From 80b52313fea0de3670f5fe8027cbaeca74a2eddf Mon Sep 17 00:00:00 2001 From: Austin Gebauer Date: Wed, 3 Jan 2024 16:35:44 -0800 Subject: [PATCH] add plugin identity token params --- go.mod | 5 +++-- go.sum | 4 ++-- sdk/helper/pluginidentityutil/fields.go | 30 ++++++++++++++++--------- 3 files changed, 25 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 69d6767f94..fdd1d01603 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ replace github.com/hashicorp/vault/api/auth/userpass => ./api/auth/userpass replace github.com/hashicorp/vault/sdk => ./sdk -// replace github.com/hashicorp/vault-plugin-secrets-azure => /Users/agebauer/Workspace/hashicorp/plugins/vault-plugin-secrets-azure +replace github.com/hashicorp/vault-plugin-secrets-azure => /Users/agebauer/Workspace/hashicorp/plugins/vault-plugin-secrets-azure require ( cloud.google.com/go/cloudsqlconn v1.4.3 @@ -158,7 +158,7 @@ require ( github.com/hashicorp/vault/api v1.10.0 github.com/hashicorp/vault/api/auth/approle v0.1.0 github.com/hashicorp/vault/api/auth/userpass v0.1.0 - github.com/hashicorp/vault/sdk v0.10.0 + github.com/hashicorp/vault/sdk v0.10.2-0.20240103225259-de8c8d86f886 github.com/hashicorp/vault/vault/hcp_link/proto v0.0.0-20230201201504-b741fa893d77 github.com/influxdata/influxdb1-client v0.0.0-20200827194710-b269163b24ab github.com/jackc/pgx/v4 v4.18.1 @@ -247,6 +247,7 @@ require ( github.com/Azure/azure-pipeline-go v0.2.3 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi v1.1.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/resources/armresources v1.1.1 // indirect diff --git a/go.sum b/go.sum index eea64797c1..f5e6b7eaa5 100644 --- a/go.sum +++ b/go.sum @@ -777,6 +777,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.1.2/go.mod h1:eWRD7oawr1Mu1sLC github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0 h1:d81/ng9rET2YqdVkVwkb6EXeRrLJIwyGnJcAlAWKwhs= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 h1:6A4M8smF+y8nM/DYsLNQz9n7n2ZGaEVqfz8ZWQirQkI= +github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1/go.mod h1:WqyxV5S0VtXD2+2d6oPqOvyhGubCvzLCKSAKgQ004Uk= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1 h1:UPeCRD+XY7QlaGQte2EVI2iOcWvUYA2XY8w5T/8v0NQ= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v4 v4.2.1/go.mod h1:oGV6NlB0cvi1ZbYRR2UN44QHxWFyGk+iylgD0qaMXjA= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/internal v1.1.2 h1:mLY+pNLjCUeKhgnAJWAKhEUQM+RJQo2H1fuGSw1Ky1E= @@ -2158,8 +2160,6 @@ github.com/hashicorp/vault-plugin-secrets-ad v0.16.1 h1:Ns0/JcpOrC3+yCYcV9+Sbehf github.com/hashicorp/vault-plugin-secrets-ad v0.16.1/go.mod h1:WeR9mm1FT3jmuf0SDJmqy7N/9Y34Qv8elt43/k/oaW0= github.com/hashicorp/vault-plugin-secrets-alicloud v0.15.1 h1:LrcvOhx1hy8NvENdORrJUcpuY4JHDD5NvDILdlOgefw= github.com/hashicorp/vault-plugin-secrets-alicloud v0.15.1/go.mod h1:YKoctp9/8VkjIx827IrNCqSow/Z88wCz3Qb/sAFLe6o= -github.com/hashicorp/vault-plugin-secrets-azure v0.16.3 h1:XqVsmkGK5szTZe3YpMlHB5v+QceujZDR7ghY/YOg7jk= -github.com/hashicorp/vault-plugin-secrets-azure v0.16.3/go.mod h1:VuFiqDd4xvBxpb/F/QEeHE7wXgqqbPYIV61COLvY0tY= github.com/hashicorp/vault-plugin-secrets-gcp v0.17.0 h1:Z7IqtShXD8uDzLfKskk8rt84hZbXMHCtJT4YQrUigPs= github.com/hashicorp/vault-plugin-secrets-gcp v0.17.0/go.mod h1:VRSCqW/rYThWK/bmBiBKI1dKOg383xnedA/G9ghJrug= github.com/hashicorp/vault-plugin-secrets-gcpkms v0.15.1 h1:qUFOjiz5+wgZsRpOF0hCFeot9vZEyhqfJ4w/UFJAjfc= diff --git a/sdk/helper/pluginidentityutil/fields.go b/sdk/helper/pluginidentityutil/fields.go index 41c1d693b6..0f32e6f1cf 100644 --- a/sdk/helper/pluginidentityutil/fields.go +++ b/sdk/helper/pluginidentityutil/fields.go @@ -9,18 +9,21 @@ import ( "github.com/hashicorp/vault/sdk/framework" ) -func AddPluginIdentityTokenFields(m map[string]*framework.FieldSchema) { - f := PluginIdentityTokenFields() - for k, v := range f { - if _, ok := m[k]; ok { - panic(fmt.Sprintf("adding field %q would overwrite existing field", k)) - } - m[k] = v - } +// PluginIdentityTokenParams contains a set of common parameters that plugins +// can use for setting plugin identity token behavior +type PluginIdentityTokenParams struct { + // IdentityTokenKey is the named key used to sign tokens + IdentityTokenKey string `json:"identity_token_key"` + // IdentityTokenTTLSeconds is the duration that tokens will be valid for + IdentityTokenTTLSeconds int `json:"identity_token_ttl_seconds"` + // IdentityTokenAudience identifies the recipient of the token + IdentityTokenAudience string `json:"identity_token_audience"` } -func PluginIdentityTokenFields() map[string]*framework.FieldSchema { - return map[string]*framework.FieldSchema{ +// AddPluginIdentityTokenFields adds plugin identity token fields to the given +// field schema map. +func AddPluginIdentityTokenFields(m map[string]*framework.FieldSchema) { + fields := map[string]*framework.FieldSchema{ "identity_token_audience": { Type: framework.TypeString, Description: "", @@ -46,4 +49,11 @@ func PluginIdentityTokenFields() map[string]*framework.FieldSchema { Default: 3600, }, } + + for name, schema := range fields { + if _, ok := m[name]; ok { + panic(fmt.Sprintf("adding field %q would overwrite existing field", name)) + } + m[name] = schema + } }