From 861454e0ed1390d67ddaf1a53c1798e5e291728c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 15 Jul 2021 20:17:31 -0400 Subject: [PATCH] Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) * Swap sdk/helper libs to go-secure-stdlib * Migrate to go-secure-stdlib reloadutil * Migrate to go-secure-stdlib kv-builder * Migrate to go-secure-stdlib gatedwriter --- api/client.go | 2 +- api/go.mod | 1 + api/secret.go | 2 +- api/sys_raft.go | 2 +- audit/hashstructure.go | 2 +- builtin/audit/socket/backend.go | 2 +- builtin/credential/approle/path_login.go | 2 +- builtin/credential/approle/path_role.go | 4 +- builtin/credential/aws/path_config_client.go | 2 +- .../credential/aws/path_config_identity.go | 2 +- builtin/credential/aws/path_login.go | 2 +- builtin/credential/aws/path_role_tag.go | 2 +- builtin/credential/aws/path_role_test.go | 2 +- builtin/credential/github/cli.go | 2 +- builtin/credential/ldap/backend.go | 2 +- builtin/credential/ldap/cli.go | 2 +- builtin/credential/ldap/path_users.go | 2 +- builtin/credential/okta/cli.go | 2 +- builtin/credential/token/cli.go | 2 +- builtin/credential/userpass/cli.go | 2 +- builtin/logical/aws/path_roles.go | 2 +- builtin/logical/aws/path_user.go | 2 +- .../cassandra/path_config_connection.go | 2 +- .../logical/cassandra/path_creds_create.go | 2 +- builtin/logical/cassandra/util.go | 2 +- builtin/logical/database/backend.go | 2 +- builtin/logical/database/path_creds_create.go | 2 +- builtin/logical/database/path_roles.go | 2 +- builtin/logical/database/rotation.go | 2 +- builtin/logical/mssql/path_creds_create.go | 2 +- builtin/logical/mssql/path_roles.go | 2 +- builtin/logical/mysql/path_role_create.go | 2 +- builtin/logical/mysql/path_roles.go | 2 +- builtin/logical/mysql/secret_creds.go | 2 +- builtin/logical/pki/backend_test.go | 2 +- builtin/logical/pki/cert_util.go | 2 +- builtin/logical/pki/path_roles.go | 2 +- builtin/logical/pki/path_roles_test.go | 2 +- .../logical/postgresql/path_role_create.go | 2 +- builtin/logical/postgresql/path_roles.go | 2 +- builtin/logical/postgresql/secret_creds.go | 2 +- builtin/logical/rabbitmq/backend_test.go | 2 +- builtin/logical/rabbitmq/passwords.go | 2 +- .../logical/ssh/path_config_zeroaddress.go | 2 +- builtin/logical/ssh/path_roles.go | 2 +- builtin/logical/ssh/path_sign.go | 4 +- builtin/logical/ssh/util.go | 2 +- command/agent.go | 2 +- command/agent/auth/approle/approle.go | 2 +- command/agent/auth/gcp/gcp.go | 2 +- command/agent/auth/kerberos/kerberos.go | 2 +- command/agent/cache/api_proxy.go | 2 +- command/agent/cache/lease_cache.go | 2 +- command/agent/config/config.go | 2 +- command/base_helpers.go | 2 +- command/base_predict_test.go | 2 +- command/debug.go | 4 +- command/kv_helpers.go | 2 +- command/monitor.go | 2 +- command/operator_diagnose.go | 6 +- command/operator_generate_root.go | 4 +- command/operator_migrate_test.go | 2 +- command/operator_rekey.go | 2 +- command/operator_unseal.go | 2 +- command/server.go | 7 +- command/server/config.go | 2 +- command/server/listener.go | 2 +- command/server/listener_tcp.go | 2 +- go.mod | 9 ++ go.sum | 6 + helper/proxyutil/proxyutil.go | 2 +- http/cors.go | 2 +- http/handler.go | 2 +- http/sys_generate_root.go | 2 +- http/sys_health.go | 2 +- http/sys_raft.go | 2 +- internalshared/configutil/config.go | 2 +- internalshared/configutil/kms.go | 2 +- internalshared/configutil/lint.go | 3 +- internalshared/configutil/listener.go | 6 +- internalshared/configutil/telemetry.go | 3 +- internalshared/gatedwriter/writer.go | 43 ------ internalshared/gatedwriter/writer_test.go | 34 ----- internalshared/kv-builder/builder.go | 131 ----------------- internalshared/kv-builder/builder_test.go | 139 ------------------ internalshared/listenerutil/listener.go | 4 +- internalshared/reloadutil/reload.go | 83 ----------- internalshared/reloadutil/reload_test.go | 74 ---------- physical/aerospike/aerospike.go | 2 +- physical/azure/azure.go | 2 +- physical/cockroachdb/cockroachdb.go | 2 +- physical/consul/consul.go | 4 +- physical/etcd/etcd3.go | 4 +- physical/mssql/mssql.go | 2 +- physical/mysql/mysql.go | 2 +- physical/oci/oci.go | 2 +- physical/raft/fsm.go | 2 +- physical/raft/raft.go | 2 +- physical/raft/raft_autopilot.go | 4 +- physical/s3/s3.go | 2 +- physical/spanner/spanner.go | 2 +- physical/swift/swift.go | 2 +- physical/zookeeper/zookeeper.go | 4 +- plugins/database/cassandra/cassandra.go | 2 +- .../database/cassandra/connection_producer.go | 4 +- plugins/database/hana/hana.go | 2 +- .../database/influxdb/connection_producer.go | 4 +- plugins/database/influxdb/influxdb.go | 2 +- plugins/database/mongodb/mongodb.go | 2 +- plugins/database/mssql/mssql.go | 2 +- plugins/database/mysql/connection_producer.go | 2 +- plugins/database/mysql/mysql.go | 2 +- plugins/database/mysql/mysql_test.go | 2 +- plugins/database/postgresql/postgresql.go | 2 +- plugins/database/redshift/redshift.go | 2 +- sdk/database/helper/connutil/sql.go | 2 +- sdk/database/helper/credsutil/credsutil.go | 2 +- sdk/framework/backend.go | 2 +- sdk/framework/field_data.go | 4 +- sdk/helper/authmetadata/auth_metadata.go | 2 +- sdk/helper/cidrutil/cidr.go | 2 +- .../keysutil/encrypted_key_storage_test.go | 2 +- sdk/helper/ldaputil/client.go | 2 +- sdk/helper/ldaputil/config.go | 2 +- sdk/helper/pluginutil/env.go | 2 +- sdk/helper/policyutil/policyutil.go | 2 +- sdk/helper/template/template.go | 2 +- sdk/helper/tokenutil/tokenutil.go | 4 +- sdk/plugin/pb/translation.go | 2 +- .../consul/consul_service_registration.go | 6 +- vault/acl.go | 2 +- vault/auth.go | 2 +- vault/barrier_aes_gcm.go | 2 +- vault/cluster/inmem_layer.go | 2 +- vault/core.go | 8 +- vault/cors.go | 2 +- vault/diagnose/helpers.go | 18 +-- vault/diagnose/tls_verification.go | 12 +- vault/expiration.go | 3 +- .../external_tests/identity/entities_test.go | 2 +- .../external_tests/identity/identity_test.go | 2 +- vault/external_tests/policy/policy_test.go | 2 +- .../raft/raft_autopilot_test.go | 2 +- vault/generate_root_recovery.go | 2 +- vault/generate_root_test.go | 2 +- vault/identity_store.go | 2 +- vault/identity_store_entities.go | 2 +- vault/identity_store_groups.go | 2 +- vault/identity_store_oidc.go | 4 +- vault/identity_store_util.go | 2 +- vault/logical_passthrough.go | 2 +- vault/logical_passthrough_test.go | 2 +- vault/logical_system.go | 4 +- vault/mount.go | 2 +- vault/plugin_reload.go | 2 +- vault/policy.go | 2 +- vault/policy_store.go | 2 +- vault/raft.go | 2 +- vault/request_handling.go | 2 +- vault/router.go | 2 +- vault/testing.go | 2 +- vault/token_store.go | 6 +- vault/token_store_test.go | 2 +- 163 files changed, 208 insertions(+), 706 deletions(-) delete mode 100644 internalshared/gatedwriter/writer.go delete mode 100644 internalshared/gatedwriter/writer_test.go delete mode 100644 internalshared/kv-builder/builder.go delete mode 100644 internalshared/kv-builder/builder_test.go delete mode 100644 internalshared/reloadutil/reload.go delete mode 100644 internalshared/reloadutil/reload_test.go diff --git a/api/client.go b/api/client.go index 1c890e01d4..b7282dbaf9 100644 --- a/api/client.go +++ b/api/client.go @@ -19,8 +19,8 @@ import ( cleanhttp "github.com/hashicorp/go-cleanhttp" retryablehttp "github.com/hashicorp/go-retryablehttp" rootcerts "github.com/hashicorp/go-rootcerts" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" "golang.org/x/net/http2" "golang.org/x/time/rate" ) diff --git a/api/go.mod b/api/go.mod index 76830b187d..e59a7f6370 100644 --- a/api/go.mod +++ b/api/go.mod @@ -14,6 +14,7 @@ require ( github.com/hashicorp/go-multierror v1.1.0 github.com/hashicorp/go-retryablehttp v0.6.6 github.com/hashicorp/go-rootcerts v1.0.2 + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 github.com/hashicorp/hcl v1.0.0 github.com/hashicorp/vault/sdk v0.2.1 github.com/mitchellh/mapstructure v1.4.1 diff --git a/api/secret.go b/api/secret.go index d5b9ce9729..64865d0ba1 100644 --- a/api/secret.go +++ b/api/secret.go @@ -7,8 +7,8 @@ import ( "time" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) // Secret is the structure returned for every secret within Vault. diff --git a/api/sys_raft.go b/api/sys_raft.go index c66ae629e4..5677cf454a 100644 --- a/api/sys_raft.go +++ b/api/sys_raft.go @@ -9,7 +9,7 @@ import ( "net/http" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/mitchellh/mapstructure" diff --git a/audit/hashstructure.go b/audit/hashstructure.go index 663056479a..11c6214ff7 100644 --- a/audit/hashstructure.go +++ b/audit/hashstructure.go @@ -6,8 +6,8 @@ import ( "reflect" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/salt" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/copystructure" diff --git a/builtin/audit/socket/backend.go b/builtin/audit/socket/backend.go index 2aef3a539d..f7892b5484 100644 --- a/builtin/audit/socket/backend.go +++ b/builtin/audit/socket/backend.go @@ -10,8 +10,8 @@ import ( "time" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/audit" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/salt" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/approle/path_login.go b/builtin/credential/approle/path_login.go index 104b9015b9..a392966fa8 100644 --- a/builtin/credential/approle/path_login.go +++ b/builtin/credential/approle/path_login.go @@ -6,9 +6,9 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go index d6e30e2092..b4c62185c8 100644 --- a/builtin/credential/approle/path_role.go +++ b/builtin/credential/approle/path_role.go @@ -7,14 +7,14 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_config_client.go b/builtin/credential/aws/path_config_client.go index 0c66f5124a..c609e1acd6 100644 --- a/builtin/credential/aws/path_config_client.go +++ b/builtin/credential/aws/path_config_client.go @@ -8,8 +8,8 @@ import ( "strings" "github.com/aws/aws-sdk-go/aws" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_config_identity.go b/builtin/credential/aws/path_config_identity.go index 76e0b302ba..282d277fab 100644 --- a/builtin/credential/aws/path_config_identity.go +++ b/builtin/credential/aws/path_config_identity.go @@ -4,9 +4,9 @@ import ( "context" "fmt" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/authmetadata" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go index 03c63f2e6a..41bf044cfb 100644 --- a/builtin/credential/aws/path_login.go +++ b/builtin/credential/aws/path_login.go @@ -24,12 +24,12 @@ import ( "github.com/hashicorp/errwrap" cleanhttp "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-retryablehttp" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/awsutil" "github.com/hashicorp/vault/sdk/helper/cidrutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_role_tag.go b/builtin/credential/aws/path_role_tag.go index f201c3ef71..15927a82a2 100644 --- a/builtin/credential/aws/path_role_tag.go +++ b/builtin/credential/aws/path_role_tag.go @@ -11,10 +11,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_role_test.go b/builtin/credential/aws/path_role_test.go index 5d7a0e3138..790a7ce164 100644 --- a/builtin/credential/aws/path_role_test.go +++ b/builtin/credential/aws/path_role_test.go @@ -9,11 +9,11 @@ import ( "github.com/go-test/deep" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" vlttesting "github.com/hashicorp/vault/helper/testhelpers/logical" "github.com/hashicorp/vault/sdk/helper/awsutil" "github.com/hashicorp/vault/sdk/helper/logging" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/github/cli.go b/builtin/credential/github/cli.go index cfdb4cc11f..bccc6fa516 100644 --- a/builtin/credential/github/cli.go +++ b/builtin/credential/github/cli.go @@ -6,8 +6,8 @@ import ( "os" "strings" + "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/password" ) type CLIHandler struct { diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go index 12ce5d4c53..9872aaed58 100644 --- a/builtin/credential/ldap/backend.go +++ b/builtin/credential/ldap/backend.go @@ -5,10 +5,10 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/mfa" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/ldaputil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/ldap/cli.go b/builtin/credential/ldap/cli.go index 528bec6cb0..21302a7c50 100644 --- a/builtin/credential/ldap/cli.go +++ b/builtin/credential/ldap/cli.go @@ -5,8 +5,8 @@ import ( "os" "strings" + pwd "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - pwd "github.com/hashicorp/vault/sdk/helper/password" ) type CLIHandler struct{} diff --git a/builtin/credential/ldap/path_users.go b/builtin/credential/ldap/path_users.go index 2cfd34d267..a4e18d30eb 100644 --- a/builtin/credential/ldap/path_users.go +++ b/builtin/credential/ldap/path_users.go @@ -4,9 +4,9 @@ import ( "context" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/okta/cli.go b/builtin/credential/okta/cli.go index 4dbd3e3097..cc526f638a 100644 --- a/builtin/credential/okta/cli.go +++ b/builtin/credential/okta/cli.go @@ -5,8 +5,8 @@ import ( "os" "strings" + pwd "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - pwd "github.com/hashicorp/vault/sdk/helper/password" ) // CLIHandler struct diff --git a/builtin/credential/token/cli.go b/builtin/credential/token/cli.go index feadba2e94..64a88169cb 100644 --- a/builtin/credential/token/cli.go +++ b/builtin/credential/token/cli.go @@ -7,8 +7,8 @@ import ( "strconv" "strings" + "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/password" ) type CLIHandler struct { diff --git a/builtin/credential/userpass/cli.go b/builtin/credential/userpass/cli.go index 61ddfdc796..34c3c31916 100644 --- a/builtin/credential/userpass/cli.go +++ b/builtin/credential/userpass/cli.go @@ -5,8 +5,8 @@ import ( "os" "strings" + pwd "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - pwd "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/mapstructure" ) diff --git a/builtin/logical/aws/path_roles.go b/builtin/logical/aws/path_roles.go index 3ef32f2d1d..ca241b5472 100644 --- a/builtin/logical/aws/path_roles.go +++ b/builtin/logical/aws/path_roles.go @@ -12,9 +12,9 @@ import ( "github.com/aws/aws-sdk-go/aws/arn" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/aws/path_user.go b/builtin/logical/aws/path_user.go index 05c8730c35..2be885a009 100644 --- a/builtin/logical/aws/path_user.go +++ b/builtin/logical/aws/path_user.go @@ -9,8 +9,8 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/iam" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/mapstructure" ) diff --git a/builtin/logical/cassandra/path_config_connection.go b/builtin/logical/cassandra/path_config_connection.go index db551be989..afa1816880 100644 --- a/builtin/logical/cassandra/path_config_connection.go +++ b/builtin/logical/cassandra/path_config_connection.go @@ -4,9 +4,9 @@ import ( "context" "fmt" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/cassandra/path_creds_create.go b/builtin/logical/cassandra/path_creds_create.go index f6505cfb69..a66c4e574e 100644 --- a/builtin/logical/cassandra/path_creds_create.go +++ b/builtin/logical/cassandra/path_creds_create.go @@ -7,9 +7,9 @@ import ( "time" "github.com/gocql/gocql" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/cassandra/util.go b/builtin/logical/cassandra/util.go index 39da3f23a4..c0347bc49f 100644 --- a/builtin/logical/cassandra/util.go +++ b/builtin/logical/cassandra/util.go @@ -7,8 +7,8 @@ import ( "time" "github.com/gocql/gocql" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/database/backend.go b/builtin/logical/database/backend.go index f3ad3fc86f..8572b0947e 100644 --- a/builtin/logical/database/backend.go +++ b/builtin/logical/database/backend.go @@ -9,13 +9,13 @@ import ( "time" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-uuid" v4 "github.com/hashicorp/vault/sdk/database/dbplugin" v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/queue" ) diff --git a/builtin/logical/database/path_creds_create.go b/builtin/logical/database/path_creds_create.go index 020afc4c03..9a5bcb91bc 100644 --- a/builtin/logical/database/path_creds_create.go +++ b/builtin/logical/database/path_creds_create.go @@ -5,9 +5,9 @@ import ( "fmt" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/database/path_roles.go b/builtin/logical/database/path_roles.go index 3aefe82267..fd272dd1e4 100644 --- a/builtin/logical/database/path_roles.go +++ b/builtin/logical/database/path_roles.go @@ -6,10 +6,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" v4 "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/queue" ) diff --git a/builtin/logical/database/rotation.go b/builtin/logical/database/rotation.go index 79ba9dee25..25652e8b54 100644 --- a/builtin/logical/database/rotation.go +++ b/builtin/logical/database/rotation.go @@ -8,12 +8,12 @@ import ( "time" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" v4 "github.com/hashicorp/vault/sdk/database/dbplugin" v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/queue" ) diff --git a/builtin/logical/mssql/path_creds_create.go b/builtin/logical/mssql/path_creds_create.go index 1f8eea6f4c..7982e630bc 100644 --- a/builtin/logical/mssql/path_creds_create.go +++ b/builtin/logical/mssql/path_creds_create.go @@ -5,10 +5,10 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mssql/path_roles.go b/builtin/logical/mssql/path_roles.go index 3332db7b5c..e378422d3c 100644 --- a/builtin/logical/mssql/path_roles.go +++ b/builtin/logical/mssql/path_roles.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mysql/path_role_create.go b/builtin/logical/mysql/path_role_create.go index ac237423bc..a553fc0c22 100644 --- a/builtin/logical/mysql/path_role_create.go +++ b/builtin/logical/mysql/path_role_create.go @@ -5,10 +5,10 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" _ "github.com/lib/pq" ) diff --git a/builtin/logical/mysql/path_roles.go b/builtin/logical/mysql/path_roles.go index 583a7d3203..eecf48732f 100644 --- a/builtin/logical/mysql/path_roles.go +++ b/builtin/logical/mysql/path_roles.go @@ -6,8 +6,8 @@ import ( "strings" _ "github.com/go-sql-driver/mysql" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mysql/secret_creds.go b/builtin/logical/mysql/secret_creds.go index 8a1043db90..5de5f3c178 100644 --- a/builtin/logical/mysql/secret_creds.go +++ b/builtin/logical/mysql/secret_creds.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index a3c85764e8..3f23068f98 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -30,12 +30,12 @@ import ( "github.com/fatih/structs" "github.com/go-test/deep" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/builtin/credential/userpass" logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical" vaulthttp "github.com/hashicorp/vault/http" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" "github.com/mitchellh/mapstructure" diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index 9a944dc1aa..ea6f86af64 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -18,10 +18,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/errutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/ryanuber/go-glob" "golang.org/x/crypto/cryptobyte" diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go index 000d95e5c8..6ca724acd1 100644 --- a/builtin/logical/pki/path_roles.go +++ b/builtin/logical/pki/path_roles.go @@ -7,10 +7,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/pki/path_roles_test.go b/builtin/logical/pki/path_roles_test.go index 791cc584a2..64b8057b71 100644 --- a/builtin/logical/pki/path_roles_test.go +++ b/builtin/logical/pki/path_roles_test.go @@ -5,7 +5,7 @@ import ( "testing" "time" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/mapstructure" ) diff --git a/builtin/logical/postgresql/path_role_create.go b/builtin/logical/postgresql/path_role_create.go index 168456a5f3..2a0cde0b71 100644 --- a/builtin/logical/postgresql/path_role_create.go +++ b/builtin/logical/postgresql/path_role_create.go @@ -6,10 +6,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" _ "github.com/lib/pq" ) diff --git a/builtin/logical/postgresql/path_roles.go b/builtin/logical/postgresql/path_roles.go index 3e4c1bdb1f..b1af8328f9 100644 --- a/builtin/logical/postgresql/path_roles.go +++ b/builtin/logical/postgresql/path_roles.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/postgresql/secret_creds.go b/builtin/logical/postgresql/secret_creds.go index 4dbcf350ee..02c49a0732 100644 --- a/builtin/logical/postgresql/secret_creds.go +++ b/builtin/logical/postgresql/secret_creds.go @@ -7,9 +7,9 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/lib/pq" ) diff --git a/builtin/logical/rabbitmq/backend_test.go b/builtin/logical/rabbitmq/backend_test.go index 8b5b21b0a9..8eaa408127 100644 --- a/builtin/logical/rabbitmq/backend_test.go +++ b/builtin/logical/rabbitmq/backend_test.go @@ -7,9 +7,9 @@ import ( "os" "testing" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/helper/testhelpers/docker" logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/logical" rabbithole "github.com/michaelklishin/rabbit-hole" diff --git a/builtin/logical/rabbitmq/passwords.go b/builtin/logical/rabbitmq/passwords.go index cb660bc5c2..01bfd41f0d 100644 --- a/builtin/logical/rabbitmq/passwords.go +++ b/builtin/logical/rabbitmq/passwords.go @@ -3,7 +3,7 @@ package rabbitmq import ( "context" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" ) func (b *backend) generatePassword(ctx context.Context, policyName string) (password string, err error) { diff --git a/builtin/logical/ssh/path_config_zeroaddress.go b/builtin/logical/ssh/path_config_zeroaddress.go index 31a0e852a7..d1e31e234d 100644 --- a/builtin/logical/ssh/path_config_zeroaddress.go +++ b/builtin/logical/ssh/path_config_zeroaddress.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go index 0b1ef84ec6..ac20d06b20 100644 --- a/builtin/logical/ssh/path_roles.go +++ b/builtin/logical/ssh/path_roles.go @@ -6,9 +6,9 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" "golang.org/x/crypto/ssh" ) diff --git a/builtin/logical/ssh/path_sign.go b/builtin/logical/ssh/path_sign.go index acd7d2118b..166beac769 100644 --- a/builtin/logical/ssh/path_sign.go +++ b/builtin/logical/ssh/path_sign.go @@ -15,10 +15,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "golang.org/x/crypto/ed25519" "golang.org/x/crypto/ssh" diff --git a/builtin/logical/ssh/util.go b/builtin/logical/ssh/util.go index 2f1b772761..52d1deca71 100644 --- a/builtin/logical/ssh/util.go +++ b/builtin/logical/ssh/util.go @@ -13,7 +13,7 @@ import ( "strings" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/logical" log "github.com/hashicorp/go-hclog" diff --git a/command/agent.go b/command/agent.go index dbe7d81c82..cbbcba5757 100644 --- a/command/agent.go +++ b/command/agent.go @@ -18,6 +18,7 @@ import ( "time" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/gatedwriter" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/auth" "github.com/hashicorp/vault/command/agent/auth/alicloud" @@ -40,7 +41,6 @@ import ( "github.com/hashicorp/vault/command/agent/sink/inmem" "github.com/hashicorp/vault/command/agent/template" "github.com/hashicorp/vault/command/agent/winsvc" - "github.com/hashicorp/vault/internalshared/gatedwriter" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/logging" "github.com/hashicorp/vault/sdk/logical" diff --git a/command/agent/auth/approle/approle.go b/command/agent/auth/approle/approle.go index a76ba0b774..8a1a9b3a60 100644 --- a/command/agent/auth/approle/approle.go +++ b/command/agent/auth/approle/approle.go @@ -10,9 +10,9 @@ import ( "strings" hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/auth" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) type approleMethod struct { diff --git a/command/agent/auth/gcp/gcp.go b/command/agent/auth/gcp/gcp.go index 3c8053f1b2..45d9b74f94 100644 --- a/command/agent/auth/gcp/gcp.go +++ b/command/agent/auth/gcp/gcp.go @@ -12,9 +12,9 @@ import ( cleanhttp "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-gcp-common/gcputil" hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/auth" - "github.com/hashicorp/vault/sdk/helper/parseutil" "golang.org/x/oauth2" "google.golang.org/api/iamcredentials/v1" ) diff --git a/command/agent/auth/kerberos/kerberos.go b/command/agent/auth/kerberos/kerberos.go index 2ba4288ef9..894c177d5c 100644 --- a/command/agent/auth/kerberos/kerberos.go +++ b/command/agent/auth/kerberos/kerberos.go @@ -7,10 +7,10 @@ import ( "net/http" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" kerberos "github.com/hashicorp/vault-plugin-auth-kerberos" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/auth" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/jcmturner/gokrb5/v8/spnego" ) diff --git a/command/agent/cache/api_proxy.go b/command/agent/cache/api_proxy.go index a4793239ca..1822201290 100644 --- a/command/agent/cache/api_proxy.go +++ b/command/agent/cache/api_proxy.go @@ -7,9 +7,9 @@ import ( hclog "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-retryablehttp" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/vault" ) diff --git a/command/agent/cache/lease_cache.go b/command/agent/cache/lease_cache.go index 5723418648..a8b2d4bd88 100644 --- a/command/agent/cache/lease_cache.go +++ b/command/agent/cache/lease_cache.go @@ -17,13 +17,13 @@ import ( "time" hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/cache/cacheboltdb" cachememdb "github.com/hashicorp/vault/command/agent/cache/cachememdb" "github.com/hashicorp/vault/helper/namespace" nshelper "github.com/hashicorp/vault/helper/namespace" vaulthttp "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/cryptoutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" diff --git a/command/agent/config/config.go b/command/agent/config/config.go index 7f9a20111d..9438bd3274 100644 --- a/command/agent/config/config.go +++ b/command/agent/config/config.go @@ -10,11 +10,11 @@ import ( ctconfig "github.com/hashicorp/consul-template/config" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/mitchellh/mapstructure" ) diff --git a/command/base_helpers.go b/command/base_helpers.go index 5a6339d096..1a4420cf97 100644 --- a/command/base_helpers.go +++ b/command/base_helpers.go @@ -8,8 +8,8 @@ import ( "strings" "time" + kvbuilder "github.com/hashicorp/go-secure-stdlib/kv-builder" "github.com/hashicorp/vault/api" - kvbuilder "github.com/hashicorp/vault/internalshared/kv-builder" "github.com/kr/text" homedir "github.com/mitchellh/go-homedir" "github.com/mitchellh/mapstructure" diff --git a/command/base_predict_test.go b/command/base_predict_test.go index 20a3b44595..12f364106f 100644 --- a/command/base_predict_test.go +++ b/command/base_predict_test.go @@ -4,8 +4,8 @@ import ( "reflect" "testing" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/posener/complete" ) diff --git a/command/debug.go b/command/debug.go index 14b8cbd00f..f09214adf6 100644 --- a/command/debug.go +++ b/command/debug.go @@ -14,10 +14,10 @@ import ( "time" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/gatedwriter" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/internalshared/gatedwriter" "github.com/hashicorp/vault/sdk/helper/logging" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/version" "github.com/mholt/archiver" "github.com/mitchellh/cli" diff --git a/command/kv_helpers.go b/command/kv_helpers.go index d9246f7a08..a1b331fc61 100644 --- a/command/kv_helpers.go +++ b/command/kv_helpers.go @@ -7,8 +7,8 @@ import ( "path" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/strutil" ) func kvReadRequest(client *api.Client, path string, params map[string]string) (*api.Secret, error) { diff --git a/command/monitor.go b/command/monitor.go index ec84666de6..3a87d5af3a 100644 --- a/command/monitor.go +++ b/command/monitor.go @@ -5,7 +5,7 @@ import ( "fmt" "strings" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/mitchellh/cli" "github.com/posener/complete" ) diff --git a/command/operator_diagnose.go b/command/operator_diagnose.go index bfba8afd49..479422f713 100644 --- a/command/operator_diagnose.go +++ b/command/operator_diagnose.go @@ -18,12 +18,12 @@ import ( "github.com/docker/docker/pkg/ioutils" "github.com/hashicorp/consul/api" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/reloadutil" uuid "github.com/hashicorp/go-uuid" cserver "github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/internalshared/configutil" "github.com/hashicorp/vault/internalshared/listenerutil" - "github.com/hashicorp/vault/internalshared/reloadutil" physconsul "github.com/hashicorp/vault/physical/consul" "github.com/hashicorp/vault/physical/raft" "github.com/hashicorp/vault/sdk/physical" @@ -152,7 +152,6 @@ func (c *OperatorDiagnoseCommand) Run(args []string) int { } func (c *OperatorDiagnoseCommand) RunWithParsedFlags() int { - if len(c.flagConfigs) == 0 { c.UI.Error("Must specify a configuration file using -config.") return 3 @@ -255,7 +254,6 @@ func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error var backend *physical.Backend diagnose.Test(ctx, "Check Storage", func(ctx context.Context) error { - // Ensure that there is a storage stanza if config.Storage == nil { diagnose.Advise(ctx, "To learn how to specify a storage backend, see the Vault server configuration documentation.") @@ -400,7 +398,6 @@ func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error var sealConfigError error barrierSeal, barrierWrapper, unwrapSeal, seals, sealConfigError, err := setSeal(server, config, make([]string, 0), make(map[string]string)) - // Check error here if err != nil { diagnose.Advise(ctx, "For assistance with the seal stanza, see the Vault configuration documentation.") @@ -657,7 +654,6 @@ SEALFAIL: plaintext, err := barrierWrapper.Decrypt(ctx, ciphertext, nil) if err != nil { return fmt.Errorf("Error decrypting with seal barrier: %w", err) - } if string(plaintext) != barrierEncValue { return fmt.Errorf("Barrier returned incorrect decrypted value for mock data.") diff --git a/command/operator_generate_root.go b/command/operator_generate_root.go index eb44fece68..2bbcb11b44 100644 --- a/command/operator_generate_root.go +++ b/command/operator_generate_root.go @@ -9,12 +9,12 @@ import ( "os" "strings" + "github.com/hashicorp/go-secure-stdlib/base62" + "github.com/hashicorp/go-secure-stdlib/password" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/hashicorp/vault/helper/xor" - "github.com/hashicorp/vault/sdk/helper/base62" - "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/cli" "github.com/posener/complete" ) diff --git a/command/operator_migrate_test.go b/command/operator_migrate_test.go index 0d8a4454ad..5db53ebbfc 100644 --- a/command/operator_migrate_test.go +++ b/command/operator_migrate_test.go @@ -16,9 +16,9 @@ import ( "github.com/go-test/deep" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/helper/testhelpers" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/vault" ) diff --git a/command/operator_rekey.go b/command/operator_rekey.go index 630219bb5d..bd1548ac19 100644 --- a/command/operator_rekey.go +++ b/command/operator_rekey.go @@ -8,9 +8,9 @@ import ( "strings" "github.com/fatih/structs" + "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/pgpkeys" - "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/cli" "github.com/posener/complete" ) diff --git a/command/operator_unseal.go b/command/operator_unseal.go index 50052a690a..da8641ba51 100644 --- a/command/operator_unseal.go +++ b/command/operator_unseal.go @@ -6,8 +6,8 @@ import ( "os" "strings" + "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/cli" "github.com/posener/complete" ) diff --git a/command/server.go b/command/server.go index 050e3f8079..dedd009de6 100644 --- a/command/server.go +++ b/command/server.go @@ -28,6 +28,9 @@ import ( wrapping "github.com/hashicorp/go-kms-wrapping" aeadwrapper "github.com/hashicorp/go-kms-wrapping/wrappers/aead" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/gatedwriter" + "github.com/hashicorp/go-secure-stdlib/mlock" + "github.com/hashicorp/go-secure-stdlib/reloadutil" "github.com/hashicorp/vault/audit" "github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/helper/builtinplugins" @@ -35,12 +38,9 @@ import ( "github.com/hashicorp/vault/helper/namespace" vaulthttp "github.com/hashicorp/vault/http" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/internalshared/gatedwriter" "github.com/hashicorp/vault/internalshared/listenerutil" - "github.com/hashicorp/vault/internalshared/reloadutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/logging" - "github.com/hashicorp/vault/sdk/helper/mlock" "github.com/hashicorp/vault/sdk/helper/useragent" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" @@ -1213,7 +1213,6 @@ func (c *ServerCommand) Run(args []string) int { info["log level"] = logLevelString infoKeys = append(infoKeys, "log level") barrierSeal, barrierWrapper, unwrapSeal, seals, sealConfigError, err := setSeal(c, config, infoKeys, info) - // Check error here if err != nil { c.UI.Error(err.Error()) diff --git a/command/server/config.go b/command/server/config.go index 7e4e81b511..433d590bb1 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -13,10 +13,10 @@ import ( "time" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) var entConfigValidate = func(_ *Config, _ string) []configutil.ConfigError { diff --git a/command/server/listener.go b/command/server/listener.go index 248df52957..4d36a41ebb 100644 --- a/command/server/listener.go +++ b/command/server/listener.go @@ -9,9 +9,9 @@ import ( // We must import sha512 so that it registers with the runtime so that // certificates that use it can be parsed. + "github.com/hashicorp/go-secure-stdlib/reloadutil" "github.com/hashicorp/vault/helper/proxyutil" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/internalshared/reloadutil" "github.com/mitchellh/cli" ) diff --git a/command/server/listener_tcp.go b/command/server/listener_tcp.go index 08234017ee..dbba4b40e8 100644 --- a/command/server/listener_tcp.go +++ b/command/server/listener_tcp.go @@ -9,9 +9,9 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/reloadutil" "github.com/hashicorp/vault/internalshared/configutil" "github.com/hashicorp/vault/internalshared/listenerutil" - "github.com/hashicorp/vault/internalshared/reloadutil" "github.com/mitchellh/cli" ) diff --git a/go.mod b/go.mod index 64b4345924..e70cdff011 100644 --- a/go.mod +++ b/go.mod @@ -71,6 +71,15 @@ require ( github.com/hashicorp/go-raftchunking v0.6.3-0.20191002164813-7e9e8525653a github.com/hashicorp/go-retryablehttp v0.6.7 github.com/hashicorp/go-rootcerts v1.0.2 + github.com/hashicorp/go-secure-stdlib/base62 v0.1.1 + github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1 + github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1 + github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 + github.com/hashicorp/go-secure-stdlib/password v0.1.1 + github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 + github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 + github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-syslog v1.0.0 github.com/hashicorp/go-uuid v1.0.2 diff --git a/go.sum b/go.sum index f6a3909d0a..175e045c39 100644 --- a/go.sum +++ b/go.sum @@ -624,12 +624,18 @@ github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5O github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/base62 v0.1.1 h1:6KMBnfEv0/kLAz0O76sliN5mXbCDcLfs2kP7ssP7+DQ= github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= +github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1 h1:9um9R8i0+HbRHS9d64kdvWR0/LJvo12sIonvR9zr1+U= +github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1/go.mod h1:6RoRTSMDK2H/rKh3P/JIsk1tK8aatKTt3JyvIopi3GQ= +github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1 h1:IJgULbAXuvWxzKFfu+Au1FUmHIJulS6N4F7Hkn+Kck0= +github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1/go.mod h1:rf5JPE13wi+NwjgsmGkbg4b2CgHq8v7Htn/F0nDe/hg= github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc= github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 h1:78ki3QBevHwYrVxnyVeaEz+7WtifHhauYF23es/0KlI= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/password v0.1.1 h1:6JzmBqXprakgFEHwBgdchsjaA9x3GyjdI568bXKxa60= github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= +github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 h1:SMGUnbpAcat8rIKHkBPjfv81yC46a8eCNZ2hsR2l1EI= +github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1/go.mod h1:Ch/bf00Qnx77MZd49JRgHYqHQjtEmTgGU2faufpVZb0= github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 h1:nd0HIW15E6FG1MsnArYaHfuw9C2zgzM8LxkG5Ty/788= github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 h1:Yc026VyMyIpq1UWRnakHRG01U8fJm+nEfEmjoAb00n8= diff --git a/helper/proxyutil/proxyutil.go b/helper/proxyutil/proxyutil.go index b2d0974dcc..a25a6234f4 100644 --- a/helper/proxyutil/proxyutil.go +++ b/helper/proxyutil/proxyutil.go @@ -7,8 +7,8 @@ import ( "time" proxyproto "github.com/armon/go-proxyproto" + "github.com/hashicorp/go-secure-stdlib/parseutil" sockaddr "github.com/hashicorp/go-sockaddr" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) // ProxyProtoConfig contains configuration for the PROXY protocol diff --git a/http/cors.go b/http/cors.go index de24c8caac..74cfeeaef0 100644 --- a/http/cors.go +++ b/http/cors.go @@ -5,7 +5,7 @@ import ( "net/http" "strings" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/vault" ) diff --git a/http/handler.go b/http/handler.go index 01a8fdcec0..831c0651b1 100644 --- a/http/handler.go +++ b/http/handler.go @@ -22,12 +22,12 @@ import ( assetfs "github.com/elazarl/go-bindata-assetfs" "github.com/hashicorp/errwrap" "github.com/hashicorp/go-cleanhttp" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/internalshared/configutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/pathmanager" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" diff --git a/http/sys_generate_root.go b/http/sys_generate_root.go index 12d829d78f..4ac3015077 100644 --- a/http/sys_generate_root.go +++ b/http/sys_generate_root.go @@ -8,7 +8,7 @@ import ( "io" "net/http" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/vault" ) diff --git a/http/sys_health.go b/http/sys_health.go index 8ab7359e23..fcaf4e1590 100644 --- a/http/sys_health.go +++ b/http/sys_health.go @@ -8,8 +8,8 @@ import ( "strconv" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/version" "github.com/hashicorp/vault/vault" ) diff --git a/http/sys_raft.go b/http/sys_raft.go index 3411cbf030..5db1a80fb7 100644 --- a/http/sys_raft.go +++ b/http/sys_raft.go @@ -8,8 +8,8 @@ import ( "io" "net/http" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/physical/raft" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/vault" ) diff --git a/internalshared/configutil/config.go b/internalshared/configutil/config.go index 0f448aba69..3fcbeb6b59 100644 --- a/internalshared/configutil/config.go +++ b/internalshared/configutil/config.go @@ -5,10 +5,10 @@ import ( "io/ioutil" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" "github.com/hashicorp/hcl/hcl/token" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) // SharedConfig contains some shared values diff --git a/internalshared/configutil/kms.go b/internalshared/configutil/kms.go index 67cc479ad6..9f6d74899a 100644 --- a/internalshared/configutil/kms.go +++ b/internalshared/configutil/kms.go @@ -17,9 +17,9 @@ import ( "github.com/hashicorp/go-kms-wrapping/wrappers/ocikms" "github.com/hashicorp/go-kms-wrapping/wrappers/transit" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/internalshared/configutil/lint.go b/internalshared/configutil/lint.go index 1e773312e9..2b5b634156 100644 --- a/internalshared/configutil/lint.go +++ b/internalshared/configutil/lint.go @@ -2,9 +2,10 @@ package configutil import ( "fmt" + "github.com/asaskevich/govalidator" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/hcl/hcl/token" - "github.com/hashicorp/vault/sdk/helper/strutil" ) type UnusedKeyMap map[string][]token.Pos diff --git a/internalshared/configutil/listener.go b/internalshared/configutil/listener.go index 21c351e20e..9819908289 100644 --- a/internalshared/configutil/listener.go +++ b/internalshared/configutil/listener.go @@ -8,12 +8,12 @@ import ( "time" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" ) type ListenerTelemetry struct { diff --git a/internalshared/configutil/telemetry.go b/internalshared/configutil/telemetry.go index fe00cc87ba..77620770db 100644 --- a/internalshared/configutil/telemetry.go +++ b/internalshared/configutil/telemetry.go @@ -6,7 +6,7 @@ import ( "fmt" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" monitoring "cloud.google.com/go/monitoring/apiv3" "github.com/armon/go-metrics" @@ -402,7 +402,6 @@ func SetupTelemetry(opts *SetupTelemetryOpts) (*metrics.InmemSink, *metricsutil. // Parse the metric filters telemetryAllowedPrefixes, telemetryBlockedPrefixes, err := parsePrefixFilter(opts.Config.PrefixFilter) - if err != nil { return nil, nil, false, err } diff --git a/internalshared/gatedwriter/writer.go b/internalshared/gatedwriter/writer.go deleted file mode 100644 index 9c4596e389..0000000000 --- a/internalshared/gatedwriter/writer.go +++ /dev/null @@ -1,43 +0,0 @@ -package gatedwriter - -import ( - "bytes" - "io" - "sync" -) - -// Writer is an io.Writer implementation that buffers all of its -// data into an internal buffer until it is told to let data through. -type Writer struct { - writer io.Writer - - buf bytes.Buffer - flush bool - lock sync.Mutex -} - -func NewWriter(underlying io.Writer) *Writer { - return &Writer{writer: underlying} -} - -// Flush tells the Writer to flush any buffered data and to stop -// buffering. -func (w *Writer) Flush() error { - w.lock.Lock() - defer w.lock.Unlock() - - w.flush = true - _, err := w.buf.WriteTo(w.writer) - return err -} - -func (w *Writer) Write(p []byte) (n int, err error) { - w.lock.Lock() - defer w.lock.Unlock() - - if w.flush { - return w.writer.Write(p) - } - - return w.buf.Write(p) -} diff --git a/internalshared/gatedwriter/writer_test.go b/internalshared/gatedwriter/writer_test.go deleted file mode 100644 index 31659a8add..0000000000 --- a/internalshared/gatedwriter/writer_test.go +++ /dev/null @@ -1,34 +0,0 @@ -package gatedwriter - -import ( - "bytes" - "io" - "testing" -) - -func TestWriter_impl(t *testing.T) { - var _ io.Writer = new(Writer) -} - -func TestWriter(t *testing.T) { - buf := new(bytes.Buffer) - w := NewWriter(buf) - w.Write([]byte("foo\n")) - w.Write([]byte("bar\n")) - - if buf.String() != "" { - t.Fatalf("bad: %s", buf.String()) - } - - w.Flush() - - if buf.String() != "foo\nbar\n" { - t.Fatalf("bad: %s", buf.String()) - } - - w.Write([]byte("baz\n")) - - if buf.String() != "foo\nbar\nbaz\n" { - t.Fatalf("bad: %s", buf.String()) - } -} diff --git a/internalshared/kv-builder/builder.go b/internalshared/kv-builder/builder.go deleted file mode 100644 index e3f33b16a0..0000000000 --- a/internalshared/kv-builder/builder.go +++ /dev/null @@ -1,131 +0,0 @@ -package kvbuilder - -import ( - "bytes" - "fmt" - "io" - "io/ioutil" - "os" - "strings" - - "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/mitchellh/mapstructure" -) - -// Builder is a struct to build a key/value mapping based on a list -// of "k=v" pairs, where the value might come from stdin, a file, etc. -type Builder struct { - Stdin io.Reader - - result map[string]interface{} - stdin bool -} - -// Map returns the built map. -func (b *Builder) Map() map[string]interface{} { - return b.result -} - -// Add adds to the mapping with the given args. -func (b *Builder) Add(args ...string) error { - for _, a := range args { - if err := b.add(a); err != nil { - return fmt.Errorf("invalid key/value pair %q: %w", a, err) - } - } - - return nil -} - -func (b *Builder) add(raw string) error { - // Regardless of validity, make sure we make our result - if b.result == nil { - b.result = make(map[string]interface{}) - } - - // Empty strings are fine, just ignored - if raw == "" { - return nil - } - - // Split into key/value - parts := strings.SplitN(raw, "=", 2) - - // If the arg is exactly "-", then we need to read from stdin - // and merge the results into the resulting structure. - if len(parts) == 1 { - if raw == "-" { - if b.Stdin == nil { - return fmt.Errorf("stdin is not supported") - } - if b.stdin { - return fmt.Errorf("stdin already consumed") - } - - b.stdin = true - return b.addReader(b.Stdin) - } - - // If the arg begins with "@" then we need to read a file directly - if raw[0] == '@' { - f, err := os.Open(raw[1:]) - if err != nil { - return err - } - defer f.Close() - - return b.addReader(f) - } - } - - if len(parts) != 2 { - return fmt.Errorf("format must be key=value") - } - key, value := parts[0], parts[1] - - if len(value) > 0 { - if value[0] == '@' { - contents, err := ioutil.ReadFile(value[1:]) - if err != nil { - return fmt.Errorf("error reading file: %w", err) - } - - value = string(contents) - } else if value[0] == '\\' && value[1] == '@' { - value = value[1:] - } else if value == "-" { - if b.Stdin == nil { - return fmt.Errorf("stdin is not supported") - } - if b.stdin { - return fmt.Errorf("stdin already consumed") - } - b.stdin = true - - var buf bytes.Buffer - if _, err := io.Copy(&buf, b.Stdin); err != nil { - return err - } - - value = buf.String() - } - } - - // Repeated keys will be converted into a slice - if existingValue, ok := b.result[key]; ok { - var sliceValue []interface{} - if err := mapstructure.WeakDecode(existingValue, &sliceValue); err != nil { - return err - } - sliceValue = append(sliceValue, value) - b.result[key] = sliceValue - return nil - } - - b.result[key] = value - return nil -} - -func (b *Builder) addReader(r io.Reader) error { - return jsonutil.DecodeJSONFromReader(r, &b.result) -} diff --git a/internalshared/kv-builder/builder_test.go b/internalshared/kv-builder/builder_test.go deleted file mode 100644 index 46b4d05b05..0000000000 --- a/internalshared/kv-builder/builder_test.go +++ /dev/null @@ -1,139 +0,0 @@ -package kvbuilder - -import ( - "bytes" - "reflect" - "testing" -) - -func TestBuilder_basic(t *testing.T) { - var b Builder - err := b.Add("foo=bar", "bar=baz", "baz=") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": "bar", - "bar": "baz", - "baz": "", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_escapedAt(t *testing.T) { - var b Builder - err := b.Add("foo=bar", "bar=\\@baz") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": "bar", - "bar": "@baz", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_stdin(t *testing.T) { - var b Builder - b.Stdin = bytes.NewBufferString("baz") - err := b.Add("foo=bar", "bar=-") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": "bar", - "bar": "baz", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_stdinMap(t *testing.T) { - var b Builder - b.Stdin = bytes.NewBufferString(`{"foo": "bar"}`) - err := b.Add("-", "bar=baz") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": "bar", - "bar": "baz", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_stdinTwice(t *testing.T) { - var b Builder - b.Stdin = bytes.NewBufferString(`{"foo": "bar"}`) - err := b.Add("-", "-") - if err == nil { - t.Fatal("should error") - } -} - -func TestBuilder_sameKeyTwice(t *testing.T) { - var b Builder - err := b.Add("foo=bar", "foo=baz") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": []interface{}{"bar", "baz"}, - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_sameKeyMultipleTimes(t *testing.T) { - var b Builder - err := b.Add("foo=bar", "foo=baz", "foo=bay", "foo=bax", "bar=baz") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": []interface{}{"bar", "baz", "bay", "bax"}, - "bar": "baz", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_specialCharactersInKey(t *testing.T) { - var b Builder - b.Stdin = bytes.NewBufferString("{\"foo\": \"bay\"}") - err := b.Add("@foo=bar", "-foo=baz", "-") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "@foo": "bar", - "-foo": "baz", - "foo": "bay", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} diff --git a/internalshared/listenerutil/listener.go b/internalshared/listenerutil/listener.go index 683fbd1c0b..c6801aa402 100644 --- a/internalshared/listenerutil/listener.go +++ b/internalshared/listenerutil/listener.go @@ -11,9 +11,9 @@ import ( "strconv" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/reloadutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/internalshared/reloadutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/jefferai/isbadcipher" "github.com/mitchellh/cli" ) diff --git a/internalshared/reloadutil/reload.go b/internalshared/reloadutil/reload.go deleted file mode 100644 index 41f718b3f5..0000000000 --- a/internalshared/reloadutil/reload.go +++ /dev/null @@ -1,83 +0,0 @@ -package reloadutil - -import ( - "crypto/tls" - "crypto/x509" - "encoding/pem" - "errors" - "fmt" - "io/ioutil" - "sync" -) - -// ReloadFunc are functions that are called when a reload is requested -type ReloadFunc func() error - -// CertificateGetter satisfies ReloadFunc and its GetCertificate method -// satisfies the tls.GetCertificate function signature. Currently it does not -// allow changing paths after the fact. -type CertificateGetter struct { - sync.RWMutex - - cert *tls.Certificate - - certFile string - keyFile string - passphrase string -} - -func NewCertificateGetter(certFile, keyFile, passphrase string) *CertificateGetter { - return &CertificateGetter{ - certFile: certFile, - keyFile: keyFile, - passphrase: passphrase, - } -} - -func (cg *CertificateGetter) Reload() error { - certPEMBlock, err := ioutil.ReadFile(cg.certFile) - if err != nil { - return err - } - keyPEMBlock, err := ioutil.ReadFile(cg.keyFile) - if err != nil { - return err - } - - // Check for encrypted pem block - keyBlock, _ := pem.Decode(keyPEMBlock) - if keyBlock == nil { - return errors.New("decoded PEM is blank") - } - - if x509.IsEncryptedPEMBlock(keyBlock) { - keyBlock.Bytes, err = x509.DecryptPEMBlock(keyBlock, []byte(cg.passphrase)) - if err != nil { - return fmt.Errorf("Decrypting PEM block failed %w", err) - } - keyPEMBlock = pem.EncodeToMemory(keyBlock) - } - - cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock) - if err != nil { - return err - } - - cg.Lock() - defer cg.Unlock() - - cg.cert = &cert - - return nil -} - -func (cg *CertificateGetter) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) { - cg.RLock() - defer cg.RUnlock() - - if cg.cert == nil { - return nil, fmt.Errorf("nil certificate") - } - - return cg.cert, nil -} diff --git a/internalshared/reloadutil/reload_test.go b/internalshared/reloadutil/reload_test.go deleted file mode 100644 index 910ee296ec..0000000000 --- a/internalshared/reloadutil/reload_test.go +++ /dev/null @@ -1,74 +0,0 @@ -package reloadutil - -import ( - "crypto/x509" - "io/ioutil" - "testing" - - "github.com/hashicorp/errwrap" -) - -func TestReload_KeyWithPassphrase(t *testing.T) { - password := "password" - cert := []byte(`-----BEGIN CERTIFICATE----- -MIICLzCCAZgCCQCq27CeP4WhlDANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoM -CUhhc2hpQ29ycDEUMBIGA1UEAwwLbXl2YXVsdC5jb20wHhcNMTcxMjEzMjEzNTM3 -WhcNMTgxMjEzMjEzNTM3WjBcMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAU -BgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCUhhc2hpQ29ycDEUMBIGA1UE -AwwLbXl2YXVsdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvsz/9l -EJIlRG6DOw4fXdB/aJgJk2rR8cU0D8+vECIzb+MdDK0cBHtLiVpZC/RnZMdMzjGn -Z++Fp3dEnT6CD0IjKdJcD+qSyZSjHIuYpHjnjrVlM/Le0xST7egoG+fXkSt4myzG -ec2WK1jcZefRRGPycvMqx1yUWU76jDdFZSL5AgMBAAEwDQYJKoZIhvcNAQEFBQAD -gYEAQfYE26FLZ9SPPU8bHNDxoxDmGrn8yJ78C490Qpix/w6gdLaBtILenrZbhpnB -3L3okraM8mplaN2KdAcpnsr4wPv9hbYkam0coxCQEKs8ltHSBaXT6uKRWb00nkGu -yAXDRpuPdFRqbXW3ZFC5broUrz4ujxTDKfVeIn0zpPZkv24= ------END CERTIFICATE-----`) - key := []byte(`-----BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,64B032D83BD6A6DC - -qVJ+mXEBKMkUPrQ8odHunMpPgChQUny4CX73/dAcm7O9iXIv9eXQSxj2qfgCOloj -vthg7jYNwtRb0ydzCEnEud35zWw38K/l19/pe4ULfNXlOddlsk4XIHarBiz+KUaX -WTbNk0H+DwdcEwhprPgpTk8gp88lZBiHCnTG/s8v/JNt+wkdqjfAp0Xbm9m+OZ7s -hlNxZin1OuBdprBqfKWBltUALZYiIBhspMTmh+jGQSyEKNTAIBejIiRH5+xYWuOy -xKencq8UpQMOMPR2ZiSw42dU9j8HHMgldI7KszU2FDIEFXG7aSjcxNyyybeBT+Uz -YPoxGxSdUYWqaz50UszvHg/QWR8NlPlQc3nFAUVpGKUF9MEQCIAK8HjcpMP+IAVO -ertp4cTa2Rpm9YeoFrY6tabvmXApXlQPw6rBn6o5KpceWG3ceOsDOsT+e3edHu9g -SGO4hjggbRpO+dBOuwfw4rMn9X1BbqXKJcREAmrgVVSf9/s942E4YOQ+IGJPdtmY -WHAFk8hiJepsVCA2NpwVlAD+QbPPaR2RtvYOtq3IKlWRuVQ+6dpxDsz5FlJhs2L+ -HsX6XqtwuQM8kk1hO8Gm3VeV7+b64r9kfbO8jCM18GexCYiCtig51mJW6IO42d1K -bS1axMx/KeDc/sy7LKEbHnjnYanpGz2Wa2EWhnWAeNXD1nUfUNFPp2SsIGbCMnat -mC4O4cO7YRl3+iJg3kHtTPGtgtCjrZcjlyBtxT2VC7SsTcTXZBWovczMIstyr4Ka -opM24uvQT3Bc0UM0WNh3tdRFuboxDeBDh7PX/2RIoiaMuCCiRZ3O0A== ------END RSA PRIVATE KEY-----`) - tempDir, err := ioutil.TempDir("", "vault-test") - if err != nil { - t.Fatalf("Error creating temporary directory: %s", err) - } - keyFile := tempDir + "/server.key" - certFile := tempDir + "/server.crt" - - err = ioutil.WriteFile(certFile, cert, 0o755) - if err != nil { - t.Fatalf("Error writing to temp file: %s", err) - } - err = ioutil.WriteFile(keyFile, key, 0o755) - if err != nil { - t.Fatalf("Error writing to temp file: %s", err) - } - - cg := NewCertificateGetter(certFile, keyFile, "") - err = cg.Reload() - if err == nil { - t.Fatal("error expected") - } - if !errwrap.Contains(err, x509.IncorrectPasswordError.Error()) { - t.Fatalf("expected incorrect password error, got %v", err) - } - - cg = NewCertificateGetter(certFile, keyFile, password) - if err := cg.Reload(); err != nil { - t.Fatalf("err: %v", err) - } -} diff --git a/physical/aerospike/aerospike.go b/physical/aerospike/aerospike.go index 846ca6f140..8dc3528445 100644 --- a/physical/aerospike/aerospike.go +++ b/physical/aerospike/aerospike.go @@ -10,7 +10,7 @@ import ( aero "github.com/aerospike/aerospike-client-go" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/azure/azure.go b/physical/azure/azure.go index 9b8e92dff8..c5cad4c027 100644 --- a/physical/azure/azure.go +++ b/physical/azure/azure.go @@ -17,7 +17,7 @@ import ( "github.com/Azure/go-autorest/autorest/azure" "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/cockroachdb/cockroachdb.go b/physical/cockroachdb/cockroachdb.go index ee91dbfb40..12439d83c9 100644 --- a/physical/cockroachdb/cockroachdb.go +++ b/physical/cockroachdb/cockroachdb.go @@ -14,7 +14,7 @@ import ( "github.com/cockroachdb/cockroach-go/crdb" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" // CockroachDB uses the Postgres SQL driver diff --git a/physical/consul/consul.go b/physical/consul/consul.go index 0f966c30b8..8271adc3e2 100644 --- a/physical/consul/consul.go +++ b/physical/consul/consul.go @@ -13,9 +13,9 @@ import ( "github.com/hashicorp/consul/api" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/vault/diagnose" "golang.org/x/net/http2" diff --git a/physical/etcd/etcd3.go b/physical/etcd/etcd3.go index 91350d0724..ab4acebaff 100644 --- a/physical/etcd/etcd3.go +++ b/physical/etcd/etcd3.go @@ -13,8 +13,8 @@ import ( metrics "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" "go.etcd.io/etcd/clientv3" "go.etcd.io/etcd/clientv3/concurrency" diff --git a/physical/mssql/mssql.go b/physical/mssql/mssql.go index fa145bfe1f..65c85ae3e4 100644 --- a/physical/mssql/mssql.go +++ b/physical/mssql/mssql.go @@ -12,7 +12,7 @@ import ( metrics "github.com/armon/go-metrics" _ "github.com/denisenkom/go-mssqldb" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/mysql/mysql.go b/physical/mysql/mysql.go index 3f7577011f..bdf5a7c326 100644 --- a/physical/mysql/mysql.go +++ b/physical/mysql/mysql.go @@ -22,7 +22,7 @@ import ( metrics "github.com/armon/go-metrics" mysql "github.com/go-sql-driver/mysql" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/oci/oci.go b/physical/oci/oci.go index cd80f6e9ab..3665813d04 100644 --- a/physical/oci/oci.go +++ b/physical/oci/oci.go @@ -14,8 +14,8 @@ import ( "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-uuid" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/physical" "github.com/oracle/oci-go-sdk/common" "github.com/oracle/oci-go-sdk/common/auth" diff --git a/physical/raft/fsm.go b/physical/raft/fsm.go index fb8eea228d..5399264074 100644 --- a/physical/raft/fsm.go +++ b/physical/raft/fsm.go @@ -19,9 +19,9 @@ import ( log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" "github.com/hashicorp/go-raftchunking" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/raft" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/sdk/plugin/pb" bolt "go.etcd.io/bbolt" diff --git a/physical/raft/raft.go b/physical/raft/raft.go index 24620c3aa3..b865697bbd 100644 --- a/physical/raft/raft.go +++ b/physical/raft/raft.go @@ -18,6 +18,7 @@ import ( log "github.com/hashicorp/go-hclog" wrapping "github.com/hashicorp/go-kms-wrapping" "github.com/hashicorp/go-raftchunking" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/go-uuid" "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" @@ -26,7 +27,6 @@ import ( "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/vault/cluster" diff --git a/physical/raft/raft_autopilot.go b/physical/raft/raft_autopilot.go index d2a2fd2013..28c8f3fa51 100644 --- a/physical/raft/raft_autopilot.go +++ b/physical/raft/raft_autopilot.go @@ -11,8 +11,8 @@ import ( "sync" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "go.uber.org/atomic" metrics "github.com/armon/go-metrics" diff --git a/physical/s3/s3.go b/physical/s3/s3.go index 2329580145..c345fcda90 100644 --- a/physical/s3/s3.go +++ b/physical/s3/s3.go @@ -20,9 +20,9 @@ import ( "github.com/aws/aws-sdk-go/service/s3" "github.com/hashicorp/go-cleanhttp" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/awsutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/spanner/spanner.go b/physical/spanner/spanner.go index 1202f9c9f1..8447ed9853 100644 --- a/physical/spanner/spanner.go +++ b/physical/spanner/spanner.go @@ -11,7 +11,7 @@ import ( metrics "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/useragent" "github.com/hashicorp/vault/sdk/physical" "google.golang.org/api/iterator" diff --git a/physical/swift/swift.go b/physical/swift/swift.go index 20de749b19..2155d44c8a 100644 --- a/physical/swift/swift.go +++ b/physical/swift/swift.go @@ -13,7 +13,7 @@ import ( metrics "github.com/armon/go-metrics" cleanhttp "github.com/hashicorp/go-cleanhttp" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" "github.com/ncw/swift" ) diff --git a/physical/zookeeper/zookeeper.go b/physical/zookeeper/zookeeper.go index 870999220c..26c09fb165 100644 --- a/physical/zookeeper/zookeeper.go +++ b/physical/zookeeper/zookeeper.go @@ -14,11 +14,11 @@ import ( "time" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/physical" metrics "github.com/armon/go-metrics" - "github.com/hashicorp/vault/sdk/helper/tlsutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/samuel/go-zookeeper/zk" ) diff --git a/plugins/database/cassandra/cassandra.go b/plugins/database/cassandra/cassandra.go index c3cdbddd34..de549261fd 100644 --- a/plugins/database/cassandra/cassandra.go +++ b/plugins/database/cassandra/cassandra.go @@ -9,9 +9,9 @@ import ( "github.com/gocql/gocql" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" ) const ( diff --git a/plugins/database/cassandra/connection_producer.go b/plugins/database/cassandra/connection_producer.go index dae303d070..423ca69888 100644 --- a/plugins/database/cassandra/connection_producer.go +++ b/plugins/database/cassandra/connection_producer.go @@ -9,11 +9,11 @@ import ( "time" "github.com/gocql/gocql" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/mitchellh/mapstructure" ) diff --git a/plugins/database/hana/hana.go b/plugins/database/hana/hana.go index 892c6e9bd3..7802192ad7 100644 --- a/plugins/database/hana/hana.go +++ b/plugins/database/hana/hana.go @@ -7,12 +7,12 @@ import ( "strings" _ "github.com/SAP/go-hdb/driver" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/credsutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" ) const ( diff --git a/plugins/database/influxdb/connection_producer.go b/plugins/database/influxdb/connection_producer.go index ee22964807..7f47f723d0 100644 --- a/plugins/database/influxdb/connection_producer.go +++ b/plugins/database/influxdb/connection_producer.go @@ -7,11 +7,11 @@ import ( "sync" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" influx "github.com/influxdata/influxdb/client/v2" "github.com/mitchellh/mapstructure" ) diff --git a/plugins/database/influxdb/influxdb.go b/plugins/database/influxdb/influxdb.go index 332617aeff..ebbeaf2dd6 100644 --- a/plugins/database/influxdb/influxdb.go +++ b/plugins/database/influxdb/influxdb.go @@ -6,9 +6,9 @@ import ( "strings" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" influx "github.com/influxdata/influxdb/client/v2" ) diff --git a/plugins/database/mongodb/mongodb.go b/plugins/database/mongodb/mongodb.go index a28625b5f5..13231fdef8 100644 --- a/plugins/database/mongodb/mongodb.go +++ b/plugins/database/mongodb/mongodb.go @@ -8,9 +8,9 @@ import ( "strings" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" "go.mongodb.org/mongo-driver/mongo" "go.mongodb.org/mongo-driver/mongo/readpref" diff --git a/plugins/database/mssql/mssql.go b/plugins/database/mssql/mssql.go index feb4385b0a..971d0e8a43 100644 --- a/plugins/database/mssql/mssql.go +++ b/plugins/database/mssql/mssql.go @@ -9,11 +9,11 @@ import ( _ "github.com/denisenkom/go-mssqldb" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" ) diff --git a/plugins/database/mysql/connection_producer.go b/plugins/database/mysql/connection_producer.go index 480719a083..f143e85fbf 100644 --- a/plugins/database/mysql/connection_producer.go +++ b/plugins/database/mysql/connection_producer.go @@ -11,10 +11,10 @@ import ( "time" "github.com/go-sql-driver/mysql" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/mitchellh/mapstructure" ) diff --git a/plugins/database/mysql/mysql.go b/plugins/database/mysql/mysql.go index 83f5ea8efd..1a992a30f1 100644 --- a/plugins/database/mysql/mysql.go +++ b/plugins/database/mysql/mysql.go @@ -8,9 +8,9 @@ import ( "strings" stdmysql "github.com/go-sql-driver/mysql" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" ) diff --git a/plugins/database/mysql/mysql_test.go b/plugins/database/mysql/mysql_test.go index 5b7afaa26c..3c7eab5af3 100644 --- a/plugins/database/mysql/mysql_test.go +++ b/plugins/database/mysql/mysql_test.go @@ -9,12 +9,12 @@ import ( "time" stdmysql "github.com/go-sql-driver/mysql" + "github.com/hashicorp/go-secure-stdlib/strutil" mysqlhelper "github.com/hashicorp/vault/helper/testhelpers/mysql" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" dbtesting "github.com/hashicorp/vault/sdk/database/dbplugin/v5/testing" "github.com/hashicorp/vault/sdk/database/helper/credsutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/stretchr/testify/require" ) diff --git a/plugins/database/postgresql/postgresql.go b/plugins/database/postgresql/postgresql.go index ac0219b948..dba0bf7459 100644 --- a/plugins/database/postgresql/postgresql.go +++ b/plugins/database/postgresql/postgresql.go @@ -8,11 +8,11 @@ import ( "strings" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" "github.com/lib/pq" ) diff --git a/plugins/database/redshift/redshift.go b/plugins/database/redshift/redshift.go index 59f6b1298f..86e3fc33e0 100644 --- a/plugins/database/redshift/redshift.go +++ b/plugins/database/redshift/redshift.go @@ -8,11 +8,11 @@ import ( "strings" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" "github.com/lib/pq" ) diff --git a/sdk/database/helper/connutil/sql.go b/sdk/database/helper/connutil/sql.go index 1dcf4eb294..bd2693a332 100644 --- a/sdk/database/helper/connutil/sql.go +++ b/sdk/database/helper/connutil/sql.go @@ -10,9 +10,9 @@ import ( "time" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/mitchellh/mapstructure" ) diff --git a/sdk/database/helper/credsutil/credsutil.go b/sdk/database/helper/credsutil/credsutil.go index d35d007bef..064552d1fa 100644 --- a/sdk/database/helper/credsutil/credsutil.go +++ b/sdk/database/helper/credsutil/credsutil.go @@ -5,8 +5,8 @@ import ( "fmt" "time" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/sdk/database/dbplugin" - "github.com/hashicorp/vault/sdk/helper/base62" ) // CredentialsProducer can be used as an embedded interface in the Database diff --git a/sdk/framework/backend.go b/sdk/framework/backend.go index a7a7f9adba..c2c3f18100 100644 --- a/sdk/framework/backend.go +++ b/sdk/framework/backend.go @@ -17,11 +17,11 @@ import ( log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-kms-wrapping/entropy" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/errutil" "github.com/hashicorp/vault/sdk/helper/license" "github.com/hashicorp/vault/sdk/helper/logging" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/sdk/framework/field_data.go b/sdk/framework/field_data.go index 2b3c22ffd1..eb7ffbbe26 100644 --- a/sdk/framework/field_data.go +++ b/sdk/framework/field_data.go @@ -10,9 +10,9 @@ import ( "strings" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/mitchellh/mapstructure" ) diff --git a/sdk/helper/authmetadata/auth_metadata.go b/sdk/helper/authmetadata/auth_metadata.go index c1e4e93d59..0fd2bd50f8 100644 --- a/sdk/helper/authmetadata/auth_metadata.go +++ b/sdk/helper/authmetadata/auth_metadata.go @@ -20,8 +20,8 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/sdk/helper/cidrutil/cidr.go b/sdk/helper/cidrutil/cidr.go index a1e4d86eb3..33c9a1614d 100644 --- a/sdk/helper/cidrutil/cidr.go +++ b/sdk/helper/cidrutil/cidr.go @@ -6,8 +6,8 @@ import ( "strings" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/strutil" sockaddr "github.com/hashicorp/go-sockaddr" - "github.com/hashicorp/vault/sdk/helper/strutil" ) // RemoteAddrIsOk checks if the given remote address is either: diff --git a/sdk/helper/keysutil/encrypted_key_storage_test.go b/sdk/helper/keysutil/encrypted_key_storage_test.go index 0dc1838426..2f29d14b7a 100644 --- a/sdk/helper/keysutil/encrypted_key_storage_test.go +++ b/sdk/helper/keysutil/encrypted_key_storage_test.go @@ -7,7 +7,7 @@ import ( "reflect" "testing" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/sdk/helper/ldaputil/client.go b/sdk/helper/ldaputil/client.go index b9504814ea..058ad4b450 100644 --- a/sdk/helper/ldaputil/client.go +++ b/sdk/helper/ldaputil/client.go @@ -17,7 +17,7 @@ import ( "github.com/hashicorp/errwrap" hclog "github.com/hashicorp/go-hclog" multierror "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/sdk/helper/tlsutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" ) type Client struct { diff --git a/sdk/helper/ldaputil/config.go b/sdk/helper/ldaputil/config.go index d4b21c8b82..21f2918c47 100644 --- a/sdk/helper/ldaputil/config.go +++ b/sdk/helper/ldaputil/config.go @@ -9,8 +9,8 @@ import ( "strings" "text/template" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/errwrap" ) diff --git a/sdk/helper/pluginutil/env.go b/sdk/helper/pluginutil/env.go index e5e2a8e00b..fd0cd4fb83 100644 --- a/sdk/helper/pluginutil/env.go +++ b/sdk/helper/pluginutil/env.go @@ -3,8 +3,8 @@ package pluginutil import ( "os" + "github.com/hashicorp/go-secure-stdlib/mlock" version "github.com/hashicorp/go-version" - "github.com/hashicorp/vault/sdk/helper/mlock" ) var ( diff --git a/sdk/helper/policyutil/policyutil.go b/sdk/helper/policyutil/policyutil.go index 1d6cc1df39..8e5541b186 100644 --- a/sdk/helper/policyutil/policyutil.go +++ b/sdk/helper/policyutil/policyutil.go @@ -4,7 +4,7 @@ import ( "sort" "strings" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" ) const ( diff --git a/sdk/helper/template/template.go b/sdk/helper/template/template.go index 829f02d459..4ced1528fa 100644 --- a/sdk/helper/template/template.go +++ b/sdk/helper/template/template.go @@ -6,7 +6,7 @@ import ( "text/template" "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" ) type Opt func(*StringTemplate) error diff --git a/sdk/helper/tokenutil/tokenutil.go b/sdk/helper/tokenutil/tokenutil.go index 19a3f73c51..776b40501e 100644 --- a/sdk/helper/tokenutil/tokenutil.go +++ b/sdk/helper/tokenutil/tokenutil.go @@ -5,11 +5,11 @@ import ( "fmt" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" sockaddr "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/sdk/plugin/pb/translation.go b/sdk/plugin/pb/translation.go index 44f6f3552e..de0544bc10 100644 --- a/sdk/plugin/pb/translation.go +++ b/sdk/plugin/pb/translation.go @@ -6,8 +6,8 @@ import ( "time" "github.com/golang/protobuf/ptypes" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/errutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/serviceregistration/consul/consul_service_registration.go b/serviceregistration/consul/consul_service_registration.go index cd71515db1..75236b6429 100644 --- a/serviceregistration/consul/consul_service_registration.go +++ b/serviceregistration/consul/consul_service_registration.go @@ -17,10 +17,10 @@ import ( "github.com/hashicorp/consul/api" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" sr "github.com/hashicorp/vault/serviceregistration" "github.com/hashicorp/vault/vault/diagnose" atomicB "go.uber.org/atomic" diff --git a/vault/acl.go b/vault/acl.go index 38fa5efc93..3d07c4089c 100644 --- a/vault/acl.go +++ b/vault/acl.go @@ -9,9 +9,9 @@ import ( "github.com/armon/go-radix" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/copystructure" ) diff --git a/vault/auth.go b/vault/auth.go index 39c4b19bc2..fc92f1300a 100644 --- a/vault/auth.go +++ b/vault/auth.go @@ -6,12 +6,12 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/builtin/plugin" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/barrier_aes_gcm.go b/vault/barrier_aes_gcm.go index 730680b8f9..d1c82b1cf2 100644 --- a/vault/barrier_aes_gcm.go +++ b/vault/barrier_aes_gcm.go @@ -16,8 +16,8 @@ import ( "time" "github.com/armon/go-metrics" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" "go.uber.org/atomic" diff --git a/vault/cluster/inmem_layer.go b/vault/cluster/inmem_layer.go index e65220f8b2..ca4f7cbe87 100644 --- a/vault/cluster/inmem_layer.go +++ b/vault/cluster/inmem_layer.go @@ -9,7 +9,7 @@ import ( "time" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" "go.uber.org/atomic" ) diff --git a/vault/core.go b/vault/core.go index 3b6e461fdb..3a321b9c81 100644 --- a/vault/core.go +++ b/vault/core.go @@ -32,21 +32,21 @@ import ( wrapping "github.com/hashicorp/go-kms-wrapping" aeadwrapper "github.com/hashicorp/go-kms-wrapping/wrappers/aead" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/mlock" + "github.com/hashicorp/go-secure-stdlib/reloadutil" + "github.com/hashicorp/go-secure-stdlib/strutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/audit" "github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" - "github.com/hashicorp/vault/internalshared/reloadutil" "github.com/hashicorp/vault/physical/raft" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/logging" - "github.com/hashicorp/vault/sdk/helper/mlock" - "github.com/hashicorp/vault/sdk/helper/strutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" sr "github.com/hashicorp/vault/serviceregistration" diff --git a/vault/cors.go b/vault/cors.go index 0ee0df2292..57c0c36980 100644 --- a/vault/cors.go +++ b/vault/cors.go @@ -7,8 +7,8 @@ import ( "sync" "sync/atomic" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/diagnose/helpers.go b/vault/diagnose/helpers.go index 3314a3635b..08f004a2b1 100644 --- a/vault/diagnose/helpers.go +++ b/vault/diagnose/helpers.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" sdktrace "go.opentelemetry.io/otel/sdk/trace" @@ -29,12 +29,12 @@ const ( adviceKey = attribute.Key("advice") ) -var ( - MainSection = trace.WithAttributes(attribute.Key("diagnose").String("main-section")) -) +var MainSection = trace.WithAttributes(attribute.Key("diagnose").String("main-section")) -var diagnoseSession = struct{}{} -var noopTracer = trace.NewNoopTracerProvider().Tracer("vault-diagnose") +var ( + diagnoseSession = struct{}{} + noopTracer = trace.NewNoopTracerProvider().Tracer("vault-diagnose") +) type testFunction func(context.Context) error @@ -50,10 +50,10 @@ type Session struct { // when the outermost span ends. func New(w io.Writer) *Session { tc := NewTelemetryCollector(w) - //so, _ := stdout.NewExporter(stdout.WithPrettyPrint()) + // so, _ := stdout.NewExporter(stdout.WithPrettyPrint()) tp := sdktrace.NewTracerProvider( sdktrace.WithSampler(sdktrace.AlwaysSample()), - //sdktrace.WithSpanProcessor(sdktrace.NewSimpleSpanProcessor(so)), + // sdktrace.WithSpanProcessor(sdktrace.NewSimpleSpanProcessor(so)), sdktrace.WithSpanProcessor(tc), ) tracer := tp.Tracer("vault-diagnose") @@ -80,9 +80,7 @@ func Context(ctx context.Context, sess *Session) context.Context { func CurrentSession(ctx context.Context) *Session { sessionCtxVal := ctx.Value(diagnoseSession) if sessionCtxVal != nil { - return sessionCtxVal.(*Session) - } return nil } diff --git a/vault/diagnose/tls_verification.go b/vault/diagnose/tls_verification.go index 9f815cb593..4dd351b845 100644 --- a/vault/diagnose/tls_verification.go +++ b/vault/diagnose/tls_verification.go @@ -11,12 +11,14 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" ) -const minVersionError = "'tls_min_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]" -const maxVersionError = "'tls_max_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]" +const ( + minVersionError = "'tls_min_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]" + maxVersionError = "'tls_max_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]" +) // ListenerChecks diagnoses warnings and the first encountered error for the listener // configuration stanzas. @@ -39,7 +41,6 @@ func ListenerChecks(ctx context.Context, listeners []*configutil.Listener) ([]st } if l.TLSDisableClientCerts { Warn(ctx, fmt.Sprintf("Listener at address %s: TLS for a listener is turned on without requiring client certificates.", listenerID)) - } status, warning := TLSMutualExclusionCertCheck(l) if status == 1 { @@ -279,7 +280,6 @@ func NearExpiration(c *x509.Certificate) (bool, time.Duration) { // TLSMutualExclusionCertCheck returns error if both TLSDisableClientCerts and TLSRequireAndVerifyClientCert are set func TLSMutualExclusionCertCheck(l *configutil.Listener) (int, string) { - if l.TLSDisableClientCerts { if l.TLSRequireAndVerifyClientCert { return 1, "The tls_disable_client_certs and tls_require_and_verify_client_cert fields in the listener stanza of the Vault server configuration are mutually exclusive fields. Please ensure they are not both set to true." @@ -290,7 +290,6 @@ func TLSMutualExclusionCertCheck(l *configutil.Listener) (int, string) { // TLSClientCAFileCheck Checks the validity of a client CA file func TLSClientCAFileCheck(l *configutil.Listener) ([]string, error) { - if l.TLSDisableClientCerts { return nil, nil } else if !l.TLSRequireAndVerifyClientCert { @@ -350,5 +349,4 @@ func TLSCAFileCheck(CAFilePath string) ([]string, error) { } return warningsSlc, err - } diff --git a/vault/expiration.go b/vault/expiration.go index 611129e988..349bc30d06 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -19,11 +19,11 @@ import ( "github.com/hashicorp/errwrap" log "github.com/hashicorp/go-hclog" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/helper/fairshare" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/locksutil" @@ -2023,7 +2023,6 @@ func (m *ExpirationManager) loadEntry(ctx context.Context, leaseID string) (*lea m.deleteLockForLease(leaseID) } return leaseEntry, err - } // loadEntryInternal is used when you need to load an entry but also need to diff --git a/vault/external_tests/identity/entities_test.go b/vault/external_tests/identity/entities_test.go index 0bb7b69907..3e92ae34eb 100644 --- a/vault/external_tests/identity/entities_test.go +++ b/vault/external_tests/identity/entities_test.go @@ -4,10 +4,10 @@ import ( "strings" "testing" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/builtin/credential/approle" vaulthttp "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" ) diff --git a/vault/external_tests/identity/identity_test.go b/vault/external_tests/identity/identity_test.go index 8d8f1a4535..72f4c9b9e9 100644 --- a/vault/external_tests/identity/identity_test.go +++ b/vault/external_tests/identity/identity_test.go @@ -4,9 +4,9 @@ import ( "fmt" "testing" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/sdk/helper/ldaputil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/stretchr/testify/require" diff --git a/vault/external_tests/policy/policy_test.go b/vault/external_tests/policy/policy_test.go index 4d80cd0022..9e9af07fbf 100644 --- a/vault/external_tests/policy/policy_test.go +++ b/vault/external_tests/policy/policy_test.go @@ -6,12 +6,12 @@ import ( "github.com/go-test/deep" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/builtin/credential/ldap" credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" ldaphelper "github.com/hashicorp/vault/helper/testhelpers/ldap" vaulthttp "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" ) diff --git a/vault/external_tests/raft/raft_autopilot_test.go b/vault/external_tests/raft/raft_autopilot_test.go index 74a5df4845..8e7f930b7f 100644 --- a/vault/external_tests/raft/raft_autopilot_test.go +++ b/vault/external_tests/raft/raft_autopilot_test.go @@ -9,13 +9,13 @@ import ( "time" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" autopilot "github.com/hashicorp/raft-autopilot" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/testhelpers" "github.com/hashicorp/vault/helper/testhelpers/teststorage" "github.com/hashicorp/vault/physical/raft" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/vault" "github.com/kr/pretty" testingintf "github.com/mitchellh/go-testing-interface" diff --git a/vault/generate_root_recovery.go b/vault/generate_root_recovery.go index f016af013e..a457fd71c3 100644 --- a/vault/generate_root_recovery.go +++ b/vault/generate_root_recovery.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" "go.uber.org/atomic" ) diff --git a/vault/generate_root_test.go b/vault/generate_root_test.go index f57cfa75db..f83fd12462 100644 --- a/vault/generate_root_test.go +++ b/vault/generate_root_test.go @@ -4,10 +4,10 @@ import ( "encoding/base64" "testing" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/hashicorp/vault/helper/xor" - "github.com/hashicorp/vault/sdk/helper/base62" ) func TestCore_GenerateRoot_Lifecycle(t *testing.T) { diff --git a/vault/identity_store.go b/vault/identity_store.go index 176ba2a007..99ac2f6a77 100644 --- a/vault/identity_store.go +++ b/vault/identity_store.go @@ -10,13 +10,13 @@ import ( "github.com/golang/protobuf/ptypes" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/storagepacker" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/identity_store_entities.go b/vault/identity_store_entities.go index 95949c8559..6ebdea0ebb 100644 --- a/vault/identity_store_entities.go +++ b/vault/identity_store_entities.go @@ -8,13 +8,13 @@ import ( "github.com/golang/protobuf/ptypes" memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/identity/mfa" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/storagepacker" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/identity_store_groups.go b/vault/identity_store_groups.go index 0be981d9a2..2845e28b89 100644 --- a/vault/identity_store_groups.go +++ b/vault/identity_store_groups.go @@ -6,10 +6,10 @@ import ( "strings" "github.com/golang/protobuf/ptypes" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/identity_store_oidc.go b/vault/identity_store_oidc.go index dec2695bc3..924050a90c 100644 --- a/vault/identity_store_oidc.go +++ b/vault/identity_store_oidc.go @@ -15,13 +15,13 @@ import ( "time" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/base62" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/identitytpl" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/patrickmn/go-cache" "golang.org/x/crypto/ed25519" diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index f6535b615f..a6d6cc7b77 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -12,13 +12,13 @@ import ( "github.com/golang/protobuf/ptypes" "github.com/hashicorp/errwrap" memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/identity/mfa" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/storagepacker" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/logical_passthrough.go b/vault/logical_passthrough.go index c04bcd4ab0..0dececa9b6 100644 --- a/vault/logical_passthrough.go +++ b/vault/logical_passthrough.go @@ -6,9 +6,9 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/logical_passthrough_test.go b/vault/logical_passthrough_test.go index 59fd78a777..fa06c372bb 100644 --- a/vault/logical_passthrough_test.go +++ b/vault/logical_passthrough_test.go @@ -7,7 +7,7 @@ import ( "testing" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/logical_system.go b/vault/logical_system.go index 47773697e8..5c82784644 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -24,6 +24,8 @@ import ( log "github.com/hashicorp/go-hclog" memdb "github.com/hashicorp/go-memdb" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/hostutil" "github.com/hashicorp/vault/helper/identity" @@ -34,8 +36,6 @@ import ( "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/version" diff --git a/vault/mount.go b/vault/mount.go index ee024b8060..9dad783099 100644 --- a/vault/mount.go +++ b/vault/mount.go @@ -11,13 +11,13 @@ import ( "time" "github.com/armon/go-metrics" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/builtin/plugin" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/copystructure" ) diff --git a/vault/plugin_reload.go b/vault/plugin_reload.go index bfc4555866..732d60bfaa 100644 --- a/vault/plugin_reload.go +++ b/vault/plugin_reload.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/vault/helper/namespace" multierror "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/policy.go b/vault/policy.go index a99399d3ce..a4686b1d81 100644 --- a/vault/policy.go +++ b/vault/policy.go @@ -7,13 +7,13 @@ import ( "time" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/hclutil" "github.com/hashicorp/vault/sdk/helper/identitytpl" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/mitchellh/copystructure" ) diff --git a/vault/policy_store.go b/vault/policy_store.go index 9798d186f9..20a17f1e73 100644 --- a/vault/policy_store.go +++ b/vault/policy_store.go @@ -10,11 +10,11 @@ import ( metrics "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" lru "github.com/hashicorp/golang-lru" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/raft.go b/vault/raft.go index 5cee435bba..8a0cd58dff 100644 --- a/vault/raft.go +++ b/vault/raft.go @@ -18,11 +18,11 @@ import ( discoverk8s "github.com/hashicorp/go-discover/provider/k8s" "github.com/hashicorp/go-hclog" wrapping "github.com/hashicorp/go-kms-wrapping" + "github.com/hashicorp/go-secure-stdlib/tlsutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/physical/raft" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault/seal" "github.com/mitchellh/mapstructure" diff --git a/vault/request_handling.go b/vault/request_handling.go index fc624764ed..581d479d2c 100644 --- a/vault/request_handling.go +++ b/vault/request_handling.go @@ -11,6 +11,7 @@ import ( metrics "github.com/armon/go-metrics" "github.com/hashicorp/errwrap" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" sockaddr "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/metricsutil" @@ -21,7 +22,6 @@ import ( "github.com/hashicorp/vault/sdk/helper/errutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault/quotas" diff --git a/vault/router.go b/vault/router.go index be067f78a2..dad8a8dd14 100644 --- a/vault/router.go +++ b/vault/router.go @@ -11,10 +11,10 @@ import ( metrics "github.com/armon/go-metrics" radix "github.com/armon/go-radix" hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/salt" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/testing.go b/vault/testing.go index dbe896c958..cf7c2f76e4 100644 --- a/vault/testing.go +++ b/vault/testing.go @@ -29,6 +29,7 @@ import ( "github.com/armon/go-metrics" "github.com/hashicorp/go-cleanhttp" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/reloadutil" raftlib "github.com/hashicorp/raft" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/audit" @@ -36,7 +37,6 @@ import ( "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/internalshared/reloadutil" dbMysql "github.com/hashicorp/vault/plugins/database/mysql" dbPostgres "github.com/hashicorp/vault/plugins/database/postgresql" "github.com/hashicorp/vault/sdk/framework" diff --git a/vault/token_store.go b/vault/token_store.go index 9370ece7a3..3707b07766 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -18,19 +18,19 @@ import ( "github.com/golang/protobuf/proto" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/base62" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/policyutil" "github.com/hashicorp/vault/sdk/helper/salt" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/plugin/pb" diff --git a/vault/token_store_test.go b/vault/token_store_test.go index a9b946882a..6a5504e165 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -16,13 +16,13 @@ import ( "github.com/go-test/deep" "github.com/hashicorp/errwrap" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/mapstructure"