diff --git a/go.mod b/go.mod index 5f0477d3a9..4a1ab77306 100644 --- a/go.mod +++ b/go.mod @@ -36,7 +36,7 @@ require ( github.com/hashicorp/go-version v1.6.0 github.com/hashicorp/golang-lru v0.5.4 github.com/hashicorp/hcl v1.0.0 - github.com/hashicorp/vault/sdk v0.6.1 + github.com/hashicorp/vault/sdk v0.6.2 github.com/hashicorp/yamux v0.1.1 github.com/hinshun/vt10x v0.0.0-20220228203356-1ab2cad5fd82 github.com/jonboulle/clockwork v0.3.0 diff --git a/go.sum b/go.sum index ab7ee05bcc..0b62141df7 100644 --- a/go.sum +++ b/go.sum @@ -2158,8 +2158,9 @@ github.com/hashicorp/vault/sdk v0.4.1/go.mod h1:aZ3fNuL5VNydQk8GcLJ2TV8YCRVvyaak github.com/hashicorp/vault/sdk v0.5.1/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU= github.com/hashicorp/vault/sdk v0.5.3/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU= github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc= -github.com/hashicorp/vault/sdk v0.6.1 h1:sjZC1z4j5Rh2GXYbkxn5BLK05S1p7+MhW4AgdUmgRUA= github.com/hashicorp/vault/sdk v0.6.1/go.mod h1:Ck4JuAC6usTphfrrRJCRH+7/N7O2ozZzkm/fzQFt4uM= +github.com/hashicorp/vault/sdk v0.6.2 h1:LtWXUM+WheM5T8pOO/6nOTiFwnE+4y3bPztFf15Oz24= +github.com/hashicorp/vault/sdk v0.6.2/go.mod h1:KyfArJkhooyba7gYCKSq8v66QdqJmnbAxtV/OX1+JTs= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.1.0/go.mod h1:CtWFDAQgb7dxtzFs4tWbplKIe2jSi3+5vKbgIO0SLnQ= github.com/hashicorp/yamux v0.1.1 h1:yrQxtgseBDrq9Y652vSRDvsKCJKOUD+GzTS4Y0Y8pvE= diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go b/vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go index 58ebc06f2d..eace1aafd1 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/certutil/helpers.go @@ -100,13 +100,13 @@ func GetHexFormatted(buf []byte, sep string) string { func ParseHexFormatted(in, sep string) []byte { var ret bytes.Buffer var err error - var inBits int64 + var inBits uint64 inBytes := strings.Split(in, sep) for _, inByte := range inBytes { - if inBits, err = strconv.ParseInt(inByte, 16, 8); err != nil { + if inBits, err = strconv.ParseUint(inByte, 16, 8); err != nil { return nil } - ret.WriteByte(byte(inBits)) + ret.WriteByte(uint8(inBits)) } return ret.Bytes() } diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go b/vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go index 55be844e14..92207e3d81 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/consts/agent.go @@ -4,7 +4,7 @@ package consts // endpoint. const AgentPathCacheClear = "/agent/v1/cache-clear" -// AgentPathMetrics is the path the the agent will use to expose its internal +// AgentPathMetrics is the path the agent will use to expose its internal // metrics. const AgentPathMetrics = "/agent/v1/metrics" diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go b/vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go index c431e2e594..a4b7c50404 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/consts/consts.go @@ -34,4 +34,6 @@ const ( ReplicationResolverALPN = "replication_resolver_v1" VaultEnableFilePermissionsCheckEnv = "VAULT_ENABLE_FILE_PERMISSIONS_CHECK" + + VaultDisableUserLockout = "VAULT_DISABLE_USER_LOCKOUT" ) diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go b/vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go index 5591924a77..656d6cc992 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/consts/deprecation_status.go @@ -1,6 +1,9 @@ package consts -const VaultAllowPendingRemovalMountsEnv = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS" +// EnvVaultAllowPendingRemovalMounts allows Pending Removal builtins to be +// mounted as if they are Deprecated to facilitate migration to supported +// builtin plugins. +const EnvVaultAllowPendingRemovalMounts = "VAULT_ALLOW_PENDING_REMOVAL_MOUNTS" // DeprecationStatus represents the current deprecation state for builtins type DeprecationStatus uint32 diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go b/vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go index 211a545e33..25de5a7813 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/logging/logging.go @@ -60,16 +60,13 @@ func ParseLogFormat(format string) (LogFormat, error) { case "json": return JSONFormat, nil default: - return UnspecifiedFormat, fmt.Errorf("Unknown log format: %s", format) + return UnspecifiedFormat, fmt.Errorf("unknown log format: %s", format) } } // ParseEnvLogFormat parses the log format from an environment variable. func ParseEnvLogFormat() LogFormat { logFormat := os.Getenv("VAULT_LOG_FORMAT") - if logFormat == "" { - logFormat = os.Getenv("LOGXI_FORMAT") - } switch strings.ToLower(logFormat) { case "json", "vault_json", "vault-json", "vaultjson": return JSONFormat diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go index 96963af3e6..cfd463d6af 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/multiplexing.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.7 +// protoc v3.21.9 // source: sdk/helper/pluginutil/multiplexing.proto package pluginutil diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go index 3eb8fb2b28..f344ca9799 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/run_config.go @@ -10,7 +10,6 @@ import ( log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-plugin" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/version" ) type PluginClientConfig struct { @@ -46,7 +45,11 @@ func (rc runConfig) makeConfig(ctx context.Context) (*plugin.ClientConfig, error if rc.MLock || (rc.Wrapper != nil && rc.Wrapper.MlockEnabled()) { cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginMlockEnabled, "true")) } - cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version.GetVersion().Version)) + version, err := rc.Wrapper.VaultVersion(ctx) + if err != nil { + return nil, err + } + cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", PluginVaultVersionEnv, version)) if rc.IsMetadataMode { rc.Logger = rc.Logger.With("metadata", "true") diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go index 631c4f3a2f..886efe21f1 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/pluginutil/runner.go @@ -27,6 +27,7 @@ type RunnerUtil interface { NewPluginClient(ctx context.Context, config PluginClientConfig) (PluginClient, error) ResponseWrapData(ctx context.Context, data map[string]interface{}, ttl time.Duration, jwt bool) (*wrapping.ResponseWrapInfo, error) MlockEnabled() bool + VaultVersion(ctx context.Context) (string, error) } // LookRunnerUtil defines the functions for both Looker and Wrapper diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go b/vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go index 18af6e6828..42c722afe1 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/identity.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.7 +// protoc v3.21.9 // source: sdk/logical/identity.proto package logical diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go b/vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go index e892c9cce9..6f642ad570 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/managed_key.go @@ -34,9 +34,11 @@ type ManagedKey interface { } type ( - ManagedKeyConsumer func(context.Context, ManagedKey) error - ManagedSigningKeyConsumer func(context.Context, ManagedSigningKey) error - ManagedEncryptingKeyConsumer func(context.Context, ManagedEncryptingKey) error + ManagedKeyConsumer func(context.Context, ManagedKey) error + ManagedSigningKeyConsumer func(context.Context, ManagedSigningKey) error + ManagedEncryptingKeyConsumer func(context.Context, ManagedEncryptingKey) error + ManagedMACKeyConsumer func(context.Context, ManagedMACKey) error + ManagedKeyRandomSourceConsumer func(context.Context, ManagedKeyRandomSource) error ) type ManagedKeySystemView interface { @@ -59,6 +61,12 @@ type ManagedKeySystemView interface { // WithManagedSigningKeyByUUID retrieves an instantiated managed signing key for consumption by the given function, // with the same semantics as WithManagedKeyByUUID WithManagedEncryptingKeyByUUID(ctx context.Context, keyUuid, backendUUID string, f ManagedEncryptingKeyConsumer) error + // WithManagedMACKeyByName retrieves an instantiated managed MAC key by name for consumption by the given function, + // with the same semantics as WithManagedKeyByName. + WithManagedMACKeyByName(ctx context.Context, keyName, backendUUID string, f ManagedMACKeyConsumer) error + // WithManagedMACKeyByUUID retrieves an instantiated managed MAC key by UUID for consumption by the given function, + // with the same semantics as WithManagedKeyByUUID. + WithManagedMACKeyByUUID(ctx context.Context, keyUUID, backendUUID string, f ManagedMACKeyConsumer) error } type ManagedAsymmetricKey interface { @@ -95,3 +103,17 @@ type ManagedEncryptingKey interface { ManagedKey GetAEAD(iv []byte) (cipher.AEAD, error) } + +type ManagedMACKey interface { + ManagedKey + + // MAC generates a MAC tag using the provided algorithm for the provided value. + MAC(ctx context.Context, algorithm string, data []byte) ([]byte, error) +} + +type ManagedKeyRandomSource interface { + ManagedKey + + // GetRandomBytes returns a number (specified by the count parameter) of random bytes sourced from the target managed key. + GetRandomBytes(ctx context.Context, count int) ([]byte, error) +} diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go b/vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go index 9be723e14b..f3a9ec52c3 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/plugin.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.7 +// protoc v3.21.9 // source: sdk/logical/plugin.proto package logical diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/system_view.go b/vendor/github.com/hashicorp/vault/sdk/logical/system_view.go index 4e5627b1c8..fc7f30a7ff 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/system_view.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/system_view.go @@ -83,6 +83,9 @@ type SystemView interface { // PluginEnv returns Vault environment information used by plugins PluginEnv(context.Context) (*PluginEnvironment, error) + // VaultVersion returns the version string for the currently running Vault. + VaultVersion(context.Context) (string, error) + // GeneratePasswordFromPolicy generates a password from the policy referenced. // If the policy does not exist, this will return an error. GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error) @@ -113,9 +116,9 @@ type StaticSystemView struct { EntityVal *Entity GroupsVal []*Group Features license.Features - VaultVersion string PluginEnvironment *PluginEnvironment PasswordPolicies map[string]PasswordGenerator + VersionString string } type noopAuditor struct{} @@ -204,6 +207,10 @@ func (d StaticSystemView) PluginEnv(_ context.Context) (*PluginEnvironment, erro return d.PluginEnvironment, nil } +func (d StaticSystemView) VaultVersion(_ context.Context) (string, error) { + return d.VersionString, nil +} + func (d StaticSystemView) GeneratePasswordFromPolicy(ctx context.Context, policyName string) (password string, err error) { select { case <-ctx.Done(): diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/testing.go b/vendor/github.com/hashicorp/vault/sdk/logical/testing.go index 765f09826d..8cb41e2e7c 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/testing.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/testing.go @@ -73,6 +73,7 @@ func TestSystemView() *StaticSystemView { return &StaticSystemView{ DefaultLeaseTTLVal: defaultLeaseTTLVal, MaxLeaseTTLVal: maxLeaseTTLVal, + VersionString: "testVersionString", } } diff --git a/vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go b/vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go index 415970f193..fb3ce8121b 100644 --- a/vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go +++ b/vendor/github.com/hashicorp/vault/sdk/logical/version.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.28.1 -// protoc v3.21.7 +// protoc v3.21.9 // source: sdk/logical/version.proto package logical diff --git a/vendor/modules.txt b/vendor/modules.txt index d7d120b1d5..a882a2092d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -877,7 +877,7 @@ github.com/hashicorp/hcl/json/token # github.com/hashicorp/vault/api v1.8.2 ## explicit; go 1.19 github.com/hashicorp/vault/api -# github.com/hashicorp/vault/sdk v0.6.1 +# github.com/hashicorp/vault/sdk v0.6.2 ## explicit; go 1.19 github.com/hashicorp/vault/sdk/helper/certutil github.com/hashicorp/vault/sdk/helper/compressutil