parsedCertificate.NotAfter.Sub(time.Now()) - log.Println("Seting up secret lease duration to: ", TTL) - logResp.Secret.TTL = TTL - } - - logResp.AddWarning("Read access to this endpoint should be controlled via ACLs as it will return the connection private key as it is.") - return logResp, nil -} - -func createVenafiCSR(commonName string, altNames []string, keySize int) (*vcertificate.Request, *rsa.PrivateKey, error) { - const defaultKeySize = 2048 - req := &vcertificate.Request{} - - if len(commonName) == 0 && len(altNames) == 0 { - return req, nil, fmt.Errorf("no domains specified on certificate") - } - if len(commonName) == 0 && len(altNames) > 0 { - commonName = altNames[0] - } - - //Obtain a certificate from the Venafi server - log.Printf("Using CN %s and SAN %s", commonName, altNames) - req.Subject.CommonName = commonName - //Adding alt names if exists - dnsnum := len(altNames) - if dnsnum > 0 { - req.DNSNames = make([]string, 0, dnsnum) - for i := 0; i < dnsnum; i++ { - val := altNames[i] - log.Printf("Adding SAN %s.", val) - req.DNSNames = append(req.DNSNames, val) - } - } - //Appending common name to the DNS names if it is not there - if !sliceContains(req.DNSNames, commonName) { - log.Printf("Adding CN %s to SAN because it wasn't included.", commonName) - req.DNSNames = append(req.DNSNames, commonName) - } - - log.Printf("Requested SAN: %s", req.DNSNames) - //If not set setting key size to 2048 if not set or set less than 2048 - switch { - case keySize == 0: - req.KeyLength = defaultKeySize - case keySize > defaultKeySize: - req.KeyLength = keySize - default: - log.Printf("Key Size is less than %d, setting it to %d", defaultKeySize, defaultKeySize) - req.KeyLength = defaultKeySize - } - - reader := rand.Reader - - key, err := rsa.GenerateKey(reader, req.KeyLength) - if err != nil { - return req, nil, fmt.Errorf("error generating key: %s", err) - } - req.PrivateKey = key - - //Setting up CSR - certificateRequest := x509.CertificateRequest{} - certificateRequest.Subject = req.Subject - certificateRequest.DNSNames = req.DNSNames - certificateRequest.EmailAddresses = req.EmailAddresses - certificateRequest.IPAddresses = req.IPAddresses - certificateRequest.Attributes = req.Attributes - - /* TODO: - zoneConfig, err = cs.Conn.ReadZoneConfiguration(cf.Zone) - zoneConfig.UpdateCertificateRequest(req) - ...should happen somewhere here before CSR is signed */ - - csr, err := x509.CreateCertificateRequest(rand.Reader, &certificateRequest, key) - - req.CSR = csr - - req.CSR = pem.EncodeToMemory(vcertificate.GetCertificateRequestPEMBlock(req.CSR)) - - return req, key, nil -} - -type VenafiCert struct { - Certificate string `json:"certificate"` - CertificateChain string `json:"certificate_chain"` - PrivateKey string `json:"private_key"` - SerialNumber string `json:"serial_number"` -} - -const pathConfigRootHelpSyn = ` -Configure the Venafi TPP credentials that are used to manage certificates, -` - -const pathConfigRootHelpDesc = ` -Configure TPP first -` diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_read.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_read.go deleted file mode 100644 index 8cbd2c7f..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_read.go +++ /dev/null @@ -1,64 +0,0 @@ -package pki - -import ( - "context" - "fmt" - "github.com/hashicorp/vault/logical" - "github.com/hashicorp/vault/logical/framework" - "log" -) - -func pathVenafiCertRead(b *backend) *framework.Path { - return &framework.Path{ - //Pattern: "certs/(?P[0-9a-z-.]+)", - Pattern: "cert/" + framework.GenericNameRegex("certificate_uid"), - Fields: map[string]*framework.FieldSchema{ - "certificate_uid": { - Type: framework.TypeString, - Description: "Common name or serial number of desired certificate", - }, - }, - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ReadOperation: b.pathVenafiCertRead, - }, - - HelpSynopsis: pathConfigRootHelpSyn, - HelpDescription: pathConfigRootHelpDesc, - } -} - -func (b *backend) pathVenafiCertRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - log.Printf("Trying to read certificate") - certUID := data.Get("certificate_uid").(string) - if len(certUID) == 0 { - return logical.ErrorResponse("no common name specified on certificate"), nil - } - - entry, err := req.Storage.Get(ctx, "certs/"+certUID) - if err != nil { - return nil, fmt.Errorf("failed to read Venafi certificate") - } - var cert VenafiCert - log.Println("Getting venafi certificate") - log.Println("certificate:", cert.Certificate) - e := entry.DecodeJSON(&cert) - log.Println("e:", e) - if err := entry.DecodeJSON(&cert); err != nil { - log.Printf("error reading venafi configuration: %s", err) - return nil, err - } - log.Println("chain is:", cert.Certificate) - - respData := map[string]interface{}{ - "certificate_uid": certUID, - "serial_number": cert.SerialNumber, - "certificate_chain": cert.CertificateChain, - "certificate": cert.Certificate, - "private_key": cert.PrivateKey, - } - - return &logical.Response{ - //Data: structs.New(cert).Map(), - Data: respData, - }, nil -} diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_revoke.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_revoke.go deleted file mode 100644 index f617422a..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_cert_revoke.go +++ /dev/null @@ -1,32 +0,0 @@ -package pki - -import ( - "context" - "github.com/hashicorp/vault/logical" - "github.com/hashicorp/vault/logical/framework" -) - -func pathVenafiCertRevoke(b *backend) *framework.Path { - return &framework.Path{ - //Pattern: "certs/(?P[0-9a-z-.]+)", - Pattern: "cert/" + framework.GenericNameRegex("certificate_uid"), - Fields: map[string]*framework.FieldSchema{ - "certificate_uid": { - Type: framework.TypeString, - Description: "Common name for created certificate", - }, - }, - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ReadOperation: b.venafiCertRevoke, - }, - - HelpSynopsis: pathConfigRootHelpSyn, - HelpDescription: pathConfigRootHelpDesc, - } -} - -func (b *backend) venafiCertRevoke(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { - //TODO: Add revoke function here - - return nil, nil -} diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_fetch.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_fetch.go deleted file mode 100644 index c36b31b7..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/path_venafi_fetch.go +++ /dev/null @@ -1,161 +0,0 @@ -package pki - -import ( - "context" - "encoding/pem" - "strings" - - "github.com/hashicorp/vault/helper/errutil" - "github.com/hashicorp/vault/logical" - "github.com/hashicorp/vault/logical/framework" -) - -func pathVenafiFetchValid(b *backend) *framework.Path { - return &framework.Path{ - Pattern: `cert/(?P[0-9A-Fa-f-:]+)`, - Fields: map[string]*framework.FieldSchema{ - "serial": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `Certificate serial number, in colon- or -hyphen-separated octal`, - }, - }, - - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ReadOperation: b.pathVenafiFetchRead, - }, - - HelpSynopsis: pathVenafiFetchHelpSyn, - HelpDescription: pathVenafiFetchHelpDesc, - } -} - -func pathVenafiFetchListCerts(b *backend) *framework.Path { - return &framework.Path{ - Pattern: "certs/?$", - - Callbacks: map[logical.Operation]framework.OperationFunc{ - logical.ListOperation: b.pathVenafiFetchCertList, - }, - - HelpSynopsis: pathVenafiFetchHelpSyn, - HelpDescription: pathVenafiFetchHelpDesc, - } -} - -func (b *backend) pathVenafiFetchCertList(ctx context.Context, req *logical.Request, data *framework.FieldData) (response *logical.Response, retErr error) { - entries, err := req.Storage.List(ctx, "certs/") - if err != nil { - return nil, err - } - - return logical.ListResponse(entries), nil -} - -func (b *backend) pathVenafiFetchRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (response *logical.Response, retErr error) { - var serial, pemType, contentType string - var certEntry *logical.StorageEntry - var funcErr error - var certificate []byte - var revocationTime int64 - response = &logical.Response{ - Data: map[string]interface{}{}, - } - - switch { - case req.Path == "crl" || req.Path == "crl/pem": - serial = "crl" - contentType = "application/pkix-crl" - if req.Path == "crl/pem" { - pemType = "X509 CRL" - } - case req.Path == "cert/crl": - serial = "crl" - pemType = "X509 CRL" - default: - serial = data.Get("serial").(string) - pemType = "CERTIFICATE" - } - if len(serial) == 0 { - response = logical.ErrorResponse("The serial number must be provided") - goto reply - } - - certEntry, funcErr = fetchCertBySerial(ctx, req, req.Path, serial) - if funcErr != nil { - switch funcErr.(type) { - case errutil.UserError: - response = logical.ErrorResponse(funcErr.Error()) - goto reply - case errutil.InternalError: - retErr = funcErr - goto reply - } - } - if certEntry == nil { - response = nil - goto reply - } - - certificate = certEntry.Value - - if len(pemType) != 0 { - block := pem.Block{ - Type: pemType, - Bytes: certEntry.Value, - } - certificate = []byte(strings.TrimSpace(string(pem.EncodeToMemory(&block)))) - } - - if funcErr != nil { - switch funcErr.(type) { - case errutil.UserError: - response = logical.ErrorResponse(funcErr.Error()) - goto reply - case errutil.InternalError: - retErr = funcErr - goto reply - } - } - -reply: - switch { - case len(contentType) != 0: - response = &logical.Response{ - Data: map[string]interface{}{ - logical.HTTPContentType: contentType, - logical.HTTPRawBody: certificate, - }} - if retErr != nil { - if b.Logger().IsWarn() { - b.Logger().Warn("Possible error, but cannot return in raw response. Note that an empty CA probably means none was configured, and an empty CRL is possibly correct", "error", retErr) - } - } - retErr = nil - if len(certificate) > 0 { - response.Data[logical.HTTPStatusCode] = 200 - } else { - response.Data[logical.HTTPStatusCode] = 204 - } - case retErr != nil: - response = nil - return - case response == nil: - return - case response.IsError(): - return response, nil - default: - response.Data["certificate"] = string(certificate) - response.Data["revocation_time"] = revocationTime - } - - return -} - -const pathVenafiFetchHelpSyn = ` -This allows certificates to be fetched. -` - -const pathVenafiFetchHelpDesc = ` -This allows certificates to be fetched. -` diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/secret_certs.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/secret_certs.go deleted file mode 100644 index 10141a26..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/secret_certs.go +++ /dev/null @@ -1,32 +0,0 @@ -package pki - -import ( - "github.com/hashicorp/vault/logical/framework" -) - -// SecretCertsType is the name used to identify this type -const SecretCertsType = "pki" - -func secretCerts(b *backend) *framework.Secret { - return &framework.Secret{ - Type: SecretCertsType, - Fields: map[string]*framework.FieldSchema{ - "certificate": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `The PEM-encoded concatenated certificate and -issuing certificate authority`, - }, - "private_key": &framework.FieldSchema{ - Type: framework.TypeString, - Description: "The PEM-encoded private key for the certificate", - }, - "serial": &framework.FieldSchema{ - Type: framework.TypeString, - Description: `The serial number of the certificate, for handy -reference`, - }, - }, - - Revoke: b.venafiCertRevoke, - } -} diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/util.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/util.go deleted file mode 100644 index 117dfb98..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/util.go +++ /dev/null @@ -1,57 +0,0 @@ -package pki - -import ( - "bytes" - "context" - "crypto/rsa" - "crypto/x509" - "encoding/pem" - "fmt" - "github.com/hashicorp/vault/logical" - "strings" - "testing" -) - -func sliceContains(slice []string, item string) bool { - set := make(map[string]struct{}, len(slice)) - for _, s := range slice { - set[s] = struct{}{} - } - - _, ok := set[item] - return ok -} - -func getHexFormatted(buf []byte, sep string) string { - var ret bytes.Buffer - for _, cur := range buf { - if ret.Len() > 0 { - fmt.Fprintf(&ret, sep) - } - fmt.Fprintf(&ret, "%02x", cur) - } - return ret.String() -} - -func normalizeSerial(serial string) string { - return strings.Replace(strings.ToLower(serial), ":", "-", -1) -} - -func encodePKCS1PrivateKey(pk *rsa.PrivateKey) []byte { - block := &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(pk)} - - return pem.EncodeToMemory(block) -} - -func createBackendWithStorage(t *testing.T) (*backend, logical.Storage) { - config := logical.TestBackendConfig() - config.StorageView = &logical.InmemStorage{} - - var err error - b := Backend() - err = b.Setup(context.Background(), config) - if err != nil { - t.Fatal(err) - } - return b, config.StorageView -} diff --git a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/vcert.go b/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/vcert.go deleted file mode 100644 index 850ce501..00000000 --- a/vendor/github.com/Venafi/vault-pki-vcert/plugin/pki/vcert.go +++ /dev/null @@ -1,92 +0,0 @@ -package pki - -import ( - "context" - "fmt" - "github.com/Venafi/vcert" - "github.com/Venafi/vcert/pkg/endpoint" - "github.com/hashicorp/vault/logical" - "github.com/hashicorp/vault/logical/framework" - "io/ioutil" - "log" -) - -func (b *backend) ClientVenafi(ctx context.Context, s logical.Storage, data *framework.FieldData, req *logical.Request, roleName string) ( - endpoint.Connector, error) { - log.Printf("Using role: %s", roleName) - if roleName == "" { - return nil, fmt.Errorf("Missing role name") - } - - role, err := b.getRole(ctx, req.Storage, roleName) - if err != nil { - return nil, err - } - if role == nil { - return nil, fmt.Errorf("Unknown role %v", role) - } - - var cfg *vcert.Config - if role.Fakemode { - log.Println("Using fakemode to issue certificate") - cfg = &vcert.Config{ - ConnectorType: endpoint.ConnectorTypeFake, - LogVerbose: true, - } - } else if role.TPPURL != "" && role.TPPUser != "" && role.TPPPassword != "" { - log.Printf("Using Platform with url %s to issue certificate\n", role.TPPURL) - if role.TrustBundleFile != "" { - log.Printf("Trying to read trust bundle from file %s\n", role.TrustBundleFile) - trustBundle, err := ioutil.ReadFile(role.TrustBundleFile) - if err != nil { - return nil, err - } - trustBundlePEM := string(trustBundle) - cfg = &vcert.Config{ - ConnectorType: endpoint.ConnectorTypeTPP, - BaseUrl: role.TPPURL, - ConnectionTrust: trustBundlePEM, - Credentials: &endpoint.Authentication{ - User: role.TPPUser, - Password: role.TPPPassword, - }, - Zone: role.Zone, - LogVerbose: true, - } - } else { - cfg = &vcert.Config{ - ConnectorType: endpoint.ConnectorTypeTPP, - BaseUrl: role.TPPURL, - Credentials: &endpoint.Authentication{ - User: role.TPPUser, - Password: role.TPPPassword, - }, - Zone: role.Zone, - LogVerbose: true, - } - } - - } else if role.Apikey != "" { - log.Println("Using Cloud to issue certificate") - cfg = &vcert.Config{ - ConnectorType: endpoint.ConnectorTypeCloud, - BaseUrl: role.CloudURL, - Credentials: &endpoint.Authentication{ - APIKey: role.Apikey, - }, - Zone: role.Zone, - LogVerbose: true, - } - } else { - return nil, fmt.Errorf("failed to build config for Venafi issuer") - } - - client, err := vcert.NewClient(cfg) - if err != nil { - return nil, fmt.Errorf("failed to get Venafi issuer client: %s", err) - } - - log.Printf("Venafi vcert client. type = %T, p = %p, v = %v\n", client, &client, client) - return client, nil - -} diff --git a/vendor/github.com/golang/protobuf/proto/decode.go b/vendor/github.com/golang/protobuf/proto/decode.go index 63b0f08b..d9aa3c42 100644 --- a/vendor/github.com/golang/protobuf/proto/decode.go +++ b/vendor/github.com/golang/protobuf/proto/decode.go @@ -186,6 +186,7 @@ func (p *Buffer) DecodeVarint() (x uint64, err error) { if b&0x80 == 0 { goto done } + // x -= 0x80 << 63 // Always zero. return 0, errOverflow diff --git a/vendor/github.com/golang/protobuf/proto/deprecated.go b/vendor/github.com/golang/protobuf/proto/deprecated.go deleted file mode 100644 index 69de0ea0..00000000 --- a/vendor/github.com/golang/protobuf/proto/deprecated.go +++ /dev/null @@ -1,38 +0,0 @@ -// Go support for Protocol Buffers - Google's data interchange format -// -// Copyright 2018 The Go Authors. All rights reserved. -// https://github.com/golang/protobuf -// -// Redistribution and use in source and binary forms, with or without -// modification, are permitted provided that the following conditions are -// met: -// -// * Redistributions of source code must retain the above copyright -// notice, this list of conditions and the following disclaimer. -// * Redistributions in binary form must reproduce the above -// copyright notice, this list of conditions and the following disclaimer -// in the documentation and/or other materials provided with the -// distribution. -// * Neither the name of Google Inc. nor the names of its -// contributors may be used to endorse or promote products derived from -// this software without specific prior written permission. -// -// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -package proto - -// Deprecated: do not use. -type Stats struct{ Emalloc, Dmalloc, Encode, Decode, Chit, Cmiss, Size uint64 } - -// Deprecated: do not use. -func GetStats() Stats { return Stats{} } diff --git a/vendor/github.com/golang/protobuf/proto/extensions.go b/vendor/github.com/golang/protobuf/proto/extensions.go index dacdd22d..816a3b9d 100644 --- a/vendor/github.com/golang/protobuf/proto/extensions.go +++ b/vendor/github.com/golang/protobuf/proto/extensions.go @@ -488,7 +488,7 @@ func SetExtension(pb Message, extension *ExtensionDesc, value interface{}) error } typ := reflect.TypeOf(extension.ExtensionType) if typ != reflect.TypeOf(value) { - return fmt.Errorf("proto: bad extension value type. got: %T, want: %T", value, extension.ExtensionType) + return errors.New("proto: bad extension value type") } // nil extension values need to be caught early, because the // encoder can't distinguish an ErrNil due to a nil extension diff --git a/vendor/github.com/golang/protobuf/proto/lib.go b/vendor/github.com/golang/protobuf/proto/lib.go index c076dbdb..75565cc6 100644 --- a/vendor/github.com/golang/protobuf/proto/lib.go +++ b/vendor/github.com/golang/protobuf/proto/lib.go @@ -341,6 +341,26 @@ type Message interface { ProtoMessage() } +// Stats records allocation details about the protocol buffer encoders +// and decoders. Useful for tuning the library itself. +type Stats struct { + Emalloc uint64 // mallocs in encode + Dmalloc uint64 // mallocs in decode + Encode uint64 // number of encodes + Decode uint64 // number of decodes + Chit uint64 // number of cache hits + Cmiss uint64 // number of cache misses + Size uint64 // number of sizes +} + +// Set to true to enable stats collection. +const collectStats = false + +var stats Stats + +// GetStats returns a copy of the global Stats structure. +func GetStats() Stats { return stats } + // A Buffer is a buffer manager for marshaling and unmarshaling // protocol buffers. It may be reused between invocations to // reduce memory usage. It is not necessary to use a Buffer; diff --git a/vendor/github.com/golang/protobuf/proto/properties.go b/vendor/github.com/golang/protobuf/proto/properties.go index dce098e6..50b99b83 100644 --- a/vendor/github.com/golang/protobuf/proto/properties.go +++ b/vendor/github.com/golang/protobuf/proto/properties.go @@ -334,6 +334,9 @@ func GetProperties(t reflect.Type) *StructProperties { sprop, ok := propertiesMap[t] propertiesMu.RUnlock() if ok { + if collectStats { + stats.Chit++ + } return sprop } @@ -346,8 +349,14 @@ func GetProperties(t reflect.Type) *StructProperties { // getPropertiesLocked requires that propertiesMu is held. func getPropertiesLocked(t reflect.Type) *StructProperties { if prop, ok := propertiesMap[t]; ok { + if collectStats { + stats.Chit++ + } return prop } + if collectStats { + stats.Cmiss++ + } prop := new(StructProperties) // in case of recursive protos, fill this in now. diff --git a/vendor/github.com/golang/protobuf/proto/table_marshal.go b/vendor/github.com/golang/protobuf/proto/table_marshal.go index f3a2d16a..b1679449 100644 --- a/vendor/github.com/golang/protobuf/proto/table_marshal.go +++ b/vendor/github.com/golang/protobuf/proto/table_marshal.go @@ -448,7 +448,7 @@ func (fi *marshalFieldInfo) computeMarshalFieldInfo(f *reflect.StructField) { func (fi *marshalFieldInfo) computeOneofFieldInfo(f *reflect.StructField, oneofImplementers []interface{}) { fi.field = toField(f) - fi.wiretag = math.MaxInt32 // Use a large tag number, make oneofs sorted at the end. This tag will not appear on the wire. + fi.wiretag = 1<<31 - 1 // Use a large tag number, make oneofs sorted at the end. This tag will not appear on the wire. fi.isPointer = true fi.sizer, fi.marshaler = makeOneOfMarshaler(fi, f) fi.oneofElems = make(map[reflect.Type]*marshalElemInfo) diff --git a/vendor/github.com/golang/protobuf/proto/table_unmarshal.go b/vendor/github.com/golang/protobuf/proto/table_unmarshal.go index fd4afec8..ebf1caa5 100644 --- a/vendor/github.com/golang/protobuf/proto/table_unmarshal.go +++ b/vendor/github.com/golang/protobuf/proto/table_unmarshal.go @@ -1948,7 +1948,7 @@ func encodeVarint(b []byte, x uint64) []byte { // If there is an error, it returns 0,0. func decodeVarint(b []byte) (uint64, int) { var x, y uint64 - if len(b) == 0 { + if len(b) <= 0 { goto bad } x = uint64(b[0]) diff --git a/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go b/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go index 6e760e3a..e3c56d3f 100644 --- a/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go +++ b/vendor/github.com/golang/protobuf/ptypes/any/any.pb.go @@ -1,13 +1,11 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // source: google/protobuf/any.proto -package any +package any // import "github.com/golang/protobuf/ptypes/any" -import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" - math "math" -) +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" // Reference imports to suppress errors if they are not otherwise used. var _ = proto.Marshal @@ -135,19 +133,17 @@ func (m *Any) Reset() { *m = Any{} } func (m *Any) String() string { return proto.CompactTextString(m) } func (*Any) ProtoMessage() {} func (*Any) Descriptor() ([]byte, []int) { - return fileDescriptor_b53526c13ae22eb4, []int{0} + return fileDescriptor_any_744b9ca530f228db, []int{0} } - func (*Any) XXX_WellKnownType() string { return "Any" } - func (m *Any) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Any.Unmarshal(m, b) } func (m *Any) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_Any.Marshal(b, m, deterministic) } -func (m *Any) XXX_Merge(src proto.Message) { - xxx_messageInfo_Any.Merge(m, src) +func (dst *Any) XXX_Merge(src proto.Message) { + xxx_messageInfo_Any.Merge(dst, src) } func (m *Any) XXX_Size() int { return xxx_messageInfo_Any.Size(m) @@ -176,9 +172,9 @@ func init() { proto.RegisterType((*Any)(nil), "google.protobuf.Any") } -func init() { proto.RegisterFile("google/protobuf/any.proto", fileDescriptor_b53526c13ae22eb4) } +func init() { proto.RegisterFile("google/protobuf/any.proto", fileDescriptor_any_744b9ca530f228db) } -var fileDescriptor_b53526c13ae22eb4 = []byte{ +var fileDescriptor_any_744b9ca530f228db = []byte{ // 185 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4c, 0xcf, 0xcf, 0x4f, 0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0xcc, 0xab, 0xd4, diff --git a/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go b/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go index 5e841af2..a7beb2c4 100644 --- a/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go +++ b/vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go @@ -1,13 +1,11 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // source: google/protobuf/duration.proto -package duration +package duration // import "github.com/golang/protobuf/ptypes/duration" -import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" - math "math" -) +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" // Reference imports to suppress errors if they are not otherwise used. var _ = proto.Marshal @@ -101,19 +99,17 @@ func (m *Duration) Reset() { *m = Duration{} } func (m *Duration) String() string { return proto.CompactTextString(m) } func (*Duration) ProtoMessage() {} func (*Duration) Descriptor() ([]byte, []int) { - return fileDescriptor_23597b2ebd7ac6c5, []int{0} + return fileDescriptor_duration_e7d612259e3f0613, []int{0} } - func (*Duration) XXX_WellKnownType() string { return "Duration" } - func (m *Duration) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Duration.Unmarshal(m, b) } func (m *Duration) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_Duration.Marshal(b, m, deterministic) } -func (m *Duration) XXX_Merge(src proto.Message) { - xxx_messageInfo_Duration.Merge(m, src) +func (dst *Duration) XXX_Merge(src proto.Message) { + xxx_messageInfo_Duration.Merge(dst, src) } func (m *Duration) XXX_Size() int { return xxx_messageInfo_Duration.Size(m) @@ -142,9 +138,11 @@ func init() { proto.RegisterType((*Duration)(nil), "google.protobuf.Duration") } -func init() { proto.RegisterFile("google/protobuf/duration.proto", fileDescriptor_23597b2ebd7ac6c5) } +func init() { + proto.RegisterFile("google/protobuf/duration.proto", fileDescriptor_duration_e7d612259e3f0613) +} -var fileDescriptor_23597b2ebd7ac6c5 = []byte{ +var fileDescriptor_duration_e7d612259e3f0613 = []byte{ // 190 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4b, 0xcf, 0xcf, 0x4f, 0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x4f, 0x29, 0x2d, 0x4a, diff --git a/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go b/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go index fe4fc28b..8e76ae97 100644 --- a/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go +++ b/vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go @@ -1,13 +1,11 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // source: google/protobuf/timestamp.proto -package timestamp +package timestamp // import "github.com/golang/protobuf/ptypes/timestamp" -import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" - math "math" -) +import proto "github.com/golang/protobuf/proto" +import fmt "fmt" +import math "math" // Reference imports to suppress errors if they are not otherwise used. var _ = proto.Marshal @@ -117,19 +115,17 @@ func (m *Timestamp) Reset() { *m = Timestamp{} } func (m *Timestamp) String() string { return proto.CompactTextString(m) } func (*Timestamp) ProtoMessage() {} func (*Timestamp) Descriptor() ([]byte, []int) { - return fileDescriptor_292007bbfe81227e, []int{0} + return fileDescriptor_timestamp_b826e8e5fba671a8, []int{0} } - func (*Timestamp) XXX_WellKnownType() string { return "Timestamp" } - func (m *Timestamp) XXX_Unmarshal(b []byte) error { return xxx_messageInfo_Timestamp.Unmarshal(m, b) } func (m *Timestamp) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { return xxx_messageInfo_Timestamp.Marshal(b, m, deterministic) } -func (m *Timestamp) XXX_Merge(src proto.Message) { - xxx_messageInfo_Timestamp.Merge(m, src) +func (dst *Timestamp) XXX_Merge(src proto.Message) { + xxx_messageInfo_Timestamp.Merge(dst, src) } func (m *Timestamp) XXX_Size() int { return xxx_messageInfo_Timestamp.Size(m) @@ -158,9 +154,11 @@ func init() { proto.RegisterType((*Timestamp)(nil), "google.protobuf.Timestamp") } -func init() { proto.RegisterFile("google/protobuf/timestamp.proto", fileDescriptor_292007bbfe81227e) } +func init() { + proto.RegisterFile("google/protobuf/timestamp.proto", fileDescriptor_timestamp_b826e8e5fba671a8) +} -var fileDescriptor_292007bbfe81227e = []byte{ +var fileDescriptor_timestamp_b826e8e5fba671a8 = []byte{ // 191 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x92, 0x4f, 0xcf, 0xcf, 0x4f, 0xcf, 0x49, 0xd5, 0x2f, 0x28, 0xca, 0x2f, 0xc9, 0x4f, 0x2a, 0x4d, 0xd3, 0x2f, 0xc9, 0xcc, 0x4d, diff --git a/vendor/github.com/hashicorp/go-plugin/README.md b/vendor/github.com/hashicorp/go-plugin/README.md index e4558dbc..fe305ad5 100644 --- a/vendor/github.com/hashicorp/go-plugin/README.md +++ b/vendor/github.com/hashicorp/go-plugin/README.md @@ -109,7 +109,7 @@ high-level steps that must be done. Examples are available in the 1. Choose the interface(s) you want to expose for plugins. 2. For each interface, implement an implementation of that interface - that communicates over a `net/rpc` connection or other a + that communicates over a `net/rpc` connection or over a [gRPC](http://www.grpc.io) connection or both. You'll have to implement both a client and server implementation. @@ -150,19 +150,19 @@ user experience. When we started using plugins (late 2012, early 2013), plugins over RPC were the only option since Go didn't support dynamic library loading. Today, -Go still doesn't support dynamic library loading, but they do intend to. -Since 2012, our plugin system has stabilized from millions of users using it, -and has many benefits we've come to value greatly. - -For example, we intend to use this plugin system in -[Vault](https://www.vaultproject.io), and dynamic library loading will -simply never be acceptable in Vault for security reasons. That is an extreme +Go supports the [plugin](https://golang.org/pkg/plugin/) standard library with +a number of limitations. Since 2012, our plugin system has stabilized +from tens of millions of users using it, and has many benefits we've come to +value greatly. + +For example, we use this plugin system in +[Vault](https://www.vaultproject.io) where dynamic library loading is +not acceptable for security reasons. That is an extreme example, but we believe our library system has more upsides than downsides over dynamic library loading and since we've had it built and tested for years, -we'll likely continue to use it. +we'll continue to use it. Shared libraries have one major advantage over our system which is much higher performance. In real world scenarios across our various tools, we've never required any more performance out of our plugin system and it has seen very high throughput, so this isn't a concern for us at the moment. - diff --git a/vendor/github.com/hashicorp/go-retryablehttp/client.go b/vendor/github.com/hashicorp/go-retryablehttp/client.go index 21f45e5e..04d3216b 100644 --- a/vendor/github.com/hashicorp/go-retryablehttp/client.go +++ b/vendor/github.com/hashicorp/go-retryablehttp/client.go @@ -49,6 +49,9 @@ var ( // a new client. It is purposely private to avoid modifications. defaultClient = NewClient() + // random is used to generate pseudo-random numbers. + random = rand.New(rand.NewSource(time.Now().UnixNano())) + // We need to consume response bodies to maintain http connections, but // limit the size we consume to respReadLimit. respReadLimit = int64(4096) @@ -319,14 +322,11 @@ func LinearJitterBackoff(min, max time.Duration, attemptNum int, resp *http.Resp return min * time.Duration(attemptNum) } - // Seed rand; doing this every time is fine - rand := rand.New(rand.NewSource(int64(time.Now().Nanosecond()))) - // Pick a random number that lies somewhere between the min and max and // multiply by the attemptNum. attemptNum starts at zero so we always // increment here. We first get a random percentage, then apply that to the // difference between min and max, and add to min. - jitter := rand.Float64() * float64(max-min) + jitter := random.Float64() * float64(max-min) jitterMin := int64(jitter) + int64(min) return time.Duration(jitterMin * int64(attemptNum)) } diff --git a/vendor/github.com/hashicorp/go-retryablehttp/go.mod b/vendor/github.com/hashicorp/go-retryablehttp/go.mod new file mode 100644 index 00000000..d28c8c8e --- /dev/null +++ b/vendor/github.com/hashicorp/go-retryablehttp/go.mod @@ -0,0 +1,3 @@ +module github.com/hashicorp/go-retryablehttp + +require github.com/hashicorp/go-cleanhttp v0.5.0 diff --git a/vendor/github.com/hashicorp/go-retryablehttp/go.sum b/vendor/github.com/hashicorp/go-retryablehttp/go.sum new file mode 100644 index 00000000..3ed0fd98 --- /dev/null +++ b/vendor/github.com/hashicorp/go-retryablehttp/go.sum @@ -0,0 +1,2 @@ +github.com/hashicorp/go-cleanhttp v0.5.0 h1:wvCrVc9TjDls6+YGAF2hAifE1E5U1+b4tH6KdvN3Gig= +github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= diff --git a/vendor/github.com/hashicorp/hcl/.gitignore b/vendor/github.com/hashicorp/hcl/.gitignore index 822fa09f..15586a2b 100644 --- a/vendor/github.com/hashicorp/hcl/.gitignore +++ b/vendor/github.com/hashicorp/hcl/.gitignore @@ -1,9 +1,9 @@ -y.output - -# ignore intellij files -.idea -*.iml -*.ipr -*.iws - -*.test +y.output + +# ignore intellij files +.idea +*.iml +*.ipr +*.iws + +*.test diff --git a/vendor/github.com/hashicorp/hcl/Makefile b/vendor/github.com/hashicorp/hcl/Makefile index 9fafd501..84fd743f 100644 --- a/vendor/github.com/hashicorp/hcl/Makefile +++ b/vendor/github.com/hashicorp/hcl/Makefile @@ -1,18 +1,18 @@ -TEST?=./... - -default: test - -fmt: generate - go fmt ./... - -test: generate - go get -t ./... - go test $(TEST) $(TESTARGS) - -generate: - go generate ./... - -updatedeps: - go get -u golang.org/x/tools/cmd/stringer - -.PHONY: default generate test updatedeps +TEST?=./... + +default: test + +fmt: generate + go fmt ./... + +test: generate + go get -t ./... + go test $(TEST) $(TESTARGS) + +generate: + go generate ./... + +updatedeps: + go get -u golang.org/x/tools/cmd/stringer + +.PHONY: default generate test updatedeps diff --git a/vendor/github.com/hashicorp/hcl/decoder.go b/vendor/github.com/hashicorp/hcl/decoder.go index dc9d45ae..bed9ebbe 100644 --- a/vendor/github.com/hashicorp/hcl/decoder.go +++ b/vendor/github.com/hashicorp/hcl/decoder.go @@ -117,17 +117,10 @@ func (d *decoder) decode(name string, node ast.Node, result reflect.Value) error func (d *decoder) decodeBool(name string, node ast.Node, result reflect.Value) error { switch n := node.(type) { case *ast.LiteralType: - switch n.Token.Type { - case token.BOOL, token.STRING, token.NUMBER: - var v bool - s := strings.ToLower(strings.Replace(n.Token.Text, "\"", "", -1)) - switch s { - case "1", "true": - v = true - case "0", "false": - v = false - default: - return fmt.Errorf("decodeBool: Unknown value for boolean: %s", n.Token.Text) + if n.Token.Type == token.BOOL { + v, err := strconv.ParseBool(n.Token.Text) + if err != nil { + return err } result.Set(reflect.ValueOf(v)) diff --git a/vendor/github.com/hashicorp/vault/api/auth_token.go b/vendor/github.com/hashicorp/vault/api/auth_token.go index c66fba34..ed594eee 100644 --- a/vendor/github.com/hashicorp/vault/api/auth_token.go +++ b/vendor/github.com/hashicorp/vault/api/auth_token.go @@ -271,4 +271,5 @@ type TokenCreateRequest struct { DisplayName string `json:"display_name"` NumUses int `json:"num_uses"` Renewable *bool `json:"renewable,omitempty"` + Type string `json:"type"` } diff --git a/vendor/github.com/hashicorp/vault/api/client.go b/vendor/github.com/hashicorp/vault/api/client.go index c7ced823..d3acaea9 100644 --- a/vendor/github.com/hashicorp/vault/api/client.go +++ b/vendor/github.com/hashicorp/vault/api/client.go @@ -17,7 +17,7 @@ import ( "github.com/hashicorp/errwrap" "github.com/hashicorp/go-cleanhttp" - retryablehttp "github.com/hashicorp/go-retryablehttp" + "github.com/hashicorp/go-retryablehttp" "github.com/hashicorp/go-rootcerts" "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/parseutil" @@ -121,7 +121,7 @@ type TLSConfig struct { func DefaultConfig() *Config { config := &Config{ Address: "https://127.0.0.1:8200", - HttpClient: cleanhttp.DefaultClient(), + HttpClient: cleanhttp.DefaultPooledClient(), } config.HttpClient.Timeout = time.Second * 60 @@ -546,6 +546,10 @@ func (c *Client) SetBackoff(backoff retryablehttp.Backoff) { // underlying http.Client is used; modifying the client from more than one // goroutine at once may not be safe, so modify the client as needed and then // clone. +// +// Also, only the client's config is currently copied; this means items not in +// the api.Config struct, such as policy override and wrapping function +// behavior, must currently then be set as desired on the new client. func (c *Client) Clone() (*Client, error) { c.modifyLock.RLock() c.config.modifyLock.RLock() diff --git a/vendor/github.com/hashicorp/vault/api/sys_auth.go b/vendor/github.com/hashicorp/vault/api/sys_auth.go index 447c5d54..e7a9c222 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_auth.go +++ b/vendor/github.com/hashicorp/vault/api/sys_auth.go @@ -73,46 +73,8 @@ func (c *Sys) DisableAuth(path string) error { return err } -// Structures for the requests/resposne are all down here. They aren't -// individually documented because the map almost directly to the raw HTTP API -// documentation. Please refer to that documentation for more details. - -type EnableAuthOptions struct { - Type string `json:"type"` - Description string `json:"description"` - Config AuthConfigInput `json:"config"` - Local bool `json:"local"` - PluginName string `json:"plugin_name,omitempty"` - SealWrap bool `json:"seal_wrap" mapstructure:"seal_wrap"` - Options map[string]string `json:"options" mapstructure:"options"` -} - -type AuthConfigInput struct { - DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"` - MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` - PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` - AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"` - AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"` - ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"` - PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"` -} - -type AuthMount struct { - Type string `json:"type" mapstructure:"type"` - Description string `json:"description" mapstructure:"description"` - Accessor string `json:"accessor" mapstructure:"accessor"` - Config AuthConfigOutput `json:"config" mapstructure:"config"` - Local bool `json:"local" mapstructure:"local"` - SealWrap bool `json:"seal_wrap" mapstructure:"seal_wrap"` - Options map[string]string `json:"options" mapstructure:"options"` -} - -type AuthConfigOutput struct { - DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"` - MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` - PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` - AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"` - AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"` - ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"` - PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"` -} +// Rather than duplicate, we can use modern Go's type aliasing +type EnableAuthOptions = MountInput +type AuthConfigInput = MountConfigInput +type AuthMount = MountOutput +type AuthConfigOutput = MountConfigOutput diff --git a/vendor/github.com/hashicorp/vault/api/sys_mounts.go b/vendor/github.com/hashicorp/vault/api/sys_mounts.go index 8a32b095..f5993c70 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_mounts.go +++ b/vendor/github.com/hashicorp/vault/api/sys_mounts.go @@ -132,10 +132,13 @@ type MountInput struct { Type string `json:"type"` Description string `json:"description"` Config MountConfigInput `json:"config"` - Options map[string]string `json:"options"` Local bool `json:"local"` - PluginName string `json:"plugin_name,omitempty"` SealWrap bool `json:"seal_wrap" mapstructure:"seal_wrap"` + Options map[string]string `json:"options"` + + // Deprecated: Newer server responses should be returning this information in the + // Type field (json: "type") instead. + PluginName string `json:"plugin_name,omitempty"` } type MountConfigInput struct { @@ -144,11 +147,14 @@ type MountConfigInput struct { Description *string `json:"description,omitempty" mapstructure:"description"` MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"` - PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"` AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"` ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"` PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"` + TokenType string `json:"token_type,omitempty" mapstructure:"token_type"` + + // Deprecated: This field will always be blank for newer server responses. + PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` } type MountOutput struct { @@ -165,9 +171,12 @@ type MountConfigOutput struct { DefaultLeaseTTL int `json:"default_lease_ttl" mapstructure:"default_lease_ttl"` MaxLeaseTTL int `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"` - PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` AuditNonHMACRequestKeys []string `json:"audit_non_hmac_request_keys,omitempty" mapstructure:"audit_non_hmac_request_keys"` AuditNonHMACResponseKeys []string `json:"audit_non_hmac_response_keys,omitempty" mapstructure:"audit_non_hmac_response_keys"` ListingVisibility string `json:"listing_visibility,omitempty" mapstructure:"listing_visibility"` PassthroughRequestHeaders []string `json:"passthrough_request_headers,omitempty" mapstructure:"passthrough_request_headers"` + TokenType string `json:"token_type,omitempty" mapstructure:"token_type"` + + // Deprecated: This field will always be blank for newer server responses. + PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` } diff --git a/vendor/github.com/hashicorp/vault/api/sys_plugins.go b/vendor/github.com/hashicorp/vault/api/sys_plugins.go index b2f18d94..d15165ee 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_plugins.go +++ b/vendor/github.com/hashicorp/vault/api/sys_plugins.go @@ -2,24 +2,46 @@ package api import ( "context" + "errors" "fmt" "net/http" + + "github.com/hashicorp/vault/helper/consts" + "github.com/mitchellh/mapstructure" ) // ListPluginsInput is used as input to the ListPlugins function. -type ListPluginsInput struct{} +type ListPluginsInput struct { + // Type of the plugin. Required. + Type consts.PluginType `json:"type"` +} // ListPluginsResponse is the response from the ListPlugins call. type ListPluginsResponse struct { + // PluginsByType is the list of plugins by type. + PluginsByType map[consts.PluginType][]string `json:"types"` + // Names is the list of names of the plugins. + // + // Deprecated: Newer server responses should be returning PluginsByType (json: + // "types") instead. Names []string `json:"names"` } // ListPlugins lists all plugins in the catalog and returns their names as a // list of strings. func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) { - path := "/v1/sys/plugins/catalog" - req := c.c.NewRequest("LIST", path) + path := "" + method := "" + if i.Type == consts.PluginTypeUnknown { + path = "/v1/sys/plugins/catalog" + method = "GET" + } else { + path = fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Type) + method = "LIST" + } + + req := c.c.NewRequest(method, path) ctx, cancelFunc := context.WithCancel(context.Background()) defer cancelFunc() @@ -29,21 +51,76 @@ func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) { } defer resp.Body.Close() - var result struct { - Data struct { - Keys []string `json:"keys"` - } `json:"data"` - } - if err := resp.DecodeJSON(&result); err != nil { + secret, err := ParseSecret(resp.Body) + if err != nil { return nil, err } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + + if resp.StatusCode == 405 && req.Method == "GET" { + // We received an Unsupported Operation response from Vault, indicating + // Vault of an older version that doesn't support the READ method yet. + req.Method = "LIST" + resp, err := c.c.RawRequestWithContext(ctx, req) + if err != nil { + return nil, err + } + defer resp.Body.Close() + var result struct { + Data struct { + Keys []string `json:"keys"` + } `json:"data"` + } + if err := resp.DecodeJSON(&result); err != nil { + return nil, err + } + return &ListPluginsResponse{Names: result.Data.Keys}, nil + } - return &ListPluginsResponse{Names: result.Data.Keys}, nil + result := &ListPluginsResponse{ + PluginsByType: make(map[consts.PluginType][]string), + } + if i.Type == consts.PluginTypeUnknown { + for pluginTypeStr, pluginsRaw := range secret.Data { + pluginType, err := consts.ParsePluginType(pluginTypeStr) + if err != nil { + return nil, err + } + + pluginsIfc, ok := pluginsRaw.([]interface{}) + if !ok { + return nil, fmt.Errorf("unable to parse plugins for %q type", pluginTypeStr) + } + + plugins := make([]string, len(pluginsIfc)) + for i, nameIfc := range pluginsIfc { + name, ok := nameIfc.(string) + if !ok { + + } + plugins[i] = name + } + result.PluginsByType[pluginType] = plugins + } + } else { + var respKeys []string + if err := mapstructure.Decode(secret.Data["keys"], &respKeys); err != nil { + return nil, err + } + result.PluginsByType[i.Type] = respKeys + } + + return result, nil } // GetPluginInput is used as input to the GetPlugin function. type GetPluginInput struct { Name string `json:"-"` + + // Type of the plugin. Required. + Type consts.PluginType `json:"type"` } // GetPluginResponse is the response from the GetPlugin call. @@ -55,8 +132,9 @@ type GetPluginResponse struct { SHA256 string `json:"sha256"` } +// GetPlugin retrieves information about the plugin. func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error) { - path := fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Name) + path := catalogPathByType(i.Type, i.Name) req := c.c.NewRequest(http.MethodGet, path) ctx, cancelFunc := context.WithCancel(context.Background()) @@ -68,13 +146,13 @@ func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error) { defer resp.Body.Close() var result struct { - Data GetPluginResponse + Data *GetPluginResponse } err = resp.DecodeJSON(&result) if err != nil { return nil, err } - return &result.Data, err + return result.Data, err } // RegisterPluginInput is used as input to the RegisterPlugin function. @@ -82,6 +160,9 @@ type RegisterPluginInput struct { // Name is the name of the plugin. Required. Name string `json:"-"` + // Type of the plugin. Required. + Type consts.PluginType `json:"type"` + // Args is the list of args to spawn the process with. Args []string `json:"args,omitempty"` @@ -94,8 +175,9 @@ type RegisterPluginInput struct { // RegisterPlugin registers the plugin with the given information. func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error { - path := fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Name) + path := catalogPathByType(i.Type, i.Name) req := c.c.NewRequest(http.MethodPut, path) + if err := req.SetJSONBody(i); err != nil { return err } @@ -113,12 +195,15 @@ func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error { type DeregisterPluginInput struct { // Name is the name of the plugin. Required. Name string `json:"-"` + + // Type of the plugin. Required. + Type consts.PluginType `json:"type"` } // DeregisterPlugin removes the plugin with the given name from the plugin // catalog. func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error { - path := fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Name) + path := catalogPathByType(i.Type, i.Name) req := c.c.NewRequest(http.MethodDelete, path) ctx, cancelFunc := context.WithCancel(context.Background()) @@ -129,3 +214,15 @@ func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error { } return err } + +// catalogPathByType is a helper to construct the proper API path by plugin type +func catalogPathByType(pluginType consts.PluginType, name string) string { + path := fmt.Sprintf("/v1/sys/plugins/catalog/%s/%s", pluginType, name) + + // Backwards compat, if type is not provided then use old path + if pluginType == consts.PluginTypeUnknown { + path = fmt.Sprintf("/v1/sys/plugins/catalog/%s", name) + } + + return path +} diff --git a/vendor/github.com/hashicorp/vault/api/sys_policy.go b/vendor/github.com/hashicorp/vault/api/sys_policy.go index 1fa32597..cdbb3f75 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_policy.go +++ b/vendor/github.com/hashicorp/vault/api/sys_policy.go @@ -9,7 +9,7 @@ import ( ) func (c *Sys) ListPolicies() ([]string, error) { - r := c.c.NewRequest("GET", "/v1/sys/policy") + r := c.c.NewRequest("LIST", "/v1/sys/policies/acl") ctx, cancelFunc := context.WithCancel(context.Background()) defer cancelFunc() @@ -28,7 +28,7 @@ func (c *Sys) ListPolicies() ([]string, error) { } var result []string - err = mapstructure.Decode(secret.Data["policies"], &result) + err = mapstructure.Decode(secret.Data["keys"], &result) if err != nil { return nil, err } @@ -69,10 +69,10 @@ func (c *Sys) GetPolicy(name string) (string, error) { func (c *Sys) PutPolicy(name, rules string) error { body := map[string]string{ - "rules": rules, + "policy": rules, } - r := c.c.NewRequest("PUT", fmt.Sprintf("/v1/sys/policy/%s", name)) + r := c.c.NewRequest("PUT", fmt.Sprintf("/v1/sys/policies/acl/%s", name)) if err := r.SetJSONBody(body); err != nil { return err } @@ -89,7 +89,7 @@ func (c *Sys) PutPolicy(name, rules string) error { } func (c *Sys) DeletePolicy(name string) error { - r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/policy/%s", name)) + r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/policies/acl/%s", name)) ctx, cancelFunc := context.WithCancel(context.Background()) defer cancelFunc() diff --git a/vendor/github.com/hashicorp/vault/api/sys_seal.go b/vendor/github.com/hashicorp/vault/api/sys_seal.go index d882a8e9..301d3f26 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_seal.go +++ b/vendor/github.com/hashicorp/vault/api/sys_seal.go @@ -41,6 +41,15 @@ func (c *Sys) Unseal(shard string) (*SealStatusResponse, error) { return sealStatusRequest(c, r) } +func (c *Sys) UnsealWithOptions(opts *UnsealOpts) (*SealStatusResponse, error) { + r := c.c.NewRequest("PUT", "/v1/sys/unseal") + if err := r.SetJSONBody(opts); err != nil { + return nil, err + } + + return sealStatusRequest(c, r) +} + func sealStatusRequest(c *Sys, r *Request) (*SealStatusResponse, error) { ctx, cancelFunc := context.WithCancel(context.Background()) defer cancelFunc() @@ -64,7 +73,14 @@ type SealStatusResponse struct { Progress int `json:"progress"` Nonce string `json:"nonce"` Version string `json:"version"` + Migration bool `json:"migration"` ClusterName string `json:"cluster_name,omitempty"` ClusterID string `json:"cluster_id,omitempty"` RecoverySeal bool `json:"recovery_seal"` } + +type UnsealOpts struct { + Key string `json:"key"` + Reset bool `json:"reset"` + Migrate bool `json:"migrate"` +} diff --git a/vendor/github.com/hashicorp/vault/helper/pluginutil/runner.go b/vendor/github.com/hashicorp/vault/helper/pluginutil/runner.go index 74fe95cc..2323684d 100644 --- a/vendor/github.com/hashicorp/vault/helper/pluginutil/runner.go +++ b/vendor/github.com/hashicorp/vault/helper/pluginutil/runner.go @@ -12,6 +12,7 @@ import ( log "github.com/hashicorp/go-hclog" plugin "github.com/hashicorp/go-plugin" "github.com/hashicorp/vault/api" + "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/wrapping" "github.com/hashicorp/vault/version" ) @@ -19,7 +20,7 @@ import ( // Looker defines the plugin Lookup function that looks into the plugin catalog // for available plugins and returns a PluginRunner type Looker interface { - LookupPlugin(context.Context, string) (*PluginRunner, error) + LookupPlugin(context.Context, string, consts.PluginType) (*PluginRunner, error) } // RunnerUtil interface defines the functions needed by the runner to wrap the @@ -41,6 +42,7 @@ type LookRunnerUtil interface { // go-plugin. type PluginRunner struct { Name string `json:"name" structs:"name"` + Type consts.PluginType `json:"type" structs:"type"` Command string `json:"command" structs:"command"` Args []string `json:"args" structs:"args"` Env []string `json:"env" structs:"env"` @@ -73,7 +75,7 @@ func (r *PluginRunner) runCommon(ctx context.Context, wrapper RunnerUtil, plugin cmd.Env = append(cmd.Env, env...) // Add the mlock setting to the ENV of the plugin - if wrapper.MlockEnabled() { + if wrapper != nil && wrapper.MlockEnabled() { cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMlockEnabled, "true")) } cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version.GetVersion().Version)) diff --git a/vendor/github.com/hashicorp/vault/logical/auth.go b/vendor/github.com/hashicorp/vault/logical/auth.go index d15cf1cd..7b12e399 100644 --- a/vendor/github.com/hashicorp/vault/logical/auth.go +++ b/vendor/github.com/hashicorp/vault/logical/auth.go @@ -89,6 +89,9 @@ type Auth struct { // change the perceived path of the lease, even though they don't change // the request path itself. CreationPath string `json:"creation_path"` + + // TokenType is the type of token being requested + TokenType TokenType `json:"token_type"` } func (a *Auth) GoString() string { diff --git a/vendor/github.com/hashicorp/vault/logical/framework/backend.go b/vendor/github.com/hashicorp/vault/logical/framework/backend.go index a2dc68fa..52b490b5 100644 --- a/vendor/github.com/hashicorp/vault/logical/framework/backend.go +++ b/vendor/github.com/hashicorp/vault/logical/framework/backend.go @@ -14,7 +14,6 @@ import ( "github.com/hashicorp/errwrap" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-multierror" "github.com/hashicorp/vault/helper/errutil" "github.com/hashicorp/vault/helper/license" @@ -202,15 +201,22 @@ func (b *Backend) HandleRequest(ctx context.Context, req *logical.Request) (*log raw[k] = v } - // Look up the callback for this operation + // Look up the callback for this operation, preferring the + // path.Operations definition if present. var callback OperationFunc - var ok bool - if path.Callbacks != nil { - callback, ok = path.Callbacks[req.Operation] + + if path.Operations != nil { + if op, ok := path.Operations[req.Operation]; ok { + callback = op.Handler() + } + } else { + callback = path.Callbacks[req.Operation] } + ok := callback != nil + if !ok { if req.Operation == logical.HelpOperation { - callback = path.helpCallback() + callback = path.helpCallback(b) ok = true } } @@ -229,7 +235,6 @@ func (b *Backend) HandleRequest(ctx context.Context, req *logical.Request) (*log } } - // Call the callback with the request and the data return callback(ctx, req, &fd) } @@ -370,7 +375,13 @@ func (b *Backend) handleRootHelp() (*logical.Response, error) { return nil, err } - return logical.HelpResponse(help, nil), nil + // Build OpenAPI response for the entire backend + doc := NewOASDocument() + if err := documentPaths(b, doc); err != nil { + b.Logger().Warn("error generating OpenAPI", "error", err) + } + + return logical.HelpResponse(help, nil, doc), nil } func (b *Backend) handleRevokeRenew(ctx context.Context, req *logical.Request) (*logical.Response, error) { @@ -492,6 +503,8 @@ type FieldSchema struct { Type FieldType Default interface{} Description string + Required bool + Deprecated bool } // DefaultOrZero returns the default value if it is set, or otherwise diff --git a/vendor/github.com/hashicorp/vault/logical/framework/openapi.go b/vendor/github.com/hashicorp/vault/logical/framework/openapi.go new file mode 100644 index 00000000..237311f2 --- /dev/null +++ b/vendor/github.com/hashicorp/vault/logical/framework/openapi.go @@ -0,0 +1,613 @@ +package framework + +import ( + "fmt" + "reflect" + "regexp" + "sort" + "strconv" + "strings" + + log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/vault/helper/wrapping" + "github.com/hashicorp/vault/logical" + "github.com/hashicorp/vault/version" + "github.com/mitchellh/mapstructure" +) + +// OpenAPI specification (OAS): https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md +const OASVersion = "3.0.2" + +// NewOASDocument returns an empty OpenAPI document. +func NewOASDocument() *OASDocument { + return &OASDocument{ + Version: OASVersion, + Info: OASInfo{ + Title: "HashiCorp Vault API", + Description: "HTTP API that gives you full access to Vault. All API routes are prefixed with `/v1/`.", + Version: version.GetVersion().Version, + License: OASLicense{ + Name: "Mozilla Public License 2.0", + URL: "https://www.mozilla.org/en-US/MPL/2.0", + }, + }, + Paths: make(map[string]*OASPathItem), + } +} + +// NewOASDocumentFromMap builds an OASDocument from an existing map version of a document. +// If a document has been decoded from JSON or received from a plugin, it will be as a map[string]interface{} +// and needs special handling beyond the default mapstructure decoding. +func NewOASDocumentFromMap(input map[string]interface{}) (*OASDocument, error) { + + // The Responses map uses integer keys (the response code), but once translated into JSON + // (e.g. during the plugin transport) these become strings. mapstructure will not coerce these back + // to integers without a custom decode hook. + decodeHook := func(src reflect.Type, tgt reflect.Type, inputRaw interface{}) (interface{}, error) { + + // Only alter data if: + // 1. going from string to int + // 2. string represent an int in status code range (100-599) + if src.Kind() == reflect.String && tgt.Kind() == reflect.Int { + if input, ok := inputRaw.(string); ok { + if intval, err := strconv.Atoi(input); err == nil { + if intval >= 100 && intval < 600 { + return intval, nil + } + } + } + } + return inputRaw, nil + } + + doc := new(OASDocument) + + config := &mapstructure.DecoderConfig{ + DecodeHook: decodeHook, + Result: doc, + } + + decoder, err := mapstructure.NewDecoder(config) + if err != nil { + return nil, err + } + + if err := decoder.Decode(input); err != nil { + return nil, err + } + + return doc, nil +} + +type OASDocument struct { + Version string `json:"openapi" mapstructure:"openapi"` + Info OASInfo `json:"info"` + Paths map[string]*OASPathItem `json:"paths"` +} + +type OASInfo struct { + Title string `json:"title"` + Description string `json:"description"` + Version string `json:"version"` + License OASLicense `json:"license"` +} + +type OASLicense struct { + Name string `json:"name"` + URL string `json:"url"` +} + +type OASPathItem struct { + Description string `json:"description,omitempty"` + Parameters []OASParameter `json:"parameters,omitempty"` + Sudo bool `json:"x-vault-sudo,omitempty" mapstructure:"x-vault-sudo"` + Unauthenticated bool `json:"x-vault-unauthenticated,omitempty" mapstructure:"x-vault-unauthenticated"` + CreateSupported bool `json:"x-vault-create-supported,omitempty" mapstructure:"x-vault-create-supported"` + + Get *OASOperation `json:"get,omitempty"` + Post *OASOperation `json:"post,omitempty"` + Delete *OASOperation `json:"delete,omitempty"` +} + +// NewOASOperation creates an empty OpenAPI Operations object. +func NewOASOperation() *OASOperation { + return &OASOperation{ + Responses: make(map[int]*OASResponse), + } +} + +type OASOperation struct { + Summary string `json:"summary,omitempty"` + Description string `json:"description,omitempty"` + Tags []string `json:"tags,omitempty"` + Parameters []OASParameter `json:"parameters,omitempty"` + RequestBody *OASRequestBody `json:"requestBody,omitempty"` + Responses map[int]*OASResponse `json:"responses"` + Deprecated bool `json:"deprecated,omitempty"` +} + +type OASParameter struct { + Name string `json:"name"` + Description string `json:"description,omitempty"` + In string `json:"in"` + Schema *OASSchema `json:"schema,omitempty"` + Required bool `json:"required,omitempty"` + Deprecated bool `json:"deprecated,omitempty"` +} + +type OASRequestBody struct { + Description string `json:"description,omitempty"` + Content OASContent `json:"content,omitempty"` +} + +type OASContent map[string]*OASMediaTypeObject + +type OASMediaTypeObject struct { + Schema *OASSchema `json:"schema,omitempty"` +} + +type OASSchema struct { + Type string `json:"type,omitempty"` + Description string `json:"description,omitempty"` + Properties map[string]*OASSchema `json:"properties,omitempty"` + Items *OASSchema `json:"items,omitempty"` + Format string `json:"format,omitempty"` + Pattern string `json:"pattern,omitempty"` + Example interface{} `json:"example,omitempty"` + Deprecated bool `json:"deprecated,omitempty"` +} + +type OASResponse struct { + Description string `json:"description"` + Content OASContent `json:"content,omitempty"` +} + +var OASStdRespOK = &OASResponse{ + Description: "OK", +} + +var OASStdRespNoContent = &OASResponse{ + Description: "empty body", +} + +// Regex for handling optional and named parameters in paths, and string cleanup. +// Predefined here to avoid substantial recompilation. + +// Capture optional path elements in ungreedy (?U) fashion +// Both "(leases/)?renew" and "(/(?P.+))?" formats are detected +var optRe = regexp.MustCompile(`(?U)\([^(]*\)\?|\(/\(\?P<[^(]*\)\)\?`) + +var reqdRe = regexp.MustCompile(`\(?\?P<(\w+)>[^)]*\)?`) // Capture required parameters, e.g. "(?Pregex)" +var altRe = regexp.MustCompile(`\((.*)\|(.*)\)`) // Capture alternation elements, e.g. "(raw/?$|raw/(?P.+))" +var pathFieldsRe = regexp.MustCompile(`{(\w+)}`) // Capture OpenAPI-style named parameters, e.g. "lookup/{urltoken}", +var cleanCharsRe = regexp.MustCompile("[()^$?]") // Set of regex characters that will be stripped during cleaning +var cleanSuffixRe = regexp.MustCompile(`/\?\$?$`) // Path suffix patterns that will be stripped during cleaning +var wsRe = regexp.MustCompile(`\s+`) // Match whitespace, to be compressed during cleaning +var altFieldsGroupRe = regexp.MustCompile(`\(\?P<\w+>\w+(\|\w+)+\)`) // Match named groups that limit options, e.g. "(?a|b|c)" +var altFieldsRe = regexp.MustCompile(`\w+(\|\w+)+`) // Match an options set, e.g. "a|b|c" + +// documentPaths parses all paths in a framework.Backend into OpenAPI paths. +func documentPaths(backend *Backend, doc *OASDocument) error { + for _, p := range backend.Paths { + if err := documentPath(p, backend.SpecialPaths(), backend.BackendType, doc); err != nil { + return err + } + } + + return nil +} + +// documentPath parses a framework.Path into one or more OpenAPI paths. +func documentPath(p *Path, specialPaths *logical.Paths, backendType logical.BackendType, doc *OASDocument) error { + var sudoPaths []string + var unauthPaths []string + + if specialPaths != nil { + sudoPaths = specialPaths.Root + unauthPaths = specialPaths.Unauthenticated + } + + // Convert optional parameters into distinct patterns to be process independently. + paths := expandPattern(p.Pattern) + + for _, path := range paths { + // Construct a top level PathItem which will be populated as the path is processed. + pi := OASPathItem{ + Description: cleanString(p.HelpSynopsis), + } + + pi.Sudo = specialPathMatch(path, sudoPaths) + pi.Unauthenticated = specialPathMatch(path, unauthPaths) + + // If the newer style Operations map isn't defined, create one from the legacy fields. + operations := p.Operations + if operations == nil { + operations = make(map[logical.Operation]OperationHandler) + + for opType, cb := range p.Callbacks { + operations[opType] = &PathOperation{ + Callback: cb, + Summary: p.HelpSynopsis, + } + } + } + + // Process path and header parameters, which are common to all operations. + // Body fields will be added to individual operations. + pathFields, bodyFields := splitFields(p.Fields, path) + + for name, field := range pathFields { + location := "path" + required := true + + // Header parameters are part of the Parameters group but with + // a dedicated "header" location, a header parameter is not required. + if field.Type == TypeHeader { + location = "header" + required = false + } + + t := convertType(field.Type) + p := OASParameter{ + Name: name, + Description: cleanString(field.Description), + In: location, + Schema: &OASSchema{ + Type: t.baseType, + Pattern: t.pattern, + }, + Required: required, + Deprecated: field.Deprecated, + } + pi.Parameters = append(pi.Parameters, p) + } + + // Sort parameters for a stable output + sort.Slice(pi.Parameters, func(i, j int) bool { + return strings.ToLower(pi.Parameters[i].Name) < strings.ToLower(pi.Parameters[j].Name) + }) + + // Process each supported operation by building up an Operation object + // with descriptions, properties and examples from the framework.Path data. + for opType, opHandler := range operations { + props := opHandler.Properties() + if props.Unpublished { + continue + } + + if opType == logical.CreateOperation { + pi.CreateSupported = true + + // If both Create and Update are defined, only process Update. + if operations[logical.UpdateOperation] != nil { + continue + } + } + + // If both List and Read are defined, only process Read. + if opType == logical.ListOperation && operations[logical.ReadOperation] != nil { + continue + } + + op := NewOASOperation() + + op.Summary = props.Summary + op.Description = props.Description + op.Deprecated = props.Deprecated + + // Add any fields not present in the path as body parameters for POST. + if opType == logical.CreateOperation || opType == logical.UpdateOperation { + s := &OASSchema{ + Type: "object", + Properties: make(map[string]*OASSchema), + } + + for name, field := range bodyFields { + openapiField := convertType(field.Type) + p := OASSchema{ + Type: openapiField.baseType, + Description: cleanString(field.Description), + Format: openapiField.format, + Pattern: openapiField.pattern, + Deprecated: field.Deprecated, + } + if openapiField.baseType == "array" { + p.Items = &OASSchema{ + Type: openapiField.items, + } + } + s.Properties[name] = &p + } + + // If examples were given, use the first one as the sample + // of this schema. + if len(props.Examples) > 0 { + s.Example = props.Examples[0].Data + } + + // Set the final request body. Only JSON request data is supported. + if len(s.Properties) > 0 || s.Example != nil { + op.RequestBody = &OASRequestBody{ + Content: OASContent{ + "application/json": &OASMediaTypeObject{ + Schema: s, + }, + }, + } + } + } + + // LIST is represented as GET with a `list` query parameter + if opType == logical.ListOperation || (opType == logical.ReadOperation && operations[logical.ListOperation] != nil) { + op.Parameters = append(op.Parameters, OASParameter{ + Name: "list", + Description: "Return a list if `true`", + In: "query", + Schema: &OASSchema{Type: "string"}, + }) + } + + // Add tags based on backend type + var tags []string + switch backendType { + case logical.TypeLogical: + tags = []string{"secrets"} + case logical.TypeCredential: + tags = []string{"auth"} + } + + op.Tags = append(op.Tags, tags...) + + // Set default responses. + if len(props.Responses) == 0 { + if opType == logical.DeleteOperation { + op.Responses[204] = OASStdRespNoContent + } else { + op.Responses[200] = OASStdRespOK + } + } + + // Add any defined response details. + for code, responses := range props.Responses { + var description string + content := make(OASContent) + + for i, resp := range responses { + if i == 0 { + description = resp.Description + } + if resp.Example != nil { + mediaType := resp.MediaType + if mediaType == "" { + mediaType = "application/json" + } + + // create a version of the response that will not emit null items + cr, err := cleanResponse(resp.Example) + if err != nil { + return err + } + + // Only one example per media type is allowed, so first one wins + if _, ok := content[mediaType]; !ok { + content[mediaType] = &OASMediaTypeObject{ + Schema: &OASSchema{ + Example: cr, + }, + } + } + } + } + + op.Responses[code] = &OASResponse{ + Description: description, + Content: content, + } + } + + switch opType { + case logical.CreateOperation, logical.UpdateOperation: + pi.Post = op + case logical.ReadOperation, logical.ListOperation: + pi.Get = op + case logical.DeleteOperation: + pi.Delete = op + } + } + + doc.Paths["/"+path] = &pi + } + + return nil +} + +func specialPathMatch(path string, specialPaths []string) bool { + // Test for exact or prefix match of special paths. + for _, sp := range specialPaths { + if sp == path || + (strings.HasSuffix(sp, "*") && strings.HasPrefix(path, sp[0:len(sp)-1])) { + return true + } + } + return false +} + +// expandPattern expands a regex pattern by generating permutations of any optional parameters +// and changing named parameters into their {openapi} equivalents. +func expandPattern(pattern string) []string { + var paths []string + + // GenericNameRegex adds a regex that complicates our parsing. It is much easier to + // detect and remove it now than to compensate for in the other regexes. + // + // example: (?P\\w(([\\w-.]+)?\\w)?) -> (?P) + base := GenericNameRegex("") + start := strings.Index(base, ">") + end := strings.LastIndex(base, ")") + regexToRemove := "" + if start != -1 && end != -1 && end > start { + regexToRemove = base[start+1 : end] + } + pattern = strings.Replace(pattern, regexToRemove, "", -1) + + // Simplify named fields that have limited options, e.g. (?Pa|b|c) -> (.+) + pattern = altFieldsGroupRe.ReplaceAllStringFunc(pattern, func(s string) string { + return altFieldsRe.ReplaceAllString(s, ".+") + }) + + // Initialize paths with the original pattern or the halves of an + // alternation, which is also present in some patterns. + matches := altRe.FindAllStringSubmatch(pattern, -1) + if len(matches) > 0 { + paths = []string{matches[0][1], matches[0][2]} + } else { + paths = []string{pattern} + } + + // Expand all optional regex elements into two paths. This approach is really only useful up to 2 optional + // groups, but we probably don't want to deal with the exponential increase beyond that anyway. + for i := 0; i < len(paths); i++ { + p := paths[i] + + // match is a 2-element slice that will have a start and end index + // for the left-most match of a regex of form: (lease/)? + match := optRe.FindStringIndex(p) + + if match != nil { + // create a path that includes the optional element but without + // parenthesis or the '?' character. + paths[i] = p[:match[0]] + p[match[0]+1:match[1]-2] + p[match[1]:] + + // create a path that excludes the optional element. + paths = append(paths, p[:match[0]]+p[match[1]:]) + i-- + } + } + + // Replace named parameters (?P) with {foo} + var replacedPaths []string + + for _, path := range paths { + result := reqdRe.FindAllStringSubmatch(path, -1) + if result != nil { + for _, p := range result { + par := p[1] + path = strings.Replace(path, p[0], fmt.Sprintf("{%s}", par), 1) + } + } + // Final cleanup + path = cleanSuffixRe.ReplaceAllString(path, "") + path = cleanCharsRe.ReplaceAllString(path, "") + replacedPaths = append(replacedPaths, path) + } + + return replacedPaths +} + +// schemaType is a subset of the JSON Schema elements used as a target +// for conversions from Vault's standard FieldTypes. +type schemaType struct { + baseType string + items string + format string + pattern string +} + +// convertType translates a FieldType into an OpenAPI type. +// In the case of arrays, a subtype is returned as well. +func convertType(t FieldType) schemaType { + ret := schemaType{} + + switch t { + case TypeString, TypeHeader: + ret.baseType = "string" + case TypeNameString: + ret.baseType = "string" + ret.pattern = `\w([\w-.]*\w)?` + case TypeLowerCaseString: + ret.baseType = "string" + ret.format = "lowercase" + case TypeInt: + ret.baseType = "number" + case TypeDurationSecond: + ret.baseType = "number" + ret.format = "seconds" + case TypeBool: + ret.baseType = "boolean" + case TypeMap: + ret.baseType = "object" + ret.format = "map" + case TypeKVPairs: + ret.baseType = "object" + ret.format = "kvpairs" + case TypeSlice: + ret.baseType = "array" + ret.items = "object" + case TypeStringSlice, TypeCommaStringSlice: + ret.baseType = "array" + ret.items = "string" + case TypeCommaIntSlice: + ret.baseType = "array" + ret.items = "number" + default: + log.L().Warn("error parsing field type", "type", t) + ret.format = "unknown" + } + + return ret +} + +// cleanString prepares s for inclusion in the output +func cleanString(s string) string { + // clean leading/trailing whitespace, and replace whitespace runs into a single space + s = strings.TrimSpace(s) + s = wsRe.ReplaceAllString(s, " ") + return s +} + +// splitFields partitions fields into path and body groups +// The input pattern is expected to have been run through expandPattern, +// with paths parameters denotes in {braces}. +func splitFields(allFields map[string]*FieldSchema, pattern string) (pathFields, bodyFields map[string]*FieldSchema) { + pathFields = make(map[string]*FieldSchema) + bodyFields = make(map[string]*FieldSchema) + + for _, match := range pathFieldsRe.FindAllStringSubmatch(pattern, -1) { + name := match[1] + pathFields[name] = allFields[name] + } + + for name, field := range allFields { + if _, ok := pathFields[name]; !ok { + // Header fields are in "parameters" with other path fields + if field.Type == TypeHeader { + pathFields[name] = field + } else { + bodyFields[name] = field + } + } + } + + return pathFields, bodyFields +} + +// cleanedResponse is identical to logical.Response but with nulls +// removed from from JSON encoding +type cleanedResponse struct { + Secret *logical.Secret `json:"secret,omitempty"` + Auth *logical.Auth `json:"auth,omitempty"` + Data map[string]interface{} `json:"data,omitempty"` + Redirect string `json:"redirect,omitempty"` + Warnings []string `json:"warnings,omitempty"` + WrapInfo *wrapping.ResponseWrapInfo `json:"wrap_info,omitempty"` +} + +func cleanResponse(resp *logical.Response) (*cleanedResponse, error) { + var r cleanedResponse + + if err := mapstructure.Decode(resp, &r); err != nil { + return nil, err + } + + return &r, nil +} diff --git a/vendor/github.com/hashicorp/vault/logical/framework/path.go b/vendor/github.com/hashicorp/vault/logical/framework/path.go index 39f2af53..4093caa0 100644 --- a/vendor/github.com/hashicorp/vault/logical/framework/path.go +++ b/vendor/github.com/hashicorp/vault/logical/framework/path.go @@ -17,12 +17,24 @@ func GenericNameRegex(name string) string { return fmt.Sprintf("(?P<%s>\\w(([\\w-.]+)?\\w)?)", name) } +// GenericNameWithAtRegex returns a generic regex that allows alphanumeric +// characters along with -, . and @. +func GenericNameWithAtRegex(name string) string { + return fmt.Sprintf("(?P<%s>\\w(([\\w-.@]+)?\\w)?)", name) +} + // Helper which returns a regex string for optionally accepting the a field // from the API URL func OptionalParamRegex(name string) string { return fmt.Sprintf("(/(?P<%s>.+))?", name) } +// Helper which returns a regex string for capturing an entire endpoint path +// as the given name. +func MatchAllRegex(name string) string { + return fmt.Sprintf(`(?P<%s>.*)`, name) +} + // PathAppend is a helper for appending lists of paths into a single // list. func PathAppend(paths ...[]*Path) []*Path { @@ -52,6 +64,13 @@ type Path struct { // whereas all fields are available in the Write operation. Fields map[string]*FieldSchema + // Operations is the set of operations supported and the associated OperationsHandler. + // + // If both Create and Update operations are present, documentation and examples from + // the Update definition will be used. Similarly if both Read and List are present, + // Read will be used for documentation. + Operations map[logical.Operation]OperationHandler + // Callbacks are the set of callbacks that are called for a given // operation. If a callback for a specific operation is not present, // then logical.ErrUnsupportedOperation is automatically generated. @@ -60,6 +79,8 @@ type Path struct { // automatically handle if the Help field is set. If both the Help // field is set and there is a callback registered here, then the // callback will be called. + // + // Deprecated: Operations should be used instead and will take priority if present. Callbacks map[logical.Operation]OperationFunc // ExistenceCheck, if implemented, is used to query whether a given @@ -74,6 +95,10 @@ type Path struct { // enabled for the set of paths FeatureRequired license.Features + // Deprecated denotes that this path is considered deprecated. This may + // be reflected in help and documentation. + Deprecated bool + // Help is text describing how to use this path. This will be used // to auto-generate the help operation. The Path will automatically // generate a parameter listing and URL structure based on the @@ -89,7 +114,86 @@ type Path struct { HelpDescription string } -func (p *Path) helpCallback() OperationFunc { +// OperationHandler defines and describes a specific operation handler. +type OperationHandler interface { + Handler() OperationFunc + Properties() OperationProperties +} + +// OperationProperties describes an operation for documentation, help text, +// and other clients. A Summary should always be provided, whereas other +// fields can be populated as needed. +type OperationProperties struct { + // Summary is a brief (usually one line) description of the operation. + Summary string + + // Description is extended documentation of the operation and may contain + // Markdown-formatted text markup. + Description string + + // Examples provides samples of the expected request data. The most + // relevant example should be first in the list, as it will be shown in + // documentation that supports only a single example. + Examples []RequestExample + + // Responses provides a list of response description for a given response + // code. The most relevant response should be first in the list, as it will + // be shown in documentation that only allows a single example. + Responses map[int][]Response + + // Unpublished indicates that this operation should not appear in public + // documentation or help text. The operation may still have documentation + // attached that can be used internally. + Unpublished bool + + // Deprecated indicates that this operation should be avoided. + Deprecated bool +} + +// RequestExample is example of request data. +type RequestExample struct { + Description string // optional description of the request + Data map[string]interface{} // map version of sample JSON request data + + // Optional example response to the sample request. This approach is considered + // provisional for now, and this field may be changed or removed. + Response *Response +} + +// Response describes and optional demonstrations an operation response. +type Response struct { + Description string // summary of the the response and should always be provided + MediaType string // media type of the response, defaulting to "application/json" if empty + Example *logical.Response // example response data +} + +// PathOperation is a concrete implementation of OperationHandler. +type PathOperation struct { + Callback OperationFunc + Summary string + Description string + Examples []RequestExample + Responses map[int][]Response + Unpublished bool + Deprecated bool +} + +func (p *PathOperation) Handler() OperationFunc { + return p.Callback +} + +func (p *PathOperation) Properties() OperationProperties { + return OperationProperties{ + Summary: strings.TrimSpace(p.Summary), + Description: strings.TrimSpace(p.Description), + Responses: p.Responses, + Examples: p.Examples, + Unpublished: p.Unpublished, + Deprecated: p.Deprecated, + } +} + +func (p *Path) helpCallback(b *Backend) OperationFunc { return func(ctx context.Context, req *logical.Request, data *FieldData) (*logical.Response, error) { var tplData pathTemplateData tplData.Request = req.Path @@ -131,7 +235,13 @@ func (p *Path) helpCallback() OperationFunc { return nil, errwrap.Wrapf("error executing template: {{err}}", err) } - return logical.HelpResponse(help, nil), nil + // Build OpenAPI response for this path + doc := NewOASDocument() + if err := documentPath(p, b.SpecialPaths(), b.BackendType, doc); err != nil { + b.Logger().Warn("error generating OpenAPI", "error", err) + } + + return logical.HelpResponse(help, nil, doc), nil } } diff --git a/vendor/github.com/hashicorp/vault/logical/plugin/grpc_system.go b/vendor/github.com/hashicorp/vault/logical/plugin/grpc_system.go index bcf5e70b..5b7a5824 100644 --- a/vendor/github.com/hashicorp/vault/logical/plugin/grpc_system.go +++ b/vendor/github.com/hashicorp/vault/logical/plugin/grpc_system.go @@ -4,11 +4,8 @@ import ( "context" "encoding/json" "errors" - "time" - - "google.golang.org/grpc" - "fmt" + "time" "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/license" @@ -16,6 +13,7 @@ import ( "github.com/hashicorp/vault/helper/wrapping" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/plugin/pb" + "google.golang.org/grpc" ) func newGRPCSystemView(conn *grpc.ClientConn) *gRPCSystemViewClient { @@ -111,7 +109,7 @@ func (s *gRPCSystemViewClient) ResponseWrapData(ctx context.Context, data map[st return info, nil } -func (s *gRPCSystemViewClient) LookupPlugin(ctx context.Context, name string) (*pluginutil.PluginRunner, error) { +func (s *gRPCSystemViewClient) LookupPlugin(_ context.Context, _ string, _ consts.PluginType) (*pluginutil.PluginRunner, error) { return nil, fmt.Errorf("cannot call LookupPlugin from a plugin backend") } diff --git a/vendor/github.com/hashicorp/vault/logical/plugin/pb/backend.pb.go b/vendor/github.com/hashicorp/vault/logical/plugin/pb/backend.pb.go index f92890b9..911bb497 100644 --- a/vendor/github.com/hashicorp/vault/logical/plugin/pb/backend.pb.go +++ b/vendor/github.com/hashicorp/vault/logical/plugin/pb/backend.pb.go @@ -527,7 +527,9 @@ type Auth struct { IdentityPolicies []string `sentinel:"" protobuf:"bytes,15,rep,name=identity_policies,json=identityPolicies,proto3" json:"identity_policies,omitempty"` // Explicit maximum lifetime for the token. Unlike normal TTLs, the maximum // TTL is a hard limit and cannot be exceeded, also counts for periodic tokens. - ExplicitMaxTTL int64 `sentinel:"" protobuf:"varint,16,opt,name=explicit_max_ttl,json=explicitMaxTtl,proto3" json:"explicit_max_ttl,omitempty"` + ExplicitMaxTTL int64 `sentinel:"" protobuf:"varint,16,opt,name=explicit_max_ttl,json=explicitMaxTtl,proto3" json:"explicit_max_ttl,omitempty"` + // TokenType is the type of token being requested + TokenType uint32 `sentinel:"" protobuf:"varint,17,opt,name=token_type,json=tokenType,proto3" json:"token_type,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -670,6 +672,13 @@ func (m *Auth) GetExplicitMaxTTL() int64 { return 0 } +func (m *Auth) GetTokenType() uint32 { + if m != nil { + return m.TokenType + } + return 0 +} + type TokenEntry struct { ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` Accessor string `sentinel:"" protobuf:"bytes,2,opt,name=accessor,proto3" json:"accessor,omitempty"` @@ -688,6 +697,7 @@ type TokenEntry struct { BoundCIDRs []string `sentinel:"" protobuf:"bytes,15,rep,name=bound_cidrs,json=boundCidrs,proto3" json:"bound_cidrs,omitempty"` NamespaceID string `sentinel:"" protobuf:"bytes,16,opt,name=namespace_id,json=namespaceID,proto3" json:"namespace_id,omitempty"` CubbyholeID string `sentinel:"" protobuf:"bytes,17,opt,name=cubbyhole_id,json=cubbyholeId,proto3" json:"cubbyhole_id,omitempty"` + Type uint32 `sentinel:"" protobuf:"varint,18,opt,name=type,proto3" json:"type,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -837,6 +847,13 @@ func (m *TokenEntry) GetCubbyholeID() string { return "" } +func (m *TokenEntry) GetType() uint32 { + if m != nil { + return m.Type + } + return 0 +} + type LeaseOptions struct { TTL int64 `sentinel:"" protobuf:"varint,1,opt,name=TTL,proto3" json:"TTL,omitempty"` Renewable bool `sentinel:"" protobuf:"varint,2,opt,name=renewable,proto3" json:"renewable,omitempty"` @@ -3614,159 +3631,161 @@ var _SystemView_serviceDesc = grpc.ServiceDesc{ func init() { proto.RegisterFile("logical/plugin/pb/backend.proto", fileDescriptor_25821d34acc7c5ef) } var fileDescriptor_25821d34acc7c5ef = []byte{ - // 2462 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x59, 0x5f, 0x73, 0xdb, 0xc6, - 0x11, 0x1f, 0xfe, 0x27, 0x97, 0xff, 0xa4, 0xb3, 0xa2, 0xc2, 0x8c, 0x53, 0x33, 0x48, 0x6d, 0x2b, - 0xae, 0x4d, 0xd9, 0x4a, 0xd3, 0x38, 0xed, 0x24, 0x1d, 0x45, 0x56, 0x1c, 0x35, 0x52, 0xa2, 0x81, - 0xe8, 0xa6, 0xff, 0x66, 0x90, 0x23, 0x70, 0xa2, 0x30, 0x02, 0x01, 0xf4, 0x70, 0x90, 0xc5, 0xa7, - 0x7e, 0x8b, 0xbe, 0xf4, 0x43, 0xf4, 0xad, 0xd3, 0xb7, 0xbe, 0x75, 0x3a, 0xd3, 0xe7, 0x7e, 0x8d, - 0x7e, 0x86, 0xce, 0xed, 0x1d, 0x40, 0x80, 0xa4, 0x62, 0x67, 0xa6, 0x7d, 0xbb, 0xdb, 0xdd, 0xdb, - 0xbb, 0xdb, 0xfb, 0xed, 0x6f, 0x17, 0x24, 0xdc, 0xf5, 0xc3, 0xa9, 0xe7, 0x50, 0x7f, 0x37, 0xf2, - 0x93, 0xa9, 0x17, 0xec, 0x46, 0x93, 0xdd, 0x09, 0x75, 0x2e, 0x59, 0xe0, 0x8e, 0x22, 0x1e, 0x8a, - 0x90, 0x94, 0xa3, 0xc9, 0xe0, 0xee, 0x34, 0x0c, 0xa7, 0x3e, 0xdb, 0x45, 0xc9, 0x24, 0x39, 0xdf, - 0x15, 0xde, 0x8c, 0xc5, 0x82, 0xce, 0x22, 0x65, 0x34, 0xd8, 0x4e, 0xbd, 0x78, 0x2e, 0x0b, 0x84, - 0x27, 0xe6, 0x5a, 0xbe, 0x55, 0xf4, 0xae, 0xa4, 0x66, 0x03, 0x6a, 0x87, 0xb3, 0x48, 0xcc, 0xcd, - 0x21, 0xd4, 0xbf, 0x60, 0xd4, 0x65, 0x9c, 0x6c, 0x43, 0xfd, 0x02, 0x47, 0x46, 0x69, 0x58, 0xd9, - 0x69, 0x59, 0x7a, 0x66, 0xfe, 0x0e, 0xe0, 0x54, 0xae, 0x39, 0xe4, 0x3c, 0xe4, 0xe4, 0x36, 0x34, - 0x19, 0xe7, 0xb6, 0x98, 0x47, 0xcc, 0x28, 0x0d, 0x4b, 0x3b, 0x5d, 0xab, 0xc1, 0x38, 0x1f, 0xcf, - 0x23, 0x46, 0x7e, 0x00, 0x72, 0x68, 0xcf, 0xe2, 0xa9, 0x51, 0x1e, 0x96, 0xa4, 0x07, 0xc6, 0xf9, - 0x49, 0x3c, 0x4d, 0xd7, 0x38, 0xa1, 0xcb, 0x8c, 0xca, 0xb0, 0xb4, 0x53, 0xc1, 0x35, 0x07, 0xa1, - 0xcb, 0xcc, 0x3f, 0x95, 0xa0, 0x76, 0x4a, 0xc5, 0x45, 0x4c, 0x08, 0x54, 0x79, 0x18, 0x0a, 0xbd, - 0x39, 0x8e, 0xc9, 0x0e, 0xf4, 0x93, 0x80, 0x26, 0xe2, 0x42, 0xde, 0xc8, 0xa1, 0x82, 0xb9, 0x46, - 0x19, 0xd5, 0xcb, 0x62, 0xf2, 0x1e, 0x74, 0xfd, 0xd0, 0xa1, 0xbe, 0x1d, 0x8b, 0x90, 0xd3, 0xa9, - 0xdc, 0x47, 0xda, 0x75, 0x50, 0x78, 0xa6, 0x64, 0xe4, 0x21, 0x6c, 0xc6, 0x8c, 0xfa, 0xf6, 0x2b, - 0x4e, 0xa3, 0xcc, 0xb0, 0xaa, 0x1c, 0x4a, 0xc5, 0x37, 0x9c, 0x46, 0xda, 0xd6, 0xfc, 0x7b, 0x1d, - 0x1a, 0x16, 0xfb, 0x43, 0xc2, 0x62, 0x41, 0x7a, 0x50, 0xf6, 0x5c, 0xbc, 0x6d, 0xcb, 0x2a, 0x7b, - 0x2e, 0x19, 0x01, 0xb1, 0x58, 0xe4, 0xcb, 0xad, 0xbd, 0x30, 0x38, 0xf0, 0x93, 0x58, 0x30, 0xae, - 0xef, 0xbc, 0x46, 0x43, 0xee, 0x40, 0x2b, 0x8c, 0x18, 0x47, 0x19, 0x06, 0xa0, 0x65, 0x2d, 0x04, - 0xf2, 0xe2, 0x11, 0x15, 0x17, 0x46, 0x15, 0x15, 0x38, 0x96, 0x32, 0x97, 0x0a, 0x6a, 0xd4, 0x94, - 0x4c, 0x8e, 0x89, 0x09, 0xf5, 0x98, 0x39, 0x9c, 0x09, 0xa3, 0x3e, 0x2c, 0xed, 0xb4, 0xf7, 0x60, - 0x14, 0x4d, 0x46, 0x67, 0x28, 0xb1, 0xb4, 0x86, 0xdc, 0x81, 0xaa, 0x8c, 0x8b, 0xd1, 0x40, 0x8b, - 0xa6, 0xb4, 0xd8, 0x4f, 0xc4, 0x85, 0x85, 0x52, 0xb2, 0x07, 0x0d, 0xf5, 0xa6, 0xb1, 0xd1, 0x1c, - 0x56, 0x76, 0xda, 0x7b, 0x86, 0x34, 0xd0, 0xb7, 0x1c, 0x29, 0x18, 0xc4, 0x87, 0x81, 0xe0, 0x73, - 0x2b, 0x35, 0x24, 0xef, 0x42, 0xc7, 0xf1, 0x3d, 0x16, 0x08, 0x5b, 0x84, 0x97, 0x2c, 0x30, 0x5a, - 0x78, 0xa2, 0xb6, 0x92, 0x8d, 0xa5, 0x88, 0xec, 0xc1, 0x5b, 0x79, 0x13, 0x9b, 0x3a, 0x0e, 0x8b, - 0xe3, 0x90, 0x1b, 0x80, 0xb6, 0xb7, 0x72, 0xb6, 0xfb, 0x5a, 0x25, 0xdd, 0xba, 0x5e, 0x1c, 0xf9, - 0x74, 0x6e, 0x07, 0x74, 0xc6, 0x8c, 0xb6, 0x72, 0xab, 0x65, 0x5f, 0xd1, 0x19, 0x23, 0x77, 0xa1, - 0x3d, 0x0b, 0x93, 0x40, 0xd8, 0x51, 0xe8, 0x05, 0xc2, 0xe8, 0xa0, 0x05, 0xa0, 0xe8, 0x54, 0x4a, - 0xc8, 0x3b, 0xa0, 0x66, 0x0a, 0x8c, 0x5d, 0x15, 0x57, 0x94, 0x20, 0x1c, 0xef, 0x41, 0x4f, 0xa9, - 0xb3, 0xf3, 0xf4, 0xd0, 0xa4, 0x8b, 0xd2, 0xec, 0x24, 0x4f, 0xa0, 0x85, 0x78, 0xf0, 0x82, 0xf3, - 0xd0, 0xe8, 0x63, 0xdc, 0x6e, 0xe5, 0xc2, 0x22, 0x31, 0x71, 0x14, 0x9c, 0x87, 0x56, 0xf3, 0x95, - 0x1e, 0x91, 0x4f, 0xe0, 0xed, 0xc2, 0x7d, 0x39, 0x9b, 0x51, 0x2f, 0xf0, 0x82, 0xa9, 0x9d, 0xc4, - 0x2c, 0x36, 0x36, 0x10, 0xe1, 0x46, 0xee, 0xd6, 0x56, 0x6a, 0xf0, 0x32, 0x66, 0x31, 0x79, 0x1b, - 0x5a, 0x2a, 0x41, 0x6d, 0xcf, 0x35, 0x36, 0xf1, 0x48, 0x4d, 0x25, 0x38, 0x72, 0xc9, 0x03, 0xe8, - 0x47, 0xa1, 0xef, 0x39, 0x73, 0x3b, 0xbc, 0x62, 0x9c, 0x7b, 0x2e, 0x33, 0xc8, 0xb0, 0xb4, 0xd3, - 0xb4, 0x7a, 0x4a, 0xfc, 0xb5, 0x96, 0xae, 0x4b, 0x8d, 0x5b, 0x68, 0xb8, 0x92, 0x1a, 0x23, 0x00, - 0x27, 0x0c, 0x02, 0xe6, 0x20, 0xfc, 0xb6, 0xf0, 0x86, 0x3d, 0x79, 0xc3, 0x83, 0x4c, 0x6a, 0xe5, - 0x2c, 0x06, 0x9f, 0x43, 0x27, 0x0f, 0x05, 0xb2, 0x01, 0x95, 0x4b, 0x36, 0xd7, 0xf0, 0x97, 0x43, - 0x32, 0x84, 0xda, 0x15, 0xf5, 0x13, 0x86, 0x90, 0xd7, 0x40, 0x54, 0x4b, 0x2c, 0xa5, 0xf8, 0x59, - 0xf9, 0x59, 0xc9, 0xfc, 0x73, 0x0d, 0xaa, 0x12, 0x7c, 0xe4, 0x43, 0xe8, 0xfa, 0x8c, 0xc6, 0xcc, - 0x0e, 0x23, 0xb9, 0x41, 0x8c, 0xae, 0xda, 0x7b, 0x1b, 0x72, 0xd9, 0xb1, 0x54, 0x7c, 0xad, 0xe4, - 0x56, 0xc7, 0xcf, 0xcd, 0x64, 0x4a, 0x7b, 0x81, 0x60, 0x3c, 0xa0, 0xbe, 0x8d, 0xc9, 0xa0, 0x12, - 0xac, 0x93, 0x0a, 0x9f, 0xcb, 0xa4, 0x58, 0xc6, 0x51, 0x65, 0x15, 0x47, 0x03, 0x68, 0x62, 0xec, - 0x3c, 0x16, 0xeb, 0x64, 0xcf, 0xe6, 0x64, 0x0f, 0x9a, 0x33, 0x26, 0xa8, 0xce, 0x35, 0x99, 0x12, - 0xdb, 0x69, 0xce, 0x8c, 0x4e, 0xb4, 0x42, 0x25, 0x44, 0x66, 0xb7, 0x92, 0x11, 0xf5, 0xd5, 0x8c, - 0x18, 0x40, 0x33, 0x03, 0x5d, 0x43, 0xbd, 0x70, 0x3a, 0x97, 0x34, 0x1b, 0x31, 0xee, 0x85, 0xae, - 0xd1, 0x44, 0xa0, 0xe8, 0x99, 0x24, 0xc9, 0x20, 0x99, 0x29, 0x08, 0xb5, 0x14, 0x49, 0x06, 0xc9, - 0x6c, 0x15, 0x31, 0xb0, 0x84, 0x98, 0x1f, 0x41, 0x8d, 0xfa, 0x1e, 0x8d, 0x31, 0x85, 0xe4, 0xcb, - 0x6a, 0xbe, 0x1f, 0xed, 0x4b, 0xa9, 0xa5, 0x94, 0xe4, 0x03, 0xe8, 0x4e, 0x79, 0x98, 0x44, 0x36, - 0x4e, 0x59, 0x6c, 0x74, 0xf0, 0xb6, 0xcb, 0xd6, 0x1d, 0x34, 0xda, 0x57, 0x36, 0x32, 0x03, 0x27, - 0x61, 0x12, 0xb8, 0xb6, 0xe3, 0xb9, 0x3c, 0x36, 0xba, 0x18, 0x3c, 0x40, 0xd1, 0x81, 0x94, 0xc8, - 0x14, 0x53, 0x29, 0x90, 0x05, 0xb8, 0x87, 0x36, 0x5d, 0x94, 0x9e, 0xa6, 0x51, 0xfe, 0x31, 0x6c, - 0xa6, 0x45, 0x69, 0x61, 0xd9, 0x47, 0xcb, 0x8d, 0x54, 0x91, 0x19, 0xef, 0xc0, 0x06, 0xbb, 0x96, - 0x14, 0xea, 0x09, 0x7b, 0x46, 0xaf, 0x6d, 0x21, 0x7c, 0x9d, 0x52, 0xbd, 0x54, 0x7e, 0x42, 0xaf, - 0xc7, 0xc2, 0x1f, 0xfc, 0x1c, 0xba, 0x85, 0x37, 0x5a, 0x83, 0xd4, 0xad, 0x3c, 0x52, 0x5b, 0x79, - 0x74, 0xfe, 0xb5, 0x0a, 0x80, 0x8f, 0xa5, 0x96, 0x2e, 0x53, 0x7c, 0xfe, 0x05, 0xcb, 0x6b, 0x5e, - 0x90, 0x72, 0x16, 0x08, 0x8d, 0x36, 0x3d, 0xfb, 0x4e, 0xa0, 0xa5, 0x24, 0x5f, 0xcb, 0x91, 0xfc, - 0x23, 0xa8, 0x4a, 0x50, 0x19, 0xf5, 0x05, 0x17, 0x2f, 0x4e, 0x84, 0xf0, 0x53, 0xd0, 0x43, 0xab, - 0x15, 0xa4, 0x37, 0x56, 0x91, 0x9e, 0x87, 0x50, 0xb3, 0x08, 0xa1, 0xf7, 0xa0, 0xeb, 0x70, 0x86, - 0x05, 0xc7, 0x96, 0x9d, 0x83, 0x86, 0x58, 0x27, 0x15, 0x8e, 0xbd, 0x19, 0x93, 0xf1, 0x93, 0xd1, - 0x06, 0x54, 0xc9, 0xe1, 0xda, 0xc7, 0x68, 0xaf, 0x7b, 0x0c, 0x55, 0xbe, 0x7d, 0xa6, 0x69, 0x1a, - 0xc7, 0x39, 0xa8, 0x77, 0x0b, 0x50, 0x2f, 0xe0, 0xb9, 0xb7, 0x84, 0xe7, 0x25, 0xd0, 0xf5, 0x57, - 0x40, 0xf7, 0x2e, 0x74, 0x64, 0x00, 0xe2, 0x88, 0x3a, 0x4c, 0x3a, 0xd8, 0x50, 0x81, 0xc8, 0x64, - 0x47, 0x2e, 0xa6, 0x68, 0x32, 0x99, 0xcc, 0x2f, 0x42, 0x9f, 0x2d, 0x58, 0xb6, 0x9d, 0xc9, 0x8e, - 0xdc, 0xc1, 0x47, 0xd0, 0xca, 0x22, 0xfc, 0xbd, 0x80, 0xf3, 0x97, 0x12, 0x74, 0xf2, 0xac, 0x25, - 0x17, 0x8f, 0xc7, 0xc7, 0xb8, 0xb8, 0x62, 0xc9, 0xa1, 0xac, 0xf7, 0x9c, 0x05, 0xec, 0x15, 0x9d, - 0xf8, 0xca, 0x41, 0xd3, 0x5a, 0x08, 0xa4, 0xd6, 0x0b, 0x1c, 0xce, 0x66, 0x29, 0x82, 0x2a, 0xd6, - 0x42, 0x40, 0x3e, 0x06, 0xf0, 0xe2, 0x38, 0x61, 0xea, 0x95, 0xaa, 0x98, 0xd3, 0x83, 0x91, 0x6a, - 0xfe, 0x46, 0x69, 0xf3, 0x37, 0x1a, 0xa7, 0xcd, 0x9f, 0xd5, 0x42, 0x6b, 0x7c, 0xbe, 0x6d, 0xa8, - 0xcb, 0xc7, 0x18, 0x1f, 0x23, 0xca, 0x2a, 0x96, 0x9e, 0x99, 0x7f, 0x84, 0xba, 0x6a, 0x13, 0xfe, - 0xaf, 0x4c, 0x7c, 0x1b, 0x9a, 0xca, 0xb7, 0xe7, 0xea, 0xbc, 0x68, 0xe0, 0xfc, 0xc8, 0x35, 0xff, - 0x55, 0x82, 0xa6, 0xc5, 0xe2, 0x28, 0x0c, 0x62, 0x96, 0x6b, 0x63, 0x4a, 0xaf, 0x6d, 0x63, 0xca, - 0x6b, 0xdb, 0x98, 0xb4, 0x39, 0xaa, 0xe4, 0x9a, 0xa3, 0x01, 0x34, 0x39, 0x73, 0x3d, 0xce, 0x1c, - 0xa1, 0x1b, 0xa9, 0x6c, 0x2e, 0x75, 0xaf, 0x28, 0x97, 0xf5, 0x37, 0x46, 0x92, 0x6f, 0x59, 0xd9, - 0x9c, 0x3c, 0xcd, 0x57, 0x7f, 0xd5, 0x57, 0x6d, 0xa9, 0xea, 0xaf, 0x8e, 0xbb, 0x5a, 0xfe, 0xcd, - 0x7f, 0x96, 0x61, 0x63, 0x59, 0xbd, 0x06, 0x04, 0x5b, 0x50, 0x53, 0xf5, 0x41, 0x23, 0x48, 0xac, - 0x54, 0x86, 0xca, 0x12, 0xaf, 0xfc, 0x62, 0x39, 0x47, 0x5f, 0xff, 0xfa, 0xc5, 0xfc, 0x7d, 0x1f, - 0x36, 0xe4, 0x29, 0x23, 0xe6, 0x2e, 0x7a, 0x1e, 0x45, 0x38, 0x7d, 0x2d, 0xcf, 0xba, 0x9e, 0x87, - 0xb0, 0x99, 0x9a, 0x2e, 0x52, 0xb1, 0x5e, 0xb0, 0x3d, 0x4c, 0x33, 0x72, 0x1b, 0xea, 0xe7, 0x21, - 0x9f, 0x51, 0xa1, 0x39, 0x47, 0xcf, 0x0a, 0x9c, 0x82, 0xe4, 0xd6, 0x54, 0xb0, 0x48, 0x85, 0xb2, - 0xaf, 0x97, 0xb9, 0x9e, 0xf5, 0xdc, 0x48, 0x3a, 0x4d, 0xab, 0x99, 0xf6, 0xda, 0xe6, 0xaf, 0xa1, - 0xbf, 0xd4, 0x66, 0xad, 0x09, 0xe4, 0x62, 0xfb, 0x72, 0x61, 0xfb, 0x82, 0xe7, 0xca, 0x92, 0xe7, - 0xdf, 0xc0, 0xe6, 0x17, 0x34, 0x70, 0x7d, 0xa6, 0xfd, 0xef, 0xf3, 0x69, 0x2c, 0x1b, 0x46, 0xdd, - 0xf5, 0xdb, 0x9a, 0xec, 0xbb, 0x56, 0x4b, 0x4b, 0x8e, 0x5c, 0x72, 0x0f, 0x1a, 0x5c, 0x59, 0x6b, - 0xe0, 0xb5, 0x73, 0x7d, 0xa0, 0x95, 0xea, 0xcc, 0x6f, 0x81, 0x14, 0x5c, 0xcb, 0x86, 0x7f, 0x4e, - 0x76, 0x24, 0x00, 0x15, 0x28, 0x34, 0xb0, 0x3b, 0x79, 0x1c, 0x59, 0x99, 0x96, 0x0c, 0xa1, 0xc2, - 0x38, 0xd7, 0x5b, 0x60, 0x23, 0xb6, 0xf8, 0xbc, 0xb2, 0xa4, 0xca, 0xfc, 0x09, 0x6c, 0x9e, 0x45, - 0xcc, 0xf1, 0xa8, 0x8f, 0x9f, 0x46, 0x6a, 0x83, 0xbb, 0x50, 0x93, 0x41, 0x4e, 0x73, 0xb6, 0x85, - 0x0b, 0x51, 0xad, 0xe4, 0xe6, 0xb7, 0x60, 0xa8, 0x73, 0x1d, 0x5e, 0x7b, 0xb1, 0x60, 0x81, 0xc3, - 0x0e, 0x2e, 0x98, 0x73, 0xf9, 0x3f, 0xbc, 0xf9, 0x15, 0xdc, 0x5e, 0xb7, 0x43, 0x7a, 0xbe, 0xb6, - 0x23, 0x67, 0xf6, 0xb9, 0xa4, 0x6a, 0xdc, 0xa3, 0x69, 0x01, 0x8a, 0x3e, 0x97, 0x12, 0xf9, 0x8e, - 0x4c, 0xae, 0x8b, 0x35, 0x25, 0xea, 0x59, 0x1a, 0x8f, 0xca, 0xcd, 0xf1, 0xf8, 0x5b, 0x09, 0x5a, - 0x67, 0x4c, 0x24, 0x11, 0xde, 0xe5, 0x6d, 0x68, 0x4d, 0x78, 0x78, 0xc9, 0xf8, 0xe2, 0x2a, 0x4d, - 0x25, 0x38, 0x72, 0xc9, 0x53, 0xa8, 0x1f, 0x84, 0xc1, 0xb9, 0x37, 0xc5, 0x0f, 0xc5, 0xf6, 0xde, - 0x6d, 0xc5, 0x2e, 0x7a, 0xed, 0x48, 0xe9, 0x54, 0x59, 0xd5, 0x86, 0x64, 0x08, 0x6d, 0xfd, 0xb9, - 0xfd, 0xf2, 0xe5, 0xd1, 0xf3, 0xb4, 0x83, 0xcc, 0x89, 0x06, 0x1f, 0x43, 0x3b, 0xb7, 0xf0, 0x7b, - 0x55, 0x8b, 0x1f, 0x02, 0xe0, 0xee, 0x2a, 0x46, 0x1b, 0xea, 0xaa, 0x7a, 0xa5, 0xbc, 0xda, 0x5d, - 0x68, 0xc9, 0x8f, 0x15, 0xa5, 0x26, 0x50, 0xcd, 0x7d, 0x57, 0xe3, 0xd8, 0xbc, 0x07, 0x9b, 0x47, - 0xc1, 0x15, 0xf5, 0x3d, 0x97, 0x0a, 0xf6, 0x25, 0x9b, 0x63, 0x08, 0x56, 0x4e, 0x60, 0x9e, 0x41, - 0x47, 0x7f, 0xb9, 0xbe, 0xd1, 0x19, 0x3b, 0xfa, 0x8c, 0xdf, 0x9d, 0x44, 0xef, 0x43, 0x5f, 0x3b, - 0x3d, 0xf6, 0x74, 0x0a, 0xc9, 0x92, 0xce, 0xd9, 0xb9, 0x77, 0xad, 0x5d, 0xeb, 0x99, 0xf9, 0x0c, - 0x36, 0x72, 0xa6, 0xd9, 0x75, 0x2e, 0xd9, 0x3c, 0x4e, 0xbf, 0xe8, 0xe5, 0x38, 0x8d, 0x40, 0x79, - 0x11, 0x01, 0x13, 0x7a, 0x7a, 0xe5, 0x0b, 0x26, 0x6e, 0xb8, 0xdd, 0x97, 0xd9, 0x41, 0x5e, 0x30, - 0xed, 0xfc, 0x3e, 0xd4, 0x98, 0xbc, 0x69, 0xbe, 0x84, 0xe5, 0x23, 0x60, 0x29, 0xf5, 0x9a, 0x0d, - 0x9f, 0x65, 0x1b, 0x9e, 0x26, 0x6a, 0xc3, 0x37, 0xf4, 0x65, 0xbe, 0x97, 0x1d, 0xe3, 0x34, 0x11, - 0x37, 0xbd, 0xe8, 0x3d, 0xd8, 0xd4, 0x46, 0xcf, 0x99, 0xcf, 0x04, 0xbb, 0xe1, 0x4a, 0xf7, 0x81, - 0x14, 0xcc, 0x6e, 0x72, 0x77, 0x07, 0x9a, 0xe3, 0xf1, 0x71, 0xa6, 0x2d, 0x72, 0xa3, 0xf9, 0x09, - 0x6c, 0x9e, 0x25, 0x6e, 0x78, 0xca, 0xbd, 0x2b, 0xcf, 0x67, 0x53, 0xb5, 0x59, 0xda, 0x6b, 0x96, - 0x72, 0xbd, 0xe6, 0xda, 0x6a, 0x64, 0xee, 0x00, 0x29, 0x2c, 0xcf, 0xde, 0x2d, 0x4e, 0xdc, 0x50, - 0xa7, 0x30, 0x8e, 0xcd, 0x1d, 0xe8, 0x8c, 0xa9, 0xac, 0xf7, 0xae, 0xb2, 0x31, 0xa0, 0x21, 0xd4, - 0x5c, 0x9b, 0xa5, 0x53, 0x73, 0x0f, 0xb6, 0x0e, 0xa8, 0x73, 0xe1, 0x05, 0xd3, 0xe7, 0x5e, 0x2c, - 0x1b, 0x1e, 0xbd, 0x62, 0x00, 0x4d, 0x57, 0x0b, 0xf4, 0x92, 0x6c, 0x6e, 0x3e, 0x86, 0xb7, 0x72, - 0x3f, 0x9b, 0x9c, 0x09, 0x9a, 0xc6, 0x63, 0x0b, 0x6a, 0xb1, 0x9c, 0xe1, 0x8a, 0x9a, 0xa5, 0x26, - 0xe6, 0x57, 0xb0, 0x95, 0x2f, 0xc0, 0xb2, 0xfd, 0x48, 0x2f, 0x8e, 0x8d, 0x41, 0x29, 0xd7, 0x18, - 0xe8, 0x98, 0x95, 0x17, 0xf5, 0x64, 0x03, 0x2a, 0xbf, 0xfc, 0x66, 0xac, 0xc1, 0x2e, 0x87, 0xe6, - 0xef, 0xe5, 0xf6, 0x45, 0x7f, 0x6a, 0xfb, 0x42, 0x77, 0x50, 0x7a, 0x93, 0xee, 0x60, 0x0d, 0xde, - 0x1e, 0xc3, 0xe6, 0x89, 0x1f, 0x3a, 0x97, 0x87, 0x41, 0x2e, 0x1a, 0x06, 0x34, 0x58, 0x90, 0x0f, - 0x46, 0x3a, 0x35, 0x1f, 0x40, 0xff, 0x38, 0x74, 0xa8, 0x7f, 0x12, 0x26, 0x81, 0xc8, 0xa2, 0x80, - 0xbf, 0x63, 0x69, 0x53, 0x35, 0x31, 0x1f, 0x43, 0x4f, 0x97, 0xe8, 0xe0, 0x3c, 0x4c, 0x99, 0x71, - 0x51, 0xcc, 0x4b, 0xc5, 0xbe, 0xda, 0x3c, 0x86, 0xfe, 0xc2, 0x5c, 0xf9, 0x7d, 0x00, 0x75, 0xa5, - 0xd6, 0x77, 0xeb, 0x67, 0x5f, 0x83, 0xca, 0xd2, 0xd2, 0xea, 0x35, 0x97, 0x9a, 0x41, 0xef, 0x14, - 0x7f, 0x4f, 0x3c, 0x0c, 0xae, 0x94, 0xb3, 0x23, 0x20, 0xea, 0x17, 0x46, 0x9b, 0x05, 0x57, 0x1e, - 0x0f, 0x03, 0xec, 0x6f, 0x4b, 0xba, 0x85, 0x49, 0x1d, 0x67, 0x8b, 0x52, 0x0b, 0x6b, 0x33, 0x5a, - 0x16, 0xad, 0x8d, 0x21, 0x2c, 0x7e, 0xad, 0x90, 0xa5, 0x86, 0xb3, 0x59, 0x28, 0x98, 0x4d, 0x5d, - 0x37, 0xcd, 0x16, 0x50, 0xa2, 0x7d, 0xd7, 0xe5, 0x7b, 0xff, 0x29, 0x43, 0xe3, 0x33, 0x45, 0xe0, - 0xe4, 0x53, 0xe8, 0x16, 0xca, 0x35, 0x79, 0x0b, 0x7f, 0xae, 0x58, 0x6e, 0x0e, 0x06, 0xdb, 0x2b, - 0x62, 0x75, 0xaf, 0x27, 0xd0, 0xc9, 0x17, 0x63, 0x82, 0x85, 0x17, 0x7f, 0x3b, 0x1d, 0xa0, 0xa7, - 0xd5, 0x4a, 0x7d, 0x06, 0x5b, 0xeb, 0xca, 0x24, 0xb9, 0xb3, 0xd8, 0x61, 0xb5, 0x44, 0x0f, 0xde, - 0xb9, 0x49, 0x9b, 0x96, 0xd7, 0xc6, 0x81, 0xcf, 0x68, 0x90, 0x44, 0xf9, 0x13, 0x2c, 0x86, 0xe4, - 0x29, 0x74, 0x0b, 0x85, 0x42, 0xdd, 0x73, 0xa5, 0x76, 0xe4, 0x97, 0xdc, 0x87, 0x1a, 0x16, 0x27, - 0xd2, 0x2d, 0x54, 0xc9, 0x41, 0x2f, 0x9b, 0xaa, 0xbd, 0x87, 0x50, 0xc5, 0x5f, 0xd4, 0x72, 0x1b, - 0xe3, 0x8a, 0xac, 0x72, 0xed, 0xfd, 0xbb, 0x04, 0x8d, 0xf4, 0x57, 0xd6, 0xa7, 0x50, 0x95, 0x35, - 0x80, 0xdc, 0xca, 0xd1, 0x68, 0x5a, 0x3f, 0x06, 0x5b, 0x4b, 0x42, 0xb5, 0xc1, 0x08, 0x2a, 0x2f, - 0x98, 0x20, 0x24, 0xa7, 0xd4, 0xc5, 0x60, 0x70, 0xab, 0x28, 0xcb, 0xec, 0x4f, 0x93, 0xa2, 0xbd, - 0xe6, 0xf2, 0x82, 0x7d, 0xc6, 0xd2, 0x1f, 0x41, 0x5d, 0xb1, 0xac, 0x0a, 0xca, 0x0a, 0x3f, 0xab, - 0xc7, 0x5f, 0xe5, 0xe3, 0xbd, 0x7f, 0x54, 0x01, 0xce, 0xe6, 0xb1, 0x60, 0xb3, 0x5f, 0x79, 0xec, - 0x15, 0x79, 0x08, 0xfd, 0xe7, 0xec, 0x9c, 0x26, 0xbe, 0xc0, 0xaf, 0x25, 0xc9, 0x26, 0xb9, 0x98, - 0x60, 0xc3, 0x97, 0x91, 0xf5, 0x7d, 0x68, 0x9f, 0xd0, 0xeb, 0xd7, 0xdb, 0x7d, 0x0a, 0xdd, 0x02, - 0x07, 0xeb, 0x23, 0x2e, 0xb3, 0xba, 0x3e, 0xe2, 0x2a, 0x5b, 0xdf, 0x87, 0x86, 0x66, 0xe6, 0xfc, - 0x1e, 0x58, 0xc3, 0x0a, 0x8c, 0xfd, 0x53, 0xe8, 0x2f, 0xf1, 0x72, 0xde, 0x1e, 0x7f, 0x7d, 0x58, - 0xcb, 0xdb, 0xcf, 0xe4, 0xd7, 0x4e, 0x91, 0x9b, 0xf3, 0x0b, 0x6f, 0x2b, 0x3e, 0x5c, 0x47, 0xde, - 0x2f, 0x8a, 0xdf, 0x49, 0xf8, 0x95, 0x68, 0x2c, 0xd3, 0x67, 0x4a, 0xde, 0xa9, 0xa3, 0x75, 0x34, - 0xfc, 0x04, 0x3a, 0x79, 0x06, 0x5d, 0x49, 0xc1, 0x55, 0x7a, 0x7d, 0x04, 0xb0, 0x20, 0xd1, 0xbc, - 0x3d, 0xc2, 0x63, 0x99, 0x5f, 0x3f, 0x04, 0x58, 0x50, 0xa3, 0x42, 0x55, 0x91, 0x59, 0xd5, 0xb2, - 0x65, 0xfa, 0x7c, 0x08, 0xad, 0x8c, 0xce, 0xf2, 0x7b, 0xa0, 0x83, 0x22, 0x3b, 0x7e, 0x36, 0xfa, - 0xed, 0xa3, 0xa9, 0x27, 0x2e, 0x92, 0xc9, 0xc8, 0x09, 0x67, 0xbb, 0x17, 0x34, 0xbe, 0xf0, 0x9c, - 0x90, 0x47, 0xbb, 0x57, 0x12, 0x4c, 0xbb, 0x2b, 0x7f, 0x00, 0x4d, 0xea, 0xf8, 0xb1, 0xf7, 0xc1, - 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x4e, 0xbe, 0xe0, 0xab, 0x1c, 0x1a, 0x00, 0x00, + // 2483 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x59, 0xcd, 0x72, 0x1b, 0xc7, + 0x11, 0x2e, 0x00, 0xc4, 0x5f, 0xe3, 0x8f, 0x18, 0xd1, 0xcc, 0x0a, 0x96, 0x23, 0x78, 0x1d, 0x49, + 0xb4, 0x22, 0x81, 0x12, 0x1d, 0xc7, 0x72, 0x52, 0x76, 0x8a, 0xa6, 0x68, 0x99, 0x31, 0x69, 0xb3, + 0x96, 0x50, 0x9c, 0xbf, 0x2a, 0x78, 0xb0, 0x3b, 0x04, 0xb7, 0xb8, 0xd8, 0xdd, 0xcc, 0xce, 0x52, + 0xc4, 0x29, 0x6f, 0x91, 0xd7, 0xc8, 0x35, 0x95, 0x4b, 0x6e, 0xa9, 0x54, 0x72, 0xce, 0x6b, 0xe4, + 0x19, 0x52, 0xd3, 0x33, 0xfb, 0x07, 0x80, 0x96, 0x5c, 0x95, 0xdc, 0x66, 0xba, 0x7b, 0x7a, 0x66, + 0x7a, 0xbe, 0xfe, 0xba, 0x17, 0x80, 0xbb, 0x5e, 0x30, 0x73, 0x6d, 0xea, 0xed, 0x86, 0x5e, 0x3c, + 0x73, 0xfd, 0xdd, 0x70, 0xba, 0x3b, 0xa5, 0xf6, 0x25, 0xf3, 0x9d, 0x51, 0xc8, 0x03, 0x11, 0x90, + 0x72, 0x38, 0x1d, 0xdc, 0x9d, 0x05, 0xc1, 0xcc, 0x63, 0xbb, 0x28, 0x99, 0xc6, 0xe7, 0xbb, 0xc2, + 0x9d, 0xb3, 0x48, 0xd0, 0x79, 0xa8, 0x8c, 0x06, 0xdb, 0x89, 0x17, 0xd7, 0x61, 0xbe, 0x70, 0xc5, + 0x42, 0xcb, 0xb7, 0x8a, 0xde, 0x95, 0xd4, 0xac, 0x43, 0xf5, 0x70, 0x1e, 0x8a, 0x85, 0x39, 0x84, + 0xda, 0x17, 0x8c, 0x3a, 0x8c, 0x93, 0x6d, 0xa8, 0x5d, 0xe0, 0xc8, 0x28, 0x0d, 0x2b, 0x3b, 0x4d, + 0x4b, 0xcf, 0xcc, 0xdf, 0x01, 0x9c, 0xca, 0x35, 0x87, 0x9c, 0x07, 0x9c, 0xdc, 0x86, 0x06, 0xe3, + 0x7c, 0x22, 0x16, 0x21, 0x33, 0x4a, 0xc3, 0xd2, 0x4e, 0xc7, 0xaa, 0x33, 0xce, 0xc7, 0x8b, 0x90, + 0x91, 0x1f, 0x80, 0x1c, 0x4e, 0xe6, 0xd1, 0xcc, 0x28, 0x0f, 0x4b, 0xd2, 0x03, 0xe3, 0xfc, 0x24, + 0x9a, 0x25, 0x6b, 0xec, 0xc0, 0x61, 0x46, 0x65, 0x58, 0xda, 0xa9, 0xe0, 0x9a, 0x83, 0xc0, 0x61, + 0xe6, 0x9f, 0x4a, 0x50, 0x3d, 0xa5, 0xe2, 0x22, 0x22, 0x04, 0x36, 0x78, 0x10, 0x08, 0xbd, 0x39, + 0x8e, 0xc9, 0x0e, 0xf4, 0x62, 0x9f, 0xc6, 0xe2, 0x42, 0xde, 0xc8, 0xa6, 0x82, 0x39, 0x46, 0x19, + 0xd5, 0xcb, 0x62, 0xf2, 0x1e, 0x74, 0xbc, 0xc0, 0xa6, 0xde, 0x24, 0x12, 0x01, 0xa7, 0x33, 0xb9, + 0x8f, 0xb4, 0x6b, 0xa3, 0xf0, 0x4c, 0xc9, 0xc8, 0x43, 0xe8, 0x47, 0x8c, 0x7a, 0x93, 0x57, 0x9c, + 0x86, 0xa9, 0xe1, 0x86, 0x72, 0x28, 0x15, 0xdf, 0x70, 0x1a, 0x6a, 0x5b, 0xf3, 0x6f, 0x35, 0xa8, + 0x5b, 0xec, 0x0f, 0x31, 0x8b, 0x04, 0xe9, 0x42, 0xd9, 0x75, 0xf0, 0xb6, 0x4d, 0xab, 0xec, 0x3a, + 0x64, 0x04, 0xc4, 0x62, 0xa1, 0x27, 0xb7, 0x76, 0x03, 0xff, 0xc0, 0x8b, 0x23, 0xc1, 0xb8, 0xbe, + 0xf3, 0x1a, 0x0d, 0xb9, 0x03, 0xcd, 0x20, 0x64, 0x1c, 0x65, 0x18, 0x80, 0xa6, 0x95, 0x09, 0xe4, + 0xc5, 0x43, 0x2a, 0x2e, 0x8c, 0x0d, 0x54, 0xe0, 0x58, 0xca, 0x1c, 0x2a, 0xa8, 0x51, 0x55, 0x32, + 0x39, 0x26, 0x26, 0xd4, 0x22, 0x66, 0x73, 0x26, 0x8c, 0xda, 0xb0, 0xb4, 0xd3, 0xda, 0x83, 0x51, + 0x38, 0x1d, 0x9d, 0xa1, 0xc4, 0xd2, 0x1a, 0x72, 0x07, 0x36, 0x64, 0x5c, 0x8c, 0x3a, 0x5a, 0x34, + 0xa4, 0xc5, 0x7e, 0x2c, 0x2e, 0x2c, 0x94, 0x92, 0x3d, 0xa8, 0xab, 0x37, 0x8d, 0x8c, 0xc6, 0xb0, + 0xb2, 0xd3, 0xda, 0x33, 0xa4, 0x81, 0xbe, 0xe5, 0x48, 0xc1, 0x20, 0x3a, 0xf4, 0x05, 0x5f, 0x58, + 0x89, 0x21, 0x79, 0x17, 0xda, 0xb6, 0xe7, 0x32, 0x5f, 0x4c, 0x44, 0x70, 0xc9, 0x7c, 0xa3, 0x89, + 0x27, 0x6a, 0x29, 0xd9, 0x58, 0x8a, 0xc8, 0x1e, 0xbc, 0x95, 0x37, 0x99, 0x50, 0xdb, 0x66, 0x51, + 0x14, 0x70, 0x03, 0xd0, 0xf6, 0x56, 0xce, 0x76, 0x5f, 0xab, 0xa4, 0x5b, 0xc7, 0x8d, 0x42, 0x8f, + 0x2e, 0x26, 0x3e, 0x9d, 0x33, 0xa3, 0xa5, 0xdc, 0x6a, 0xd9, 0x57, 0x74, 0xce, 0xc8, 0x5d, 0x68, + 0xcd, 0x83, 0xd8, 0x17, 0x93, 0x30, 0x70, 0x7d, 0x61, 0xb4, 0xd1, 0x02, 0x50, 0x74, 0x2a, 0x25, + 0xe4, 0x1d, 0x50, 0x33, 0x05, 0xc6, 0x8e, 0x8a, 0x2b, 0x4a, 0x10, 0x8e, 0xf7, 0xa0, 0xab, 0xd4, + 0xe9, 0x79, 0xba, 0x68, 0xd2, 0x41, 0x69, 0x7a, 0x92, 0x27, 0xd0, 0x44, 0x3c, 0xb8, 0xfe, 0x79, + 0x60, 0xf4, 0x30, 0x6e, 0xb7, 0x72, 0x61, 0x91, 0x98, 0x38, 0xf2, 0xcf, 0x03, 0xab, 0xf1, 0x4a, + 0x8f, 0xc8, 0x27, 0xf0, 0x76, 0xe1, 0xbe, 0x9c, 0xcd, 0xa9, 0xeb, 0xbb, 0xfe, 0x6c, 0x12, 0x47, + 0x2c, 0x32, 0x36, 0x11, 0xe1, 0x46, 0xee, 0xd6, 0x56, 0x62, 0xf0, 0x32, 0x62, 0x11, 0x79, 0x1b, + 0x9a, 0x2a, 0x41, 0x27, 0xae, 0x63, 0xf4, 0xf1, 0x48, 0x0d, 0x25, 0x38, 0x72, 0xc8, 0x03, 0xe8, + 0x85, 0x81, 0xe7, 0xda, 0x8b, 0x49, 0x70, 0xc5, 0x38, 0x77, 0x1d, 0x66, 0x90, 0x61, 0x69, 0xa7, + 0x61, 0x75, 0x95, 0xf8, 0x6b, 0x2d, 0x5d, 0x97, 0x1a, 0xb7, 0xd0, 0x70, 0x25, 0x35, 0x46, 0x00, + 0x76, 0xe0, 0xfb, 0xcc, 0x46, 0xf8, 0x6d, 0xe1, 0x0d, 0xbb, 0xf2, 0x86, 0x07, 0xa9, 0xd4, 0xca, + 0x59, 0x0c, 0x3e, 0x87, 0x76, 0x1e, 0x0a, 0x64, 0x13, 0x2a, 0x97, 0x6c, 0xa1, 0xe1, 0x2f, 0x87, + 0x64, 0x08, 0xd5, 0x2b, 0xea, 0xc5, 0x0c, 0x21, 0xaf, 0x81, 0xa8, 0x96, 0x58, 0x4a, 0xf1, 0xb3, + 0xf2, 0xb3, 0x92, 0xf9, 0xd7, 0x2a, 0x6c, 0x48, 0xf0, 0x91, 0x0f, 0xa1, 0xe3, 0x31, 0x1a, 0xb1, + 0x49, 0x10, 0xca, 0x0d, 0x22, 0x74, 0xd5, 0xda, 0xdb, 0x94, 0xcb, 0x8e, 0xa5, 0xe2, 0x6b, 0x25, + 0xb7, 0xda, 0x5e, 0x6e, 0x26, 0x53, 0xda, 0xf5, 0x05, 0xe3, 0x3e, 0xf5, 0x26, 0x98, 0x0c, 0x2a, + 0xc1, 0xda, 0x89, 0xf0, 0xb9, 0x4c, 0x8a, 0x65, 0x1c, 0x55, 0x56, 0x71, 0x34, 0x80, 0x06, 0xc6, + 0xce, 0x65, 0x91, 0x4e, 0xf6, 0x74, 0x4e, 0xf6, 0xa0, 0x31, 0x67, 0x82, 0xea, 0x5c, 0x93, 0x29, + 0xb1, 0x9d, 0xe4, 0xcc, 0xe8, 0x44, 0x2b, 0x54, 0x42, 0xa4, 0x76, 0x2b, 0x19, 0x51, 0x5b, 0xcd, + 0x88, 0x01, 0x34, 0x52, 0xd0, 0xd5, 0xd5, 0x0b, 0x27, 0x73, 0x49, 0xb3, 0x21, 0xe3, 0x6e, 0xe0, + 0x18, 0x0d, 0x04, 0x8a, 0x9e, 0x49, 0x92, 0xf4, 0xe3, 0xb9, 0x82, 0x50, 0x53, 0x91, 0xa4, 0x1f, + 0xcf, 0x57, 0x11, 0x03, 0x4b, 0x88, 0xf9, 0x11, 0x54, 0xa9, 0xe7, 0xd2, 0x08, 0x53, 0x48, 0xbe, + 0xac, 0xe6, 0xfb, 0xd1, 0xbe, 0x94, 0x5a, 0x4a, 0x49, 0x3e, 0x80, 0xce, 0x8c, 0x07, 0x71, 0x38, + 0xc1, 0x29, 0x8b, 0x8c, 0x36, 0xde, 0x76, 0xd9, 0xba, 0x8d, 0x46, 0xfb, 0xca, 0x46, 0x66, 0xe0, + 0x34, 0x88, 0x7d, 0x67, 0x62, 0xbb, 0x0e, 0x8f, 0x8c, 0x0e, 0x06, 0x0f, 0x50, 0x74, 0x20, 0x25, + 0x32, 0xc5, 0x54, 0x0a, 0xa4, 0x01, 0xee, 0xa2, 0x4d, 0x07, 0xa5, 0xa7, 0x49, 0x94, 0x7f, 0x0c, + 0xfd, 0xa4, 0x28, 0x65, 0x96, 0x3d, 0xb4, 0xdc, 0x4c, 0x14, 0xa9, 0xf1, 0x0e, 0x6c, 0xb2, 0x6b, + 0x49, 0xa1, 0xae, 0x98, 0xcc, 0xe9, 0xf5, 0x44, 0x08, 0x4f, 0xa7, 0x54, 0x37, 0x91, 0x9f, 0xd0, + 0xeb, 0xb1, 0xf0, 0x64, 0xfe, 0xab, 0xdd, 0x31, 0xff, 0xfb, 0x58, 0x8c, 0x9a, 0x28, 0x91, 0xf9, + 0x3f, 0xf8, 0x39, 0x74, 0x0a, 0x4f, 0xb8, 0x06, 0xc8, 0x5b, 0x79, 0x20, 0x37, 0xf3, 0xe0, 0xfd, + 0xe7, 0x06, 0x00, 0xbe, 0xa5, 0x5a, 0xba, 0x5c, 0x01, 0xf2, 0x0f, 0x5c, 0x5e, 0xf3, 0xc0, 0x94, + 0x33, 0x5f, 0x68, 0x30, 0xea, 0xd9, 0x77, 0xe2, 0x30, 0xa9, 0x01, 0xd5, 0x5c, 0x0d, 0x78, 0x04, + 0x1b, 0x12, 0x73, 0x46, 0x2d, 0xa3, 0xea, 0xec, 0x44, 0x88, 0x4e, 0x85, 0x4c, 0xb4, 0x5a, 0x49, + 0x84, 0xfa, 0x6a, 0x22, 0xe4, 0x11, 0xd6, 0x28, 0x22, 0xec, 0x3d, 0xe8, 0xd8, 0x9c, 0x61, 0x3d, + 0x9a, 0xc8, 0xc6, 0x42, 0x23, 0xb0, 0x9d, 0x08, 0xc7, 0xee, 0x9c, 0xc9, 0xf8, 0xc9, 0xc7, 0x00, + 0x54, 0xc9, 0xe1, 0xda, 0xb7, 0x6a, 0xad, 0x7d, 0x2b, 0xac, 0xee, 0x1e, 0xd3, 0x2c, 0x8e, 0xe3, + 0x5c, 0x26, 0x74, 0x0a, 0x99, 0x50, 0x80, 0x7b, 0x77, 0x09, 0xee, 0x4b, 0x98, 0xec, 0xad, 0x60, + 0xf2, 0x5d, 0x68, 0xcb, 0x00, 0x44, 0x21, 0xb5, 0x99, 0x74, 0xb0, 0xa9, 0x02, 0x91, 0xca, 0x8e, + 0x1c, 0xcc, 0xe0, 0x78, 0x3a, 0x5d, 0x5c, 0x04, 0x1e, 0xcb, 0x48, 0xb8, 0x95, 0xca, 0x8e, 0x1c, + 0x79, 0x5e, 0x44, 0x15, 0x41, 0x54, 0xe1, 0x78, 0xf0, 0x11, 0x34, 0xd3, 0xa8, 0x7f, 0x2f, 0x30, + 0xfd, 0xb9, 0x04, 0xed, 0x3c, 0xd1, 0xc9, 0xc5, 0xe3, 0xf1, 0x31, 0x2e, 0xae, 0x58, 0x72, 0x28, + 0x5b, 0x04, 0xce, 0x7c, 0xf6, 0x8a, 0x4e, 0x3d, 0xe5, 0xa0, 0x61, 0x65, 0x02, 0xa9, 0x75, 0x7d, + 0x9b, 0xb3, 0x79, 0x82, 0xaa, 0x8a, 0x95, 0x09, 0xc8, 0xc7, 0x00, 0x6e, 0x14, 0xc5, 0x4c, 0xbd, + 0xdc, 0x06, 0xd2, 0xc0, 0x60, 0xa4, 0xfa, 0xc5, 0x51, 0xd2, 0x2f, 0x8e, 0xc6, 0x49, 0xbf, 0x68, + 0x35, 0xd1, 0x1a, 0x9f, 0x74, 0x1b, 0x6a, 0xf2, 0x81, 0xc6, 0xc7, 0x88, 0xbc, 0x8a, 0xa5, 0x67, + 0xe6, 0x1f, 0xa1, 0xa6, 0x3a, 0x8b, 0xff, 0x2b, 0x79, 0xdf, 0x86, 0x86, 0xf2, 0xed, 0x3a, 0x3a, + 0x57, 0xea, 0x38, 0x3f, 0x72, 0xcc, 0x7f, 0x95, 0xa0, 0x61, 0xb1, 0x28, 0x0c, 0xfc, 0x88, 0xe5, + 0x3a, 0x9f, 0xd2, 0x6b, 0x3b, 0x9f, 0xf2, 0xda, 0xce, 0x27, 0xe9, 0xa7, 0x2a, 0xb9, 0x7e, 0x6a, + 0x00, 0x0d, 0xce, 0x1c, 0x97, 0x33, 0x5b, 0xe8, 0xde, 0x2b, 0x9d, 0x4b, 0xdd, 0x2b, 0xca, 0x65, + 0xc9, 0x8e, 0xb0, 0x2e, 0x34, 0xad, 0x74, 0x4e, 0x9e, 0xe6, 0x1b, 0x06, 0xd5, 0x8a, 0x6d, 0xa9, + 0x86, 0x41, 0x1d, 0x77, 0xb5, 0x63, 0x30, 0xff, 0x51, 0x86, 0xcd, 0x65, 0xf5, 0x1a, 0x10, 0x6c, + 0x41, 0x55, 0x95, 0x14, 0x8d, 0x20, 0xb1, 0x52, 0x4c, 0x2a, 0x4b, 0x5c, 0xf3, 0x8b, 0xe5, 0xbc, + 0x7d, 0xfd, 0xeb, 0x17, 0x73, 0xfa, 0x7d, 0xd8, 0x94, 0xa7, 0x0c, 0x99, 0x93, 0xb5, 0x49, 0x8a, + 0x84, 0x7a, 0x5a, 0x9e, 0x36, 0x4a, 0x0f, 0xa1, 0x9f, 0x98, 0x66, 0xe9, 0x59, 0x2b, 0xd8, 0x1e, + 0x26, 0x59, 0xba, 0x0d, 0xb5, 0xf3, 0x80, 0xcf, 0xa9, 0xd0, 0x3c, 0xa4, 0x67, 0x05, 0x9e, 0x41, + 0xc2, 0x6b, 0x28, 0x58, 0x24, 0x42, 0xf9, 0x29, 0x20, 0xf3, 0x3f, 0x6d, 0xd3, 0x91, 0x88, 0x1a, + 0x56, 0x23, 0x69, 0xcf, 0xcd, 0x5f, 0x43, 0x6f, 0xa9, 0x33, 0x5b, 0x13, 0xc8, 0x6c, 0xfb, 0x72, + 0x61, 0xfb, 0x82, 0xe7, 0xca, 0x92, 0xe7, 0xdf, 0x40, 0xff, 0x0b, 0xea, 0x3b, 0x1e, 0xd3, 0xfe, + 0xf7, 0xf9, 0x2c, 0x92, 0x35, 0x46, 0x7f, 0x28, 0x4c, 0x74, 0x01, 0xe8, 0x58, 0x4d, 0x2d, 0x39, + 0x72, 0xc8, 0x3d, 0xa8, 0x73, 0x65, 0xad, 0x81, 0xd7, 0xca, 0xb5, 0x8e, 0x56, 0xa2, 0x33, 0xbf, + 0x05, 0x52, 0x70, 0x2d, 0xbf, 0x11, 0x16, 0x64, 0x47, 0x02, 0x50, 0x81, 0x42, 0x03, 0xbb, 0x9d, + 0xc7, 0x91, 0x95, 0x6a, 0xc9, 0x10, 0x2a, 0x8c, 0x73, 0xbd, 0x05, 0xf6, 0x6e, 0xd9, 0x17, 0x99, + 0x25, 0x55, 0xe6, 0x4f, 0xa0, 0x7f, 0x16, 0x32, 0xdb, 0xa5, 0x1e, 0x7e, 0x4d, 0xa9, 0x0d, 0xee, + 0x42, 0x55, 0x06, 0x39, 0xc9, 0xd9, 0x26, 0x2e, 0x44, 0xb5, 0x92, 0x9b, 0xdf, 0x82, 0xa1, 0xce, + 0x75, 0x78, 0xed, 0x46, 0x82, 0xf9, 0x36, 0x3b, 0xb8, 0x60, 0xf6, 0xe5, 0xff, 0xf0, 0xe6, 0x57, + 0x70, 0x7b, 0xdd, 0x0e, 0xc9, 0xf9, 0x5a, 0xb6, 0x9c, 0x4d, 0xce, 0x25, 0x7d, 0xe3, 0x1e, 0x0d, + 0x0b, 0x50, 0xf4, 0xb9, 0x94, 0xc8, 0x77, 0x64, 0x72, 0x5d, 0xa4, 0x29, 0x51, 0xcf, 0x92, 0x78, + 0x54, 0x6e, 0x8e, 0xc7, 0x5f, 0x4a, 0xd0, 0x3c, 0x63, 0x22, 0x0e, 0xf1, 0x2e, 0x6f, 0x43, 0x73, + 0xca, 0x83, 0x4b, 0xc6, 0xb3, 0xab, 0x34, 0x94, 0xe0, 0xc8, 0x21, 0x4f, 0xa1, 0x76, 0x10, 0xf8, + 0xe7, 0xee, 0x0c, 0xbf, 0x2d, 0x5b, 0x7b, 0xb7, 0x15, 0xbb, 0xe8, 0xb5, 0x23, 0xa5, 0x53, 0xa5, + 0x56, 0x1b, 0x92, 0x21, 0xb4, 0xf4, 0x17, 0xfa, 0xcb, 0x97, 0x47, 0xcf, 0x93, 0xa6, 0x33, 0x27, + 0x1a, 0x7c, 0x0c, 0xad, 0xdc, 0xc2, 0xef, 0x55, 0x2d, 0x7e, 0x08, 0x80, 0xbb, 0xab, 0x18, 0x6d, + 0xaa, 0xab, 0xea, 0x95, 0xf2, 0x6a, 0x77, 0xa1, 0x29, 0xfb, 0x1b, 0xa5, 0x4e, 0xea, 0x54, 0x29, + 0xab, 0x53, 0xe6, 0x3d, 0xe8, 0x1f, 0xf9, 0x57, 0xd4, 0x73, 0x1d, 0x2a, 0xd8, 0x97, 0x6c, 0x81, + 0x21, 0x58, 0x39, 0x81, 0x79, 0x06, 0x6d, 0xfd, 0xb1, 0xfb, 0x46, 0x67, 0x6c, 0xeb, 0x33, 0x7e, + 0x77, 0x12, 0xbd, 0x0f, 0x3d, 0xed, 0xf4, 0xd8, 0xd5, 0x29, 0x24, 0xcb, 0x3c, 0x67, 0xe7, 0xee, + 0xb5, 0x76, 0xad, 0x67, 0xe6, 0x33, 0xd8, 0xcc, 0x99, 0xa6, 0xd7, 0xb9, 0x64, 0x8b, 0x28, 0xf9, + 0x11, 0x40, 0x8e, 0x93, 0x08, 0x94, 0xb3, 0x08, 0x98, 0xd0, 0xd5, 0x2b, 0x5f, 0x30, 0x71, 0xc3, + 0xed, 0xbe, 0x4c, 0x0f, 0xf2, 0x82, 0x69, 0xe7, 0xf7, 0xa1, 0xca, 0xe4, 0x4d, 0xf3, 0x25, 0x2c, + 0x1f, 0x01, 0x4b, 0xa9, 0xd7, 0x6c, 0xf8, 0x2c, 0xdd, 0xf0, 0x34, 0x56, 0x1b, 0xbe, 0xa1, 0x2f, + 0xf3, 0xbd, 0xf4, 0x18, 0xa7, 0xb1, 0xb8, 0xe9, 0x45, 0xef, 0x41, 0x5f, 0x1b, 0x3d, 0x67, 0x1e, + 0x13, 0xec, 0x86, 0x2b, 0xdd, 0x07, 0x52, 0x30, 0xbb, 0xc9, 0xdd, 0x1d, 0x68, 0x8c, 0xc7, 0xc7, + 0xa9, 0xb6, 0xc8, 0x8d, 0xe6, 0x27, 0xd0, 0x3f, 0x8b, 0x9d, 0xe0, 0x94, 0xbb, 0x57, 0xae, 0xc7, + 0x66, 0x6a, 0xb3, 0xa4, 0xff, 0x2c, 0xe5, 0xfa, 0xcf, 0xb5, 0xd5, 0xc8, 0xdc, 0x01, 0x52, 0x58, + 0x9e, 0xbe, 0x5b, 0x14, 0x3b, 0x81, 0x4e, 0x61, 0x1c, 0x9b, 0x3b, 0xd0, 0x1e, 0x53, 0x59, 0xef, + 0x1d, 0x65, 0x63, 0x40, 0x5d, 0xa8, 0xb9, 0x36, 0x4b, 0xa6, 0xe6, 0x1e, 0x6c, 0x1d, 0x50, 0xfb, + 0xc2, 0xf5, 0x67, 0xcf, 0xdd, 0x48, 0x36, 0x3c, 0x7a, 0xc5, 0x00, 0x1a, 0x8e, 0x16, 0xe8, 0x25, + 0xe9, 0xdc, 0x7c, 0x0c, 0x6f, 0xe5, 0x7e, 0x69, 0x39, 0x13, 0x34, 0x89, 0xc7, 0x16, 0x54, 0x23, + 0x39, 0xc3, 0x15, 0x55, 0x4b, 0x4d, 0xcc, 0xaf, 0x60, 0x2b, 0x5f, 0x80, 0x65, 0xfb, 0x91, 0x5c, + 0x1c, 0x1b, 0x83, 0x52, 0xae, 0x31, 0xd0, 0x31, 0x2b, 0x67, 0xf5, 0x64, 0x13, 0x2a, 0xbf, 0xfc, + 0x66, 0xac, 0xc1, 0x2e, 0x87, 0xe6, 0xef, 0xe5, 0xf6, 0x45, 0x7f, 0x6a, 0xfb, 0x42, 0x77, 0x50, + 0x7a, 0x93, 0xee, 0x60, 0x0d, 0xde, 0x1e, 0x43, 0xff, 0xc4, 0x0b, 0xec, 0xcb, 0x43, 0x3f, 0x17, + 0x0d, 0x03, 0xea, 0xcc, 0xcf, 0x07, 0x23, 0x99, 0x9a, 0x0f, 0xa0, 0x77, 0x1c, 0xd8, 0xd4, 0x3b, + 0x09, 0x62, 0x5f, 0xa4, 0x51, 0xc0, 0x9f, 0xbe, 0xb4, 0xa9, 0x9a, 0x98, 0x8f, 0xa1, 0xab, 0x4b, + 0xb4, 0x7f, 0x1e, 0x24, 0xcc, 0x98, 0x15, 0xf3, 0x52, 0xb1, 0xd7, 0x36, 0x8f, 0xa1, 0x97, 0x99, + 0x2b, 0xbf, 0x0f, 0xa0, 0xa6, 0xd4, 0xfa, 0x6e, 0xbd, 0xf4, 0x03, 0x52, 0x59, 0x5a, 0x5a, 0xbd, + 0xe6, 0x52, 0x73, 0xe8, 0x9e, 0xe2, 0x4f, 0x90, 0x87, 0xfe, 0x95, 0x72, 0x76, 0x04, 0x44, 0xfd, + 0x28, 0x39, 0x61, 0xfe, 0x95, 0xcb, 0x03, 0x1f, 0xfb, 0xdb, 0x92, 0x6e, 0x61, 0x12, 0xc7, 0xe9, + 0xa2, 0xc4, 0xc2, 0xea, 0x87, 0xcb, 0xa2, 0xb5, 0x31, 0x84, 0xec, 0x07, 0x0e, 0x59, 0x6a, 0x38, + 0x9b, 0x07, 0x82, 0x4d, 0xa8, 0xe3, 0x24, 0xd9, 0x02, 0x4a, 0xb4, 0xef, 0x38, 0x7c, 0xef, 0x3f, + 0x65, 0xa8, 0x7f, 0xa6, 0x08, 0x9c, 0x7c, 0x0a, 0x9d, 0x42, 0xb9, 0x26, 0x6f, 0xe1, 0x2f, 0x1c, + 0xcb, 0xcd, 0xc1, 0x60, 0x7b, 0x45, 0xac, 0xee, 0xf5, 0x04, 0xda, 0xf9, 0x62, 0x4c, 0xb0, 0xf0, + 0xe2, 0xcf, 0xad, 0x03, 0xf4, 0xb4, 0x5a, 0xa9, 0xcf, 0x60, 0x6b, 0x5d, 0x99, 0x24, 0x77, 0xb2, + 0x1d, 0x56, 0x4b, 0xf4, 0xe0, 0x9d, 0x9b, 0xb4, 0x49, 0x79, 0xad, 0x1f, 0x78, 0x8c, 0xfa, 0x71, + 0x98, 0x3f, 0x41, 0x36, 0x24, 0x4f, 0xa1, 0x53, 0x28, 0x14, 0xea, 0x9e, 0x2b, 0xb5, 0x23, 0xbf, + 0xe4, 0x3e, 0x54, 0xb1, 0x38, 0x91, 0x4e, 0xa1, 0x4a, 0x0e, 0xba, 0xe9, 0x54, 0xed, 0x3d, 0x84, + 0x0d, 0xfc, 0x11, 0x2e, 0xb7, 0x31, 0xae, 0x48, 0x2b, 0xd7, 0xde, 0xbf, 0x4b, 0x50, 0x4f, 0x7e, + 0x98, 0x7d, 0x0a, 0x1b, 0xb2, 0x06, 0x90, 0x5b, 0x39, 0x1a, 0x4d, 0xea, 0xc7, 0x60, 0x6b, 0x49, + 0xa8, 0x36, 0x18, 0x41, 0xe5, 0x05, 0x13, 0x84, 0xe4, 0x94, 0xba, 0x18, 0x0c, 0x6e, 0x15, 0x65, + 0xa9, 0xfd, 0x69, 0x5c, 0xb4, 0xd7, 0x5c, 0x5e, 0xb0, 0x4f, 0x59, 0xfa, 0x23, 0xa8, 0x29, 0x96, + 0x55, 0x41, 0x59, 0xe1, 0x67, 0xf5, 0xf8, 0xab, 0x7c, 0xbc, 0xf7, 0xf7, 0x0d, 0x80, 0xb3, 0x45, + 0x24, 0xd8, 0xfc, 0x57, 0x2e, 0x7b, 0x45, 0x1e, 0x42, 0xef, 0x39, 0x3b, 0xa7, 0xb1, 0x27, 0xf0, + 0x6b, 0x49, 0xb2, 0x49, 0x2e, 0x26, 0xd8, 0xf0, 0xa5, 0x64, 0x7d, 0x1f, 0x5a, 0x27, 0xf4, 0xfa, + 0xf5, 0x76, 0x9f, 0x42, 0xa7, 0xc0, 0xc1, 0xfa, 0x88, 0xcb, 0xac, 0xae, 0x8f, 0xb8, 0xca, 0xd6, + 0xf7, 0xa1, 0xae, 0x99, 0x39, 0xbf, 0x07, 0xd6, 0xb0, 0x02, 0x63, 0xff, 0x14, 0x7a, 0x4b, 0xbc, + 0x9c, 0xb7, 0xc7, 0x5f, 0x24, 0xd6, 0xf2, 0xf6, 0x33, 0xf9, 0xb5, 0x53, 0xe4, 0xe6, 0xfc, 0xc2, + 0xdb, 0x8a, 0x0f, 0xd7, 0x91, 0xf7, 0x8b, 0xe2, 0x77, 0x12, 0x7e, 0x25, 0x1a, 0xcb, 0xf4, 0x99, + 0x90, 0x77, 0xe2, 0x68, 0x1d, 0x0d, 0x3f, 0x81, 0x76, 0x9e, 0x41, 0x57, 0x52, 0x70, 0x95, 0x5e, + 0x1f, 0x01, 0x64, 0x24, 0x9a, 0xb7, 0x47, 0x78, 0x2c, 0xf3, 0xeb, 0x87, 0x00, 0x19, 0x35, 0x2a, + 0x54, 0x15, 0x99, 0x55, 0x2d, 0x5b, 0xa6, 0xcf, 0x87, 0xd0, 0x4c, 0xe9, 0x2c, 0xbf, 0x07, 0x3a, + 0x28, 0xb2, 0xe3, 0x67, 0xa3, 0xdf, 0x3e, 0x9a, 0xb9, 0xe2, 0x22, 0x9e, 0x8e, 0xec, 0x60, 0xbe, + 0x7b, 0x41, 0xa3, 0x0b, 0xd7, 0x0e, 0x78, 0xb8, 0x7b, 0x25, 0xc1, 0xb4, 0xbb, 0xf2, 0x9f, 0xd1, + 0xb4, 0x86, 0x1f, 0x7b, 0x1f, 0xfc, 0x37, 0x00, 0x00, 0xff, 0xff, 0x93, 0x15, 0xb9, 0x42, 0x4f, + 0x1a, 0x00, 0x00, } diff --git a/vendor/github.com/hashicorp/vault/logical/plugin/pb/backend.proto b/vendor/github.com/hashicorp/vault/logical/plugin/pb/backend.proto index d134179b..e02cc1f9 100644 --- a/vendor/github.com/hashicorp/vault/logical/plugin/pb/backend.proto +++ b/vendor/github.com/hashicorp/vault/logical/plugin/pb/backend.proto @@ -31,7 +31,7 @@ message ProtoError { } // Paths is the structure of special paths that is used for SpecialPaths. -message Paths { +message Paths { // Root are the paths that require a root token to access repeated string root = 1; @@ -199,7 +199,7 @@ message Auth { // the range of the specified CIDR(s). repeated string bound_cidrs = 13; - // TokenPolicies and IdentityPolicies break down the list in Policies to + // TokenPolicies and IdentityPolicies break down the list in Policies to // help determine where a policy was sourced repeated string token_policies = 14; repeated string identity_policies = 15; @@ -207,6 +207,9 @@ message Auth { // Explicit maximum lifetime for the token. Unlike normal TTLs, the maximum // TTL is a hard limit and cannot be exceeded, also counts for periodic tokens. int64 explicit_max_ttl = 16; + + // TokenType is the type of token being requested + uint32 token_type = 17; } message TokenEntry { @@ -227,6 +230,7 @@ message TokenEntry { repeated string bound_cidrs = 15; string namespace_id = 16; string cubbyhole_id = 17; + uint32 type = 18; } message LeaseOptions { diff --git a/vendor/github.com/hashicorp/vault/logical/plugin/pb/translation.go b/vendor/github.com/hashicorp/vault/logical/plugin/pb/translation.go index 58532dec..c777cae5 100644 --- a/vendor/github.com/hashicorp/vault/logical/plugin/pb/translation.go +++ b/vendor/github.com/hashicorp/vault/logical/plugin/pb/translation.go @@ -486,6 +486,7 @@ func LogicalAuthToProtoAuth(a *logical.Auth) (*Auth, error) { return &Auth{ LeaseOptions: lo, + TokenType: uint32(a.TokenType), InternalData: string(buf[:]), DisplayName: a.DisplayName, Policies: a.Policies, @@ -532,6 +533,7 @@ func ProtoAuthToLogicalAuth(a *Auth) (*logical.Auth, error) { return &logical.Auth{ LeaseOptions: lo, + TokenType: logical.TokenType(a.TokenType), InternalData: data, DisplayName: a.DisplayName, Policies: a.Policies, @@ -578,6 +580,7 @@ func LogicalTokenEntryToProtoTokenEntry(t *logical.TokenEntry) *TokenEntry { BoundCIDRs: boundCIDRs, NamespaceID: t.NamespaceID, CubbyholeID: t.CubbyholeID, + Type: uint32(t.Type), } } @@ -614,5 +617,6 @@ func ProtoTokenEntryToLogicalTokenEntry(t *TokenEntry) (*logical.TokenEntry, err BoundCIDRs: boundCIDRs, NamespaceID: t.NamespaceID, CubbyholeID: t.CubbyholeID, + Type: logical.TokenType(t.Type), }, nil } diff --git a/vendor/github.com/hashicorp/vault/logical/plugin/plugin.go b/vendor/github.com/hashicorp/vault/logical/plugin/plugin.go index 7ef3a557..250097c2 100644 --- a/vendor/github.com/hashicorp/vault/logical/plugin/plugin.go +++ b/vendor/github.com/hashicorp/vault/logical/plugin/plugin.go @@ -7,13 +7,13 @@ import ( "encoding/gob" "errors" "fmt" - "time" - "sync" + "time" "github.com/hashicorp/errwrap" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-plugin" + "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/pluginutil" "github.com/hashicorp/vault/logical" ) @@ -61,9 +61,9 @@ func (b *BackendPluginClient) Cleanup(ctx context.Context) { // external plugins, or a concrete implementation of the backend if it is a builtin backend. // The backend is returned as a logical.Backend interface. The isMetadataMode param determines whether // the plugin should run in metadata mode. -func NewBackend(ctx context.Context, pluginName string, sys pluginutil.LookRunnerUtil, logger log.Logger, isMetadataMode bool) (logical.Backend, error) { +func NewBackend(ctx context.Context, pluginName string, pluginType consts.PluginType, sys pluginutil.LookRunnerUtil, conf *logical.BackendConfig, isMetadataMode bool) (logical.Backend, error) { // Look for plugin in the plugin catalog - pluginRunner, err := sys.LookupPlugin(ctx, pluginName) + pluginRunner, err := sys.LookupPlugin(ctx, pluginName, pluginType) if err != nil { return nil, err } @@ -71,21 +71,22 @@ func NewBackend(ctx context.Context, pluginName string, sys pluginutil.LookRunne var backend logical.Backend if pluginRunner.Builtin { // Plugin is builtin so we can retrieve an instance of the interface - // from the pluginRunner. Then cast it to logical.Backend. - backendRaw, err := pluginRunner.BuiltinFactory() + // from the pluginRunner. Then cast it to logical.Factory. + rawFactory, err := pluginRunner.BuiltinFactory() if err != nil { return nil, errwrap.Wrapf("error getting plugin type: {{err}}", err) } - var ok bool - backend, ok = backendRaw.(logical.Backend) - if !ok { + if factory, ok := rawFactory.(logical.Factory); !ok { return nil, fmt.Errorf("unsupported backend type: %q", pluginName) + } else { + if backend, err = factory(ctx, conf); err != nil { + return nil, err + } } - } else { // create a backendPluginClient instance - backend, err = newPluginClient(ctx, sys, pluginRunner, logger, isMetadataMode) + backend, err = NewPluginClient(ctx, sys, pluginRunner, conf.Logger, isMetadataMode) if err != nil { return nil, err } @@ -94,7 +95,7 @@ func NewBackend(ctx context.Context, pluginName string, sys pluginutil.LookRunne return backend, nil } -func newPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunner *pluginutil.PluginRunner, logger log.Logger, isMetadataMode bool) (logical.Backend, error) { +func NewPluginClient(ctx context.Context, sys pluginutil.RunnerUtil, pluginRunner *pluginutil.PluginRunner, logger log.Logger, isMetadataMode bool) (logical.Backend, error) { // pluginMap is the map of plugins we can dispense. pluginSet := map[int]plugin.PluginSet{ 3: plugin.PluginSet{ diff --git a/vendor/github.com/hashicorp/vault/logical/plugin/system.go b/vendor/github.com/hashicorp/vault/logical/plugin/system.go index 890f4ef5..148f39a9 100644 --- a/vendor/github.com/hashicorp/vault/logical/plugin/system.go +++ b/vendor/github.com/hashicorp/vault/logical/plugin/system.go @@ -106,7 +106,7 @@ func (s *SystemViewClient) ResponseWrapData(ctx context.Context, data map[string return reply.ResponseWrapInfo, nil } -func (s *SystemViewClient) LookupPlugin(ctx context.Context, name string) (*pluginutil.PluginRunner, error) { +func (s *SystemViewClient) LookupPlugin(_ context.Context, _ string, _ consts.PluginType) (*pluginutil.PluginRunner, error) { return nil, fmt.Errorf("cannot call LookupPlugin from a plugin backend") } diff --git a/vendor/github.com/hashicorp/vault/logical/response.go b/vendor/github.com/hashicorp/vault/logical/response.go index 96d4cce5..02ffa34c 100644 --- a/vendor/github.com/hashicorp/vault/logical/response.go +++ b/vendor/github.com/hashicorp/vault/logical/response.go @@ -89,11 +89,12 @@ func (r *Response) Error() error { } // HelpResponse is used to format a help response -func HelpResponse(text string, seeAlso []string) *Response { +func HelpResponse(text string, seeAlso []string, oapiDoc interface{}) *Response { return &Response{ Data: map[string]interface{}{ "help": text, "see_also": seeAlso, + "openapi": oapiDoc, }, } } diff --git a/vendor/github.com/hashicorp/vault/logical/system_view.go b/vendor/github.com/hashicorp/vault/logical/system_view.go index f9708474..dff258b1 100644 --- a/vendor/github.com/hashicorp/vault/logical/system_view.go +++ b/vendor/github.com/hashicorp/vault/logical/system_view.go @@ -56,7 +56,7 @@ type SystemView interface { // LookupPlugin looks into the plugin catalog for a plugin with the given // name. Returns a PluginRunner or an error if a plugin can not be found. - LookupPlugin(context.Context, string) (*pluginutil.PluginRunner, error) + LookupPlugin(context.Context, string, consts.PluginType) (*pluginutil.PluginRunner, error) // MlockEnabled returns the configuration setting for enabling mlock on // plugins. @@ -118,7 +118,7 @@ func (d StaticSystemView) ResponseWrapData(_ context.Context, data map[string]in return nil, errors.New("ResponseWrapData is not implemented in StaticSystemView") } -func (d StaticSystemView) LookupPlugin(_ context.Context, name string) (*pluginutil.PluginRunner, error) { +func (d StaticSystemView) LookupPlugin(_ context.Context, _ string, _ consts.PluginType) (*pluginutil.PluginRunner, error) { return nil, errors.New("LookupPlugin is not implemented in StaticSystemView") } diff --git a/vendor/github.com/hashicorp/vault/logical/token.go b/vendor/github.com/hashicorp/vault/logical/token.go index a991441f..c6212a36 100644 --- a/vendor/github.com/hashicorp/vault/logical/token.go +++ b/vendor/github.com/hashicorp/vault/logical/token.go @@ -6,8 +6,49 @@ import ( sockaddr "github.com/hashicorp/go-sockaddr" ) +type TokenType uint8 + +const ( + // TokenTypeDefault means "use the default, if any, that is currently set + // on the mount". If not set, results in a Service token. + TokenTypeDefault TokenType = iota + + // TokenTypeService is a "normal" Vault token for long-lived services + TokenTypeService + + // TokenTypeBatch is a batch token + TokenTypeBatch + + // TokenTypeDefaultService, configured on a mount, means that if + // TokenTypeDefault is sent back by the mount, create Service tokens + TokenTypeDefaultService + + // TokenTypeDefaultBatch, configured on a mount, means that if + // TokenTypeDefault is sent back by the mount, create Batch tokens + TokenTypeDefaultBatch +) + +func (t TokenType) String() string { + switch t { + case TokenTypeDefault: + return "default" + case TokenTypeService: + return "service" + case TokenTypeBatch: + return "batch" + case TokenTypeDefaultService: + return "default-service" + case TokenTypeDefaultBatch: + return "default-batch" + default: + panic("unreachable") + } +} + // TokenEntry is used to represent a given token type TokenEntry struct { + Type TokenType `json:"type" mapstructure:"type" structs:"type" sentinel:""` + // ID of this entry, generally a random UUID ID string `json:"id" mapstructure:"id" structs:"id" sentinel:""` @@ -107,6 +148,17 @@ func (te *TokenEntry) SentinelGet(key string) (interface{}, error) { case "meta", "metadata": return te.Meta, nil + + case "type": + teType := te.Type + switch teType { + case TokenTypeBatch, TokenTypeService: + case TokenTypeDefault: + teType = TokenTypeService + default: + return "unknown", nil + } + return teType.String(), nil } return nil, nil @@ -124,5 +176,6 @@ func (te *TokenEntry) SentinelKeys() []string { "creation_time_unix", "meta", "metadata", + "type", } } diff --git a/vendor/github.com/hashicorp/vault/logical/translate_response.go b/vendor/github.com/hashicorp/vault/logical/translate_response.go index 84ed284a..11714c22 100644 --- a/vendor/github.com/hashicorp/vault/logical/translate_response.go +++ b/vendor/github.com/hashicorp/vault/logical/translate_response.go @@ -36,6 +36,7 @@ func LogicalResponseToHTTPResponse(input *Response) *HTTPResponse { LeaseDuration: int(input.Auth.TTL.Seconds()), Renewable: input.Auth.Renewable, EntityID: input.Auth.EntityID, + TokenType: input.Auth.TokenType.String(), } } @@ -68,6 +69,12 @@ func HTTPResponseToLogicalResponse(input *HTTPResponse) *Response { } logicalResp.Auth.Renewable = input.Auth.Renewable logicalResp.Auth.TTL = time.Second * time.Duration(input.Auth.LeaseDuration) + switch input.Auth.TokenType { + case "service": + logicalResp.Auth.TokenType = TokenTypeService + case "batch": + logicalResp.Auth.TokenType = TokenTypeBatch + } } return logicalResp @@ -94,6 +101,7 @@ type HTTPAuth struct { LeaseDuration int `json:"lease_duration"` Renewable bool `json:"renewable"` EntityID string `json:"entity_id"` + TokenType string `json:"token_type"` } type HTTPWrapInfo struct { diff --git a/vendor/github.com/hashicorp/vault/physical/testing.go b/vendor/github.com/hashicorp/vault/physical/testing.go index 375d9053..6bff9d22 100644 --- a/vendor/github.com/hashicorp/vault/physical/testing.go +++ b/vendor/github.com/hashicorp/vault/physical/testing.go @@ -336,7 +336,7 @@ func ExerciseHABackend(t testing.TB, b HABackend, b2 HABackend) { t.Fatalf("stop lock 2: %v", err) } if leaderCh2 != nil { - t.Errorf("should not have gotten leaderCh: %v", leaderCh) + t.Errorf("should not have gotten leaderCh: %v", leaderCh2) } // Release the first lock @@ -352,7 +352,7 @@ func ExerciseHABackend(t testing.TB, b HABackend, b2 HABackend) { } // Check the value - held, val, err = lock.Value() + held, val, err = lock2.Value() if err != nil { t.Fatalf("value: %v", err) } @@ -360,7 +360,7 @@ func ExerciseHABackend(t testing.TB, b HABackend, b2 HABackend) { t.Errorf("should still be held") } if val != "baz" { - t.Errorf("expected value baz: %v", err) + t.Errorf("expected: baz, got: %v", val) } // Cleanup diff --git a/vendor/github.com/hashicorp/vault/physical/types.pb.go b/vendor/github.com/hashicorp/vault/physical/types.pb.go index 3ca8b99b..91fbb0e8 100644 --- a/vendor/github.com/hashicorp/vault/physical/types.pb.go +++ b/vendor/github.com/hashicorp/vault/physical/types.pb.go @@ -1,4 +1,3 @@ -// +build !enterprise // Code generated by protoc-gen-go. DO NOT EDIT. // source: physical/types.proto @@ -21,69 +20,202 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package -type SealWrapEntry struct { - Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` - Wrapped bool `protobuf:"varint,4,opt,name=wrapped,proto3" json:"wrapped,omitempty"` +type EncryptedBlobInfo struct { + Ciphertext []byte `protobuf:"bytes,1,opt,name=ciphertext,proto3" json:"ciphertext,omitempty"` + IV []byte `protobuf:"bytes,2,opt,name=iv,proto3" json:"iv,omitempty"` + HMAC []byte `protobuf:"bytes,3,opt,name=hmac,proto3" json:"hmac,omitempty"` + Wrapped bool `protobuf:"varint,4,opt,name=wrapped,proto3" json:"wrapped,omitempty"` + KeyInfo *SealKeyInfo `protobuf:"bytes,5,opt,name=key_info,json=keyInfo,proto3" json:"key_info,omitempty"` + // Key is the Key value for the entry that corresponds to + // physical.Entry.Key's value + Key string `protobuf:"bytes,6,opt,name=key,proto3" json:"key,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` } -func (m *SealWrapEntry) Reset() { *m = SealWrapEntry{} } -func (m *SealWrapEntry) String() string { return proto.CompactTextString(m) } -func (*SealWrapEntry) ProtoMessage() {} -func (*SealWrapEntry) Descriptor() ([]byte, []int) { +func (m *EncryptedBlobInfo) Reset() { *m = EncryptedBlobInfo{} } +func (m *EncryptedBlobInfo) String() string { return proto.CompactTextString(m) } +func (*EncryptedBlobInfo) ProtoMessage() {} +func (*EncryptedBlobInfo) Descriptor() ([]byte, []int) { return fileDescriptor_deea33bd14ea5328, []int{0} } -func (m *SealWrapEntry) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_SealWrapEntry.Unmarshal(m, b) +func (m *EncryptedBlobInfo) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_EncryptedBlobInfo.Unmarshal(m, b) } -func (m *SealWrapEntry) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_SealWrapEntry.Marshal(b, m, deterministic) +func (m *EncryptedBlobInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_EncryptedBlobInfo.Marshal(b, m, deterministic) } -func (m *SealWrapEntry) XXX_Merge(src proto.Message) { - xxx_messageInfo_SealWrapEntry.Merge(m, src) +func (m *EncryptedBlobInfo) XXX_Merge(src proto.Message) { + xxx_messageInfo_EncryptedBlobInfo.Merge(m, src) } -func (m *SealWrapEntry) XXX_Size() int { - return xxx_messageInfo_SealWrapEntry.Size(m) +func (m *EncryptedBlobInfo) XXX_Size() int { + return xxx_messageInfo_EncryptedBlobInfo.Size(m) } -func (m *SealWrapEntry) XXX_DiscardUnknown() { - xxx_messageInfo_SealWrapEntry.DiscardUnknown(m) +func (m *EncryptedBlobInfo) XXX_DiscardUnknown() { + xxx_messageInfo_EncryptedBlobInfo.DiscardUnknown(m) } -var xxx_messageInfo_SealWrapEntry proto.InternalMessageInfo +var xxx_messageInfo_EncryptedBlobInfo proto.InternalMessageInfo -func (m *SealWrapEntry) GetCiphertext() []byte { +func (m *EncryptedBlobInfo) GetCiphertext() []byte { if m != nil { return m.Ciphertext } return nil } -func (m *SealWrapEntry) GetWrapped() bool { +func (m *EncryptedBlobInfo) GetIV() []byte { + if m != nil { + return m.IV + } + return nil +} + +func (m *EncryptedBlobInfo) GetHMAC() []byte { + if m != nil { + return m.HMAC + } + return nil +} + +func (m *EncryptedBlobInfo) GetWrapped() bool { if m != nil { return m.Wrapped } return false } +func (m *EncryptedBlobInfo) GetKeyInfo() *SealKeyInfo { + if m != nil { + return m.KeyInfo + } + return nil +} + +func (m *EncryptedBlobInfo) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +// SealKeyInfo contains information regarding the seal used to encrypt the entry. +type SealKeyInfo struct { + // Mechanism is the method used by the seal to encrypt and sign the + // data as defined by the seal. + Mechanism uint64 `protobuf:"varint,1,opt,name=Mechanism,proto3" json:"Mechanism,omitempty"` + HMACMechanism uint64 `protobuf:"varint,2,opt,name=HMACMechanism,proto3" json:"HMACMechanism,omitempty"` + // This is an opaque ID used by the seal to identify the specific + // key to use as defined by the seal. This could be a version, key + // label, or something else. + KeyID string `protobuf:"bytes,3,opt,name=KeyID,proto3" json:"KeyID,omitempty"` + HMACKeyID string `protobuf:"bytes,4,opt,name=HMACKeyID,proto3" json:"HMACKeyID,omitempty"` + // These value are used when generating our own data encryption keys + // and encrypting them using the autoseal + WrappedKey []byte `protobuf:"bytes,5,opt,name=WrappedKey,proto3" json:"WrappedKey,omitempty"` + // Mechanism specific flags + Flags uint64 `protobuf:"varint,6,opt,name=Flags,proto3" json:"Flags,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *SealKeyInfo) Reset() { *m = SealKeyInfo{} } +func (m *SealKeyInfo) String() string { return proto.CompactTextString(m) } +func (*SealKeyInfo) ProtoMessage() {} +func (*SealKeyInfo) Descriptor() ([]byte, []int) { + return fileDescriptor_deea33bd14ea5328, []int{1} +} + +func (m *SealKeyInfo) XXX_Unmarshal(b []byte) error { + return xxx_messageInfo_SealKeyInfo.Unmarshal(m, b) +} +func (m *SealKeyInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + return xxx_messageInfo_SealKeyInfo.Marshal(b, m, deterministic) +} +func (m *SealKeyInfo) XXX_Merge(src proto.Message) { + xxx_messageInfo_SealKeyInfo.Merge(m, src) +} +func (m *SealKeyInfo) XXX_Size() int { + return xxx_messageInfo_SealKeyInfo.Size(m) +} +func (m *SealKeyInfo) XXX_DiscardUnknown() { + xxx_messageInfo_SealKeyInfo.DiscardUnknown(m) +} + +var xxx_messageInfo_SealKeyInfo proto.InternalMessageInfo + +func (m *SealKeyInfo) GetMechanism() uint64 { + if m != nil { + return m.Mechanism + } + return 0 +} + +func (m *SealKeyInfo) GetHMACMechanism() uint64 { + if m != nil { + return m.HMACMechanism + } + return 0 +} + +func (m *SealKeyInfo) GetKeyID() string { + if m != nil { + return m.KeyID + } + return "" +} + +func (m *SealKeyInfo) GetHMACKeyID() string { + if m != nil { + return m.HMACKeyID + } + return "" +} + +func (m *SealKeyInfo) GetWrappedKey() []byte { + if m != nil { + return m.WrappedKey + } + return nil +} + +func (m *SealKeyInfo) GetFlags() uint64 { + if m != nil { + return m.Flags + } + return 0 +} + func init() { - proto.RegisterType((*SealWrapEntry)(nil), "physical.SealWrapEntry") + proto.RegisterType((*EncryptedBlobInfo)(nil), "physical.EncryptedBlobInfo") + proto.RegisterType((*SealKeyInfo)(nil), "physical.SealKeyInfo") } func init() { proto.RegisterFile("physical/types.proto", fileDescriptor_deea33bd14ea5328) } var fileDescriptor_deea33bd14ea5328 = []byte{ - // 148 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x29, 0xc8, 0xa8, 0x2c, - 0xce, 0x4c, 0x4e, 0xcc, 0xd1, 0x2f, 0xa9, 0x2c, 0x48, 0x2d, 0xd6, 0x2b, 0x28, 0xca, 0x2f, 0xc9, - 0x17, 0xe2, 0x80, 0x89, 0x2a, 0x79, 0x72, 0xf1, 0x06, 0xa7, 0x26, 0xe6, 0x84, 0x17, 0x25, 0x16, - 0xb8, 0xe6, 0x95, 0x14, 0x55, 0x0a, 0xc9, 0x71, 0x71, 0x25, 0x67, 0x16, 0x64, 0xa4, 0x16, 0x95, - 0xa4, 0x56, 0x94, 0x48, 0x30, 0x2a, 0x30, 0x6a, 0xf0, 0x04, 0x21, 0x89, 0x08, 0x49, 0x70, 0xb1, - 0x97, 0x17, 0x25, 0x16, 0x14, 0xa4, 0xa6, 0x48, 0xb0, 0x28, 0x30, 0x6a, 0x70, 0x04, 0xc1, 0xb8, - 0x4e, 0xaa, 0x51, 0xca, 0xe9, 0x99, 0x25, 0x19, 0xa5, 0x49, 0x7a, 0xc9, 0xf9, 0xb9, 0xfa, 0x19, - 0x89, 0xc5, 0x19, 0x99, 0xc9, 0xf9, 0x45, 0x05, 0xfa, 0x65, 0x89, 0xa5, 0x39, 0x25, 0xfa, 0x30, - 0x1b, 0x93, 0xd8, 0xc0, 0x4e, 0x30, 0x06, 0x04, 0x00, 0x00, 0xff, 0xff, 0x71, 0xf9, 0x7a, 0x09, - 0x9a, 0x00, 0x00, 0x00, + // 312 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x54, 0x91, 0x5f, 0x4b, 0xc3, 0x30, + 0x14, 0xc5, 0x69, 0xd7, 0xfd, 0xbb, 0x9b, 0xa2, 0x61, 0x42, 0x1e, 0x44, 0xca, 0x54, 0xe8, 0x53, + 0x2b, 0xfa, 0x09, 0x9c, 0x7f, 0x50, 0xc6, 0x5e, 0xe2, 0x83, 0xe0, 0x8b, 0x64, 0x59, 0xb6, 0x84, + 0x75, 0x4d, 0x68, 0xb3, 0x69, 0x3e, 0x98, 0x4f, 0x7e, 0x39, 0x49, 0x4a, 0xd9, 0x7c, 0xbb, 0xf7, + 0x97, 0xc3, 0xe1, 0x9c, 0x1b, 0x18, 0x69, 0x61, 0x2b, 0xc9, 0x68, 0x9e, 0x19, 0xab, 0x79, 0x95, + 0xea, 0x52, 0x19, 0x85, 0x7a, 0x0d, 0x1d, 0xff, 0x04, 0x70, 0xfa, 0x54, 0xb0, 0xd2, 0x6a, 0xc3, + 0x17, 0x93, 0x5c, 0xcd, 0x5f, 0x8b, 0xa5, 0x42, 0x17, 0x00, 0x4c, 0x6a, 0xc1, 0x4b, 0xc3, 0xbf, + 0x0d, 0x0e, 0xe2, 0x20, 0x19, 0x92, 0x03, 0x82, 0x8e, 0x21, 0x94, 0x3b, 0x1c, 0x7a, 0x1e, 0xca, + 0x1d, 0x42, 0x10, 0x89, 0x0d, 0x65, 0xb8, 0xe5, 0x89, 0x9f, 0x11, 0x86, 0xee, 0x57, 0x49, 0xb5, + 0xe6, 0x0b, 0x1c, 0xc5, 0x41, 0xd2, 0x23, 0xcd, 0x8a, 0x6e, 0xa0, 0xb7, 0xe6, 0xf6, 0x53, 0x16, + 0x4b, 0x85, 0xdb, 0x71, 0x90, 0x0c, 0x6e, 0xcf, 0xd2, 0x26, 0x50, 0xfa, 0xc6, 0x69, 0x3e, 0xe5, + 0xd6, 0xc5, 0x20, 0xdd, 0x75, 0x3d, 0xa0, 0x13, 0x68, 0xad, 0xb9, 0xc5, 0x9d, 0x38, 0x48, 0xfa, + 0xc4, 0x8d, 0xe3, 0xdf, 0x00, 0x06, 0x07, 0x52, 0x74, 0x0e, 0xfd, 0x19, 0x67, 0x82, 0x16, 0xb2, + 0xda, 0xf8, 0xc0, 0x11, 0xd9, 0x03, 0x74, 0x05, 0x47, 0x2f, 0xb3, 0xfb, 0x87, 0xbd, 0x22, 0xf4, + 0x8a, 0xff, 0x10, 0x8d, 0xa0, 0xed, 0xec, 0x1e, 0x7d, 0x8d, 0x3e, 0xa9, 0x17, 0xe7, 0xec, 0x64, + 0xf5, 0x4b, 0xe4, 0x5f, 0xf6, 0xc0, 0x5d, 0xea, 0xbd, 0xae, 0x35, 0xe5, 0xd6, 0xb7, 0x19, 0x92, + 0x03, 0xe2, 0x3c, 0x9f, 0x73, 0xba, 0xaa, 0x7c, 0xf6, 0x88, 0xd4, 0xcb, 0xe4, 0xfa, 0xe3, 0x72, + 0x25, 0x8d, 0xd8, 0xce, 0x53, 0xa6, 0x36, 0x99, 0xa0, 0x95, 0x90, 0x4c, 0x95, 0x3a, 0xdb, 0xd1, + 0x6d, 0x6e, 0xb2, 0xe6, 0x16, 0xf3, 0x8e, 0xff, 0xad, 0xbb, 0xbf, 0x00, 0x00, 0x00, 0xff, 0xff, + 0x01, 0x95, 0xea, 0x9d, 0xc5, 0x01, 0x00, 0x00, } diff --git a/vendor/github.com/hashicorp/vault/physical/types.proto b/vendor/github.com/hashicorp/vault/physical/types.proto index 4633717d..0cc2eb53 100644 --- a/vendor/github.com/hashicorp/vault/physical/types.proto +++ b/vendor/github.com/hashicorp/vault/physical/types.proto @@ -4,7 +4,35 @@ option go_package = "github.com/hashicorp/vault/physical"; package physical; -message SealWrapEntry { +message EncryptedBlobInfo { bytes ciphertext = 1; + bytes iv = 2; + bytes hmac = 3; bool wrapped = 4; + SealKeyInfo key_info = 5; + + // Key is the Key value for the entry that corresponds to + // physical.Entry.Key's value + string key = 6; +} + +// SealKeyInfo contains information regarding the seal used to encrypt the entry. +message SealKeyInfo { + // Mechanism is the method used by the seal to encrypt and sign the + // data as defined by the seal. + uint64 Mechanism = 1; + uint64 HMACMechanism = 2; + + // This is an opaque ID used by the seal to identify the specific + // key to use as defined by the seal. This could be a version, key + // label, or something else. + string KeyID = 3; + string HMACKeyID = 4; + + // These value are used when generating our own data encryption keys + // and encrypting them using the autoseal + bytes WrappedKey = 5; + + // Mechanism specific flags + uint64 Flags = 6; } diff --git a/vendor/github.com/hashicorp/vault/ui/app/templates/components/license-info.hbs b/vendor/github.com/hashicorp/vault/ui/app/templates/components/license-info.hbs index d958249d..942698a1 100644 --- a/vendor/github.com/hashicorp/vault/ui/app/templates/components/license-info.hbs +++ b/vendor/github.com/hashicorp/vault/ui/app/templates/components/license-info.hbs @@ -5,10 +5,14 @@ {{#if isTemporary}} -
- - Your temporary license expires {{moment-from-now expirationTime}} and your vault will seal. Please enter a valid license below. - +
+ Temporary License
@@ -27,7 +31,7 @@
{{else}} -
+
Details {{#if showForm}}
@@ -61,7 +65,7 @@ {{/if}}
{{/if}} -
+
Features
{{#each featuresInfo as |info|}} diff --git a/vendor/github.com/hashicorp/vault/ui/tests/integration/components/license-test.js b/vendor/github.com/hashicorp/vault/ui/tests/integration/components/license-test.js index 7474c834..9c28f66c 100644 --- a/vendor/github.com/hashicorp/vault/ui/tests/integration/components/license-test.js +++ b/vendor/github.com/hashicorp/vault/ui/tests/integration/components/license-test.js @@ -6,6 +6,9 @@ import hbs from 'htmlbars-inline-precompile'; import sinon from 'sinon'; import { create } from 'ember-cli-page-object'; import license from '../../pages/components/license-info'; +import { allFeatures } from 'vault/helpers/all-features'; + +const FEATURES = allFeatures(); const component = create(license); @@ -33,7 +36,7 @@ module('Integration | Component | license info', function(hooks) { assert.equal(component.warning, LICENSE_WARNING_TEXT, 'it renders warning text including time left'); assert.equal(component.hasSaveButton, true, 'it renders the save button'); assert.equal(component.hasTextInput, true, 'it renders text input for new license'); - assert.equal(component.featureRows.length, 12, 'it renders 12 features'); + assert.equal(component.featureRows.length, FEATURES.length, 'it renders all of the features'); assert.equal(component.featureRows[0].featureName, 'HSM', 'it renders HSM feature'); assert.equal(component.featureRows[0].featureStatus, 'Active', 'it renders Active for HSM feature'); assert.equal( @@ -56,7 +59,7 @@ module('Integration | Component | license info', function(hooks) { await render( hbs`` ); - assert.equal(component.featureRows.length, 12, 'it renders 12 features'); + assert.equal(component.featureRows.length, FEATURES.length, 'it renders all of the features'); let activeFeatures = component.featureRows.filter(f => f.featureStatus === 'Active'); assert.equal(activeFeatures.length, 2); }); diff --git a/vendor/github.com/hashicorp/vault/version/version_base.go b/vendor/github.com/hashicorp/vault/version/version_base.go index a658000c..b1a28c8e 100644 --- a/vendor/github.com/hashicorp/vault/version/version_base.go +++ b/vendor/github.com/hashicorp/vault/version/version_base.go @@ -2,10 +2,10 @@ package version func init() { // The main version number that is being run at the moment. - Version = "0.11.5" + Version = "1.0.0" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release // such as "dev" (in development), "beta", "rc1", etc. - VersionPrerelease = "" + VersionPrerelease = "rc1" } diff --git a/vendor/github.com/hashicorp/vault/website/source/api/system/license.html.md b/vendor/github.com/hashicorp/vault/website/source/api/system/license.html.md index 038efb65..dbbcef82 100644 --- a/vendor/github.com/hashicorp/vault/website/source/api/system/license.html.md +++ b/vendor/github.com/hashicorp/vault/website/source/api/system/license.html.md @@ -1,7 +1,7 @@ --- layout: "api" page_title: "/sys/license - HTTP API" -sidebar_title: "/sys/license" +sidebar_title: "/sys/license" sidebar_current: "api-http-system-license" description: |- The `/sys/license` endpoint is used to view and update the license used in diff --git a/vendor/github.com/hpcloud/tail/.travis.yml b/vendor/github.com/hpcloud/tail/.travis.yml index ad8971f8..9cf8bb7f 100644 --- a/vendor/github.com/hpcloud/tail/.travis.yml +++ b/vendor/github.com/hpcloud/tail/.travis.yml @@ -4,10 +4,9 @@ script: - go test -race -v ./... go: + - 1.4 - 1.5 - 1.6 - - 1.7 - - 1.8 - tip matrix: @@ -15,5 +14,5 @@ matrix: - go: tip install: - - go get gopkg.in/fsnotify/fsnotify.v1 + - go get gopkg.in/fsnotify.v1 - go get gopkg.in/tomb.v1 diff --git a/vendor/github.com/hpcloud/tail/README.md b/vendor/github.com/hpcloud/tail/README.md index ed8bd9ac..fb7fbc26 100644 --- a/vendor/github.com/hpcloud/tail/README.md +++ b/vendor/github.com/hpcloud/tail/README.md @@ -1,5 +1,5 @@ [![Build Status](https://travis-ci.org/hpcloud/tail.svg)](https://travis-ci.org/hpcloud/tail) -[![Build status](https://ci.appveyor.com/api/projects/status/vrl3paf9md0a7bgk/branch/master?svg=true)](https://ci.appveyor.com/project/Nino-K/tail/branch/master) +[![Build status](https://ci.appveyor.com/api/projects/status/kohpsf3rvhjhrox6?svg=true)](https://ci.appveyor.com/project/HelionCloudFoundry/tail) # Go package for tail-ing files diff --git a/vendor/github.com/hpcloud/tail/ratelimiter/memory.go b/vendor/github.com/hpcloud/tail/ratelimiter/memory.go index bf3c2131..8f6a5784 100644 --- a/vendor/github.com/hpcloud/tail/ratelimiter/memory.go +++ b/vendor/github.com/hpcloud/tail/ratelimiter/memory.go @@ -5,10 +5,7 @@ import ( "time" ) -const ( - GC_SIZE int = 100 - GC_PERIOD time.Duration = 60 * time.Second -) +const GC_SIZE int = 100 type Memory struct { store map[string]LeakyBucket @@ -47,10 +44,11 @@ func (m *Memory) GarbageCollect() { now := time.Now() // rate limit GC to once per minute - if now.Unix() >= m.lastGCCollected.Add(GC_PERIOD).Unix() { + if now.Add(60*time.Second).Unix() > m.lastGCCollected.Unix() { + for key, bucket := range m.store { // if the bucket is drained, then GC - if bucket.DrainedAt().Unix() < now.Unix() { + if bucket.DrainedAt().Unix() > now.Unix() { delete(m.store, key) } } diff --git a/vendor/github.com/hpcloud/tail/tail.go b/vendor/github.com/hpcloud/tail/tail.go index c99cdaa2..2d252d60 100644 --- a/vendor/github.com/hpcloud/tail/tail.go +++ b/vendor/github.com/hpcloud/tail/tail.go @@ -22,7 +22,7 @@ import ( ) var ( - ErrStop = errors.New("tail should now stop") + ErrStop = fmt.Errorf("tail should now stop") ) type Line struct { @@ -250,7 +250,7 @@ func (tail *Tail) tailFileSync() { tail.openReader() - var offset int64 + var offset int64 = 0 var err error // Read line by line. @@ -273,9 +273,10 @@ func (tail *Tail) tailFileSync() { if cooloff { // Wait a second before seeking till the end of // file when rate limit is reached. - msg := ("Too much log activity; waiting a second " + - "before resuming tailing") - tail.Lines <- &Line{msg, time.Now(), errors.New(msg)} + msg := fmt.Sprintf( + "Too much log activity; waiting a second " + + "before resuming tailing") + tail.Lines <- &Line{msg, time.Now(), fmt.Errorf(msg)} select { case <-time.After(time.Second): case <-tail.Dying(): diff --git a/vendor/github.com/hpcloud/tail/watch/filechanges.go b/vendor/github.com/hpcloud/tail/watch/filechanges.go index f80aead9..3ce5dcec 100644 --- a/vendor/github.com/hpcloud/tail/watch/filechanges.go +++ b/vendor/github.com/hpcloud/tail/watch/filechanges.go @@ -8,7 +8,7 @@ type FileChanges struct { func NewFileChanges() *FileChanges { return &FileChanges{ - make(chan bool, 1), make(chan bool, 1), make(chan bool, 1)} + make(chan bool), make(chan bool), make(chan bool)} } func (fc *FileChanges) NotifyModified() { diff --git a/vendor/github.com/hpcloud/tail/watch/inotify.go b/vendor/github.com/hpcloud/tail/watch/inotify.go index 2bbfe0b6..4478f1e1 100644 --- a/vendor/github.com/hpcloud/tail/watch/inotify.go +++ b/vendor/github.com/hpcloud/tail/watch/inotify.go @@ -10,7 +10,7 @@ import ( "github.com/hpcloud/tail/util" - "gopkg.in/fsnotify/fsnotify.v1" + "gopkg.in/fsnotify.v1" "gopkg.in/tomb.v1" ) @@ -75,6 +75,7 @@ func (fw *InotifyFileWatcher) ChangeEvents(t *tomb.Tomb, pos int64) (*FileChange fw.Size = pos go func() { + defer RemoveWatch(fw.Filename) events := Events(fw.Filename) @@ -87,11 +88,9 @@ func (fw *InotifyFileWatcher) ChangeEvents(t *tomb.Tomb, pos int64) (*FileChange select { case evt, ok = <-events: if !ok { - RemoveWatch(fw.Filename) return } case <-t.Dying(): - RemoveWatch(fw.Filename) return } @@ -100,19 +99,13 @@ func (fw *InotifyFileWatcher) ChangeEvents(t *tomb.Tomb, pos int64) (*FileChange fallthrough case evt.Op&fsnotify.Rename == fsnotify.Rename: - RemoveWatch(fw.Filename) changes.NotifyDeleted() return - //With an open fd, unlink(fd) - inotify returns IN_ATTRIB (==fsnotify.Chmod) - case evt.Op&fsnotify.Chmod == fsnotify.Chmod: - fallthrough - case evt.Op&fsnotify.Write == fsnotify.Write: fi, err := os.Stat(fw.Filename) if err != nil { if os.IsNotExist(err) { - RemoveWatch(fw.Filename) changes.NotifyDeleted() return } diff --git a/vendor/github.com/hpcloud/tail/watch/inotify_tracker.go b/vendor/github.com/hpcloud/tail/watch/inotify_tracker.go index 739b3c2a..03be4275 100644 --- a/vendor/github.com/hpcloud/tail/watch/inotify_tracker.go +++ b/vendor/github.com/hpcloud/tail/watch/inotify_tracker.go @@ -12,7 +12,7 @@ import ( "github.com/hpcloud/tail/util" - "gopkg.in/fsnotify/fsnotify.v1" + "gopkg.in/fsnotify.v1" ) type InotifyTracker struct { @@ -83,21 +83,21 @@ func watch(winfo *watchInfo) error { } // RemoveWatch signals the run goroutine to remove the watch for the input filename -func RemoveWatch(fname string) error { - return remove(&watchInfo{ +func RemoveWatch(fname string) { + remove(&watchInfo{ fname: fname, }) } // RemoveWatch create signals the run goroutine to remove the watch for the input filename -func RemoveWatchCreate(fname string) error { - return remove(&watchInfo{ +func RemoveWatchCreate(fname string) { + remove(&watchInfo{ op: fsnotify.Create, fname: fname, }) } -func remove(winfo *watchInfo) error { +func remove(winfo *watchInfo) { // start running the shared InotifyTracker if not already running once.Do(goRun) @@ -108,10 +108,27 @@ func remove(winfo *watchInfo) error { delete(shared.done, winfo.fname) close(done) } + + fname := winfo.fname + if winfo.isCreate() { + // Watch for new files to be created in the parent directory. + fname = filepath.Dir(fname) + } + shared.watchNums[fname]-- + watchNum := shared.watchNums[fname] + if watchNum == 0 { + delete(shared.watchNums, fname) + } shared.mux.Unlock() + // If we were the last ones to watch this file, unsubscribe from inotify. + // This needs to happen after releasing the lock because fsnotify waits + // synchronously for the kernel to acknowledge the removal of the watch + // for this file, which causes us to deadlock if we still held the lock. + if watchNum == 0 { + shared.watcher.Remove(fname) + } shared.remove <- winfo - return <-shared.error } // Events returns a channel to which FileEvents corresponding to the input filename @@ -125,8 +142,8 @@ func Events(fname string) <-chan fsnotify.Event { } // Cleanup removes the watch for the input filename if necessary. -func Cleanup(fname string) error { - return RemoveWatch(fname) +func Cleanup(fname string) { + RemoveWatch(fname) } // watchFlags calls fsnotify.WatchFlags for the input filename and flags, creating @@ -137,8 +154,6 @@ func (shared *InotifyTracker) addWatch(winfo *watchInfo) error { if shared.chans[winfo.fname] == nil { shared.chans[winfo.fname] = make(chan fsnotify.Event) - } - if shared.done[winfo.fname] == nil { shared.done[winfo.fname] = make(chan bool) } @@ -148,50 +163,47 @@ func (shared *InotifyTracker) addWatch(winfo *watchInfo) error { fname = filepath.Dir(fname) } - var err error // already in inotify watch - if shared.watchNums[fname] == 0 { - err = shared.watcher.Add(fname) + if shared.watchNums[fname] > 0 { + shared.watchNums[fname]++ + if winfo.isCreate() { + shared.watchNums[winfo.fname]++ + } + return nil } + + err := shared.watcher.Add(fname) if err == nil { shared.watchNums[fname]++ + if winfo.isCreate() { + shared.watchNums[winfo.fname]++ + } } return err } // removeWatch calls fsnotify.RemoveWatch for the input filename and closes the // corresponding events channel. -func (shared *InotifyTracker) removeWatch(winfo *watchInfo) error { +func (shared *InotifyTracker) removeWatch(winfo *watchInfo) { shared.mux.Lock() + defer shared.mux.Unlock() ch := shared.chans[winfo.fname] - if ch != nil { - delete(shared.chans, winfo.fname) - close(ch) + if ch == nil { + return } - fname := winfo.fname - if winfo.isCreate() { - // Watch for new files to be created in the parent directory. - fname = filepath.Dir(fname) - } - shared.watchNums[fname]-- - watchNum := shared.watchNums[fname] - if watchNum == 0 { - delete(shared.watchNums, fname) - } - shared.mux.Unlock() + delete(shared.chans, winfo.fname) + close(ch) - var err error - // If we were the last ones to watch this file, unsubscribe from inotify. - // This needs to happen after releasing the lock because fsnotify waits - // synchronously for the kernel to acknowledge the removal of the watch - // for this file, which causes us to deadlock if we still held the lock. - if watchNum == 0 { - err = shared.watcher.Remove(fname) + if !winfo.isCreate() { + return } - return err + shared.watchNums[winfo.fname]-- + if shared.watchNums[winfo.fname] == 0 { + delete(shared.watchNums, winfo.fname) + } } // sendEvent sends the input event to the appropriate Tail. @@ -226,7 +238,7 @@ func (shared *InotifyTracker) run() { shared.error <- shared.addWatch(winfo) case winfo := <-shared.remove: - shared.error <- shared.removeWatch(winfo) + shared.removeWatch(winfo) case event, open := <-shared.watcher.Events: if !open { diff --git a/vendor/github.com/ryanuber/go-glob/glob.go b/vendor/github.com/ryanuber/go-glob/glob.go index e67db3be..d9d46379 100644 --- a/vendor/github.com/ryanuber/go-glob/glob.go +++ b/vendor/github.com/ryanuber/go-glob/glob.go @@ -30,25 +30,20 @@ func Glob(pattern, subj string) bool { trailingGlob := strings.HasSuffix(pattern, GLOB) end := len(parts) - 1 - // Go over the leading parts and ensure they match. - for i := 0; i < end; i++ { - idx := strings.Index(subj, parts[i]) - - switch i { - case 0: - // Check the first section. Requires special handling. - if !leadingGlob && idx != 0 { - return false - } - default: - // Check that the middle parts match. - if idx < 0 { - return false - } + // Check the first section. Requires special handling. + if !leadingGlob && !strings.HasPrefix(subj, parts[0]) { + return false + } + + // Go over the middle parts and ensure they match. + for i := 1; i < end; i++ { + if !strings.Contains(subj, parts[i]) { + return false } // Trim evaluated text from subj as we loop over the pattern. - subj = subj[idx+len(parts[i]):] + idx := strings.Index(subj, parts[i]) + len(parts[i]) + subj = subj[idx:] } // Reached the last section. Requires special handling. diff --git a/vendor/golang.org/x/sys/unix/mkall.sh b/vendor/golang.org/x/sys/unix/mkall.sh index 9b76ad66..4f92537c 100755 --- a/vendor/golang.org/x/sys/unix/mkall.sh +++ b/vendor/golang.org/x/sys/unix/mkall.sh @@ -10,7 +10,7 @@ GOOSARCH="${GOOS}_${GOARCH}" # defaults -mksyscall="./mksyscall.pl" +mksyscall="go run mksyscall.go" mkerrors="./mkerrors.sh" zerrors="zerrors_$GOOSARCH.go" mksysctl="" @@ -71,7 +71,7 @@ aix_ppc64) ;; darwin_386) mkerrors="$mkerrors -m32" - mksyscall="./mksyscall.pl -l32" + mksyscall="go run mksyscall.go -l32" mksysnum="./mksysnum_darwin.pl $(xcrun --show-sdk-path --sdk macosx)/usr/include/sys/syscall.h" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; @@ -92,13 +92,13 @@ darwin_arm64) ;; dragonfly_amd64) mkerrors="$mkerrors -m64" - mksyscall="./mksyscall.pl -dragonfly" + mksyscall="go run mksyscall.go -dragonfly" mksysnum="curl -s 'http://gitweb.dragonflybsd.org/dragonfly.git/blob_plain/HEAD:/sys/kern/syscalls.master' | ./mksysnum_dragonfly.pl" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; freebsd_386) mkerrors="$mkerrors -m32" - mksyscall="./mksyscall.pl -l32" + mksyscall="go run mksyscall.go -l32" mksysnum="curl -s 'http://svn.freebsd.org/base/stable/10/sys/kern/syscalls.master' | ./mksysnum_freebsd.pl" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; @@ -109,7 +109,7 @@ freebsd_amd64) ;; freebsd_arm) mkerrors="$mkerrors" - mksyscall="./mksyscall.pl -l32 -arm" + mksyscall="go run mksyscall.go -l32 -arm" mksysnum="curl -s 'http://svn.freebsd.org/base/stable/10/sys/kern/syscalls.master' | ./mksysnum_freebsd.pl" # Let the type of C char be signed for making the bare syscall # API consistent across platforms. @@ -124,19 +124,19 @@ linux_sparc64) ;; netbsd_386) mkerrors="$mkerrors -m32" - mksyscall="./mksyscall.pl -l32 -netbsd" + mksyscall="go run mksyscall.go -l32 -netbsd" mksysnum="curl -s 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master' | ./mksysnum_netbsd.pl" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; netbsd_amd64) mkerrors="$mkerrors -m64" - mksyscall="./mksyscall.pl -netbsd" + mksyscall="go run mksyscall.go -netbsd" mksysnum="curl -s 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master' | ./mksysnum_netbsd.pl" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; netbsd_arm) mkerrors="$mkerrors" - mksyscall="./mksyscall.pl -l32 -netbsd -arm" + mksyscall="go run mksyscall.go -l32 -netbsd -arm" mksysnum="curl -s 'http://cvsweb.netbsd.org/bsdweb.cgi/~checkout~/src/sys/kern/syscalls.master' | ./mksysnum_netbsd.pl" # Let the type of C char be signed for making the bare syscall # API consistent across platforms. @@ -144,21 +144,21 @@ netbsd_arm) ;; openbsd_386) mkerrors="$mkerrors -m32" - mksyscall="./mksyscall.pl -l32 -openbsd" + mksyscall="go run mksyscall.go -l32 -openbsd" mksysctl="./mksysctl_openbsd.pl" mksysnum="curl -s 'http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master' | ./mksysnum_openbsd.pl" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; openbsd_amd64) mkerrors="$mkerrors -m64" - mksyscall="./mksyscall.pl -openbsd" + mksyscall="go run mksyscall.go -openbsd" mksysctl="./mksysctl_openbsd.pl" mksysnum="curl -s 'http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master' | ./mksysnum_openbsd.pl" mktypes="GOARCH=$GOARCH go tool cgo -godefs" ;; openbsd_arm) mkerrors="$mkerrors" - mksyscall="./mksyscall.pl -l32 -openbsd -arm" + mksyscall="go run mksyscall.go -l32 -openbsd -arm" mksysctl="./mksysctl_openbsd.pl" mksysnum="curl -s 'http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/sys/kern/syscalls.master' | ./mksysnum_openbsd.pl" # Let the type of C char be signed for making the bare syscall diff --git a/vendor/golang.org/x/sys/unix/mksyscall.go b/vendor/golang.org/x/sys/unix/mksyscall.go new file mode 100644 index 00000000..36c0b5ac --- /dev/null +++ b/vendor/golang.org/x/sys/unix/mksyscall.go @@ -0,0 +1,367 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build ignore + +/* +This program reads a file containing function prototypes +(like syscall_darwin.go) and generates system call bodies. +The prototypes are marked by lines beginning with "//sys" +and read like func declarations if //sys is replaced by func, but: + * The parameter lists must give a name for each argument. + This includes return parameters. + * The parameter lists must give a type for each argument: + the (x, y, z int) shorthand is not allowed. + * If the return parameter is an error number, it must be named errno. + +A line beginning with //sysnb is like //sys, except that the +goroutine will not be suspended during the execution of the system +call. This must only be used for system calls which can never +block, as otherwise the system call could cause all goroutines to +hang. +*/ +package main + +import ( + "bufio" + "flag" + "fmt" + "os" + "regexp" + "strings" +) + +var ( + b32 = flag.Bool("b32", false, "32bit big-endian") + l32 = flag.Bool("l32", false, "32bit little-endian") + plan9 = flag.Bool("plan9", false, "plan9") + openbsd = flag.Bool("openbsd", false, "openbsd") + netbsd = flag.Bool("netbsd", false, "netbsd") + dragonfly = flag.Bool("dragonfly", false, "dragonfly") + arm = flag.Bool("arm", false, "arm") // 64-bit value should use (even, odd)-pair + tags = flag.String("tags", "", "build tags") + filename = flag.String("output", "", "output file name (standard output if omitted)") +) + +// cmdLine returns this programs's commandline arguments +func cmdLine() string { + return "go run mksyscall.go " + strings.Join(os.Args[1:], " ") +} + +// buildTags returns build tags +func buildTags() string { + return *tags +} + +// Param is function parameter +type Param struct { + Name string + Type string +} + +// usage prints the program usage +func usage() { + fmt.Fprintf(os.Stderr, "usage: go run mksyscall.go [-b32 | -l32] [-tags x,y] [file ...]\n") + os.Exit(1) +} + +// parseParamList parses parameter list and returns a slice of parameters +func parseParamList(list string) []string { + list = strings.TrimSpace(list) + if list == "" { + return []string{} + } + return regexp.MustCompile(`\s*,\s*`).Split(list, -1) +} + +// parseParam splits a parameter into name and type +func parseParam(p string) Param { + ps := regexp.MustCompile(`^(\S*) (\S*)$`).FindStringSubmatch(p) + if ps == nil { + fmt.Fprintf(os.Stderr, "malformed parameter: %s\n", p) + os.Exit(1) + } + return Param{ps[1], ps[2]} +} + +func main() { + // Get the OS and architecture (using GOARCH_TARGET if it exists) + goos := os.Getenv("GOOS") + goarch := os.Getenv("GOARCH_TARGET") + if goarch == "" { + goarch = os.Getenv("GOARCH") + } + + // Check that we are using the new build system if we should + if goos == "linux" && goarch != "sparc64" { + if os.Getenv("GOLANG_SYS_BUILD") != "docker" { + fmt.Fprintf(os.Stderr, "In the new build system, mksyscall should not be called directly.\n") + fmt.Fprintf(os.Stderr, "See README.md\n") + os.Exit(1) + } + } + + flag.Usage = usage + flag.Parse() + if len(flag.Args()) <= 0 { + fmt.Fprintf(os.Stderr, "no files to parse provided\n") + usage() + } + + endianness := "" + if *b32 { + endianness = "big-endian" + } else if *l32 { + endianness = "little-endian" + } + + text := "" + for _, path := range flag.Args() { + file, err := os.Open(path) + if err != nil { + fmt.Fprintf(os.Stderr, err.Error()) + os.Exit(1) + } + s := bufio.NewScanner(file) + for s.Scan() { + t := s.Text() + t = strings.TrimSpace(t) + t = regexp.MustCompile(`\s+`).ReplaceAllString(t, ` `) + nonblock := regexp.MustCompile(`^\/\/sysnb `).FindStringSubmatch(t) + if regexp.MustCompile(`^\/\/sys `).FindStringSubmatch(t) == nil && nonblock == nil { + continue + } + + // Line must be of the form + // func Open(path string, mode int, perm int) (fd int, errno error) + // Split into name, in params, out params. + f := regexp.MustCompile(`^\/\/sys(nb)? (\w+)\(([^()]*)\)\s*(?:\(([^()]+)\))?\s*(?:=\s*((?i)SYS_[A-Z0-9_]+))?$`).FindStringSubmatch(t) + if f == nil { + fmt.Fprintf(os.Stderr, "%s:%s\nmalformed //sys declaration\n", path, t) + os.Exit(1) + } + funct, inps, outps, sysname := f[2], f[3], f[4], f[5] + + // Split argument lists on comma. + in := parseParamList(inps) + out := parseParamList(outps) + + // Try in vain to keep people from editing this file. + // The theory is that they jump into the middle of the file + // without reading the header. + text += "// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT\n\n" + + // Go function header. + outDecl := "" + if len(out) > 0 { + outDecl = fmt.Sprintf(" (%s)", strings.Join(out, ", ")) + } + text += fmt.Sprintf("func %s(%s)%s {\n", funct, strings.Join(in, ", "), outDecl) + + // Check if err return available + errvar := "" + for _, param := range out { + p := parseParam(param) + if p.Type == "error" { + errvar = p.Name + break + } + } + + // Prepare arguments to Syscall. + var args []string + n := 0 + for _, param := range in { + p := parseParam(param) + if regexp.MustCompile(`^\*`).FindStringSubmatch(p.Type) != nil { + args = append(args, "uintptr(unsafe.Pointer("+p.Name+"))") + } else if p.Type == "string" && errvar != "" { + text += fmt.Sprintf("\tvar _p%d *byte\n", n) + text += fmt.Sprintf("\t_p%d, %s = BytePtrFromString(%s)\n", n, errvar, p.Name) + text += fmt.Sprintf("\tif %s != nil {\n\t\treturn\n\t}\n", errvar) + args = append(args, fmt.Sprintf("uintptr(unsafe.Pointer(_p%d))", n)) + n++ + } else if p.Type == "string" { + fmt.Fprintf(os.Stderr, path+":"+funct+" uses string arguments, but has no error return\n") + text += fmt.Sprintf("\tvar _p%d *byte\n", n) + text += fmt.Sprintf("\t_p%d, _ = BytePtrFromString(%s)\n", n, p.Name) + args = append(args, fmt.Sprintf("uintptr(unsafe.Pointer(_p%d))", n)) + n++ + } else if regexp.MustCompile(`^\[\](.*)`).FindStringSubmatch(p.Type) != nil { + // Convert slice into pointer, length. + // Have to be careful not to take address of &a[0] if len == 0: + // pass dummy pointer in that case. + // Used to pass nil, but some OSes or simulators reject write(fd, nil, 0). + text += fmt.Sprintf("\tvar _p%d unsafe.Pointer\n", n) + text += fmt.Sprintf("\tif len(%s) > 0 {\n\t\t_p%d = unsafe.Pointer(&%s[0])\n\t}", p.Name, n, p.Name) + text += fmt.Sprintf(" else {\n\t\t_p%d = unsafe.Pointer(&_zero)\n\t}\n", n) + args = append(args, fmt.Sprintf("uintptr(_p%d)", n), fmt.Sprintf("uintptr(len(%s))", p.Name)) + n++ + } else if p.Type == "int64" && (*openbsd || *netbsd) { + args = append(args, "0") + if endianness == "big-endian" { + args = append(args, fmt.Sprintf("uintptr(%s>>32)", p.Name), fmt.Sprintf("uintptr(%s)", p.Name)) + } else if endianness == "little-endian" { + args = append(args, fmt.Sprintf("uintptr(%s)", p.Name), fmt.Sprintf("uintptr(%s>>32)", p.Name)) + } else { + args = append(args, fmt.Sprintf("uintptr(%s)", p.Name)) + } + } else if p.Type == "int64" && *dragonfly { + if regexp.MustCompile(`^(?i)extp(read|write)`).FindStringSubmatch(funct) == nil { + args = append(args, "0") + } + if endianness == "big-endian" { + args = append(args, fmt.Sprintf("uintptr(%s>>32)", p.Name), fmt.Sprintf("uintptr(%s)", p.Name)) + } else if endianness == "little-endian" { + args = append(args, fmt.Sprintf("uintptr(%s)", p.Name), fmt.Sprintf("uintptr(%s>>32)", p.Name)) + } else { + args = append(args, fmt.Sprintf("uintptr(%s)", p.Name)) + } + } else if p.Type == "int64" && endianness != "" { + if len(args)%2 == 1 && *arm { + // arm abi specifies 64-bit argument uses + // (even, odd) pair + args = append(args, "0") + } + if endianness == "big-endian" { + args = append(args, fmt.Sprintf("uintptr(%s>>32)", p.Name), fmt.Sprintf("uintptr(%s)", p.Name)) + } else { + args = append(args, fmt.Sprintf("uintptr(%s)", p.Name), fmt.Sprintf("uintptr(%s>>32)", p.Name)) + } + } else { + args = append(args, fmt.Sprintf("uintptr(%s)", p.Name)) + } + } + + // Determine which form to use; pad args with zeros. + asm := "Syscall" + if nonblock != nil { + if errvar == "" && goos == "linux" { + asm = "RawSyscallNoError" + } else { + asm = "RawSyscall" + } + } else { + if errvar == "" && goos == "linux" { + asm = "SyscallNoError" + } + } + if len(args) <= 3 { + for len(args) < 3 { + args = append(args, "0") + } + } else if len(args) <= 6 { + asm += "6" + for len(args) < 6 { + args = append(args, "0") + } + } else if len(args) <= 9 { + asm += "9" + for len(args) < 9 { + args = append(args, "0") + } + } else { + fmt.Fprintf(os.Stderr, "%s:%s too many arguments to system call\n", path, funct) + } + + // System call number. + if sysname == "" { + sysname = "SYS_" + funct + sysname = regexp.MustCompile(`([a-z])([A-Z])`).ReplaceAllString(sysname, `${1}_$2`) + sysname = strings.ToUpper(sysname) + } + + // Actual call. + arglist := strings.Join(args, ", ") + call := fmt.Sprintf("%s(%s, %s)", asm, sysname, arglist) + + // Assign return values. + body := "" + ret := []string{"_", "_", "_"} + doErrno := false + for i := 0; i < len(out); i++ { + p := parseParam(out[i]) + reg := "" + if p.Name == "err" && !*plan9 { + reg = "e1" + ret[2] = reg + doErrno = true + } else if p.Name == "err" && *plan9 { + ret[0] = "r0" + ret[2] = "e1" + break + } else { + reg = fmt.Sprintf("r%d", i) + ret[i] = reg + } + if p.Type == "bool" { + reg = fmt.Sprintf("%s != 0", reg) + } + if p.Type == "int64" && endianness != "" { + // 64-bit number in r1:r0 or r0:r1. + if i+2 > len(out) { + fmt.Fprintf(os.Stderr, "%s:%s not enough registers for int64 return\n", path, funct) + } + if endianness == "big-endian" { + reg = fmt.Sprintf("int64(r%d)<<32 | int64(r%d)", i, i+1) + } else { + reg = fmt.Sprintf("int64(r%d)<<32 | int64(r%d)", i+1, i) + } + ret[i] = fmt.Sprintf("r%d", i) + ret[i+1] = fmt.Sprintf("r%d", i+1) + } + if reg != "e1" || *plan9 { + body += fmt.Sprintf("\t%s = %s(%s)\n", p.Name, p.Type, reg) + } + } + if ret[0] == "_" && ret[1] == "_" && ret[2] == "_" { + text += fmt.Sprintf("\t%s\n", call) + } else { + if errvar == "" && goos == "linux" { + // raw syscall without error on Linux, see golang.org/issue/22924 + text += fmt.Sprintf("\t%s, %s := %s\n", ret[0], ret[1], call) + } else { + text += fmt.Sprintf("\t%s, %s, %s := %s\n", ret[0], ret[1], ret[2], call) + } + } + text += body + + if *plan9 && ret[2] == "e1" { + text += "\tif int32(r0) == -1 {\n" + text += "\t\terr = e1\n" + text += "\t}\n" + } else if doErrno { + text += "\tif e1 != 0 {\n" + text += "\t\terr = errnoErr(e1)\n" + text += "\t}\n" + } + text += "\treturn\n" + text += "}\n\n" + + } + if err := s.Err(); err != nil { + fmt.Fprintf(os.Stderr, err.Error()) + os.Exit(1) + } + file.Close() + } + fmt.Printf(srcTemplate, cmdLine(), buildTags(), text) +} + +const srcTemplate = `// %s +// Code generated by the command above; see README.md. DO NOT EDIT. + +// +build %s + +package unix + +import ( + "syscall" + "unsafe" +) + +var _ syscall.Errno + +%s +` diff --git a/vendor/golang.org/x/sys/unix/mksyscall.pl b/vendor/golang.org/x/sys/unix/mksyscall.pl deleted file mode 100755 index 1f6b926f..00000000 --- a/vendor/golang.org/x/sys/unix/mksyscall.pl +++ /dev/null @@ -1,341 +0,0 @@ -#!/usr/bin/env perl -# Copyright 2009 The Go Authors. All rights reserved. -# Use of this source code is governed by a BSD-style -# license that can be found in the LICENSE file. - -# This program reads a file containing function prototypes -# (like syscall_darwin.go) and generates system call bodies. -# The prototypes are marked by lines beginning with "//sys" -# and read like func declarations if //sys is replaced by func, but: -# * The parameter lists must give a name for each argument. -# This includes return parameters. -# * The parameter lists must give a type for each argument: -# the (x, y, z int) shorthand is not allowed. -# * If the return parameter is an error number, it must be named errno. - -# A line beginning with //sysnb is like //sys, except that the -# goroutine will not be suspended during the execution of the system -# call. This must only be used for system calls which can never -# block, as otherwise the system call could cause all goroutines to -# hang. - -use strict; - -my $cmdline = "mksyscall.pl " . join(' ', @ARGV); -my $errors = 0; -my $_32bit = ""; -my $plan9 = 0; -my $openbsd = 0; -my $netbsd = 0; -my $dragonfly = 0; -my $arm = 0; # 64-bit value should use (even, odd)-pair -my $tags = ""; # build tags - -if($ARGV[0] eq "-b32") { - $_32bit = "big-endian"; - shift; -} elsif($ARGV[0] eq "-l32") { - $_32bit = "little-endian"; - shift; -} -if($ARGV[0] eq "-plan9") { - $plan9 = 1; - shift; -} -if($ARGV[0] eq "-openbsd") { - $openbsd = 1; - shift; -} -if($ARGV[0] eq "-netbsd") { - $netbsd = 1; - shift; -} -if($ARGV[0] eq "-dragonfly") { - $dragonfly = 1; - shift; -} -if($ARGV[0] eq "-arm") { - $arm = 1; - shift; -} -if($ARGV[0] eq "-tags") { - shift; - $tags = $ARGV[0]; - shift; -} - -if($ARGV[0] =~ /^-/) { - print STDERR "usage: mksyscall.pl [-b32 | -l32] [-tags x,y] [file ...]\n"; - exit 1; -} - -# Check that we are using the new build system if we should -if($ENV{'GOOS'} eq "linux" && $ENV{'GOARCH'} ne "sparc64") { - if($ENV{'GOLANG_SYS_BUILD'} ne "docker") { - print STDERR "In the new build system, mksyscall should not be called directly.\n"; - print STDERR "See README.md\n"; - exit 1; - } -} - - -sub parseparamlist($) { - my ($list) = @_; - $list =~ s/^\s*//; - $list =~ s/\s*$//; - if($list eq "") { - return (); - } - return split(/\s*,\s*/, $list); -} - -sub parseparam($) { - my ($p) = @_; - if($p !~ /^(\S*) (\S*)$/) { - print STDERR "$ARGV:$.: malformed parameter: $p\n"; - $errors = 1; - return ("xx", "int"); - } - return ($1, $2); -} - -my $text = ""; -while(<>) { - chomp; - s/\s+/ /g; - s/^\s+//; - s/\s+$//; - my $nonblock = /^\/\/sysnb /; - next if !/^\/\/sys / && !$nonblock; - - # Line must be of the form - # func Open(path string, mode int, perm int) (fd int, errno error) - # Split into name, in params, out params. - if(!/^\/\/sys(nb)? (\w+)\(([^()]*)\)\s*(?:\(([^()]+)\))?\s*(?:=\s*((?i)SYS_[A-Z0-9_]+))?$/) { - print STDERR "$ARGV:$.: malformed //sys declaration\n"; - $errors = 1; - next; - } - my ($func, $in, $out, $sysname) = ($2, $3, $4, $5); - - # Split argument lists on comma. - my @in = parseparamlist($in); - my @out = parseparamlist($out); - - # Try in vain to keep people from editing this file. - # The theory is that they jump into the middle of the file - # without reading the header. - $text .= "// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT\n\n"; - - # Go function header. - my $out_decl = @out ? sprintf(" (%s)", join(', ', @out)) : ""; - $text .= sprintf "func %s(%s)%s {\n", $func, join(', ', @in), $out_decl; - - # Check if err return available - my $errvar = ""; - foreach my $p (@out) { - my ($name, $type) = parseparam($p); - if($type eq "error") { - $errvar = $name; - last; - } - } - - # Prepare arguments to Syscall. - my @args = (); - my $n = 0; - foreach my $p (@in) { - my ($name, $type) = parseparam($p); - if($type =~ /^\*/) { - push @args, "uintptr(unsafe.Pointer($name))"; - } elsif($type eq "string" && $errvar ne "") { - $text .= "\tvar _p$n *byte\n"; - $text .= "\t_p$n, $errvar = BytePtrFromString($name)\n"; - $text .= "\tif $errvar != nil {\n\t\treturn\n\t}\n"; - push @args, "uintptr(unsafe.Pointer(_p$n))"; - $n++; - } elsif($type eq "string") { - print STDERR "$ARGV:$.: $func uses string arguments, but has no error return\n"; - $text .= "\tvar _p$n *byte\n"; - $text .= "\t_p$n, _ = BytePtrFromString($name)\n"; - push @args, "uintptr(unsafe.Pointer(_p$n))"; - $n++; - } elsif($type =~ /^\[\](.*)/) { - # Convert slice into pointer, length. - # Have to be careful not to take address of &a[0] if len == 0: - # pass dummy pointer in that case. - # Used to pass nil, but some OSes or simulators reject write(fd, nil, 0). - $text .= "\tvar _p$n unsafe.Pointer\n"; - $text .= "\tif len($name) > 0 {\n\t\t_p$n = unsafe.Pointer(\&${name}[0])\n\t}"; - $text .= " else {\n\t\t_p$n = unsafe.Pointer(&_zero)\n\t}"; - $text .= "\n"; - push @args, "uintptr(_p$n)", "uintptr(len($name))"; - $n++; - } elsif($type eq "int64" && ($openbsd || $netbsd)) { - push @args, "0"; - if($_32bit eq "big-endian") { - push @args, "uintptr($name>>32)", "uintptr($name)"; - } elsif($_32bit eq "little-endian") { - push @args, "uintptr($name)", "uintptr($name>>32)"; - } else { - push @args, "uintptr($name)"; - } - } elsif($type eq "int64" && $dragonfly) { - if ($func !~ /^extp(read|write)/i) { - push @args, "0"; - } - if($_32bit eq "big-endian") { - push @args, "uintptr($name>>32)", "uintptr($name)"; - } elsif($_32bit eq "little-endian") { - push @args, "uintptr($name)", "uintptr($name>>32)"; - } else { - push @args, "uintptr($name)"; - } - } elsif($type eq "int64" && $_32bit ne "") { - if(@args % 2 && $arm) { - # arm abi specifies 64-bit argument uses - # (even, odd) pair - push @args, "0" - } - if($_32bit eq "big-endian") { - push @args, "uintptr($name>>32)", "uintptr($name)"; - } else { - push @args, "uintptr($name)", "uintptr($name>>32)"; - } - } else { - push @args, "uintptr($name)"; - } - } - - # Determine which form to use; pad args with zeros. - my $asm = "Syscall"; - if ($nonblock) { - if ($errvar eq "" && $ENV{'GOOS'} eq "linux") { - $asm = "RawSyscallNoError"; - } else { - $asm = "RawSyscall"; - } - } else { - if ($errvar eq "" && $ENV{'GOOS'} eq "linux") { - $asm = "SyscallNoError"; - } - } - if(@args <= 3) { - while(@args < 3) { - push @args, "0"; - } - } elsif(@args <= 6) { - $asm .= "6"; - while(@args < 6) { - push @args, "0"; - } - } elsif(@args <= 9) { - $asm .= "9"; - while(@args < 9) { - push @args, "0"; - } - } else { - print STDERR "$ARGV:$.: too many arguments to system call\n"; - } - - # System call number. - if($sysname eq "") { - $sysname = "SYS_$func"; - $sysname =~ s/([a-z])([A-Z])/${1}_$2/g; # turn FooBar into Foo_Bar - $sysname =~ y/a-z/A-Z/; - } - - # Actual call. - my $args = join(', ', @args); - my $call = "$asm($sysname, $args)"; - - # Assign return values. - my $body = ""; - my @ret = ("_", "_", "_"); - my $do_errno = 0; - for(my $i=0; $i<@out; $i++) { - my $p = $out[$i]; - my ($name, $type) = parseparam($p); - my $reg = ""; - if($name eq "err" && !$plan9) { - $reg = "e1"; - $ret[2] = $reg; - $do_errno = 1; - } elsif($name eq "err" && $plan9) { - $ret[0] = "r0"; - $ret[2] = "e1"; - next; - } else { - $reg = sprintf("r%d", $i); - $ret[$i] = $reg; - } - if($type eq "bool") { - $reg = "$reg != 0"; - } - if($type eq "int64" && $_32bit ne "") { - # 64-bit number in r1:r0 or r0:r1. - if($i+2 > @out) { - print STDERR "$ARGV:$.: not enough registers for int64 return\n"; - } - if($_32bit eq "big-endian") { - $reg = sprintf("int64(r%d)<<32 | int64(r%d)", $i, $i+1); - } else { - $reg = sprintf("int64(r%d)<<32 | int64(r%d)", $i+1, $i); - } - $ret[$i] = sprintf("r%d", $i); - $ret[$i+1] = sprintf("r%d", $i+1); - } - if($reg ne "e1" || $plan9) { - $body .= "\t$name = $type($reg)\n"; - } - } - if ($ret[0] eq "_" && $ret[1] eq "_" && $ret[2] eq "_") { - $text .= "\t$call\n"; - } else { - if ($errvar eq "" && $ENV{'GOOS'} eq "linux") { - # raw syscall without error on Linux, see golang.org/issue/22924 - $text .= "\t$ret[0], $ret[1] := $call\n"; - } else { - $text .= "\t$ret[0], $ret[1], $ret[2] := $call\n"; - } - } - $text .= $body; - - if ($plan9 && $ret[2] eq "e1") { - $text .= "\tif int32(r0) == -1 {\n"; - $text .= "\t\terr = e1\n"; - $text .= "\t}\n"; - } elsif ($do_errno) { - $text .= "\tif e1 != 0 {\n"; - $text .= "\t\terr = errnoErr(e1)\n"; - $text .= "\t}\n"; - } - $text .= "\treturn\n"; - $text .= "}\n\n"; -} - -chomp $text; -chomp $text; - -if($errors) { - exit 1; -} - -print < 0 { + _p1 = unsafe.Pointer(&dest[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall6(SYS_FGETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), 0, 0) + sz = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func FinitModule(fd int, params string, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(params) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_FINIT_MODULE, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(flags)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Flistxattr(fd int, dest []byte) (sz int, err error) { + var _p0 unsafe.Pointer + if len(dest) > 0 { + _p0 = unsafe.Pointer(&dest[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + r0, _, e1 := Syscall(SYS_FLISTXATTR, uintptr(fd), uintptr(_p0), uintptr(len(dest))) + sz = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Flock(fd int, how int) (err error) { _, _, e1 := Syscall(SYS_FLOCK, uintptr(fd), uintptr(how), 0) if e1 != 0 { @@ -599,6 +663,42 @@ func Flock(fd int, how int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Fremovexattr(fd int, attr string) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(attr) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_FREMOVEXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + +func Fsetxattr(fd int, attr string, dest []byte, flags int) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(attr) + if err != nil { + return + } + var _p1 unsafe.Pointer + if len(dest) > 0 { + _p1 = unsafe.Pointer(&dest[0]) + } else { + _p1 = unsafe.Pointer(&_zero) + } + _, _, e1 := Syscall6(SYS_FSETXATTR, uintptr(fd), uintptr(unsafe.Pointer(_p0)), uintptr(_p1), uintptr(len(dest)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Fsync(fd int) (err error) { _, _, e1 := Syscall(SYS_FSYNC, uintptr(fd), 0, 0) if e1 != 0 { @@ -737,6 +837,27 @@ func Getxattr(path string, attr string, dest []byte) (sz int, err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func InitModule(moduleImage []byte, params string) (err error) { + var _p0 unsafe.Pointer + if len(moduleImage) > 0 { + _p0 = unsafe.Pointer(&moduleImage[0]) + } else { + _p0 = unsafe.Pointer(&_zero) + } + var _p1 *byte + _p1, err = BytePtrFromString(params) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_INIT_MODULE, uintptr(_p0), uintptr(len(moduleImage)), uintptr(unsafe.Pointer(_p1))) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func InotifyAddWatch(fd int, pathname string, mask uint32) (watchdesc int, err error) { var _p0 *byte _p0, err = BytePtrFromString(pathname) @@ -919,6 +1040,22 @@ func Lsetxattr(path string, attr string, data []byte, flags int) (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func MemfdCreate(name string, flags int) (fd int, err error) { + var _p0 *byte + _p0, err = BytePtrFromString(name) + if err != nil { + return + } + r0, _, e1 := Syscall(SYS_MEMFD_CREATE, uintptr(unsafe.Pointer(_p0)), uintptr(flags), 0) + fd = int(r0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func Mkdirat(dirfd int, path string, mode uint32) (err error) { var _p0 *byte _p0, err = BytePtrFromString(path) @@ -1078,6 +1215,26 @@ func Renameat(olddirfd int, oldpath string, newdirfd int, newpath string) (err e // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func Renameat2(olddirfd int, oldpath string, newdirfd int, newpath string, flags uint) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(oldpath) + if err != nil { + return + } + var _p1 *byte + _p1, err = BytePtrFromString(newpath) + if err != nil { + return + } + _, _, e1 := Syscall6(SYS_RENAMEAT2, uintptr(olddirfd), uintptr(unsafe.Pointer(_p0)), uintptr(newdirfd), uintptr(unsafe.Pointer(_p1)), uintptr(flags), 0) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func RequestKey(keyType string, description string, callback string, destRingid int) (id int, err error) { var _p0 *byte _p0, err = BytePtrFromString(keyType) @@ -1489,6 +1646,21 @@ func Munlockall() (err error) { // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT +func faccessat(dirfd int, path string, mode uint32) (err error) { + var _p0 *byte + _p0, err = BytePtrFromString(path) + if err != nil { + return + } + _, _, e1 := Syscall(SYS_FACCESSAT, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode)) + if e1 != 0 { + err = errnoErr(e1) + } + return +} + +// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT + func EpollWait(epfd int, events []EpollEvent, msec int) (n int, err error) { var _p0 unsafe.Pointer if len(events) > 0 { diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go index 9ed7c71f..642db767 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go @@ -1,4 +1,4 @@ -// mksyscall.pl -l32 -netbsd -tags netbsd,386 syscall_bsd.go syscall_netbsd.go syscall_netbsd_386.go +// go run mksyscall.go -l32 -netbsd -tags netbsd,386 syscall_bsd.go syscall_netbsd.go syscall_netbsd_386.go // Code generated by the command above; see README.md. DO NOT EDIT. // +build netbsd,386 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go index 613b7fd9..59585fee 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go @@ -1,4 +1,4 @@ -// mksyscall.pl -netbsd -tags netbsd,amd64 syscall_bsd.go syscall_netbsd.go syscall_netbsd_amd64.go +// go run mksyscall.go -netbsd -tags netbsd,amd64 syscall_bsd.go syscall_netbsd.go syscall_netbsd_amd64.go // Code generated by the command above; see README.md. DO NOT EDIT. // +build netbsd,amd64 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go index 08475087..6ec31434 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go @@ -1,4 +1,4 @@ -// mksyscall.pl -l32 -netbsd -arm -tags netbsd,arm syscall_bsd.go syscall_netbsd.go syscall_netbsd_arm.go +// go run mksyscall.go -l32 -netbsd -arm -tags netbsd,arm syscall_bsd.go syscall_netbsd.go syscall_netbsd_arm.go // Code generated by the command above; see README.md. DO NOT EDIT. // +build netbsd,arm diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go index 414cd13c..6a489fac 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go @@ -1,4 +1,4 @@ -// mksyscall.pl -l32 -openbsd -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go +// go run mksyscall.go -l32 -openbsd -tags openbsd,386 syscall_bsd.go syscall_openbsd.go syscall_openbsd_386.go // Code generated by the command above; see README.md. DO NOT EDIT. // +build openbsd,386 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go index 846f5fa6..30cba434 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go @@ -1,4 +1,4 @@ -// mksyscall.pl -openbsd -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go +// go run mksyscall.go -openbsd -tags openbsd,amd64 syscall_bsd.go syscall_openbsd.go syscall_openbsd_amd64.go // Code generated by the command above; see README.md. DO NOT EDIT. // +build openbsd,amd64 diff --git a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go index 59911659..fa1beda3 100644 --- a/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go @@ -1,4 +1,4 @@ -// mksyscall.pl -l32 -openbsd -arm -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go +// go run mksyscall.go -l32 -openbsd -arm -tags openbsd,arm syscall_bsd.go syscall_openbsd.go syscall_openbsd_arm.go // Code generated by the command above; see README.md. DO NOT EDIT. // +build openbsd,arm diff --git a/vendor/golang.org/x/time/rate/rate.go b/vendor/golang.org/x/time/rate/rate.go index 7228d97e..ae93e247 100644 --- a/vendor/golang.org/x/time/rate/rate.go +++ b/vendor/golang.org/x/time/rate/rate.go @@ -6,6 +6,7 @@ package rate import ( + "context" "fmt" "math" "sync" @@ -212,19 +213,8 @@ func (lim *Limiter) ReserveN(now time.Time, n int) *Reservation { return &r } -// contextContext is a temporary(?) copy of the context.Context type -// to support both Go 1.6 using golang.org/x/net/context and Go 1.7+ -// with the built-in context package. If people ever stop using Go 1.6 -// we can remove this. -type contextContext interface { - Deadline() (deadline time.Time, ok bool) - Done() <-chan struct{} - Err() error - Value(key interface{}) interface{} -} - // Wait is shorthand for WaitN(ctx, 1). -func (lim *Limiter) wait(ctx contextContext) (err error) { +func (lim *Limiter) Wait(ctx context.Context) (err error) { return lim.WaitN(ctx, 1) } @@ -232,7 +222,7 @@ func (lim *Limiter) wait(ctx contextContext) (err error) { // It returns an error if n exceeds the Limiter's burst size, the Context is // canceled, or the expected wait time exceeds the Context's Deadline. // The burst limit is ignored if the rate limit is Inf. -func (lim *Limiter) waitN(ctx contextContext, n int) (err error) { +func (lim *Limiter) WaitN(ctx context.Context, n int) (err error) { if n > lim.burst && lim.limit != Inf { return fmt.Errorf("rate: Wait(n=%d) exceeds limiter's burst %d", n, lim.burst) } diff --git a/vendor/golang.org/x/time/rate/rate_go16.go b/vendor/golang.org/x/time/rate/rate_go16.go deleted file mode 100644 index 6bab1850..00000000 --- a/vendor/golang.org/x/time/rate/rate_go16.go +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build !go1.7 - -package rate - -import "golang.org/x/net/context" - -// Wait is shorthand for WaitN(ctx, 1). -func (lim *Limiter) Wait(ctx context.Context) (err error) { - return lim.waitN(ctx, 1) -} - -// WaitN blocks until lim permits n events to happen. -// It returns an error if n exceeds the Limiter's burst size, the Context is -// canceled, or the expected wait time exceeds the Context's Deadline. -func (lim *Limiter) WaitN(ctx context.Context, n int) (err error) { - return lim.waitN(ctx, n) -} diff --git a/vendor/golang.org/x/time/rate/rate_go17.go b/vendor/golang.org/x/time/rate/rate_go17.go deleted file mode 100644 index f90d85f5..00000000 --- a/vendor/golang.org/x/time/rate/rate_go17.go +++ /dev/null @@ -1,21 +0,0 @@ -// Copyright 2017 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build go1.7 - -package rate - -import "context" - -// Wait is shorthand for WaitN(ctx, 1). -func (lim *Limiter) Wait(ctx context.Context) (err error) { - return lim.waitN(ctx, 1) -} - -// WaitN blocks until lim permits n events to happen. -// It returns an error if n exceeds the Limiter's burst size, the Context is -// canceled, or the expected wait time exceeds the Context's Deadline. -func (lim *Limiter) WaitN(ctx context.Context, n int) (err error) { - return lim.waitN(ctx, n) -} diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index a3170320..f49ac3f9 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -30,7 +30,6 @@ import ( "time" "golang.org/x/net/context" - "golang.org/x/net/trace" "google.golang.org/grpc/balancer" _ "google.golang.org/grpc/balancer/roundrobin" // To register roundrobin. "google.golang.org/grpc/codes" @@ -875,7 +874,6 @@ type addrConn struct { cc *ClientConn dopts dialOptions - events trace.EventLog acbw balancer.SubConn scopts balancer.NewSubConnOptions @@ -932,22 +930,6 @@ func (ac *addrConn) adjustParams(r transport.GoAwayReason) { } } -// printf records an event in ac's event log, unless ac has been closed. -// REQUIRES ac.mu is held. -func (ac *addrConn) printf(format string, a ...interface{}) { - if ac.events != nil { - ac.events.Printf(format, a...) - } -} - -// errorf records an error in ac's event log, unless ac has been closed. -// REQUIRES ac.mu is held. -func (ac *addrConn) errorf(format string, a ...interface{}) { - if ac.events != nil { - ac.events.Errorf(format, a...) - } -} - // resetTransport makes sure that a healthy ac.transport exists. // // The transport will close itself when it encounters an error, or on GOAWAY, or on deadline waiting for handshake, or @@ -983,6 +965,7 @@ func (ac *addrConn) resetTransport(resolveNow bool) { ac.updateConnectivityState(connectivity.TransientFailure) ac.cc.handleSubConnStateChange(ac.acbw, ac.state) } + ac.transport = nil ac.mu.Unlock() if err := ac.nextAddr(); err != nil { @@ -994,7 +977,6 @@ func (ac *addrConn) resetTransport(resolveNow bool) { ac.mu.Unlock() return } - ac.transport = nil backoffIdx := ac.backoffIdx backoffFor := ac.dopts.bs.Backoff(backoffIdx) @@ -1023,7 +1005,6 @@ func (ac *addrConn) resetTransport(resolveNow bool) { return } - ac.printf("connecting") if ac.state != connectivity.Connecting { ac.updateConnectivityState(connectivity.Connecting) ac.cc.handleSubConnStateChange(ac.acbw, ac.state) @@ -1059,6 +1040,10 @@ func (ac *addrConn) createTransport(backoffNum int, addr resolver.Address, copts prefaceReceived := make(chan struct{}) onCloseCalled := make(chan struct{}) + var prefaceMu sync.Mutex + var serverPrefaceReceived bool + var clientPrefaceWrote bool + onGoAway := func(r transport.GoAwayReason) { ac.mu.Lock() ac.adjustParams(r) @@ -1081,9 +1066,6 @@ func (ac *addrConn) createTransport(backoffNum int, addr resolver.Address, copts case <-skipReset: // The outer resetTransport loop will handle reconnection. return case <-allowedToReset: // We're in the clear to reset. - ac.mu.Lock() - ac.transport = nil - ac.mu.Unlock() oneReset.Do(func() { ac.resetTransport(false) }) } } @@ -1100,11 +1082,18 @@ func (ac *addrConn) createTransport(backoffNum int, addr resolver.Address, copts // TODO(deklerk): optimization; does anyone else actually use this lock? maybe we can just remove it for this scope ac.mu.Lock() - ac.successfulHandshake = true - ac.backoffDeadline = time.Time{} - ac.connectDeadline = time.Time{} - ac.addrIdx = 0 - ac.backoffIdx = 0 + + prefaceMu.Lock() + serverPrefaceReceived = true + if clientPrefaceWrote { + ac.successfulHandshake = true + ac.backoffDeadline = time.Time{} + ac.connectDeadline = time.Time{} + ac.addrIdx = 0 + ac.backoffIdx = 0 + } + prefaceMu.Unlock() + ac.mu.Unlock() } @@ -1117,6 +1106,13 @@ func (ac *addrConn) createTransport(backoffNum int, addr resolver.Address, copts newTr, err := transport.NewClientTransport(connectCtx, ac.cc.ctx, target, copts, onPrefaceReceipt, onGoAway, onClose) if err == nil { + prefaceMu.Lock() + clientPrefaceWrote = true + if serverPrefaceReceived { + ac.successfulHandshake = true + } + prefaceMu.Unlock() + if ac.dopts.waitForHandshake { select { case <-prefaceTimer.C: @@ -1160,8 +1156,6 @@ func (ac *addrConn) createTransport(backoffNum int, addr resolver.Address, copts return errConnClosing } - ac.updateConnectivityState(connectivity.TransientFailure) - ac.cc.handleSubConnStateChange(ac.acbw, ac.state) ac.mu.Unlock() grpclog.Warningf("grpc: addrConn.createTransport failed to connect to %v. Err :%v. Reconnecting...", addr, err) @@ -1185,7 +1179,6 @@ func (ac *addrConn) createTransport(backoffNum int, addr resolver.Address, copts return errConnClosing } - ac.printf("ready") ac.updateConnectivityState(connectivity.Ready) ac.cc.handleSubConnStateChange(ac.acbw, ac.state) ac.transport = newTr @@ -1303,10 +1296,6 @@ func (ac *addrConn) tearDown(err error) { ac.transport.GracefulClose() ac.mu.Lock() } - if ac.events != nil { - ac.events.Finish() - ac.events = nil - } if channelz.IsOn() { channelz.AddTraceEvent(ac.channelzID, &channelz.TraceEventDesc{ Desc: "Subchannel Deleted", diff --git a/vendor/google.golang.org/grpc/health/health.go b/vendor/google.golang.org/grpc/health/health.go index 6a349b2f..10666f2d 100644 --- a/vendor/google.golang.org/grpc/health/health.go +++ b/vendor/google.golang.org/grpc/health/health.go @@ -36,12 +36,14 @@ type Server struct { mu sync.Mutex // statusMap stores the serving status of the services this Server monitors. statusMap map[string]healthpb.HealthCheckResponse_ServingStatus + updates map[string]map[healthpb.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus } // NewServer returns a new Server. func NewServer() *Server { return &Server{ - statusMap: make(map[string]healthpb.HealthCheckResponse_ServingStatus), + statusMap: map[string]healthpb.HealthCheckResponse_ServingStatus{"": healthpb.HealthCheckResponse_SERVING}, + updates: make(map[string]map[healthpb.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus), } } @@ -49,12 +51,6 @@ func NewServer() *Server { func (s *Server) Check(ctx context.Context, in *healthpb.HealthCheckRequest) (*healthpb.HealthCheckResponse, error) { s.mu.Lock() defer s.mu.Unlock() - if in.Service == "" { - // check the server overall health status. - return &healthpb.HealthCheckResponse{ - Status: healthpb.HealthCheckResponse_SERVING, - }, nil - } if servingStatus, ok := s.statusMap[in.Service]; ok { return &healthpb.HealthCheckResponse{ Status: servingStatus, @@ -65,13 +61,57 @@ func (s *Server) Check(ctx context.Context, in *healthpb.HealthCheckRequest) (*h // Watch implements `service Health`. func (s *Server) Watch(in *healthpb.HealthCheckRequest, stream healthpb.Health_WatchServer) error { - return status.Error(codes.Unimplemented, "Watching is not supported") + service := in.Service + // update channel is used for getting service status updates. + update := make(chan healthpb.HealthCheckResponse_ServingStatus, 1) + s.mu.Lock() + // Puts the initial status to the channel. + if servingStatus, ok := s.statusMap[service]; ok { + update <- servingStatus + } else { + update <- healthpb.HealthCheckResponse_SERVICE_UNKNOWN + } + + // Registers the update channel to the correct place in the updates map. + if _, ok := s.updates[service]; !ok { + s.updates[service] = make(map[healthpb.Health_WatchServer]chan healthpb.HealthCheckResponse_ServingStatus) + } + s.updates[service][stream] = update + defer func() { + s.mu.Lock() + delete(s.updates[service], stream) + s.mu.Unlock() + }() + s.mu.Unlock() + for { + select { + // Status updated. Sends the up-to-date status to the client. + case servingStatus := <-update: + err := stream.Send(&healthpb.HealthCheckResponse{Status: servingStatus}) + if err != nil { + return status.Error(codes.Canceled, "Stream has ended.") + } + // Context done. Removes the update channel from the updates map. + case <-stream.Context().Done(): + return status.Error(codes.Canceled, "Stream has ended.") + } + } } // SetServingStatus is called when need to reset the serving status of a service // or insert a new service entry into the statusMap. -func (s *Server) SetServingStatus(service string, status healthpb.HealthCheckResponse_ServingStatus) { +func (s *Server) SetServingStatus(service string, servingStatus healthpb.HealthCheckResponse_ServingStatus) { s.mu.Lock() - s.statusMap[service] = status + s.statusMap[service] = servingStatus + for _, update := range s.updates[service] { + // Clears previous updates, that are not sent to the client, from the channel. + // This can happen if the client is not reading and the server gets flow control limited. + select { + case <-update: + default: + } + // Puts the most recent update to the channel. + update <- servingStatus + } s.mu.Unlock() } diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go index 8a702869..41f8af67 100644 --- a/vendor/google.golang.org/grpc/internal/internal.go +++ b/vendor/google.golang.org/grpc/internal/internal.go @@ -20,11 +20,15 @@ // symbols to avoid circular dependencies. package internal +import "golang.org/x/net/context" + var ( // WithContextDialer is exported by clientconn.go WithContextDialer interface{} // func(context.Context, string) (net.Conn, error) grpc.DialOption // WithResolverBuilder is exported by clientconn.go WithResolverBuilder interface{} // func (resolver.Builder) grpc.DialOption + // HealthCheckFunc is used to provide client-side LB channel health checking + HealthCheckFunc func(ctx context.Context, newStream func() (interface{}, error), reportHealth func(bool), serviceName string) error ) const ( diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go index 21da6e80..77a2cfaa 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http_util.go +++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go @@ -24,6 +24,7 @@ import ( "encoding/base64" "fmt" "io" + "math" "net" "net/http" "strconv" @@ -435,6 +436,10 @@ func decodeTimeout(s string) (time.Duration, error) { if size < 2 { return 0, fmt.Errorf("transport: timeout string is too short: %q", s) } + if size > 9 { + // Spec allows for 8 digits plus the unit. + return 0, fmt.Errorf("transport: timeout string is too long: %q", s) + } unit := timeoutUnit(s[size-1]) d, ok := timeoutUnitToDuration(unit) if !ok { @@ -444,6 +449,11 @@ func decodeTimeout(s string) (time.Duration, error) { if err != nil { return 0, err } + const maxHours = math.MaxInt64 / int64(time.Hour) + if d == time.Hour && t > maxHours { + // This timeout would overflow math.MaxInt64; clamp it. + return time.Duration(math.MaxInt64), nil + } return d * time.Duration(t), nil } diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index a13beb04..d8e0287e 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.16.0-dev" +const Version = "1.16.0" diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/.editorconfig b/vendor/gopkg.in/fsnotify.v1/.editorconfig similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/.editorconfig rename to vendor/gopkg.in/fsnotify.v1/.editorconfig diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/.gitignore b/vendor/gopkg.in/fsnotify.v1/.gitignore similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/.gitignore rename to vendor/gopkg.in/fsnotify.v1/.gitignore diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/.travis.yml b/vendor/gopkg.in/fsnotify.v1/.travis.yml similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/.travis.yml rename to vendor/gopkg.in/fsnotify.v1/.travis.yml diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/AUTHORS b/vendor/gopkg.in/fsnotify.v1/AUTHORS similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/AUTHORS rename to vendor/gopkg.in/fsnotify.v1/AUTHORS diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/CHANGELOG.md b/vendor/gopkg.in/fsnotify.v1/CHANGELOG.md similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/CHANGELOG.md rename to vendor/gopkg.in/fsnotify.v1/CHANGELOG.md diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/CONTRIBUTING.md b/vendor/gopkg.in/fsnotify.v1/CONTRIBUTING.md similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/CONTRIBUTING.md rename to vendor/gopkg.in/fsnotify.v1/CONTRIBUTING.md diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/LICENSE b/vendor/gopkg.in/fsnotify.v1/LICENSE similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/LICENSE rename to vendor/gopkg.in/fsnotify.v1/LICENSE diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/README.md b/vendor/gopkg.in/fsnotify.v1/README.md similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/README.md rename to vendor/gopkg.in/fsnotify.v1/README.md diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/fen.go b/vendor/gopkg.in/fsnotify.v1/fen.go similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/fen.go rename to vendor/gopkg.in/fsnotify.v1/fen.go diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/fsnotify.go b/vendor/gopkg.in/fsnotify.v1/fsnotify.go similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/fsnotify.go rename to vendor/gopkg.in/fsnotify.v1/fsnotify.go diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/inotify.go b/vendor/gopkg.in/fsnotify.v1/inotify.go similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/inotify.go rename to vendor/gopkg.in/fsnotify.v1/inotify.go diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/inotify_poller.go b/vendor/gopkg.in/fsnotify.v1/inotify_poller.go similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/inotify_poller.go rename to vendor/gopkg.in/fsnotify.v1/inotify_poller.go diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/kqueue.go b/vendor/gopkg.in/fsnotify.v1/kqueue.go similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/kqueue.go rename to vendor/gopkg.in/fsnotify.v1/kqueue.go diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/open_mode_bsd.go b/vendor/gopkg.in/fsnotify.v1/open_mode_bsd.go similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/open_mode_bsd.go rename to vendor/gopkg.in/fsnotify.v1/open_mode_bsd.go diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/open_mode_darwin.go b/vendor/gopkg.in/fsnotify.v1/open_mode_darwin.go similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/open_mode_darwin.go rename to vendor/gopkg.in/fsnotify.v1/open_mode_darwin.go diff --git a/vendor/gopkg.in/fsnotify/fsnotify.v1/windows.go b/vendor/gopkg.in/fsnotify.v1/windows.go similarity index 100% rename from vendor/gopkg.in/fsnotify/fsnotify.v1/windows.go rename to vendor/gopkg.in/fsnotify.v1/windows.go diff --git a/vendor/gopkg.in/ini.v1/.travis.yml b/vendor/gopkg.in/ini.v1/.travis.yml index 4a237eaf..c8ea49cc 100644 --- a/vendor/gopkg.in/ini.v1/.travis.yml +++ b/vendor/gopkg.in/ini.v1/.travis.yml @@ -6,6 +6,7 @@ go: - 1.8.x - 1.9.x - 1.10.x + - 1.11.x script: - go get golang.org/x/tools/cmd/cover diff --git a/vendor/gopkg.in/ini.v1/README.md b/vendor/gopkg.in/ini.v1/README.md index 988dceab..ae4dfc3a 100644 --- a/vendor/gopkg.in/ini.v1/README.md +++ b/vendor/gopkg.in/ini.v1/README.md @@ -20,6 +20,8 @@ Package ini provides INI file read and write functionality in Go. ## Installation +The minimum requirement of Go is **1.6**. + To use a tagged revision: ```sh diff --git a/vendor/gopkg.in/ini.v1/file.go b/vendor/gopkg.in/ini.v1/file.go index 1a3186b9..61ef9636 100644 --- a/vendor/gopkg.in/ini.v1/file.go +++ b/vendor/gopkg.in/ini.v1/file.go @@ -45,6 +45,9 @@ type File struct { // newFile initializes File object with given data sources. func newFile(dataSources []dataSource, opts LoadOptions) *File { + if len(opts.KeyValueDelimiters) == 0 { + opts.KeyValueDelimiters = "=:" + } return &File{ BlockMode: true, dataSources: dataSources, @@ -227,7 +230,8 @@ func (f *File) Append(source interface{}, others ...interface{}) error { } func (f *File) writeToBuffer(indent string) (*bytes.Buffer, error) { - equalSign := "=" + equalSign := DefaultFormatLeft + "=" + DefaultFormatRight + if PrettyFormat || PrettyEqual { equalSign = " = " } @@ -285,7 +289,7 @@ func (f *File) writeToBuffer(indent string) (*bytes.Buffer, error) { for _, kname := range sec.keyList { keyLength := len(kname) // First case will surround key by ` and second by """ - if strings.ContainsAny(kname, "\"=:") { + if strings.Contains(kname, "\"") || strings.ContainsAny(kname, f.options.KeyValueDelimiters) { keyLength += 2 } else if strings.Contains(kname, "`") { keyLength += 6 @@ -328,7 +332,7 @@ func (f *File) writeToBuffer(indent string) (*bytes.Buffer, error) { switch { case key.isAutoIncrement: kname = "-" - case strings.ContainsAny(kname, "\"=:"): + case strings.Contains(kname, "\"") || strings.ContainsAny(kname, f.options.KeyValueDelimiters): kname = "`" + kname + "`" case strings.Contains(kname, "`"): kname = `"""` + kname + `"""` diff --git a/vendor/gopkg.in/ini.v1/ini.go b/vendor/gopkg.in/ini.v1/ini.go index cb55997a..b6505a94 100644 --- a/vendor/gopkg.in/ini.v1/ini.go +++ b/vendor/gopkg.in/ini.v1/ini.go @@ -34,7 +34,7 @@ const ( // Maximum allowed depth when recursively substituing variable names. _DEPTH_VALUES = 99 - _VERSION = "1.38.2" + _VERSION = "1.39.0" ) // Version returns current package version literal. @@ -48,6 +48,10 @@ var ( // at package init time. LineBreak = "\n" + // Place custom spaces when PrettyFormat and PrettyEqual are both disabled + DefaultFormatLeft = "" + DefaultFormatRight = "" + // Variable regexp pattern: %(variable)s varPattern = regexp.MustCompile(`%\(([^\)]+)\)s`) @@ -164,6 +168,8 @@ type LoadOptions struct { // UnparseableSections stores a list of blocks that are allowed with raw content which do not otherwise // conform to key/value pairs. Specify the names of those blocks here. UnparseableSections []string + // KeyValueDelimiters is the sequence of delimiters that are used to separate key and value. By default, it is "=:". + KeyValueDelimiters string } func LoadSources(opts LoadOptions, source interface{}, others ...interface{}) (_ *File, err error) { diff --git a/vendor/gopkg.in/ini.v1/parser.go b/vendor/gopkg.in/ini.v1/parser.go index 3daf54c3..36cb3dad 100644 --- a/vendor/gopkg.in/ini.v1/parser.go +++ b/vendor/gopkg.in/ini.v1/parser.go @@ -100,7 +100,7 @@ func cleanComment(in []byte) ([]byte, bool) { return in[i:], true } -func readKeyName(in []byte) (string, int, error) { +func readKeyName(delimiters string, in []byte) (string, int, error) { line := string(in) // Check if key name surrounded by quotes. @@ -127,7 +127,7 @@ func readKeyName(in []byte) (string, int, error) { pos += startIdx // Find key-value delimiter - i := strings.IndexAny(line[pos+startIdx:], "=:") + i := strings.IndexAny(line[pos+startIdx:], delimiters) if i < 0 { return "", -1, ErrDelimiterNotFound{line} } @@ -135,7 +135,7 @@ func readKeyName(in []byte) (string, int, error) { return strings.TrimSpace(line[startIdx:pos]), endIdx + startIdx + 1, nil } - endIdx = strings.IndexAny(line, "=:") + endIdx = strings.IndexAny(line, delimiters) if endIdx < 0 { return "", -1, ErrDelimiterNotFound{line} } @@ -428,7 +428,7 @@ func (f *File) parse(reader io.Reader) (err error) { continue } - kname, offset, err := readKeyName(line) + kname, offset, err := readKeyName(f.options.KeyValueDelimiters, line) if err != nil { // Treat as boolean key when desired, and whole line is key name. if IsErrDelimiterNotFound(err) { diff --git a/vendor/gopkg.in/tomb.v1/tomb.go b/vendor/gopkg.in/tomb.v1/tomb.go index 5bcd5f84..9aec56d8 100644 --- a/vendor/gopkg.in/tomb.v1/tomb.go +++ b/vendor/gopkg.in/tomb.v1/tomb.go @@ -46,7 +46,7 @@ // When the tomb state changes to dying and there's still logic going // on within the goroutine, nested functions and methods may choose to // return ErrDying as their error value, as this error won't alter the -// tomb state if provied to the Kill method. This is a convenient way to +// tomb state if provided to the Kill method. This is a convenient way to // follow standard Go practices in the context of a dying tomb. // // For background and a detailed example, see the following blog post: diff --git a/vendor/gopkg.in/yaml.v2/encode.go b/vendor/gopkg.in/yaml.v2/encode.go index a14435e8..0ee738e1 100644 --- a/vendor/gopkg.in/yaml.v2/encode.go +++ b/vendor/gopkg.in/yaml.v2/encode.go @@ -13,6 +13,19 @@ import ( "unicode/utf8" ) +// jsonNumber is the interface of the encoding/json.Number datatype. +// Repeating the interface here avoids a dependency on encoding/json, and also +// supports other libraries like jsoniter, which use a similar datatype with +// the same interface. Detecting this interface is useful when dealing with +// structures containing json.Number, which is a string under the hood. The +// encoder should prefer the use of Int64(), Float64() and string(), in that +// order, when encoding this type. +type jsonNumber interface { + Float64() (float64, error) + Int64() (int64, error) + String() string +} + type encoder struct { emitter yaml_emitter_t event yaml_event_t @@ -89,6 +102,21 @@ func (e *encoder) marshal(tag string, in reflect.Value) { } iface := in.Interface() switch m := iface.(type) { + case jsonNumber: + integer, err := m.Int64() + if err == nil { + // In this case the json.Number is a valid int64 + in = reflect.ValueOf(integer) + break + } + float, err := m.Float64() + if err == nil { + // In this case the json.Number is a valid float64 + in = reflect.ValueOf(float) + break + } + // fallback case - no number could be obtained + in = reflect.ValueOf(m.String()) case time.Time, *time.Time: // Although time.Time implements TextMarshaler, // we don't want to treat it as a string for YAML From 86f0d36aa973f6180a745016ad0d9812ee9b58cb Mon Sep 17 00:00:00 2001 From: Denis Subbotin Date: Fri, 30 Nov 2018 19:22:19 +0000 Subject: [PATCH 3/6] forgotten file --- .../hashicorp/vault/physical/encoding.go | 104 ++++++++++++++++++ 1 file changed, 104 insertions(+) create mode 100644 vendor/github.com/hashicorp/vault/physical/encoding.go diff --git a/vendor/github.com/hashicorp/vault/physical/encoding.go b/vendor/github.com/hashicorp/vault/physical/encoding.go new file mode 100644 index 00000000..d2f93478 --- /dev/null +++ b/vendor/github.com/hashicorp/vault/physical/encoding.go @@ -0,0 +1,104 @@ +package physical + +import ( + "context" + "errors" + "strings" + "unicode" + "unicode/utf8" +) + +var ErrNonUTF8 = errors.New("key contains invalid UTF-8 characters") +var ErrNonPrintable = errors.New("key contains non-printable characters") + +// StorageEncoding is used to add errors into underlying physical requests +type StorageEncoding struct { + Backend +} + +// TransactionalStorageEncoding is the transactional version of the error +// injector +type TransactionalStorageEncoding struct { + *StorageEncoding + Transactional +} + +// Verify StorageEncoding satisfies the correct interfaces +var _ Backend = (*StorageEncoding)(nil) +var _ Transactional = (*TransactionalStorageEncoding)(nil) + +// NewStorageEncoding returns a wrapped physical backend and verifies the key +// encoding +func NewStorageEncoding(b Backend) Backend { + enc := &StorageEncoding{ + Backend: b, + } + + if bTxn, ok := b.(Transactional); ok { + return &TransactionalStorageEncoding{ + StorageEncoding: enc, + Transactional: bTxn, + } + } + + return enc +} + +func (e *StorageEncoding) containsNonPrintableChars(key string) bool { + idx := strings.IndexFunc(key, func(c rune) bool { + return !unicode.IsPrint(c) + }) + + return idx != -1 +} + +func (e *StorageEncoding) Put(ctx context.Context, entry *Entry) error { + if !utf8.ValidString(entry.Key) { + return ErrNonUTF8 + } + + if e.containsNonPrintableChars(entry.Key) { + return ErrNonPrintable + } + + return e.Backend.Put(ctx, entry) +} + +func (e *StorageEncoding) Delete(ctx context.Context, key string) error { + if !utf8.ValidString(key) { + return ErrNonUTF8 + } + + if e.containsNonPrintableChars(key) { + return ErrNonPrintable + } + + return e.Backend.Delete(ctx, key) +} + +func (e *TransactionalStorageEncoding) Transaction(ctx context.Context, txns []*TxnEntry) error { + for _, txn := range txns { + if !utf8.ValidString(txn.Entry.Key) { + return ErrNonUTF8 + } + + if e.containsNonPrintableChars(txn.Entry.Key) { + return ErrNonPrintable + } + + } + + return e.Transactional.Transaction(ctx, txns) +} + +func (e *StorageEncoding) Purge(ctx context.Context) { + if purgeable, ok := e.Backend.(ToggleablePurgemonster); ok { + purgeable.Purge(ctx) + } +} + +func (e *StorageEncoding) SetEnabled(enabled bool) { + if purgeable, ok := e.Backend.(ToggleablePurgemonster); ok { + purgeable.SetEnabled(enabled) + } +} From aa970ed08da2d4b8ee2dbde8e09c99025e7dc941 Mon Sep 17 00:00:00 2001 From: Denis Subbotin Date: Fri, 30 Nov 2018 19:53:04 +0000 Subject: [PATCH 4/6] validation roles fields --- plugin/pki/path_roles.go | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/plugin/pki/path_roles.go b/plugin/pki/path_roles.go index 963eb60c..2045b20a 100644 --- a/plugin/pki/path_roles.go +++ b/plugin/pki/path_roles.go @@ -28,66 +28,68 @@ func pathRoles(b *backend) *framework.Path { return &framework.Path{ Pattern: "roles/" + framework.GenericNameRegex("name"), Fields: map[string]*framework.FieldSchema{ - "name": &framework.FieldSchema{ + "name": { Type: framework.TypeString, Description: "Name of the role", }, - "tpp_url": &framework.FieldSchema{ + "tpp_url": { Type: framework.TypeString, Description: `URL of Venafi Platfrom. Example: https://tpp.venafi.example/vedsdk`, }, - "cloud_url": &framework.FieldSchema{ + "cloud_url": { Type: framework.TypeString, Description: `URL for Venafi Cloud. Set it only if you want to use non production Cloud`, }, - "zone": &framework.FieldSchema{ + "zone": { Type: framework.TypeString, Description: `Name of Venafi Platfrom or Cloud policy. Example for Platform: testpolicy\\vault Example for Venafi Cloud: Default`, + Required: true, }, - "tpp_user": &framework.FieldSchema{ + "tpp_user": { Type: framework.TypeString, Description: `web API user for Venafi Platfrom Example: admin`, }, - "tpp_password": &framework.FieldSchema{ + "tpp_password": { Type: framework.TypeString, Description: `Password for web API user Example: password`, }, - "trust_bundle_file": &framework.FieldSchema{ + "trust_bundle_file": { Type: framework.TypeString, Description: `Use to specify a PEM formatted file with certificates to be used as trust anchors when communicating with the remote server. Example: trust_bundle_file = "/full/path/to/chain.pem""`, }, - "apikey": &framework.FieldSchema{ + "apikey": { Type: framework.TypeString, Description: `API key for Venafi Cloud. Example: 142231b7-cvb0-412e-886b-6aeght0bc93d`, }, - "fakemode": &framework.FieldSchema{ + "fakemode": { Type: framework.TypeBool, Description: `Set it to true to use face CA instead of Cloud or Platform to issue certificates. Useful for testing.`, + Default: false, }, - "store_by_cn": &framework.FieldSchema{ + "store_by_cn": { Type: framework.TypeBool, Description: `Set it to true to store certificates by CN in certs/ path`, }, - "store_by_serial": &framework.FieldSchema{ + "store_by_serial": { Type: framework.TypeBool, Description: `Set it to true to store certificates by unique serial number in certs/ path`, }, - "store_pkey": &framework.FieldSchema{ + "store_pkey": { Type: framework.TypeBool, Description: `Set it to true to store certificates privates key in certificate fields`, }, - "ttl": &framework.FieldSchema{ + "ttl": { Type: framework.TypeDurationSecond, Description: `The lease duration if no specific lease duration is requested. The lease duration controls the expiration @@ -95,12 +97,12 @@ of certificates issued by this backend. Defaults to the value of max_ttl.`, }, - "max_ttl": &framework.FieldSchema{ + "max_ttl": { Type: framework.TypeDurationSecond, Description: "The maximum allowed lease duration", }, - "generate_lease": &framework.FieldSchema{ + "generate_lease": { Type: framework.TypeBool, Description: ` If set, certificates issued/signed against this role will have Vault leases @@ -238,7 +240,9 @@ func (b *backend) pathRoleCreate(ctx context.Context, req *logical.Request, data TTL: time.Duration(data.Get("ttl").(int)) * time.Second, GenerateLease: data.Get("generate_lease").(bool), } - + if !entry.Fakemode && entry.Apikey == "" && (entry.TPPURL == "" || entry.TPPUser == "" || entry.TPPPassword == "") { + return logical.ErrorResponse("Invalid mode. fakemode or apikey or tpp credentials required"), nil + } if entry.MaxTTL > 0 && entry.TTL > entry.MaxTTL { return logical.ErrorResponse( `"ttl" value must be less than "max_ttl" value`, From 797b7cc410f9cf51d3a4f6797b922bda4de18db0 Mon Sep 17 00:00:00 2001 From: Denis Subbotin Date: Tue, 4 Dec 2018 13:24:11 +0000 Subject: [PATCH 5/6] add forgotten file --- .../vault/helper/consts/plugin_types.go | 59 +++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 vendor/github.com/hashicorp/vault/helper/consts/plugin_types.go diff --git a/vendor/github.com/hashicorp/vault/helper/consts/plugin_types.go b/vendor/github.com/hashicorp/vault/helper/consts/plugin_types.go new file mode 100644 index 00000000..e0a00e48 --- /dev/null +++ b/vendor/github.com/hashicorp/vault/helper/consts/plugin_types.go @@ -0,0 +1,59 @@ +package consts + +import "fmt" + +var PluginTypes = []PluginType{ + PluginTypeUnknown, + PluginTypeCredential, + PluginTypeDatabase, + PluginTypeSecrets, +} + +type PluginType uint32 + +// This is a list of PluginTypes used by Vault. +// If we need to add any in the future, it would +// be best to add them to the _end_ of the list below +// because they resolve to incrementing numbers, +// which may be saved in state somewhere. Thus if +// the name for one of those numbers changed because +// a value were added to the middle, that could cause +// the wrong plugin types to be read from storage +// for a given underlying number. Example of the problem +// here: https://play.golang.org/p/YAaPw5ww3er +const ( + PluginTypeUnknown PluginType = iota + PluginTypeCredential + PluginTypeDatabase + PluginTypeSecrets +) + +func (p PluginType) String() string { + switch p { + case PluginTypeUnknown: + return "unknown" + case PluginTypeCredential: + return "auth" + case PluginTypeDatabase: + return "database" + case PluginTypeSecrets: + return "secret" + default: + return "unsupported" + } +} + +func ParsePluginType(pluginType string) (PluginType, error) { + switch pluginType { + case "unknown": + return PluginTypeUnknown, nil + case "auth": + return PluginTypeCredential, nil + case "database": + return PluginTypeDatabase, nil + case "secret": + return PluginTypeSecrets, nil + default: + return PluginTypeUnknown, fmt.Errorf("%q is not a supported plugin type", pluginType) + } +} From 6989bdc19895bad4f139974dccffb5e5ada11f09 Mon Sep 17 00:00:00 2001 From: Denis Subbotin Date: Mon, 17 Dec 2018 12:31:24 +0000 Subject: [PATCH 6/6] remove private key from log --- plugin/pki/path_venafi_cert_enroll.go | 1 - 1 file changed, 1 deletion(-) diff --git a/plugin/pki/path_venafi_cert_enroll.go b/plugin/pki/path_venafi_cert_enroll.go index 70962b3f..6c1e8dc8 100644 --- a/plugin/pki/path_venafi_cert_enroll.go +++ b/plugin/pki/path_venafi_cert_enroll.go @@ -109,7 +109,6 @@ func (b *backend) pathVenafiCertObtain(ctx context.Context, req *logical.Request cs := append([]string{cert.Certificate}, cert.Chain...) chain := strings.Join(cs, "\n") log.Println("certificate: ", chain) - log.Printf("private_key: %+v\n", certReq.PrivateKey) //Parsing certificate and getting it's serial number pemBlock, _ := pem.Decode([]byte(certificate))