Bump API/SDK and adapt to move from SDK stuff

2025-11-02 03:27:54 +00:00 · 2020-02-15 14:58:05 -05:00
parent 26a747400a
commit 5350e670d2
18 changed files with 59 additions and 461 deletions
--- a/command/agent.go
+++ b/command/agent.go
@@ -35,8 +35,8 @@ import (
 	"github.com/hashicorp/vault/command/agent/sink/file"
 	"github.com/hashicorp/vault/command/agent/sink/inmem"
 	"github.com/hashicorp/vault/command/agent/template"
 	"github.com/hashicorp/vault/internalshared/gatedwriter"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/helper/gatedwriter"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/sdk/version"
--- a/command/agent/cache/listener.go
+++ b/command/agent/cache/listener.go
@@ -9,7 +9,7 @@ import (
 	"github.com/hashicorp/vault/command/agent/config"
 	"github.com/hashicorp/vault/command/server"
-	"github.com/hashicorp/vault/sdk/helper/listenerutil"
+	"github.com/hashicorp/vault/internalshared/listenerutil"
 )
 func StartListener(lnConfig *config.Listener) (net.Listener, *tls.Config, error) {
--- a/command/debug.go
+++ b/command/debug.go
@@ -14,7 +14,7 @@ import (
 	"github.com/hashicorp/go-hclog"
 	"github.com/hashicorp/vault/api"
-	"github.com/hashicorp/vault/sdk/helper/gatedwriter"
+	"github.com/hashicorp/vault/internalshared/gatedwriter"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/helper/strutil"
 	"github.com/hashicorp/vault/sdk/version"
--- a/command/server.go
+++ b/command/server.go
@@ -40,12 +40,12 @@ import (
 	"github.com/hashicorp/vault/helper/metricsutil"
 	"github.com/hashicorp/vault/helper/namespace"
 	vaulthttp "github.com/hashicorp/vault/http"
-	"github.com/hashicorp/vault/sdk/helper/gatedwriter"
+	"github.com/hashicorp/vault/internalshared/gatedwriter"
 	"github.com/hashicorp/vault/internalshared/reloadutil"
 	"github.com/hashicorp/vault/sdk/helper/jsonutil"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/helper/mlock"
 	"github.com/hashicorp/vault/sdk/helper/parseutil"
 	"github.com/hashicorp/vault/sdk/helper/reload"
 	"github.com/hashicorp/vault/sdk/helper/useragent"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/sdk/physical"
@@ -97,36 +97,36 @@ type ServerCommand struct {
 	cleanupGuard sync.Once
 	reloadFuncsLock *sync.RWMutex
-	reloadFuncs     *map[string][]reload.ReloadFunc
+	reloadFuncs     *map[string][]reloadutil.ReloadFunc
 	startedCh       chan (struct{}) // for tests
 	reloadedCh      chan (struct{}) // for tests
 	// new stuff
-	flagConfigs          []string
+	flagConfigs            []string
-	flagLogLevel         string
+	flagLogLevel           string
-	flagLogFormat        string
+	flagLogFormat          string
-	flagRecovery         bool
+	flagRecovery           bool
-	flagDev              bool
+	flagDev                bool
-	flagDevRootTokenID   string
+	flagDevRootTokenID     string
-	flagDevListenAddr    string
+	flagDevListenAddr      string
-	flagDevNoStoreToken  bool
+	flagDevNoStoreToken    bool
-	flagDevPluginDir     string
+	flagDevPluginDir       string
-	flagDevPluginInit    bool
+	flagDevPluginInit      bool
-	flagDevHA            bool
+	flagDevHA              bool
-	flagDevLatency       int
+	flagDevLatency         int
-	flagDevLatencyJitter int
+	flagDevLatencyJitter   int
-	flagDevLeasedKV      bool
+	flagDevLeasedKV        bool
-	flagDevKVV1          bool
+	flagDevKVV1            bool
-	flagDevSkipInit      bool
+	flagDevSkipInit        bool
-	flagDevThreeNode     bool
+	flagDevThreeNode       bool
-	flagDevFourCluster   bool
+	flagDevFourCluster     bool
-	flagDevTransactional bool
+	flagDevTransactional   bool
-	flagDevAutoSeal      bool
+	flagDevAutoSeal        bool
-	flagTestVerifyOnly   bool
+	flagTestVerifyOnly     bool
-	flagCombineLogs      bool
+	flagCombineLogs        bool
-	flagTestServerConfig bool
+	flagTestServerConfig   bool
-	flagDevConsul        bool
+	flagDevConsul          bool
-  flagExitOnCoreShutdown bool
+	flagExitOnCoreShutdown bool
 }
 type ServerListener struct {
@@ -2483,7 +2483,7 @@ func (c *ServerCommand) setupTelemetry(config *server.Config) (*metricsutil.Metr
 	return metricHelper, nil
 }
-func (c *ServerCommand) Reload(lock *sync.RWMutex, reloadFuncs *map[string][]reload.ReloadFunc, configPath []string) error {
+func (c *ServerCommand) Reload(lock *sync.RWMutex, reloadFuncs *map[string][]reloadutil.ReloadFunc, configPath []string) error {
 	lock.RLock()
 	defer lock.RUnlock()
--- a/command/server/listener.go
+++ b/command/server/listener.go
@@ -10,12 +10,12 @@ import (
 	"net"
 	"github.com/hashicorp/vault/helper/proxyutil"
-	"github.com/hashicorp/vault/sdk/helper/reload"
+	"github.com/hashicorp/vault/internalshared/reloadutil"
 	"github.com/mitchellh/cli"
 )
 // ListenerFactory is the factory function to create a listener.
-type ListenerFactory func(map[string]interface{}, io.Writer, cli.Ui) (net.Listener, map[string]string, reload.ReloadFunc, error)
+type ListenerFactory func(map[string]interface{}, io.Writer, cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error)
 // BuiltinListeners is the list of built-in listener types.
 var BuiltinListeners = map[string]ListenerFactory{
@@ -24,7 +24,7 @@ var BuiltinListeners = map[string]ListenerFactory{
 // NewListener creates a new listener of the given type with the given
 // configuration. The type is looked up in the BuiltinListeners map.
-func NewListener(t string, config map[string]interface{}, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reload.ReloadFunc, error) {
+func NewListener(t string, config map[string]interface{}, logger io.Writer, ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error) {
 	f, ok := BuiltinListeners[t]
 	if !ok {
 		return nil, nil, nil, fmt.Errorf("unknown listener type: %q", t)
--- a/command/server/listener_tcp.go
+++ b/command/server/listener_tcp.go
@@ -9,13 +9,13 @@ import (
 	"time"
 	"github.com/hashicorp/errwrap"
-	"github.com/hashicorp/vault/sdk/helper/listenerutil"
+	"github.com/hashicorp/vault/internalshared/listenerutil"
 	"github.com/hashicorp/vault/internalshared/reloadutil"
 	"github.com/hashicorp/vault/sdk/helper/parseutil"
 	"github.com/hashicorp/vault/sdk/helper/reload"
 	"github.com/mitchellh/cli"
 )
-func tcpListenerFactory(config map[string]interface{}, _ io.Writer, ui cli.Ui) (net.Listener, map[string]string, reload.ReloadFunc, error) {
+func tcpListenerFactory(config map[string]interface{}, _ io.Writer, ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, error) {
 	bindProto := "tcp"
 	var addr string
 	addrRaw, ok := config["address"]
--- a/go.mod
+++ b/go.mod
@@ -88,12 +88,13 @@ require (
 	github.com/hashicorp/vault-plugin-secrets-kv v0.5.2-0.20191017213228-e8cf7060a4d0
 	github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.0.0-20200124190647-0026e6bed4fb
 	github.com/hashicorp/vault-plugin-secrets-openldap v0.0.0-20200215165936-237ad8919d2c
-	github.com/hashicorp/vault/api v1.0.5-0.20200214222743-c39f5634b39f
+	github.com/hashicorp/vault/api v1.0.5-0.20200215195706-26a747400a65
-	github.com/hashicorp/vault/sdk v0.1.14-0.20200214222719-7a3b716487a5
+	github.com/hashicorp/vault/sdk v0.1.14-0.20200215195600-2ca765f0a500
 	github.com/influxdata/influxdb v0.0.0-20190411212539-d24b7ba8c4c4
 	github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 // indirect
 	github.com/jackc/pgx v3.3.0+incompatible // indirect
 	github.com/jcmturner/gokrb5/v8 v8.0.0
 	github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f
 	github.com/jefferai/jsonx v1.0.0
 	github.com/joyent/triton-go v0.0.0-20190112182421-51ffac552869
 	github.com/keybase/go-crypto v0.0.0-20190403132359-d65b6b94177f
--- a/internalshared/listenerutil/listener.go
+++ b/internalshared/listenerutil/listener.go
@@ -11,8 +11,8 @@ import (
 	"strconv"
 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/vault/internalshared/reloadutil"
 	"github.com/hashicorp/vault/sdk/helper/parseutil"
 	"github.com/hashicorp/vault/sdk/helper/reload"
 	"github.com/hashicorp/vault/sdk/helper/tlsutil"
 	"github.com/jefferai/isbadcipher"
 	"github.com/mitchellh/cli"
@@ -71,7 +71,7 @@ func WrapTLS(
 	ln net.Listener,
 	props map[string]string,
 	config map[string]interface{},
-	ui cli.Ui) (net.Listener, map[string]string, reload.ReloadFunc, *tls.Config, error) {
+	ui cli.Ui) (net.Listener, map[string]string, reloadutil.ReloadFunc, *tls.Config, error) {
 	props["tls"] = "disabled"
 	if v, ok := config["tls_disable"]; ok {
@@ -95,7 +95,7 @@ func WrapTLS(
 	}
 	keyFile := keyFileRaw.(string)
-	cg := reload.NewCertificateGetter(certFile, keyFile, "")
+	cg := reloadutil.NewCertificateGetter(certFile, keyFile, "")
 	if err := cg.Reload(config); err != nil {
 		// We try the key without a passphrase first and if we get an incorrect
 		// passphrase response, try again after prompting for a passphrase
@@ -103,7 +103,7 @@ func WrapTLS(
 			var passphrase string
 			passphrase, err = ui.AskSecret(fmt.Sprintf("Enter passphrase for %s:", keyFile))
 			if err == nil {
-				cg = reload.NewCertificateGetter(certFile, keyFile, passphrase)
+				cg = reloadutil.NewCertificateGetter(certFile, keyFile, passphrase)
 				if err = cg.Reload(config); err == nil {
 					goto PASSPHRASECORRECT
 				}
--- a/internalshared/reloadutil/reload.go
+++ b/internalshared/reloadutil/reload.go
@@ -1,4 +1,4 @@
-package reload
+package reloadutil
 import (
 	"crypto/tls"
--- a/internalshared/reloadutil/reload_test.go
+++ b/internalshared/reloadutil/reload_test.go
@@ -1,4 +1,4 @@
-package reload
+package reloadutil
 import (
 	"crypto/x509"
--- a/vault/core.go
+++ b/vault/core.go
@@ -30,13 +30,13 @@ import (
 	"github.com/hashicorp/vault/command/server"
 	"github.com/hashicorp/vault/helper/metricsutil"
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/internalshared/reloadutil"
 	"github.com/hashicorp/vault/physical/raft"
 	"github.com/hashicorp/vault/sdk/helper/certutil"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/helper/jsonutil"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/helper/mlock"
 	"github.com/hashicorp/vault/sdk/helper/reload"
 	"github.com/hashicorp/vault/sdk/helper/strutil"
 	"github.com/hashicorp/vault/sdk/helper/tlsutil"
 	"github.com/hashicorp/vault/sdk/logical"
@@ -365,7 +365,7 @@ type Core struct {
 	physicalCache physical.ToggleablePurgemonster
 	// reloadFuncs is a map containing reload functions
-	reloadFuncs map[string][]reload.ReloadFunc
+	reloadFuncs map[string][]reloadutil.ReloadFunc
 	// reloadFuncsLock controls access to the funcs
 	reloadFuncsLock sync.RWMutex
@@ -582,7 +582,7 @@ type CoreConfig struct {
 	RawConfig *server.Config
-	ReloadFuncs     *map[string][]reload.ReloadFunc
+	ReloadFuncs     *map[string][]reloadutil.ReloadFunc
 	ReloadFuncsLock *sync.RWMutex
 	// Licensing
@@ -855,7 +855,7 @@ func NewCore(conf *CoreConfig) (*Core, error) {
 	// the caller can share state
 	conf.ReloadFuncsLock = &c.reloadFuncsLock
 	c.reloadFuncsLock.Lock()
-	c.reloadFuncs = make(map[string][]reload.ReloadFunc)
+	c.reloadFuncs = make(map[string][]reloadutil.ReloadFunc)
 	c.reloadFuncsLock.Unlock()
 	conf.ReloadFuncs = &c.reloadFuncs
--- a/vault/testing.go
+++ b/vault/testing.go
@@ -44,12 +44,12 @@ import (
 	"github.com/hashicorp/vault/audit"
 	"github.com/hashicorp/vault/command/server"
 	"github.com/hashicorp/vault/helper/namespace"
 	"github.com/hashicorp/vault/internalshared/reloadutil"
 	dbMysql "github.com/hashicorp/vault/plugins/database/mysql"
 	dbPostgres "github.com/hashicorp/vault/plugins/database/postgresql"
 	"github.com/hashicorp/vault/sdk/framework"
 	"github.com/hashicorp/vault/sdk/helper/consts"
 	"github.com/hashicorp/vault/sdk/helper/logging"
 	"github.com/hashicorp/vault/sdk/helper/reload"
 	"github.com/hashicorp/vault/sdk/helper/salt"
 	"github.com/hashicorp/vault/sdk/logical"
 	"github.com/hashicorp/vault/sdk/physical"
@@ -1023,7 +1023,7 @@ type TestClusterCore struct {
 	Client               *api.Client
 	Handler              http.Handler
 	Listeners            []*TestListener
-	ReloadFuncs          *map[string][]reload.ReloadFunc
+	ReloadFuncs          *map[string][]reloadutil.ReloadFunc
 	ReloadFuncsLock      *sync.RWMutex
 	Server               *http.Server
 	ServerCert           *x509.Certificate
@@ -1295,7 +1295,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
 	servers := []*http.Server{}
 	handlers := []http.Handler{}
 	tlsConfigs := []*tls.Config{}
-	certGetters := []*reload.CertificateGetter{}
+	certGetters := []*reloadutil.CertificateGetter{}
 	for i := 0; i < numCores; i++ {
 		baseAddr.Port = ports[i]
 		ln, err := net.ListenTCP("tcp", baseAddr)
@@ -1316,7 +1316,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
 		if err != nil {
 			t.Fatal(err)
 		}
-		certGetter := reload.NewCertificateGetter(certFile, keyFile, "")
+		certGetter := reloadutil.NewCertificateGetter(certFile, keyFile, "")
 		certGetters = append(certGetters, certGetter)
 		certGetter.Reload(nil)
 		tlsConfig := &tls.Config{
@@ -1773,7 +1773,7 @@ func NewTestCluster(t testing.T, base *CoreConfig, opts *TestClusterOptions) *Te
 		tcc.ReloadFuncs = &cores[i].reloadFuncs
 		tcc.ReloadFuncsLock = &cores[i].reloadFuncsLock
 		tcc.ReloadFuncsLock.Lock()
-		(*tcc.ReloadFuncs)["listener|tcp"] = []reload.ReloadFunc{certGetters[i].Reload}
+		(*tcc.ReloadFuncs)["listener|tcp"] = []reloadutil.ReloadFunc{certGetters[i].Reload}
 		tcc.ReloadFuncsLock.Unlock()
 		testAdjustTestCore(base, tcc)
--- a/vendor/github.com/hashicorp/vault/api/go.mod
+++ b/vendor/github.com/hashicorp/vault/api/go.mod
@@ -12,7 +12,7 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.6.2
 	github.com/hashicorp/go-rootcerts v1.0.1
 	github.com/hashicorp/hcl v1.0.0
-	github.com/hashicorp/vault/sdk v0.1.14-0.20200214222719-7a3b716487a5
+	github.com/hashicorp/vault/sdk v0.1.14-0.20200215195600-2ca765f0a500
 	github.com/mitchellh/mapstructure v1.1.2
 	golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
 	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
--- a/vendor/github.com/hashicorp/vault/api/go.sum
+++ b/vendor/github.com/hashicorp/vault/api/go.sum
@@ -56,7 +56,6 @@ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ
 github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
 github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
 github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f/go.mod h1:3J2qVK16Lq8V+wfiL2lPeDZ7UWMxk5LemerHa1p6N00=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA=
--- a/vendor/github.com/hashicorp/vault/sdk/helper/gatedwriter/writer.go
+++ b/vendor/github.com/hashicorp/vault/sdk/helper/gatedwriter/writer.go
@@ -1,43 +0,0 @@
 package gatedwriter
 import (
 	"bytes"
 	"io"
 	"sync"
 )
 // Writer is an io.Writer implementation that buffers all of its
 // data into an internal buffer until it is told to let data through.
 type Writer struct {
 	writer io.Writer
 	buf   bytes.Buffer
 	flush bool
 	lock  sync.Mutex
 }
 func NewWriter(underlying io.Writer) *Writer {
 	return &Writer{writer: underlying}
 }
 // Flush tells the Writer to flush any buffered data and to stop
 // buffering.
 func (w *Writer) Flush() error {
 	w.lock.Lock()
 	defer w.lock.Unlock()
 	w.flush = true
 	_, err := w.buf.WriteTo(w.writer)
 	return err
 }
 func (w *Writer) Write(p []byte) (n int, err error) {
 	w.lock.Lock()
 	defer w.lock.Unlock()
 	if w.flush {
 		return w.writer.Write(p)
 	}
 	return w.buf.Write(p)
 }
--- a/vendor/github.com/hashicorp/vault/sdk/helper/listenerutil/listener.go
+++ b/vendor/github.com/hashicorp/vault/sdk/helper/listenerutil/listener.go
@@ -1,271 +0,0 @@
 package listenerutil
 import (
 	"crypto/tls"
 	"crypto/x509"
 	"fmt"
 	"io/ioutil"
 	"net"
 	"os"
 	osuser "os/user"
 	"strconv"
 	"github.com/hashicorp/errwrap"
 	"github.com/hashicorp/vault/sdk/helper/parseutil"
 	"github.com/hashicorp/vault/sdk/helper/reload"
 	"github.com/hashicorp/vault/sdk/helper/tlsutil"
 	"github.com/jefferai/isbadcipher"
 	"github.com/mitchellh/cli"
 )
 type UnixSocketsConfig struct {
 	User  string `hcl:"user"`
 	Mode  string `hcl:"mode"`
 	Group string `hcl:"group"`
 }
 // rmListener is an implementation of net.Listener that forwards most
 // calls to the listener but also removes a file as part of the close. We
 // use this to cleanup the unix domain socket on close.
 type rmListener struct {
 	net.Listener
 	Path string
 }
 func (l *rmListener) Close() error {
 	// Close the listener itself
 	if err := l.Listener.Close(); err != nil {
 		return err
 	}
 	// Remove the file
 	return os.Remove(l.Path)
 }
 func UnixSocketListener(path string, unixSocketsConfig *UnixSocketsConfig) (net.Listener, error) {
 	if err := os.Remove(path); err != nil && !os.IsNotExist(err) {
 		return nil, fmt.Errorf("failed to remove socket file: %v", err)
 	}
 	ln, err := net.Listen("unix", path)
 	if err != nil {
 		return nil, err
 	}
 	if unixSocketsConfig != nil {
 		err = setFilePermissions(path, unixSocketsConfig.User, unixSocketsConfig.Group, unixSocketsConfig.Mode)
 		if err != nil {
 			return nil, fmt.Errorf("failed to set file system permissions on the socket file: %s", err)
 		}
 	}
 	// Wrap the listener in rmListener so that the Unix domain socket file is
 	// removed on close.
 	return &rmListener{
 		Listener: ln,
 		Path:     path,
 	}, nil
 }
 func WrapTLS(
 	ln net.Listener,
 	props map[string]string,
 	config map[string]interface{},
 	ui cli.Ui) (net.Listener, map[string]string, reload.ReloadFunc, *tls.Config, error) {
 	props["tls"] = "disabled"
 	if v, ok := config["tls_disable"]; ok {
 		disabled, err := parseutil.ParseBool(v)
 		if err != nil {
 			return nil, nil, nil, nil, errwrap.Wrapf("invalid value for 'tls_disable': {{err}}", err)
 		}
 		if disabled {
 			return ln, props, nil, nil, nil
 		}
 	}
 	certFileRaw, ok := config["tls_cert_file"]
 	if !ok {
 		return nil, nil, nil, nil, fmt.Errorf("'tls_cert_file' must be set")
 	}
 	certFile := certFileRaw.(string)
 	keyFileRaw, ok := config["tls_key_file"]
 	if !ok {
 		return nil, nil, nil, nil, fmt.Errorf("'tls_key_file' must be set")
 	}
 	keyFile := keyFileRaw.(string)
 	cg := reload.NewCertificateGetter(certFile, keyFile, "")
 	if err := cg.Reload(config); err != nil {
 		// We try the key without a passphrase first and if we get an incorrect
 		// passphrase response, try again after prompting for a passphrase
 		if errwrap.Contains(err, x509.IncorrectPasswordError.Error()) {
 			var passphrase string
 			passphrase, err = ui.AskSecret(fmt.Sprintf("Enter passphrase for %s:", keyFile))
 			if err == nil {
 				cg = reload.NewCertificateGetter(certFile, keyFile, passphrase)
 				if err = cg.Reload(config); err == nil {
 					goto PASSPHRASECORRECT
 				}
 			}
 		}
 		return nil, nil, nil, nil, errwrap.Wrapf("error loading TLS cert: {{err}}", err)
 	}
 PASSPHRASECORRECT:
 	var tlsvers string
 	tlsversRaw, ok := config["tls_min_version"]
 	if !ok {
 		tlsvers = "tls12"
 	} else {
 		tlsvers = tlsversRaw.(string)
 	}
 	tlsConf := &tls.Config{}
 	tlsConf.GetCertificate = cg.GetCertificate
 	tlsConf.NextProtos = []string{"h2", "http/1.1"}
 	tlsConf.MinVersion, ok = tlsutil.TLSLookup[tlsvers]
 	if !ok {
 		return nil, nil, nil, nil, fmt.Errorf("'tls_min_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]", tlsvers)
 	}
 	tlsConf.ClientAuth = tls.RequestClientCert
 	if v, ok := config["tls_cipher_suites"]; ok {
 		ciphers, err := tlsutil.ParseCiphers(v.(string))
 		if err != nil {
 			return nil, nil, nil, nil, errwrap.Wrapf("invalid value for 'tls_cipher_suites': {{err}}", err)
 		}
 		// HTTP/2 with TLS 1.2 blacklists several cipher suites.
 		// https://tools.ietf.org/html/rfc7540#appendix-A
 		//
 		// Since the CLI (net/http) automatically uses HTTP/2 with TLS 1.2,
 		// we check here if all or some specified cipher suites are blacklisted.
 		badCiphers := []string{}
 		for _, cipher := range ciphers {
 			if isbadcipher.IsBadCipher(cipher) {
 				// Get the name of the current cipher.
 				cipherStr, err := tlsutil.GetCipherName(cipher)
 				if err != nil {
 					return nil, nil, nil, nil, errwrap.Wrapf("invalid value for 'tls_cipher_suites': {{err}}", err)
 				}
 				badCiphers = append(badCiphers, cipherStr)
 			}
 		}
 		if len(badCiphers) == len(ciphers) {
 			ui.Warn(`WARNING! All cipher suites defined by 'tls_cipher_suites' are blacklisted by the
 HTTP/2 specification. HTTP/2 communication with TLS 1.2 will not work as intended
 and Vault will be unavailable via the CLI.
 Please see https://tools.ietf.org/html/rfc7540#appendix-A for further information.`)
 		} else if len(badCiphers) > 0 {
 			ui.Warn(fmt.Sprintf(`WARNING! The following cipher suites defined by 'tls_cipher_suites' are
 blacklisted by the HTTP/2 specification:
 %v
 Please see https://tools.ietf.org/html/rfc7540#appendix-A for further information.`, badCiphers))
 		}
 		tlsConf.CipherSuites = ciphers
 	}
 	if v, ok := config["tls_prefer_server_cipher_suites"]; ok {
 		preferServer, err := parseutil.ParseBool(v)
 		if err != nil {
 			return nil, nil, nil, nil, errwrap.Wrapf("invalid value for 'tls_prefer_server_cipher_suites': {{err}}", err)
 		}
 		tlsConf.PreferServerCipherSuites = preferServer
 	}
 	var requireVerifyCerts bool
 	var err error
 	if v, ok := config["tls_require_and_verify_client_cert"]; ok {
 		requireVerifyCerts, err = parseutil.ParseBool(v)
 		if err != nil {
 			return nil, nil, nil, nil, errwrap.Wrapf("invalid value for 'tls_require_and_verify_client_cert': {{err}}", err)
 		}
 		if requireVerifyCerts {
 			tlsConf.ClientAuth = tls.RequireAndVerifyClientCert
 		}
 		if tlsClientCaFile, ok := config["tls_client_ca_file"]; ok {
 			caPool := x509.NewCertPool()
 			data, err := ioutil.ReadFile(tlsClientCaFile.(string))
 			if err != nil {
 				return nil, nil, nil, nil, errwrap.Wrapf("failed to read tls_client_ca_file: {{err}}", err)
 			}
 			if !caPool.AppendCertsFromPEM(data) {
 				return nil, nil, nil, nil, fmt.Errorf("failed to parse CA certificate in tls_client_ca_file")
 			}
 			tlsConf.ClientCAs = caPool
 		}
 	}
 	if v, ok := config["tls_disable_client_certs"]; ok {
 		disableClientCerts, err := parseutil.ParseBool(v)
 		if err != nil {
 			return nil, nil, nil, nil, errwrap.Wrapf("invalid value for 'tls_disable_client_certs': {{err}}", err)
 		}
 		if disableClientCerts && requireVerifyCerts {
 			return nil, nil, nil, nil, fmt.Errorf("'tls_disable_client_certs' and 'tls_require_and_verify_client_cert' are mutually exclusive")
 		}
 		if disableClientCerts {
 			tlsConf.ClientAuth = tls.NoClientCert
 		}
 	}
 	ln = tls.NewListener(ln, tlsConf)
 	props["tls"] = "enabled"
 	return ln, props, cg.Reload, tlsConf, nil
 }
 // setFilePermissions handles configuring ownership and permissions
 // settings on a given file. All permission/ownership settings are
 // optional. If no user or group is specified, the current user/group
 // will be used. Mode is optional, and has no default (the operation is
 // not performed if absent). User may be specified by name or ID, but
 // group may only be specified by ID.
 func setFilePermissions(path string, user, group, mode string) error {
 	var err error
 	uid, gid := os.Getuid(), os.Getgid()
 	if user != "" {
 		if uid, err = strconv.Atoi(user); err == nil {
 			goto GROUP
 		}
 		// Try looking up the user by name
 		u, err := osuser.Lookup(user)
 		if err != nil {
 			return fmt.Errorf("failed to look up user %q: %v", user, err)
 		}
 		uid, _ = strconv.Atoi(u.Uid)
 	}
 GROUP:
 	if group != "" {
 		if gid, err = strconv.Atoi(group); err == nil {
 			goto OWN
 		}
 		// Try looking up the user by name
 		g, err := osuser.LookupGroup(group)
 		if err != nil {
 			return fmt.Errorf("failed to look up group %q: %v", user, err)
 		}
 		gid, _ = strconv.Atoi(g.Gid)
 	}
 OWN:
 	if err := os.Chown(path, uid, gid); err != nil {
 		return fmt.Errorf("failed setting ownership to %d:%d on %q: %v",
 			uid, gid, path, err)
 	}
 	if mode != "" {
 		mode, err := strconv.ParseUint(mode, 8, 32)
 		if err != nil {
 			return fmt.Errorf("invalid mode specified: %v", mode)
 		}
 		if err := os.Chmod(path, os.FileMode(mode)); err != nil {
 			return fmt.Errorf("failed setting permissions to %d on %q: %v",
 				mode, path, err)
 		}
 	}
 	return nil
 }
--- a/vendor/github.com/hashicorp/vault/sdk/helper/reload/reload.go
+++ b/vendor/github.com/hashicorp/vault/sdk/helper/reload/reload.go
@@ -1,85 +0,0 @@
 package reload
 import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/pem"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	"sync"
 	"github.com/hashicorp/errwrap"
 )
 // ReloadFunc are functions that are called when a reload is requested
 type ReloadFunc func(map[string]interface{}) error
 // CertificateGetter satisfies ReloadFunc and its GetCertificate method
 // satisfies the tls.GetCertificate function signature.  Currently it does not
 // allow changing paths after the fact.
 type CertificateGetter struct {
 	sync.RWMutex
 	cert *tls.Certificate
 	certFile   string
 	keyFile    string
 	passphrase string
 }
 func NewCertificateGetter(certFile, keyFile, passphrase string) *CertificateGetter {
 	return &CertificateGetter{
 		certFile:   certFile,
 		keyFile:    keyFile,
 		passphrase: passphrase,
 	}
 }
 func (cg *CertificateGetter) Reload(_ map[string]interface{}) error {
 	certPEMBlock, err := ioutil.ReadFile(cg.certFile)
 	if err != nil {
 		return err
 	}
 	keyPEMBlock, err := ioutil.ReadFile(cg.keyFile)
 	if err != nil {
 		return err
 	}
 	// Check for encrypted pem block
 	keyBlock, _ := pem.Decode(keyPEMBlock)
 	if keyBlock == nil {
 		return errors.New("decoded PEM is blank")
 	}
 	if x509.IsEncryptedPEMBlock(keyBlock) {
 		keyBlock.Bytes, err = x509.DecryptPEMBlock(keyBlock, []byte(cg.passphrase))
 		if err != nil {
 			return errwrap.Wrapf("Decrypting PEM block failed {{err}}", err)
 		}
 		keyPEMBlock = pem.EncodeToMemory(keyBlock)
 	}
 	cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
 	if err != nil {
 		return err
 	}
 	cg.Lock()
 	defer cg.Unlock()
 	cg.cert = &cert
 	return nil
 }
 func (cg *CertificateGetter) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	cg.RLock()
 	defer cg.RUnlock()
 	if cg.cert == nil {
 		return nil, fmt.Errorf("nil certificate")
 	}
 	return cg.cert, nil
 }
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -428,9 +428,9 @@ github.com/hashicorp/vault-plugin-secrets-mongodbatlas
 # github.com/hashicorp/vault-plugin-secrets-openldap v0.0.0-20200215165936-237ad8919d2c
 github.com/hashicorp/vault-plugin-secrets-openldap
 github.com/hashicorp/vault-plugin-secrets-openldap/client
-# github.com/hashicorp/vault/api v1.0.5-0.20200214222743-c39f5634b39f => ./api
+# github.com/hashicorp/vault/api v1.0.5-0.20200215195706-26a747400a65 => ./api
 github.com/hashicorp/vault/api
-# github.com/hashicorp/vault/sdk v0.1.14-0.20200214222719-7a3b716487a5 => ./sdk
+# github.com/hashicorp/vault/sdk v0.1.14-0.20200215195600-2ca765f0a500 => ./sdk
 github.com/hashicorp/vault/sdk/database/dbplugin
 github.com/hashicorp/vault/sdk/database/helper/connutil
 github.com/hashicorp/vault/sdk/database/helper/credsutil
@@ -445,7 +445,6 @@ github.com/hashicorp/vault/sdk/helper/consts
 github.com/hashicorp/vault/sdk/helper/cryptoutil
 github.com/hashicorp/vault/sdk/helper/dbtxn
 github.com/hashicorp/vault/sdk/helper/errutil
 github.com/hashicorp/vault/sdk/helper/gatedwriter
 github.com/hashicorp/vault/sdk/helper/hclutil
 github.com/hashicorp/vault/sdk/helper/identitytpl
 github.com/hashicorp/vault/sdk/helper/jsonutil
@@ -453,7 +452,6 @@ github.com/hashicorp/vault/sdk/helper/kdf
 github.com/hashicorp/vault/sdk/helper/keysutil
 github.com/hashicorp/vault/sdk/helper/ldaputil
 github.com/hashicorp/vault/sdk/helper/license
 github.com/hashicorp/vault/sdk/helper/listenerutil
 github.com/hashicorp/vault/sdk/helper/locksutil
 github.com/hashicorp/vault/sdk/helper/logging
 github.com/hashicorp/vault/sdk/helper/mlock
@@ -463,7 +461,6 @@ github.com/hashicorp/vault/sdk/helper/pathmanager
 github.com/hashicorp/vault/sdk/helper/pluginutil
 github.com/hashicorp/vault/sdk/helper/pointerutil
 github.com/hashicorp/vault/sdk/helper/policyutil
 github.com/hashicorp/vault/sdk/helper/reload
 github.com/hashicorp/vault/sdk/helper/salt
 github.com/hashicorp/vault/sdk/helper/strutil
 github.com/hashicorp/vault/sdk/helper/tlsutil