scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-31 18:48:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Migrate to sdk/internalshared libs in go-secure-stdlib (#12090)

Browse Source 
* Swap sdk/helper libs to go-secure-stdlib

* Migrate to go-secure-stdlib reloadutil

* Migrate to go-secure-stdlib kv-builder

* Migrate to go-secure-stdlib gatedwriter
This commit is contained in:
Jeff Mitchell
2021-07-15 20:17:31 -04:00
committed by GitHub
parent 8ddf155755
commit 861454e0ed
163 changed files with 208 additions and 706 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
api/client.go
View File

@@ -19,8 +19,8 @@ import (
cleanhttp "github.com/hashicorp/go-cleanhttp"
retryablehttp "github.com/hashicorp/go-retryablehttp"
rootcerts "github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"golang.org/x/net/http2"
"golang.org/x/time/rate"
)

1
api/go.mod
View File

@@ -14,6 +14,7 @@ require (
github.com/hashicorp/go-multierror v1.1.0
github.com/hashicorp/go-retryablehttp v0.6.6
github.com/hashicorp/go-rootcerts v1.0.2
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1
github.com/hashicorp/hcl v1.0.0
github.com/hashicorp/vault/sdk v0.2.1
github.com/mitchellh/mapstructure v1.4.1

2
api/secret.go
View File

@@ -7,8 +7,8 @@ import (
"time"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/helper/parseutil"
)
// Secret is the structure returned for every secret within Vault.

2
api/sys_raft.go
View File

@@ -9,7 +9,7 @@ import (
"net/http"
"time"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/mitchellh/mapstructure"

2
audit/hashstructure.go
View File

@@ -6,8 +6,8 @@ import (
"reflect"
"time"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/helper/salt"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/helper/wrapping"
"github.com/hashicorp/vault/sdk/logical"
"github.com/mitchellh/copystructure"

2
builtin/audit/socket/backend.go
View File

@@ -10,8 +10,8 @@ import (
"time"
multierror "github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/audit"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/salt"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/approle/path_login.go
View File

@@ -6,9 +6,9 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/cidrutil"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/logical"
)

4
builtin/credential/approle/path_role.go
View File

@@ -7,14 +7,14 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/cidrutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/locksutil"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/policyutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/helper/tokenutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/aws/path_config_client.go
View File

@@ -8,8 +8,8 @@ import (
"strings"
"github.com/aws/aws-sdk-go/aws"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/aws/path_config_identity.go
View File

@@ -4,9 +4,9 @@ import (
"context"
"fmt"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/authmetadata"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/aws/path_login.go
View File

@@ -24,12 +24,12 @@ import (
"github.com/hashicorp/errwrap"
cleanhttp "github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-retryablehttp"
"github.com/hashicorp/go-secure-stdlib/strutil"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/awsutil"
"github.com/hashicorp/vault/sdk/helper/cidrutil"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/aws/path_role_tag.go
View File

@@ -11,10 +11,10 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/strutil"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/policyutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/aws/path_role_test.go
View File

@@ -9,11 +9,11 @@ import (
"github.com/go-test/deep"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/strutil"
vlttesting "github.com/hashicorp/vault/helper/testhelpers/logical"
"github.com/hashicorp/vault/sdk/helper/awsutil"
"github.com/hashicorp/vault/sdk/helper/logging"
"github.com/hashicorp/vault/sdk/helper/policyutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/github/cli.go
View File

@@ -6,8 +6,8 @@ import (
"os"
"strings"
"github.com/hashicorp/go-secure-stdlib/password"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/helper/password"
)
type CLIHandler struct {

2
builtin/credential/ldap/backend.go
View File

@@ -5,10 +5,10 @@ import (
"fmt"
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/helper/mfa"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/ldaputil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/ldap/cli.go
View File

@@ -5,8 +5,8 @@ import (
"os"
"strings"
pwd "github.com/hashicorp/go-secure-stdlib/password"
"github.com/hashicorp/vault/api"
pwd "github.com/hashicorp/vault/sdk/helper/password"
)
type CLIHandler struct{}

2
builtin/credential/ldap/path_users.go
View File

@@ -4,9 +4,9 @@ import (
"context"
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/policyutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/credential/okta/cli.go
View File

@@ -5,8 +5,8 @@ import (
"os"
"strings"
pwd "github.com/hashicorp/go-secure-stdlib/password"
"github.com/hashicorp/vault/api"
pwd "github.com/hashicorp/vault/sdk/helper/password"
)
// CLIHandler struct

2
builtin/credential/token/cli.go
View File

@@ -7,8 +7,8 @@ import (
"strconv"
"strings"
"github.com/hashicorp/go-secure-stdlib/password"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/helper/password"
)
type CLIHandler struct {

2
builtin/credential/userpass/cli.go
View File

@@ -5,8 +5,8 @@ import (
"os"
"strings"
pwd "github.com/hashicorp/go-secure-stdlib/password"
"github.com/hashicorp/vault/api"
pwd "github.com/hashicorp/vault/sdk/helper/password"
"github.com/mitchellh/mapstructure"
)

2
builtin/logical/aws/path_roles.go
View File

@@ -12,9 +12,9 @@ import (
"github.com/aws/aws-sdk-go/aws/arn"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/aws/path_user.go
View File

@@ -9,8 +9,8 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/iam"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/mitchellh/mapstructure"
)

2
builtin/logical/cassandra/path_config_connection.go
View File

@@ -4,9 +4,9 @@ import (
"context"
"fmt"
"github.com/hashicorp/go-secure-stdlib/tlsutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/certutil"
"github.com/hashicorp/vault/sdk/helper/tlsutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/cassandra/path_creds_create.go
View File

@@ -7,9 +7,9 @@ import (
"time"
"github.com/gocql/gocql"
"github.com/hashicorp/go-secure-stdlib/strutil"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/cassandra/util.go
View File

@@ -7,8 +7,8 @@ import (
"time"
"github.com/gocql/gocql"
"github.com/hashicorp/go-secure-stdlib/tlsutil"
"github.com/hashicorp/vault/sdk/helper/certutil"
"github.com/hashicorp/vault/sdk/helper/tlsutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/database/backend.go
View File

@@ -9,13 +9,13 @@ import (
"time"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/go-uuid"
v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
"github.com/hashicorp/vault/sdk/database/helper/dbutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/locksutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/queue"
)

2
builtin/logical/database/path_creds_create.go
View File

@@ -5,9 +5,9 @@ import (
"fmt"
"time"
"github.com/hashicorp/go-secure-stdlib/strutil"
v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/database/path_roles.go
View File

@@ -6,10 +6,10 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/strutil"
v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/locksutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/queue"
)

2
builtin/logical/database/rotation.go
View File

@@ -8,12 +8,12 @@ import (
"time"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/strutil"
v4 "github.com/hashicorp/vault/sdk/database/dbplugin"
v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/locksutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/queue"
)

2
builtin/logical/mssql/path_creds_create.go
View File

@@ -5,10 +5,10 @@ import (
"fmt"
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/dbtxn"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/mssql/path_roles.go
View File

@@ -5,8 +5,8 @@ import (
"fmt"
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/mysql/path_role_create.go
View File

@@ -5,10 +5,10 @@ import (
"fmt"
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/dbtxn"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
_ "github.com/lib/pq"
)

2
builtin/logical/mysql/path_roles.go
View File

@@ -6,8 +6,8 @@ import (
"strings"
_ "github.com/go-sql-driver/mysql"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/mysql/secret_creds.go
View File

@@ -5,8 +5,8 @@ import (
"fmt"
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/pki/backend_test.go
View File

@@ -30,12 +30,12 @@ import (
"github.com/fatih/structs"
"github.com/go-test/deep"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/builtin/credential/userpass"
logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/helper/certutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/vault"
"github.com/mitchellh/mapstructure"

2
builtin/logical/pki/cert_util.go
View File

@@ -18,10 +18,10 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/certutil"
"github.com/hashicorp/vault/sdk/helper/errutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/ryanuber/go-glob"
"golang.org/x/crypto/cryptobyte"

2
builtin/logical/pki/path_roles.go
View File

@@ -7,10 +7,10 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/certutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/pki/path_roles_test.go
View File

@@ -5,7 +5,7 @@ import (
"testing"
"time"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/mitchellh/mapstructure"
)

2
builtin/logical/postgresql/path_role_create.go
View File

@@ -6,10 +6,10 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/strutil"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/dbtxn"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
_ "github.com/lib/pq"
)

2
builtin/logical/postgresql/path_roles.go
View File

@@ -5,8 +5,8 @@ import (
"fmt"
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
)

2
builtin/logical/postgresql/secret_creds.go
View File

@@ -7,9 +7,9 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/dbtxn"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/lib/pq"
)

2
builtin/logical/rabbitmq/backend_test.go
View File

@@ -7,9 +7,9 @@ import (
"os"
"testing"
"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/hashicorp/vault/helper/testhelpers/docker"
logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical"
"github.com/hashicorp/vault/sdk/helper/base62"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/logical"
rabbithole "github.com/michaelklishin/rabbit-hole"

2
builtin/logical/rabbitmq/passwords.go
View File

@@ -3,7 +3,7 @@ package rabbitmq
import (
"context"
"github.com/hashicorp/vault/sdk/helper/base62"
"github.com/hashicorp/go-secure-stdlib/base62"
)
func (b *backend) generatePassword(ctx context.Context, policyName string) (password string, err error) {

2
builtin/logical/ssh/path_config_zeroaddress.go
View File

@@ -4,7 +4,7 @@ import (
"context"
"fmt"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"

2
builtin/logical/ssh/path_roles.go
View File

@@ -6,9 +6,9 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/cidrutil"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/logical"
"golang.org/x/crypto/ssh"
)

4
builtin/logical/ssh/path_sign.go
View File

@@ -15,10 +15,10 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/certutil"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/logical"
"golang.org/x/crypto/ed25519"
"golang.org/x/crypto/ssh"

2
builtin/logical/ssh/util.go
View File

@@ -13,7 +13,7 @@ import (
"strings"
"time"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/sdk/logical"
log "github.com/hashicorp/go-hclog"

2
command/agent.go
View File

@@ -18,6 +18,7 @@ import (
"time"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/gatedwriter"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/command/agent/auth"
"github.com/hashicorp/vault/command/agent/auth/alicloud"
@@ -40,7 +41,6 @@ import (
"github.com/hashicorp/vault/command/agent/sink/inmem"
"github.com/hashicorp/vault/command/agent/template"
"github.com/hashicorp/vault/command/agent/winsvc"
"github.com/hashicorp/vault/internalshared/gatedwriter"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/logging"
"github.com/hashicorp/vault/sdk/logical"

2
command/agent/auth/approle/approle.go
View File

@@ -10,9 +10,9 @@ import (
"strings"
hclog "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/command/agent/auth"
"github.com/hashicorp/vault/sdk/helper/parseutil"
)
type approleMethod struct {

2
command/agent/auth/gcp/gcp.go
View File

@@ -12,9 +12,9 @@ import (
cleanhttp "github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-gcp-common/gcputil"
hclog "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/command/agent/auth"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"golang.org/x/oauth2"
"google.golang.org/api/iamcredentials/v1"
)

2
command/agent/auth/kerberos/kerberos.go
View File

@@ -7,10 +7,10 @@ import (
"net/http"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/parseutil"
kerberos "github.com/hashicorp/vault-plugin-auth-kerberos"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/command/agent/auth"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/jcmturner/gokrb5/v8/spnego"
)

2
command/agent/cache/api_proxy.go vendored
View File

@@ -7,9 +7,9 @@ import (
hclog "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-retryablehttp"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/vault"
)

2
command/agent/cache/lease_cache.go vendored
View File

@@ -17,13 +17,13 @@ import (
"time"
hclog "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/command/agent/cache/cacheboltdb"
cachememdb "github.com/hashicorp/vault/command/agent/cache/cachememdb"
"github.com/hashicorp/vault/helper/namespace"
nshelper "github.com/hashicorp/vault/helper/namespace"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/sdk/helper/base62"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/cryptoutil"
"github.com/hashicorp/vault/sdk/helper/jsonutil"

2
command/agent/config/config.go
View File

@@ -10,11 +10,11 @@ import (
ctconfig "github.com/hashicorp/consul-template/config"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/hcl"
"github.com/hashicorp/hcl/hcl/ast"
"github.com/hashicorp/vault/helper/namespace"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/mitchellh/mapstructure"
)

2
command/base_helpers.go
View File

@@ -8,8 +8,8 @@ import (
"strings"
"time"
kvbuilder "github.com/hashicorp/go-secure-stdlib/kv-builder"
"github.com/hashicorp/vault/api"
kvbuilder "github.com/hashicorp/vault/internalshared/kv-builder"
"github.com/kr/text"
homedir "github.com/mitchellh/go-homedir"
"github.com/mitchellh/mapstructure"

2
command/base_predict_test.go
View File

@@ -4,8 +4,8 @@ import (
"reflect"
"testing"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/posener/complete"
)

4
command/debug.go
View File

@@ -14,10 +14,10 @@ import (
"time"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/gatedwriter"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/internalshared/gatedwriter"
"github.com/hashicorp/vault/sdk/helper/logging"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/version"
"github.com/mholt/archiver"
"github.com/mitchellh/cli"

2
command/kv_helpers.go
View File

@@ -7,8 +7,8 @@ import (
"path"
"strings"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/helper/strutil"
)
func kvReadRequest(client *api.Client, path string, params map[string]string) (*api.Secret, error) {

2
command/monitor.go
View File

@@ -5,7 +5,7 @@ import (
"fmt"
"strings"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)

6
command/operator_diagnose.go
View File

@@ -18,12 +18,12 @@ import (
"github.com/docker/docker/pkg/ioutils"
"github.com/hashicorp/consul/api"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/reloadutil"
uuid "github.com/hashicorp/go-uuid"
cserver "github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/metricsutil"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/internalshared/listenerutil"
"github.com/hashicorp/vault/internalshared/reloadutil"
physconsul "github.com/hashicorp/vault/physical/consul"
"github.com/hashicorp/vault/physical/raft"
"github.com/hashicorp/vault/sdk/physical"
@@ -152,7 +152,6 @@ func (c *OperatorDiagnoseCommand) Run(args []string) int {
}
func (c *OperatorDiagnoseCommand) RunWithParsedFlags() int {
if len(c.flagConfigs) == 0 {
c.UI.Error("Must specify a configuration file using -config.")
return 3
@@ -255,7 +254,6 @@ func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error
var backend *physical.Backend
diagnose.Test(ctx, "Check Storage", func(ctx context.Context) error {
// Ensure that there is a storage stanza
if config.Storage == nil {
diagnose.Advise(ctx, "To learn how to specify a storage backend, see the Vault server configuration documentation.")
@@ -400,7 +398,6 @@ func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error
var sealConfigError error
barrierSeal, barrierWrapper, unwrapSeal, seals, sealConfigError, err := setSeal(server, config, make([]string, 0), make(map[string]string))
// Check error here
if err != nil {
diagnose.Advise(ctx, "For assistance with the seal stanza, see the Vault configuration documentation.")
@@ -657,7 +654,6 @@ SEALFAIL:
plaintext, err := barrierWrapper.Decrypt(ctx, ciphertext, nil)
if err != nil {
return fmt.Errorf("Error decrypting with seal barrier: %w", err)
}
if string(plaintext) != barrierEncValue {
return fmt.Errorf("Barrier returned incorrect decrypted value for mock data.")

4
command/operator_generate_root.go
View File

@@ -9,12 +9,12 @@ import (
"os"
"strings"
"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/hashicorp/go-secure-stdlib/password"
uuid "github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/helper/pgpkeys"
"github.com/hashicorp/vault/helper/xor"
"github.com/hashicorp/vault/sdk/helper/base62"
"github.com/hashicorp/vault/sdk/helper/password"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)

2
command/operator_migrate_test.go
View File

@@ -16,9 +16,9 @@ import (
"github.com/go-test/deep"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/testhelpers"
"github.com/hashicorp/vault/sdk/helper/base62"
"github.com/hashicorp/vault/sdk/physical"
"github.com/hashicorp/vault/vault"
)

2
command/operator_rekey.go
View File

@@ -8,9 +8,9 @@ import (
"strings"
"github.com/fatih/structs"
"github.com/hashicorp/go-secure-stdlib/password"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/helper/pgpkeys"
"github.com/hashicorp/vault/sdk/helper/password"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)

2
command/operator_unseal.go
View File

@@ -6,8 +6,8 @@ import (
"os"
"strings"
"github.com/hashicorp/go-secure-stdlib/password"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/helper/password"
"github.com/mitchellh/cli"
"github.com/posener/complete"
)

7
command/server.go
View File

@@ -28,6 +28,9 @@ import (
wrapping "github.com/hashicorp/go-kms-wrapping"
aeadwrapper "github.com/hashicorp/go-kms-wrapping/wrappers/aead"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/gatedwriter"
"github.com/hashicorp/go-secure-stdlib/mlock"
"github.com/hashicorp/go-secure-stdlib/reloadutil"
"github.com/hashicorp/vault/audit"
"github.com/hashicorp/vault/command/server"
"github.com/hashicorp/vault/helper/builtinplugins"
@@ -35,12 +38,9 @@ import (
"github.com/hashicorp/vault/helper/namespace"
vaulthttp "github.com/hashicorp/vault/http"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/internalshared/gatedwriter"
"github.com/hashicorp/vault/internalshared/listenerutil"
"github.com/hashicorp/vault/internalshared/reloadutil"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/helper/logging"
"github.com/hashicorp/vault/sdk/helper/mlock"
"github.com/hashicorp/vault/sdk/helper/useragent"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/physical"
@@ -1213,7 +1213,6 @@ func (c *ServerCommand) Run(args []string) int {
info["log level"] = logLevelString
infoKeys = append(infoKeys, "log level")
barrierSeal, barrierWrapper, unwrapSeal, seals, sealConfigError, err := setSeal(c, config, infoKeys, info)
// Check error here
if err != nil {
c.UI.Error(err.Error())

2
command/server/config.go
View File

@@ -13,10 +13,10 @@ import (
"time"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/hcl"
"github.com/hashicorp/hcl/hcl/ast"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/sdk/helper/parseutil"
)
var entConfigValidate = func(_ *Config, _ string) []configutil.ConfigError {

2
command/server/listener.go
View File

@@ -9,9 +9,9 @@ import (
// We must import sha512 so that it registers with the runtime so that
// certificates that use it can be parsed.
"github.com/hashicorp/go-secure-stdlib/reloadutil"
"github.com/hashicorp/vault/helper/proxyutil"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/internalshared/reloadutil"
"github.com/mitchellh/cli"
)

2
command/server/listener_tcp.go
View File

@@ -9,9 +9,9 @@ import (
"strings"
"time"
"github.com/hashicorp/go-secure-stdlib/reloadutil"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/internalshared/listenerutil"
"github.com/hashicorp/vault/internalshared/reloadutil"
"github.com/mitchellh/cli"
)

9
go.mod
View File

@@ -71,6 +71,15 @@ require (
github.com/hashicorp/go-raftchunking v0.6.3-0.20191002164813-7e9e8525653a
github.com/hashicorp/go-retryablehttp v0.6.7
github.com/hashicorp/go-rootcerts v1.0.2
github.com/hashicorp/go-secure-stdlib/base62 v0.1.1
github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1
github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1
github.com/hashicorp/go-secure-stdlib/mlock v0.1.1
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1
github.com/hashicorp/go-secure-stdlib/password v0.1.1
github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1
github.com/hashicorp/go-secure-stdlib/strutil v0.1.1
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1
github.com/hashicorp/go-sockaddr v1.0.2
github.com/hashicorp/go-syslog v1.0.0
github.com/hashicorp/go-uuid v1.0.2

6
go.sum
View File

@@ -624,12 +624,18 @@ github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5O
github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8=
github.com/hashicorp/go-secure-stdlib/base62 v0.1.1 h1:6KMBnfEv0/kLAz0O76sliN5mXbCDcLfs2kP7ssP7+DQ=
github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw=
github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1 h1:9um9R8i0+HbRHS9d64kdvWR0/LJvo12sIonvR9zr1+U=
github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1/go.mod h1:6RoRTSMDK2H/rKh3P/JIsk1tK8aatKTt3JyvIopi3GQ=
github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1 h1:IJgULbAXuvWxzKFfu+Au1FUmHIJulS6N4F7Hkn+Kck0=
github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1/go.mod h1:rf5JPE13wi+NwjgsmGkbg4b2CgHq8v7Htn/F0nDe/hg=
github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc=
github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I=
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 h1:78ki3QBevHwYrVxnyVeaEz+7WtifHhauYF23es/0KlI=
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8=
github.com/hashicorp/go-secure-stdlib/password v0.1.1 h1:6JzmBqXprakgFEHwBgdchsjaA9x3GyjdI568bXKxa60=
github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo=
github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 h1:SMGUnbpAcat8rIKHkBPjfv81yC46a8eCNZ2hsR2l1EI=
github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1/go.mod h1:Ch/bf00Qnx77MZd49JRgHYqHQjtEmTgGU2faufpVZb0=
github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 h1:nd0HIW15E6FG1MsnArYaHfuw9C2zgzM8LxkG5Ty/788=
github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U=
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 h1:Yc026VyMyIpq1UWRnakHRG01U8fJm+nEfEmjoAb00n8=

2
helper/proxyutil/proxyutil.go
View File

@@ -7,8 +7,8 @@ import (
"time"
proxyproto "github.com/armon/go-proxyproto"
"github.com/hashicorp/go-secure-stdlib/parseutil"
sockaddr "github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/vault/sdk/helper/parseutil"
)
// ProxyProtoConfig contains configuration for the PROXY protocol

2
http/cors.go
View File

@@ -5,7 +5,7 @@ import (
"net/http"
"strings"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/vault"
)

2
http/handler.go
View File

@@ -22,12 +22,12 @@ import (
assetfs "github.com/elazarl/go-bindata-assetfs"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/vault/helper/namespace"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/pathmanager"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/vault"

2
http/sys_generate_root.go
View File

@@ -8,7 +8,7 @@ import (
"io"
"net/http"
"github.com/hashicorp/vault/sdk/helper/base62"
"github.com/hashicorp/go-secure-stdlib/base62"
"github.com/hashicorp/vault/vault"
)

2
http/sys_health.go
View File

@@ -8,8 +8,8 @@ import (
"strconv"
"time"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/version"
"github.com/hashicorp/vault/vault"
)

2
http/sys_raft.go
View File

@@ -8,8 +8,8 @@ import (
"io"
"net/http"
"github.com/hashicorp/go-secure-stdlib/tlsutil"
"github.com/hashicorp/vault/physical/raft"
"github.com/hashicorp/vault/sdk/helper/tlsutil"
"github.com/hashicorp/vault/vault"
)

2
internalshared/configutil/config.go
View File

@@ -5,10 +5,10 @@ import (
"io/ioutil"
"time"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/hcl"
"github.com/hashicorp/hcl/hcl/ast"
"github.com/hashicorp/hcl/hcl/token"
"github.com/hashicorp/vault/sdk/helper/parseutil"
)
// SharedConfig contains some shared values

2
internalshared/configutil/kms.go
View File

@@ -17,9 +17,9 @@ import (
"github.com/hashicorp/go-kms-wrapping/wrappers/ocikms"
"github.com/hashicorp/go-kms-wrapping/wrappers/transit"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/hcl"
"github.com/hashicorp/hcl/hcl/ast"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/logical"
)

3
internalshared/configutil/lint.go
View File

@@ -2,9 +2,10 @@ package configutil
import (
"fmt"
"github.com/asaskevich/govalidator"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/hcl/hcl/token"
"github.com/hashicorp/vault/sdk/helper/strutil"
)
type UnusedKeyMap map[string][]token.Pos

6
internalshared/configutil/listener.go
View File

@@ -8,12 +8,12 @@ import (
"time"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/go-secure-stdlib/tlsutil"
"github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/hcl"
"github.com/hashicorp/hcl/hcl/ast"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/helper/tlsutil"
)
type ListenerTelemetry struct {

3
internalshared/configutil/telemetry.go
View File

@@ -6,7 +6,7 @@ import (
"fmt"
"time"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/go-secure-stdlib/parseutil"
monitoring "cloud.google.com/go/monitoring/apiv3"
"github.com/armon/go-metrics"
@@ -402,7 +402,6 @@ func SetupTelemetry(opts *SetupTelemetryOpts) (*metrics.InmemSink, *metricsutil.
// Parse the metric filters
telemetryAllowedPrefixes, telemetryBlockedPrefixes, err := parsePrefixFilter(opts.Config.PrefixFilter)
if err != nil {
return nil, nil, false, err
}

43
internalshared/gatedwriter/writer.go
View File

@@ -1,43 +0,0 @@
package gatedwriter
import (
"bytes"
"io"
"sync"
)
// Writer is an io.Writer implementation that buffers all of its
// data into an internal buffer until it is told to let data through.
type Writer struct {
writer io.Writer
buf bytes.Buffer
flush bool
lock sync.Mutex
}
func NewWriter(underlying io.Writer) *Writer {
return &Writer{writer: underlying}
}
// Flush tells the Writer to flush any buffered data and to stop
// buffering.
func (w *Writer) Flush() error {
w.lock.Lock()
defer w.lock.Unlock()
w.flush = true
_, err := w.buf.WriteTo(w.writer)
return err
}
func (w *Writer) Write(p []byte) (n int, err error) {
w.lock.Lock()
defer w.lock.Unlock()
if w.flush {
return w.writer.Write(p)
}
return w.buf.Write(p)
}

34
internalshared/gatedwriter/writer_test.go
View File

@@ -1,34 +0,0 @@
package gatedwriter
import (
"bytes"
"io"
"testing"
)
func TestWriter_impl(t *testing.T) {
var _ io.Writer = new(Writer)
}
func TestWriter(t *testing.T) {
buf := new(bytes.Buffer)
w := NewWriter(buf)
w.Write([]byte("foo\n"))
w.Write([]byte("bar\n"))
if buf.String() != "" {
t.Fatalf("bad: %s", buf.String())
}
w.Flush()
if buf.String() != "foo\nbar\n" {
t.Fatalf("bad: %s", buf.String())
}
w.Write([]byte("baz\n"))
if buf.String() != "foo\nbar\nbaz\n" {
t.Fatalf("bad: %s", buf.String())
}
}

131
internalshared/kv-builder/builder.go
View File

@@ -1,131 +0,0 @@
package kvbuilder
import (
"bytes"
"fmt"
"io"
"io/ioutil"
"os"
"strings"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/mitchellh/mapstructure"
)
// Builder is a struct to build a key/value mapping based on a list
// of "k=v" pairs, where the value might come from stdin, a file, etc.
type Builder struct {
Stdin io.Reader
result map[string]interface{}
stdin bool
}
// Map returns the built map.
func (b *Builder) Map() map[string]interface{} {
return b.result
}
// Add adds to the mapping with the given args.
func (b *Builder) Add(args ...string) error {
for _, a := range args {
if err := b.add(a); err != nil {
return fmt.Errorf("invalid key/value pair %q: %w", a, err)
}
}
return nil
}
func (b *Builder) add(raw string) error {
// Regardless of validity, make sure we make our result
if b.result == nil {
b.result = make(map[string]interface{})
}
// Empty strings are fine, just ignored
if raw == "" {
return nil
}
// Split into key/value
parts := strings.SplitN(raw, "=", 2)
// If the arg is exactly "-", then we need to read from stdin
// and merge the results into the resulting structure.
if len(parts) == 1 {
if raw == "-" {
if b.Stdin == nil {
return fmt.Errorf("stdin is not supported")
}
if b.stdin {
return fmt.Errorf("stdin already consumed")
}
b.stdin = true
return b.addReader(b.Stdin)
}
// If the arg begins with "@" then we need to read a file directly
if raw[0] == '@' {
f, err := os.Open(raw[1:])
if err != nil {
return err
}
defer f.Close()
return b.addReader(f)
}
}
if len(parts) != 2 {
return fmt.Errorf("format must be key=value")
}
key, value := parts[0], parts[1]
if len(value) > 0 {
if value[0] == '@' {
contents, err := ioutil.ReadFile(value[1:])
if err != nil {
return fmt.Errorf("error reading file: %w", err)
}
value = string(contents)
} else if value[0] == '\\' && value[1] == '@' {
value = value[1:]
} else if value == "-" {
if b.Stdin == nil {
return fmt.Errorf("stdin is not supported")
}
if b.stdin {
return fmt.Errorf("stdin already consumed")
}
b.stdin = true
var buf bytes.Buffer
if _, err := io.Copy(&buf, b.Stdin); err != nil {
return err
}
value = buf.String()
}
}
// Repeated keys will be converted into a slice
if existingValue, ok := b.result[key]; ok {
var sliceValue []interface{}
if err := mapstructure.WeakDecode(existingValue, &sliceValue); err != nil {
return err
}
sliceValue = append(sliceValue, value)
b.result[key] = sliceValue
return nil
}
b.result[key] = value
return nil
}
func (b *Builder) addReader(r io.Reader) error {
return jsonutil.DecodeJSONFromReader(r, &b.result)
}

139
internalshared/kv-builder/builder_test.go
View File

@@ -1,139 +0,0 @@
package kvbuilder
import (
"bytes"
"reflect"
"testing"
)
func TestBuilder_basic(t *testing.T) {
var b Builder
err := b.Add("foo=bar", "bar=baz", "baz=")
if err != nil {
t.Fatalf("err: %s", err)
}
expected := map[string]interface{}{
"foo": "bar",
"bar": "baz",
"baz": "",
}
actual := b.Map()
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestBuilder_escapedAt(t *testing.T) {
var b Builder
err := b.Add("foo=bar", "bar=\\@baz")
if err != nil {
t.Fatalf("err: %s", err)
}
expected := map[string]interface{}{
"foo": "bar",
"bar": "@baz",
}
actual := b.Map()
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestBuilder_stdin(t *testing.T) {
var b Builder
b.Stdin = bytes.NewBufferString("baz")
err := b.Add("foo=bar", "bar=-")
if err != nil {
t.Fatalf("err: %s", err)
}
expected := map[string]interface{}{
"foo": "bar",
"bar": "baz",
}
actual := b.Map()
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestBuilder_stdinMap(t *testing.T) {
var b Builder
b.Stdin = bytes.NewBufferString(`{"foo": "bar"}`)
err := b.Add("-", "bar=baz")
if err != nil {
t.Fatalf("err: %s", err)
}
expected := map[string]interface{}{
"foo": "bar",
"bar": "baz",
}
actual := b.Map()
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestBuilder_stdinTwice(t *testing.T) {
var b Builder
b.Stdin = bytes.NewBufferString(`{"foo": "bar"}`)
err := b.Add("-", "-")
if err == nil {
t.Fatal("should error")
}
}
func TestBuilder_sameKeyTwice(t *testing.T) {
var b Builder
err := b.Add("foo=bar", "foo=baz")
if err != nil {
t.Fatalf("err: %s", err)
}
expected := map[string]interface{}{
"foo": []interface{}{"bar", "baz"},
}
actual := b.Map()
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestBuilder_sameKeyMultipleTimes(t *testing.T) {
var b Builder
err := b.Add("foo=bar", "foo=baz", "foo=bay", "foo=bax", "bar=baz")
if err != nil {
t.Fatalf("err: %s", err)
}
expected := map[string]interface{}{
"foo": []interface{}{"bar", "baz", "bay", "bax"},
"bar": "baz",
}
actual := b.Map()
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}
func TestBuilder_specialCharactersInKey(t *testing.T) {
var b Builder
b.Stdin = bytes.NewBufferString("{\"foo\": \"bay\"}")
err := b.Add("@foo=bar", "-foo=baz", "-")
if err != nil {
t.Fatalf("err: %s", err)
}
expected := map[string]interface{}{
"@foo": "bar",
"-foo": "baz",
"foo": "bay",
}
actual := b.Map()
if !reflect.DeepEqual(actual, expected) {
t.Fatalf("bad: %#v", actual)
}
}

4
internalshared/listenerutil/listener.go
View File

@@ -11,9 +11,9 @@ import (
"strconv"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-secure-stdlib/reloadutil"
"github.com/hashicorp/go-secure-stdlib/tlsutil"
"github.com/hashicorp/vault/internalshared/configutil"
"github.com/hashicorp/vault/internalshared/reloadutil"
"github.com/hashicorp/vault/sdk/helper/tlsutil"
"github.com/jefferai/isbadcipher"
"github.com/mitchellh/cli"
)

83
internalshared/reloadutil/reload.go
View File

@@ -1,83 +0,0 @@
package reloadutil
import (
"crypto/tls"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"io/ioutil"
"sync"
)
// ReloadFunc are functions that are called when a reload is requested
type ReloadFunc func() error
// CertificateGetter satisfies ReloadFunc and its GetCertificate method
// satisfies the tls.GetCertificate function signature. Currently it does not
// allow changing paths after the fact.
type CertificateGetter struct {
sync.RWMutex
cert *tls.Certificate
certFile string
keyFile string
passphrase string
}
func NewCertificateGetter(certFile, keyFile, passphrase string) *CertificateGetter {
return &CertificateGetter{
certFile: certFile,
keyFile: keyFile,
passphrase: passphrase,
}
}
func (cg *CertificateGetter) Reload() error {
certPEMBlock, err := ioutil.ReadFile(cg.certFile)
if err != nil {
return err
}
keyPEMBlock, err := ioutil.ReadFile(cg.keyFile)
if err != nil {
return err
}
// Check for encrypted pem block
keyBlock, _ := pem.Decode(keyPEMBlock)
if keyBlock == nil {
return errors.New("decoded PEM is blank")
}
if x509.IsEncryptedPEMBlock(keyBlock) {
keyBlock.Bytes, err = x509.DecryptPEMBlock(keyBlock, []byte(cg.passphrase))
if err != nil {
return fmt.Errorf("Decrypting PEM block failed %w", err)
}
keyPEMBlock = pem.EncodeToMemory(keyBlock)
}
cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock)
if err != nil {
return err
}
cg.Lock()
defer cg.Unlock()
cg.cert = &cert
return nil
}
func (cg *CertificateGetter) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
cg.RLock()
defer cg.RUnlock()
if cg.cert == nil {
return nil, fmt.Errorf("nil certificate")
}
return cg.cert, nil
}

74
internalshared/reloadutil/reload_test.go
View File

@@ -1,74 +0,0 @@
package reloadutil
import (
"crypto/x509"
"io/ioutil"
"testing"
"github.com/hashicorp/errwrap"
)
func TestReload_KeyWithPassphrase(t *testing.T) {
password := "password"
cert := []byte(`-----BEGIN CERTIFICATE-----
MIICLzCCAZgCCQCq27CeP4WhlDANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJV
UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoM
CUhhc2hpQ29ycDEUMBIGA1UEAwwLbXl2YXVsdC5jb20wHhcNMTcxMjEzMjEzNTM3
WhcNMTgxMjEzMjEzNTM3WjBcMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAU
BgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCUhhc2hpQ29ycDEUMBIGA1UE
AwwLbXl2YXVsdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvsz/9l
EJIlRG6DOw4fXdB/aJgJk2rR8cU0D8+vECIzb+MdDK0cBHtLiVpZC/RnZMdMzjGn
Z++Fp3dEnT6CD0IjKdJcD+qSyZSjHIuYpHjnjrVlM/Le0xST7egoG+fXkSt4myzG
ec2WK1jcZefRRGPycvMqx1yUWU76jDdFZSL5AgMBAAEwDQYJKoZIhvcNAQEFBQAD
gYEAQfYE26FLZ9SPPU8bHNDxoxDmGrn8yJ78C490Qpix/w6gdLaBtILenrZbhpnB
3L3okraM8mplaN2KdAcpnsr4wPv9hbYkam0coxCQEKs8ltHSBaXT6uKRWb00nkGu
yAXDRpuPdFRqbXW3ZFC5broUrz4ujxTDKfVeIn0zpPZkv24=
-----END CERTIFICATE-----`)
key := []byte(`-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,64B032D83BD6A6DC
qVJ+mXEBKMkUPrQ8odHunMpPgChQUny4CX73/dAcm7O9iXIv9eXQSxj2qfgCOloj
vthg7jYNwtRb0ydzCEnEud35zWw38K/l19/pe4ULfNXlOddlsk4XIHarBiz+KUaX
WTbNk0H+DwdcEwhprPgpTk8gp88lZBiHCnTG/s8v/JNt+wkdqjfAp0Xbm9m+OZ7s
hlNxZin1OuBdprBqfKWBltUALZYiIBhspMTmh+jGQSyEKNTAIBejIiRH5+xYWuOy
xKencq8UpQMOMPR2ZiSw42dU9j8HHMgldI7KszU2FDIEFXG7aSjcxNyyybeBT+Uz
YPoxGxSdUYWqaz50UszvHg/QWR8NlPlQc3nFAUVpGKUF9MEQCIAK8HjcpMP+IAVO
ertp4cTa2Rpm9YeoFrY6tabvmXApXlQPw6rBn6o5KpceWG3ceOsDOsT+e3edHu9g
SGO4hjggbRpO+dBOuwfw4rMn9X1BbqXKJcREAmrgVVSf9/s942E4YOQ+IGJPdtmY
WHAFk8hiJepsVCA2NpwVlAD+QbPPaR2RtvYOtq3IKlWRuVQ+6dpxDsz5FlJhs2L+
HsX6XqtwuQM8kk1hO8Gm3VeV7+b64r9kfbO8jCM18GexCYiCtig51mJW6IO42d1K
bS1axMx/KeDc/sy7LKEbHnjnYanpGz2Wa2EWhnWAeNXD1nUfUNFPp2SsIGbCMnat
mC4O4cO7YRl3+iJg3kHtTPGtgtCjrZcjlyBtxT2VC7SsTcTXZBWovczMIstyr4Ka
opM24uvQT3Bc0UM0WNh3tdRFuboxDeBDh7PX/2RIoiaMuCCiRZ3O0A==
-----END RSA PRIVATE KEY-----`)
tempDir, err := ioutil.TempDir("", "vault-test")
if err != nil {
t.Fatalf("Error creating temporary directory: %s", err)
}
keyFile := tempDir + "/server.key"
certFile := tempDir + "/server.crt"
err = ioutil.WriteFile(certFile, cert, 0o755)
if err != nil {
t.Fatalf("Error writing to temp file: %s", err)
}
err = ioutil.WriteFile(keyFile, key, 0o755)
if err != nil {
t.Fatalf("Error writing to temp file: %s", err)
}
cg := NewCertificateGetter(certFile, keyFile, "")
err = cg.Reload()
if err == nil {
t.Fatal("error expected")
}
if !errwrap.Contains(err, x509.IncorrectPasswordError.Error()) {
t.Fatalf("expected incorrect password error, got %v", err)
}
cg = NewCertificateGetter(certFile, keyFile, password)
if err := cg.Reload(); err != nil {
t.Fatalf("err: %v", err)
}
}

2
physical/aerospike/aerospike.go
View File

@@ -10,7 +10,7 @@ import (
aero "github.com/aerospike/aerospike-client-go"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/physical"
)

2
physical/azure/azure.go
View File

@@ -17,7 +17,7 @@ import (
"github.com/Azure/go-autorest/autorest/azure"
"github.com/armon/go-metrics"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/physical"
)

2
physical/cockroachdb/cockroachdb.go
View File

@@ -14,7 +14,7 @@ import (
"github.com/cockroachdb/cockroach-go/crdb"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/physical"
// CockroachDB uses the Postgres SQL driver

4
physical/consul/consul.go
View File

@@ -13,9 +13,9 @@ import (
"github.com/hashicorp/consul/api"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/go-secure-stdlib/tlsutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/tlsutil"
"github.com/hashicorp/vault/sdk/physical"
"github.com/hashicorp/vault/vault/diagnose"
"golang.org/x/net/http2"

4
physical/etcd/etcd3.go
View File

@@ -13,8 +13,8 @@ import (
metrics "github.com/armon/go-metrics"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/physical"
"go.etcd.io/etcd/clientv3"
"go.etcd.io/etcd/clientv3/concurrency"

2
physical/mssql/mssql.go
View File

@@ -12,7 +12,7 @@ import (
metrics "github.com/armon/go-metrics"
_ "github.com/denisenkom/go-mssqldb"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/physical"
)

2
physical/mysql/mysql.go
View File

@@ -22,7 +22,7 @@ import (
metrics "github.com/armon/go-metrics"
mysql "github.com/go-sql-driver/mysql"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/vault/sdk/physical"
)

2
physical/oci/oci.go
View File

@@ -14,8 +14,8 @@ import (
"github.com/armon/go-metrics"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/go-uuid"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/physical"
"github.com/oracle/oci-go-sdk/common"
"github.com/oracle/oci-go-sdk/common/auth"

2
physical/raft/fsm.go
View File

@@ -19,9 +19,9 @@ import (
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/go-raftchunking"
"github.com/hashicorp/go-secure-stdlib/strutil"
"github.com/hashicorp/raft"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/vault/sdk/physical"
"github.com/hashicorp/vault/sdk/plugin/pb"
bolt "go.etcd.io/bbolt"

2
physical/raft/raft.go
View File

@@ -18,6 +18,7 @@ import (
log "github.com/hashicorp/go-hclog"
wrapping "github.com/hashicorp/go-kms-wrapping"
"github.com/hashicorp/go-raftchunking"
"github.com/hashicorp/go-secure-stdlib/tlsutil"
"github.com/hashicorp/go-uuid"
"github.com/hashicorp/raft"
autopilot "github.com/hashicorp/raft-autopilot"
@@ -26,7 +27,6 @@ import (
"github.com/hashicorp/vault/helper/metricsutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/jsonutil"
"github.com/hashicorp/vault/sdk/helper/tlsutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/hashicorp/vault/sdk/physical"
"github.com/hashicorp/vault/vault/cluster"

4
physical/raft/raft_autopilot.go
View File

@@ -11,8 +11,8 @@ import (
"sync"
"time"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/helper/strutil"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/go-secure-stdlib/strutil"
"go.uber.org/atomic"
metrics "github.com/armon/go-metrics"

2
physical/s3/s3.go
View File

@@ -20,9 +20,9 @@ import (
"github.com/aws/aws-sdk-go/service/s3"
"github.com/hashicorp/go-cleanhttp"
log "github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-secure-stdlib/parseutil"
"github.com/hashicorp/vault/sdk/helper/awsutil"
"github.com/hashicorp/vault/sdk/helper/consts"
"github.com/hashicorp/vault/sdk/helper/parseutil"
"github.com/hashicorp/vault/sdk/physical"
)

Some files were not shown because too many files have changed in this diff Show More