From 9ece4330a9395902e3f045dcfe3c394530794778 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Wed, 20 Mar 2019 17:50:06 -0400 Subject: [PATCH] Bump plugins now that they don't need Sermo --- .../vault-plugin-auth-alicloud/Gopkg.lock | 57 +++-- .../vault-plugin-auth-azure/Gopkg.lock | 37 ++- .../vault-plugin-auth-centrify/Gopkg.lock | 62 +++-- .../vault-plugin-auth-gcp/plugin/backend.go | 220 ++++++++++++------ .../plugin/cache/cache.go | 87 +++++++ .../plugin/path_config.go | 77 +++--- .../plugin/path_login.go | 81 ++++--- .../vault-plugin-auth-gcp/plugin/path_role.go | 5 +- .../vault-plugin-auth-jwt/Gopkg.lock | 17 +- .../vault-plugin-auth-kubernetes/Gopkg.lock | 57 +++-- .../vault-plugin-secrets-alicloud/Gopkg.lock | 71 ++++-- .../vault-plugin-secrets-alicloud/Gopkg.toml | 2 +- .../vault-plugin-secrets-azure/Gopkg.lock | 62 +++-- .../vault-plugin-secrets-gcpkms/Gopkg.lock | 162 +++++++------ .../vault-plugin-secrets-gcpkms/Gopkg.toml | 8 +- .../vault-plugin-secrets-kv/Gopkg.lock | 42 ++-- vendor/vendor.json | 98 ++++---- 17 files changed, 719 insertions(+), 426 deletions(-) create mode 100644 vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/cache/cache.go diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/Gopkg.lock index 7849a487e3..2272998068 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/Gopkg.lock @@ -1,19 +1,6 @@ # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. -[[projects]] - digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "UT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" - [[projects]] digest = "1:fd5206897fecaccd4d4f247bfb399a8e183b54a06426ffb9b157ed1119a3910f" name = "github.com/aliyun/alibaba-cloud-sdk-go" @@ -113,12 +100,12 @@ revision = "1faddcf740b61468a23dacc67369c28ec96d7fc7" [[projects]] - branch = "master" - digest = "1:183f00c472fb9b2446659618eebf4899872fa267b92f926539411abdc8b941df" + digest = "1:d260503602063d71718eb21f85c02133ad5eac894c2a6f0e0546b7dc017dc97e" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "UT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "73489d0a1476f0c9e6fb03f9c39241523a496dfd" + version = "v0.5.2" [[projects]] branch = "master" @@ -183,7 +170,7 @@ [[projects]] branch = "master" - digest = "1:9b851e29f662c4522e3c9a235bb23008b8fce207b071e50eee2a014fd50f1059" + digest = "1:7fd5a79366307b7ee2c1b7a06366a0431934d31cf6a2b33874cbcf5f2f101b86" name = "github.com/hashicorp/vault" packages = [ "api", @@ -191,6 +178,7 @@ "helper/cidrutil", "helper/compressutil", "helper/consts", + "helper/cryptoutil", "helper/errutil", "helper/hclutil", "helper/jsonutil", @@ -213,7 +201,7 @@ "version", ] pruneopts = "UT" - revision = "e7a0452736177a4ecf6955cdf72a93c325943a18" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" @@ -314,6 +302,19 @@ revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3" version = "v1.2.0" +[[projects]] + branch = "master" + digest = "1:5bce6a1c0d1492cef01d74084ddbac09c4bbc4cbc1db3fdd0c138ed9bc945bf8" + name = "golang.org/x/crypto" + packages = [ + "blake2b", + "ed25519", + "ed25519/internal/edwards25519", + "pbkdf2", + ] + pruneopts = "UT" + revision = "a1f597ede03a7bef967a422b5b3a5bd08805a01e" + [[projects]] branch = "master" digest = "1:505dbee0833715a72a529bb57c354826ad42a4496fad787fa143699b4de1a6d0" @@ -332,9 +333,12 @@ [[projects]] branch = "master" - digest = "1:746ccf620ef9726c42453032e8e039860851ab5914278d24202f343a479a3073" + digest = "1:34dba4831be6a0b6d780592a05023eab016122cd5ba1cb37e172546ead4bbdcb" name = "golang.org/x/sys" - packages = ["unix"] + packages = [ + "cpu", + "unix", + ] pruneopts = "UT" revision = "af653ce8b74f808d092db8ca9741fbb63d2a469d" @@ -414,6 +418,19 @@ revision = "8dea3dc473e90c8179e519d91302d0597c0ca1d1" version = "v1.15.0" +[[projects]] + digest = "1:005cbf8b937fcb1694b9dbb845b0aef618627be7faf7bb330eb2490e3f506ef8" + name = "gopkg.in/square/go-jose.v2" + packages = [ + ".", + "cipher", + "json", + "jwt", + ] + pruneopts = "UT" + revision = "628223f44a71f715d2881ea69afc795a1e9c01be" + version = "v2.3.0" + [solve-meta] analyzer-name = "dep" analyzer-version = 1 diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock index b73a81c63b..ff1319c427 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-azure/Gopkg.lock @@ -30,19 +30,6 @@ revision = "39013ecb48eaf6ced3f4e3e1d95515140ce6b3cf" version = "v10.15.2" -[[projects]] - digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "UT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" - [[projects]] branch = "master" digest = "1:6bf6d532e503d9526d46e69aff04d11632c8c1e28b847dbd226babc1689aa723" @@ -146,12 +133,12 @@ revision = "a4620f9913d19f03a6bf19b2f304daaaf83ea130" [[projects]] - branch = "master" - digest = "1:183f00c472fb9b2446659618eebf4899872fa267b92f926539411abdc8b941df" + digest = "1:d260503602063d71718eb21f85c02133ad5eac894c2a6f0e0546b7dc017dc97e" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "UT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "73489d0a1476f0c9e6fb03f9c39241523a496dfd" + version = "v0.5.2" [[projects]] branch = "master" @@ -216,13 +203,14 @@ [[projects]] branch = "master" - digest = "1:606c7307ae83d1adc0901aa8909b700489d7f1294533344453436a8dbff0091b" + digest = "1:5c053d51845c5b5eccba1ea73bb31e0bcbc22ef2f2ba457890f7920614fe117b" name = "github.com/hashicorp/vault" packages = [ "api", "helper/certutil", "helper/compressutil", "helper/consts", + "helper/cryptoutil", "helper/errutil", "helper/hclutil", "helper/jsonutil", @@ -246,7 +234,7 @@ "version", ] pruneopts = "UT" - revision = "c0739a0f2367d5fdd20cef502b628e01bdb90470" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" @@ -320,9 +308,10 @@ [[projects]] branch = "master" - digest = "1:7b96c8e8cb2c424889739f08eaaded640b0ef096fe4861ec28b3575ed4da7e77" + digest = "1:c6db51b9b9c1657a35c45a7f32443e678db660e9d25bda5af143f787c09d479a" name = "golang.org/x/crypto" packages = [ + "blake2b", "ed25519", "ed25519/internal/edwards25519", "pbkdf2", @@ -362,9 +351,12 @@ [[projects]] branch = "master" - digest = "1:05662433b3a13c921587a6e622b5722072edff83211efd1cd79eeaeedfd83f07" + digest = "1:a989b95f72fce8876213e8e20492525b4cf69a9e7fee7f1d9897983ee0d547e9" name = "golang.org/x/sys" - packages = ["unix"] + packages = [ + "cpu", + "unix", + ] pruneopts = "UT" revision = "1c9583448a9c3aa0f9a6a5241bf73c0bd8aafded" @@ -461,12 +453,13 @@ version = "v1.14.0" [[projects]] - digest = "1:02d2c5be9a35ce750536e74af0d98aca806f225913a3ab28f285843d6283c70d" + digest = "1:b57bb9a6a2a03558d63166f1afc3c0c4f91ad137f63bf2bee995e9baeb976a9c" name = "gopkg.in/square/go-jose.v2" packages = [ ".", "cipher", "json", + "jwt", ] pruneopts = "UT" revision = "8254d6c783765f38c8675fae4427a1fe73fbd09d" diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock index bcb25e3013..33d206d331 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock @@ -1,19 +1,6 @@ # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. -[[projects]] - digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "UT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" - [[projects]] branch = "master" digest = "1:6bf6d532e503d9526d46e69aff04d11632c8c1e28b847dbd226babc1689aa723" @@ -104,12 +91,12 @@ revision = "a4620f9913d19f03a6bf19b2f304daaaf83ea130" [[projects]] - branch = "master" - digest = "1:183f00c472fb9b2446659618eebf4899872fa267b92f926539411abdc8b941df" + digest = "1:d260503602063d71718eb21f85c02133ad5eac894c2a6f0e0546b7dc017dc97e" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "UT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "73489d0a1476f0c9e6fb03f9c39241523a496dfd" + version = "v0.5.2" [[projects]] branch = "master" @@ -174,16 +161,18 @@ [[projects]] branch = "master" - digest = "1:da3b11dddb283e412ccc5275fece4eeb6eb6b607e8c0120e7109859b3d5b530c" + digest = "1:4dc0e760a84eb8fd6bd4e7e81a46cc6f1d33996e4ca576a0322028b9b86ee96d" name = "github.com/hashicorp/vault" packages = [ "api", "helper/certutil", "helper/compressutil", "helper/consts", + "helper/cryptoutil", "helper/errutil", "helper/hclutil", "helper/jsonutil", + "helper/license", "helper/locksutil", "helper/logging", "helper/mlock", @@ -204,7 +193,7 @@ "version", ] pruneopts = "UT" - revision = "8655d167084028d627f687ddc25d0c71307eb5be" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" @@ -246,6 +235,17 @@ revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39" version = "v1.0.0" +[[projects]] + digest = "1:d4c88b5ad20151a96c1e5a55547a944b6af623aa315f69ee0d172b00f95d27fb" + name = "github.com/pierrec/lz4" + packages = [ + ".", + "internal/xxh32", + ] + pruneopts = "UT" + revision = "062282ea0dcff40c9fb8525789eef9644b1fbd6e" + version = "v2.1.0" + [[projects]] digest = "1:0e792eea6c96ec55ff302ef33886acbaa5006e900fefe82689e88d96439dcd84" name = "github.com/ryanuber/go-glob" @@ -256,9 +256,15 @@ [[projects]] branch = "master" - digest = "1:3f3a05ae0b95893d90b9b3b5afdb79a9b3d96e4e36e099d841ae602e4aca0da8" + digest = "1:d50d69f4ce965fa0f88f2f04a2b0ee960647f8979c39ee1b0d2a9068a03ff0ea" name = "golang.org/x/crypto" - packages = ["ssh/terminal"] + packages = [ + "blake2b", + "ed25519", + "ed25519/internal/edwards25519", + "pbkdf2", + "ssh/terminal", + ] pruneopts = "UT" revision = "de0752318171da717af4ce24d0a2e8626afaeb11" @@ -280,9 +286,10 @@ [[projects]] branch = "master" - digest = "1:2f71657f09ff05e4567909e9e0de7ad799828c96d402c540b41dc044a6590fb2" + digest = "1:4553db1a37356272494df0bd32ceba56f0183a17c136e696e25515392434bbfe" name = "golang.org/x/sys" packages = [ + "cpu", "unix", "windows", ] @@ -365,6 +372,19 @@ revision = "32fb0ac620c32ba40a4626ddf94d90d12cce3455" version = "v1.14.0" +[[projects]] + digest = "1:005cbf8b937fcb1694b9dbb845b0aef618627be7faf7bb330eb2490e3f506ef8" + name = "gopkg.in/square/go-jose.v2" + packages = [ + ".", + "cipher", + "json", + "jwt", + ] + pruneopts = "UT" + revision = "628223f44a71f715d2881ea69afc795a1e9c01be" + version = "v2.3.0" + [solve-meta] analyzer-name = "dep" analyzer-version = 1 diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/backend.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/backend.go index bc93701b07..cdfbadd119 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/backend.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/backend.go @@ -2,9 +2,12 @@ package gcpauth import ( "context" - "fmt" + "net/http" + "time" + "github.com/hashicorp/errwrap" "github.com/hashicorp/go-cleanhttp" + "github.com/hashicorp/vault-plugin-auth-gcp/plugin/cache" "github.com/hashicorp/vault/helper/useragent" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" @@ -13,16 +16,20 @@ import ( "google.golang.org/api/cloudresourcemanager/v1" "google.golang.org/api/compute/v1" "google.golang.org/api/iam/v1" - "net/http" ) -const defaultCloudScope = "https://www.googleapis.com/auth/cloud-platform" +var ( + // cacheTime is the duration for which to cache clients and credentials. This + // must be less than 60 minutes. + cacheTime = 30 * time.Minute +) type GcpAuthBackend struct { *framework.Backend - // OAuth scopes for generating HTTP and GCP service clients. - oauthScopes []string + // cache is the internal client/object cache. Callers should never access the + // cache directly. + cache *cache.Cache } // Factory returns a new backend as logical.Backend. @@ -36,7 +43,7 @@ func Factory(ctx context.Context, conf *logical.BackendConfig) (logical.Backend, func Backend() *GcpAuthBackend { b := &GcpAuthBackend{ - oauthScopes: []string{defaultCloudScope}, + cache: cache.New(), } b.Backend = &framework.Backend{ @@ -58,94 +65,167 @@ func Backend() *GcpAuthBackend { }, pathsRole(b), ), + + Invalidate: b.invalidate, } return b } -func (b *GcpAuthBackend) httpClient(ctx context.Context, s logical.Storage) (*http.Client, error) { - config, err := b.config(ctx, s) +// IAMClient returns a new IAM client. The client is cached. +func (b *GcpAuthBackend) IAMClient(s logical.Storage) (*iam.Service, error) { + httpClient, err := b.httpClient(s) if err != nil { - return nil, errwrap.Wrapf( - "could not check to see if GCP credentials were configured, error"+ - "reading config: {{err}}", err) + return nil, errwrap.Wrapf("failed to create IAM HTTP client: {{err}}", err) } - credsBytes, err := config.formatAndMarshalCredentials() + client, err := b.cache.Fetch("iam", cacheTime, func() (interface{}, error) { + client, err := iam.New(httpClient) + if err != nil { + return nil, errwrap.Wrapf("failed to create IAM client: {{err}}", err) + } + client.UserAgent = useragent.String() + + return client, nil + }) if err != nil { - return nil, errwrap.Wrapf( - "unable to marshal given GCP credential JSON: {{err}}", err) + return nil, err } - var creds *google.Credentials - if config != nil && config.Credentials != nil { - creds, err = google.CredentialsFromJSON(ctx, credsBytes, b.oauthScopes...) - if err != nil { - return nil, errwrap.Wrapf("failed to parse credentials: {{err}}", err) - } - } else { - creds, err = google.FindDefaultCredentials(ctx, b.oauthScopes...) - if err != nil { - return nil, errwrap.Wrapf( - "credentials were not configured and Vault could not find "+ - "Application Default Credentials (ADC). Either set ADC or "+ - "configure this auth backend at auth/$MOUNT/config "+ - "(default auth/gcp/config). Error: {{err}}", err) - } - } - - cleanCtx := context.WithValue(ctx, oauth2.HTTPClient, cleanhttp.DefaultClient()) - client := oauth2.NewClient(cleanCtx, creds.TokenSource) - return client, nil + return client.(*iam.Service), nil } -func (b *GcpAuthBackend) newGcpClients(ctx context.Context, s logical.Storage) (*clientHandles, error) { - httpC, err := b.httpClient(ctx, s) +// ComputeClient returns a new Compute client. The client is cached. +func (b *GcpAuthBackend) ComputeClient(s logical.Storage) (*compute.Service, error) { + httpClient, err := b.httpClient(s) if err != nil { - return nil, errwrap.Wrapf("could not obtain HTTP client: {{err}}", err) + return nil, errwrap.Wrapf("failed to create Compute HTTP client: {{err}}", err) } - iamClient, err := iam.New(httpC) - if err != nil { - return nil, fmt.Errorf(clientErrorTemplate, "IAM", err) - } - iamClient.UserAgent = useragent.String() + client, err := b.cache.Fetch("compute", cacheTime, func() (interface{}, error) { + client, err := compute.New(httpClient) + if err != nil { + return nil, errwrap.Wrapf("failed to create Compute client: {{err}}", err) + } + client.UserAgent = useragent.String() - gceClient, err := compute.New(httpC) + return client, nil + }) if err != nil { - return nil, fmt.Errorf(clientErrorTemplate, "Compute", err) + return nil, err } - iamClient.UserAgent = useragent.String() - crmClient, err := cloudresourcemanager.New(httpC) - if err != nil { - return nil, fmt.Errorf(clientErrorTemplate, "Cloud Resource Manager", err) - } - crmClient.UserAgent = useragent.String() - - return &clientHandles{ - iam: iamClient, - gce: gceClient, - resourceManager: crmClient, - }, nil + return client.(*compute.Service), nil } -type clientHandles struct { - iam *iam.Service - gce *compute.Service - resourceManager *cloudresourcemanager.Service +// CRMClient returns a new Cloud Resource Manager client. The client is cached. +func (b *GcpAuthBackend) CRMClient(s logical.Storage) (*cloudresourcemanager.Service, error) { + httpClient, err := b.httpClient(s) + if err != nil { + return nil, errwrap.Wrapf("failed to create Cloud Resource Manager HTTP client: {{err}}", err) + } + + client, err := b.cache.Fetch("crm", cacheTime, func() (interface{}, error) { + client, err := cloudresourcemanager.New(httpClient) + if err != nil { + return nil, errwrap.Wrapf("failed to create Cloud Resource Manager client: {{err}}", err) + } + client.UserAgent = useragent.String() + + return client, nil + }) + if err != nil { + return nil, err + } + + return client.(*cloudresourcemanager.Service), nil +} + +// httpClient returns a new http.Client that is authenticated using the provided +// credentials. The underlying httpClient is cached among all clients. +func (b *GcpAuthBackend) httpClient(s logical.Storage) (*http.Client, error) { + creds, err := b.credentials(s) + if err != nil { + return nil, errwrap.Wrapf("failed to create oauth2 http client: {{err}}", err) + } + + client, err := b.cache.Fetch("HTTPClient", cacheTime, func() (interface{}, error) { + b.Logger().Debug("creating oauth2 http client") + ctx := context.WithValue(context.Background(), oauth2.HTTPClient, cleanhttp.DefaultClient()) + return oauth2.NewClient(ctx, creds.TokenSource), nil + }) + if err != nil { + return nil, err + } + + return client.(*http.Client), nil +} + +// credentials returns the credentials which were specified in the +// configuration. If no credentials were given during configuration, this uses +// default application credentials. If no default application credentials are +// found, this function returns an error. The credentials are cached in-memory +// for performance. +func (b *GcpAuthBackend) credentials(s logical.Storage) (*google.Credentials, error) { + creds, err := b.cache.Fetch("credentials", cacheTime, func() (interface{}, error) { + b.Logger().Debug("loading credentials") + + ctx := context.Background() + + config, err := b.config(ctx, s) + if err != nil { + return nil, err + } + + // Get creds from the config + credBytes, err := config.formatAndMarshalCredentials() + if err != nil { + return nil, errwrap.Wrapf("failed to marshal credential JSON: {{err}}", err) + } + + // If credentials were provided, use those. Otherwise fall back to the + // default application credentials. + var creds *google.Credentials + if len(credBytes) > 0 { + creds, err = google.CredentialsFromJSON(ctx, credBytes, iam.CloudPlatformScope) + if err != nil { + return nil, errwrap.Wrapf("failed to parse credentials: {{err}}", err) + } + } else { + creds, err = google.FindDefaultCredentials(ctx, iam.CloudPlatformScope) + if err != nil { + return nil, errwrap.Wrapf("failed to get default credentials: {{err}}", err) + } + } + + return creds, err + }) + if err != nil { + return nil, err + } + return creds.(*google.Credentials), nil +} + +// ClearCaches deletes all cached clients and credentials. +func (b *GcpAuthBackend) ClearCaches() { + b.cache.Clear() +} + +// invalidate resets the plugin. This is called when a key is updated via +// replication. +func (b *GcpAuthBackend) invalidate(ctx context.Context, key string) { + switch key { + case "config": + b.ClearCaches() + } } const backendHelp = ` -The GCP backend plugin allows authentication for Google Cloud Platform entities. -Currently, it supports authentication for: +The GCP auth method allows machines to authenticate Google Cloud Platform +entities. It supports two modes of authentication: -* IAM Service Accounts: - IAM service accounts provide a signed JSON Web Token (JWT), signed by - calling GCP APIs directly or via the Vault CL helper. +- IAM service accounts: provides a signed JSON Web Token for a given + service account key -* GCE VM Instances: - GCE provide a signed instance metadata JSON Web Token (JWT), obtained from the - GCE instance metadata server (http://metadata.google.internal/computeMetadata/v1/instance). - Using the /service-accounts//identity endpoint, the instance - can obtain this JWT and pass it to Vault on login. +- GCE VM metadata: provides a signed JSON Web Token using instance metadata + obtained from the GCE instance metadata server ` diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/cache/cache.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/cache/cache.go new file mode 100644 index 0000000000..37e56f8a9f --- /dev/null +++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/cache/cache.go @@ -0,0 +1,87 @@ +package cache + +import ( + "sync" + "time" +) + +// New creates a cacher. +func New() *Cache { + return &Cache{ + data: map[string]*cacheEntry{}, + } +} + +// Func is the signature for a cache function. +type Func func() (interface{}, error) + +// Cache is the internal cache implementation. +type Cache struct { + lock sync.RWMutex + data map[string]*cacheEntry +} + +// cacheEntry represents an item in the cache with an expiration and lifetime. +type cacheEntry struct { + result interface{} + created time.Time + lifetime time.Duration +} + +// Fetch retrieves an item from the cache. If the item exists in the cache and +// is within its lifetime, it is returned. If the item does not exist, or if the +// item exists but has exceeded its lifetime, the function f is invoked and the +// result is updated in the cache. +func (c *Cache) Fetch(name string, t time.Duration, f Func) (interface{}, error) { + // Attempt to read from the cache, returning the cached value if it's still + // valid. + c.lock.RLock() + e, ok := c.data[name] + if ok && e.result != nil && time.Now().Sub(e.created) < e.lifetime { + c.lock.RUnlock() + return e.result, nil + } + c.lock.RUnlock() + + // Either no cached value exists, or the cached item has exceeded its lifetime. + c.lock.Lock() + + // Go doesn't have the ability to "upgrade" a lock, so it's possible that + // another concurrent invocation sized the lock between our RLock and Lock, + // thus we have to check again. + e, ok = c.data[name] + if ok && e.result != nil && time.Now().Sub(e.created) < e.lifetime { + c.lock.Unlock() + return e.result, nil + } + + result, err := f() + if err != nil { + c.lock.Unlock() + return nil, err + } + + c.data[name] = &cacheEntry{ + result: result, + created: time.Now(), + lifetime: t, + } + + c.lock.Unlock() + + return result, nil +} + +// Expire removes the given item from the cache, if it exists. +func (c *Cache) Expire(name string) { + c.lock.Lock() + delete(c.data, name) + c.lock.Unlock() +} + +// Clear empties the cache for all values. +func (c *Cache) Clear() { + c.lock.Lock() + c.data = map[string]*cacheEntry{} + c.lock.Unlock() +} diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go index da4d32f310..0f2e0ccda4 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go @@ -3,10 +3,10 @@ package gcpauth import ( "context" "errors" - "fmt" "encoding/json" + "github.com/hashicorp/errwrap" "github.com/hashicorp/go-gcp-common/gcputil" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" @@ -40,38 +40,50 @@ Deprecated. This field does nothing and be removed in a future release`, } } -func (b *GcpAuthBackend) pathConfigWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { - // Validate we didn't get extraneous fields - if err := validateFields(req, data); err != nil { +func (b *GcpAuthBackend) pathConfigWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { + if err := validateFields(req, d); err != nil { return nil, logical.CodedError(422, err.Error()) } - config, err := b.config(ctx, req.Storage) + c, err := b.config(ctx, req.Storage) if err != nil { return nil, err } - if config == nil { - config = &gcpConfig{} + if c == nil { + c = &gcpConfig{} } - if err := config.Update(data); err != nil { - return logical.ErrorResponse(fmt.Sprintf("could not update config: %v", err)), nil - } - - entry, err := logical.StorageEntryJSON("config", config) + changed, err := c.Update(d) if err != nil { - return nil, err + return nil, logical.CodedError(400, err.Error()) } - if err := req.Storage.Put(ctx, entry); err != nil { - return nil, err + // Only do the following if the config is different + if changed { + // Generate a new storage entry + entry, err := logical.StorageEntryJSON("config", c) + if err != nil { + return nil, errwrap.Wrapf("failed to generate JSON configuration: {{err}}", err) + } + + // Save the storage entry + if err := req.Storage.Put(ctx, entry); err != nil { + return nil, errwrap.Wrapf("failed to persist configuration to storage: {{err}}", err) + } + + // Invalidate existing client so it reads the new configuration + b.ClearCaches() } return nil, nil } -func (b *GcpAuthBackend) pathConfigRead(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) { +func (b *GcpAuthBackend) pathConfigRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { + if err := validateFields(req, d); err != nil { + return nil, logical.CodedError(422, err.Error()) + } + config, err := b.config(ctx, req.Storage) if err != nil { return nil, err @@ -139,19 +151,28 @@ func (config *gcpConfig) formatAndMarshalCredentials() ([]byte, error) { } // Update sets gcpConfig values parsed from the FieldData. -func (config *gcpConfig) Update(data *framework.FieldData) error { - credentialsJson := data.Get("credentials").(string) - if credentialsJson != "" { - creds, err := gcputil.Credentials(credentialsJson) - if err != nil { - return fmt.Errorf("error reading google credentials from given JSON: %v", err) - } - if len(creds.PrivateKeyId) == 0 { - return errors.New("google credentials not found from given JSON") - } - config.Credentials = creds +func (c *gcpConfig) Update(d *framework.FieldData) (bool, error) { + if d == nil { + return false, nil } - return nil + + changed := false + + if v, ok := d.GetOk("credentials"); ok { + creds, err := gcputil.Credentials(v.(string)) + if err != nil { + return false, errwrap.Wrapf("failed to read credentials: {{err}}", err) + } + + if len(creds.PrivateKeyId) == 0 { + return false, errors.New("missing private key in credentials") + } + + c.Credentials = creds + changed = true + } + + return changed, nil } // config reads the backend's gcpConfig from storage. diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go index 39adbc7f51..39e169da54 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go @@ -8,7 +8,6 @@ import ( "strings" "time" - "github.com/SermoDigital/jose/jws" "github.com/hashicorp/errwrap" "github.com/hashicorp/go-gcp-common/gcputil" "github.com/hashicorp/vault/helper/policyutil" @@ -23,8 +22,6 @@ import ( const ( expectedJwtAudTemplate string = "vault/%s" - - clientErrorTemplate string = "backend not configured properly, could not create %s client: %v" ) func pathLogin(b *GcpAuthBackend) *framework.Path { @@ -200,16 +197,17 @@ func (b *GcpAuthBackend) getSigningKey(ctx context.Context, token *jwt.JSONWebTo switch role.RoleType { case iamRoleType: - clients, err := b.newGcpClients(ctx, s) + iamClient, err := b.IAMClient(s) if err != nil { return nil, err } + serviceAccountId, err := parseServiceAccountFromIAMJWT(rawToken) if err != nil { return nil, err } - accountKey, err := gcputil.ServiceAccountKey(clients.iam, &gcputil.ServiceAccountKeyId{ + accountKey, err := gcputil.ServiceAccountKey(iamClient, &gcputil.ServiceAccountKeyId{ Project: "-", EmailOrId: serviceAccountId, Key: keyId, @@ -234,15 +232,19 @@ func (b *GcpAuthBackend) getSigningKey(ctx context.Context, token *jwt.JSONWebTo // ParseServiceAccountFromIAMJWT parses the service account from the 'sub' claim given a serialized signed JWT. func parseServiceAccountFromIAMJWT(signedJwt string) (string, error) { - jwtVal, err := jws.ParseJWT([]byte(signedJwt)) + jwtVal, err := jwt.ParseSigned(signedJwt) if err != nil { - return "", fmt.Errorf("could not parse service account from JWT 'sub' claim: %v", err) + return "", fmt.Errorf("could not parse JWT: %v", err) } - accountId, ok := jwtVal.Claims().Subject() - if !ok { + var claims jwt.Claims + if err = jwtVal.UnsafeClaimsWithoutVerification(&claims); err != nil { + return "", fmt.Errorf("could not parse claims from JWT: %v", err) + } + accountID := claims.Subject + if accountID == "" { return "", errors.New("expected 'sub' claim with service account ID or name") } - return accountId, nil + return accountID, nil } func (b *GcpAuthBackend) getGoogleOauthCert(ctx context.Context, keyId string) (interface{}, error) { @@ -279,7 +281,7 @@ func validateBaseJWTClaims(c *jwt.Claims, roleName string) error { // ---- IAM login domain ---- // pathIamLogin attempts a login operation using the parsed login info. func (b *GcpAuthBackend) pathIamLogin(ctx context.Context, req *logical.Request, loginInfo *gcpLoginInfo) (*logical.Response, error) { - clients, err := b.newGcpClients(ctx, req.Storage) + iamClient, err := b.IAMClient(req.Storage) if err != nil { return nil, err } @@ -300,7 +302,7 @@ func (b *GcpAuthBackend) pathIamLogin(ctx context.Context, req *logical.Request, Project: "-", EmailOrId: loginInfo.EmailOrId, } - serviceAccount, err := gcputil.ServiceAccount(clients.iam, accountId) + serviceAccount, err := gcputil.ServiceAccount(iamClient, accountId) if err != nil { return nil, err } @@ -340,12 +342,12 @@ func (b *GcpAuthBackend) pathIamLogin(ctx context.Context, req *logical.Request, }, } if role.AddGroupAliases { - clients, err := b.newGcpClients(ctx, req.Storage) + crmClient, err := b.CRMClient(req.Storage) if err != nil { return nil, err } - aliases, err := b.groupAliases(clients.resourceManager, ctx, serviceAccount.ProjectId) + aliases, err := b.groupAliases(crmClient, ctx, serviceAccount.ProjectId) if err != nil { return nil, err } @@ -358,7 +360,7 @@ func (b *GcpAuthBackend) pathIamLogin(ctx context.Context, req *logical.Request, // pathIamRenew returns an error if the service account referenced in the auth token metadata cannot renew the // auth token for the given role. func (b *GcpAuthBackend) pathIamRenew(ctx context.Context, req *logical.Request, roleName string, role *gcpRole) error { - clients, err := b.newGcpClients(ctx, req.Storage) + iamClient, err := b.IAMClient(req.Storage) if err != nil { return err } @@ -374,7 +376,7 @@ func (b *GcpAuthBackend) pathIamRenew(ctx context.Context, req *logical.Request, project = "-" } - serviceAccount, err := gcputil.ServiceAccount(clients.iam, &gcputil.ServiceAccountId{ + serviceAccount, err := gcputil.ServiceAccount(iamClient, &gcputil.ServiceAccountId{ Project: project, EmailOrId: serviceAccountId, }) @@ -430,12 +432,12 @@ func (b *GcpAuthBackend) pathGceLogin(ctx context.Context, req *logical.Request, } // Verify instance exists. - clients, err := b.newGcpClients(ctx, req.Storage) + computeClient, err := b.ComputeClient(req.Storage) if err != nil { return nil, err } - instance, err := metadata.GetVerifiedInstance(clients.gce) + instance, err := metadata.GetVerifiedInstance(computeClient) if err != nil { return logical.ErrorResponse(fmt.Sprintf( "error when attempting to find instance (project %s, zone: %s, instance: %s) :%v", @@ -456,7 +458,12 @@ func (b *GcpAuthBackend) pathGceLogin(ctx context.Context, req *logical.Request, }, nil } - serviceAccount, err := gcputil.ServiceAccount(clients.iam, &gcputil.ServiceAccountId{ + iamClient, err := b.IAMClient(req.Storage) + if err != nil { + return nil, err + } + + serviceAccount, err := gcputil.ServiceAccount(iamClient, &gcputil.ServiceAccountId{ Project: "-", EmailOrId: loginInfo.EmailOrId, }) @@ -485,7 +492,12 @@ func (b *GcpAuthBackend) pathGceLogin(ctx context.Context, req *logical.Request, } if role.AddGroupAliases { - aliases, err := b.groupAliases(clients.resourceManager, ctx, metadata.ProjectId) + crmClient, err := b.CRMClient(req.Storage) + if err != nil { + return nil, err + } + + aliases, err := b.groupAliases(crmClient, ctx, metadata.ProjectId) if err != nil { return nil, err } @@ -516,12 +528,9 @@ func (b *GcpAuthBackend) groupAliases(crmClient *cloudresourcemanager.Service, c return nil, err } - aliases := make([]*logical.Alias, len(ancestry.Ancestor)+1) - aliases[0] = &logical.Alias{ - Name: fmt.Sprintf("project-%s", projectId), - } + aliases := make([]*logical.Alias, len(ancestry.Ancestor)) for i, parent := range ancestry.Ancestor { - aliases[i+1] = &logical.Alias{ + aliases[i] = &logical.Alias{ Name: fmt.Sprintf("%s-%s", parent.ResourceId.Type, parent.ResourceId.Id), } } @@ -551,22 +560,17 @@ func authMetadata(loginInfo *gcpLoginInfo, serviceAccount *iam.ServiceAccount) m // pathGceRenew returns an error if the instance referenced in the auth token metadata cannot renew the // auth token for the given role. func (b *GcpAuthBackend) pathGceRenew(ctx context.Context, req *logical.Request, roleName string, role *gcpRole) error { - httpC, err := b.httpClient(ctx, req.Storage) + computeClient, err := b.ComputeClient(req.Storage) if err != nil { return err } - gceClient, err := compute.New(httpC) - if err != nil { - return fmt.Errorf(clientErrorTemplate, "GCE", err) - } - meta, err := getInstanceMetadataFromAuth(req.Auth.Metadata) if err != nil { return fmt.Errorf("invalid auth metadata: %v", err) } - instance, err := meta.GetVerifiedInstance(gceClient) + instance, err := meta.GetVerifiedInstance(computeClient) if err != nil { return err } @@ -632,24 +636,19 @@ func getInstanceMetadataFromAuth(authMetadata map[string]string) (*gcputil.GCEId // authorizeGCEInstance returns an error if the given GCE instance is not // authorized for the role. func (b *GcpAuthBackend) authorizeGCEInstance(ctx context.Context, project string, instance *compute.Instance, s logical.Storage, role *gcpRole, serviceAccountId string) error { - httpC, err := b.httpClient(ctx, s) + iamClient, err := b.IAMClient(s) if err != nil { return err } - iamClient, err := iam.New(httpC) + computeClient, err := b.ComputeClient(s) if err != nil { - return fmt.Errorf(clientErrorTemplate, "IAM", err) - } - - gceClient, err := compute.New(httpC) - if err != nil { - return fmt.Errorf(clientErrorTemplate, "GCE", err) + return nil } return AuthorizeGCE(ctx, &AuthorizeGCEInput{ client: &gcpClient{ - computeSvc: gceClient, + computeSvc: computeClient, iamSvc: iamClient, }, serviceAccount: serviceAccountId, diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_role.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_role.go index 4f682bbfa8..597e7f42c5 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_role.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_role.go @@ -595,6 +595,9 @@ type gcpRole struct { // Service accounts allowed to login under this role. BoundServiceAccounts []string `json:"bound_service_accounts,omitempty"` + // AddGroupAliases adds Vault group aliases to the response. + AddGroupAliases bool `json:"add_group_aliases,omitempty"` + // --| IAM-only attributes |-- // MaxJwtExp is the duration from time of authentication that a JWT used to authenticate to role must expire within. // TODO(emilymye): Allow this to be updated for GCE roles once 'exp' parameter has been allowed for GCE metadata. @@ -617,8 +620,6 @@ type gcpRole struct { // BoundLabels that instances must currently have set in order to login under this role. BoundLabels map[string]string `json:"bound_labels,omitempty"` - AddGroupAliases bool `json:"add_group_aliases,omitempty"` - // Deprecated fields // TODO: Remove in 0.5.0+ ProjectId string `json:"project_id,omitempty"` diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-jwt/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-jwt/Gopkg.lock index d56992e8ae..6753429925 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-jwt/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-jwt/Gopkg.lock @@ -1,19 +1,6 @@ # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. -[[projects]] - digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "UT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" - [[projects]] digest = "1:c47f4964978e211c6e566596ec6246c329912ea92e9bb99c00798bb4564c5b09" name = "github.com/armon/go-radix" @@ -182,7 +169,7 @@ [[projects]] branch = "master" - digest = "1:961541c49385b69f1d3ee6087df21d7d9595f98a8f29170e810267180ff6a9fb" + digest = "1:c36ad0b7d3186dd926e371b155dc7532677d3df42aa18f19fe9d5759249c9569" name = "github.com/hashicorp/vault" packages = [ "api", @@ -214,7 +201,7 @@ "version", ] pruneopts = "UT" - revision = "5d444354923ab54c8207f8c8820cfe78c1572656" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock index f6ee0566a5..b410810190 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock @@ -1,19 +1,6 @@ # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. -[[projects]] - digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "UT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" - [[projects]] branch = "master" digest = "1:6bf6d532e503d9526d46e69aff04d11632c8c1e28b847dbd226babc1689aa723" @@ -133,12 +120,12 @@ revision = "a4620f9913d19f03a6bf19b2f304daaaf83ea130" [[projects]] - branch = "master" - digest = "1:183f00c472fb9b2446659618eebf4899872fa267b92f926539411abdc8b941df" + digest = "1:d260503602063d71718eb21f85c02133ad5eac894c2a6f0e0546b7dc017dc97e" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "UT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "73489d0a1476f0c9e6fb03f9c39241523a496dfd" + version = "v0.5.2" [[projects]] branch = "master" @@ -203,7 +190,7 @@ [[projects]] branch = "master" - digest = "1:7be65468c591c5e836ec7ff70b6e7665452a6e700d5f0d5bb9edec8aa57b58e2" + digest = "1:c36ad0b7d3186dd926e371b155dc7532677d3df42aa18f19fe9d5759249c9569" name = "github.com/hashicorp/vault" packages = [ "api", @@ -211,6 +198,7 @@ "helper/cidrutil", "helper/compressutil", "helper/consts", + "helper/cryptoutil", "helper/errutil", "helper/hclutil", "helper/jsonutil", @@ -234,7 +222,7 @@ "version", ] pruneopts = "UT" - revision = "c0739a0f2367d5fdd20cef502b628e01bdb90470" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" @@ -295,6 +283,19 @@ revision = "572520ed46dbddaed19ea3d9541bdd0494163693" version = "v0.1" +[[projects]] + branch = "master" + digest = "1:5bce6a1c0d1492cef01d74084ddbac09c4bbc4cbc1db3fdd0c138ed9bc945bf8" + name = "golang.org/x/crypto" + packages = [ + "blake2b", + "ed25519", + "ed25519/internal/edwards25519", + "pbkdf2", + ] + pruneopts = "UT" + revision = "a1f597ede03a7bef967a422b5b3a5bd08805a01e" + [[projects]] branch = "master" digest = "1:b5c3834d33445efdc5a8dcb154bed9e4c211edadbf02f6f5cc20c5e9be26a499" @@ -313,9 +314,12 @@ [[projects]] branch = "master" - digest = "1:05662433b3a13c921587a6e622b5722072edff83211efd1cd79eeaeedfd83f07" + digest = "1:a989b95f72fce8876213e8e20492525b4cf69a9e7fee7f1d9897983ee0d547e9" name = "golang.org/x/sys" - packages = ["unix"] + packages = [ + "cpu", + "unix", + ] pruneopts = "UT" revision = "1c9583448a9c3aa0f9a6a5241bf73c0bd8aafded" @@ -403,6 +407,19 @@ revision = "d2d2541c53f18d2a059457998ce2876cc8e67cbf" version = "v0.9.1" +[[projects]] + digest = "1:005cbf8b937fcb1694b9dbb845b0aef618627be7faf7bb330eb2490e3f506ef8" + name = "gopkg.in/square/go-jose.v2" + packages = [ + ".", + "cipher", + "json", + "jwt", + ] + pruneopts = "UT" + revision = "628223f44a71f715d2881ea69afc795a1e9c01be" + version = "v2.3.0" + [[projects]] branch = "master" digest = "1:6012060ff3ab84c40e066fea24583fe1a33525af615acfac7308e932eb06479d" diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/Gopkg.lock index 76fc321a40..bf90b35672 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/Gopkg.lock @@ -1,19 +1,6 @@ # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. -[[projects]] - digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "UT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" - [[projects]] digest = "1:ed934376091abfd27e465770d48f469af62f4ec5a61506e80af9b4f97b6defa7" name = "github.com/aliyun/alibaba-cloud-sdk-go" @@ -114,12 +101,12 @@ revision = "1faddcf740b61468a23dacc67369c28ec96d7fc7" [[projects]] - branch = "master" - digest = "1:183f00c472fb9b2446659618eebf4899872fa267b92f926539411abdc8b941df" + digest = "1:d260503602063d71718eb21f85c02133ad5eac894c2a6f0e0546b7dc017dc97e" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "UT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "73489d0a1476f0c9e6fb03f9c39241523a496dfd" + version = "v0.5.2" [[projects]] branch = "master" @@ -183,16 +170,19 @@ version = "v1.0.0" [[projects]] - digest = "1:4be4315ec4768c829b2bc87c7e28dbb2420e831e242770d845833c13bb658d70" + branch = "master" + digest = "1:936f8311b6c54595a5f77d79f7361e9355bb04dea16d271867f0311d58f661aa" name = "github.com/hashicorp/vault" packages = [ "api", "helper/certutil", "helper/compressutil", "helper/consts", + "helper/cryptoutil", "helper/errutil", "helper/hclutil", "helper/jsonutil", + "helper/license", "helper/locksutil", "helper/logging", "helper/mlock", @@ -211,8 +201,7 @@ "version", ] pruneopts = "UT" - revision = "e21712a687889de1125e0a12a980420b1a4f72d3" - version = "v0.10.4" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" @@ -286,6 +275,17 @@ revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39" version = "v1.0.0" +[[projects]] + digest = "1:d4c88b5ad20151a96c1e5a55547a944b6af623aa315f69ee0d172b00f95d27fb" + name = "github.com/pierrec/lz4" + packages = [ + ".", + "internal/xxh32", + ] + pruneopts = "UT" + revision = "062282ea0dcff40c9fb8525789eef9644b1fbd6e" + version = "v2.1.0" + [[projects]] digest = "1:0e792eea6c96ec55ff302ef33886acbaa5006e900fefe82689e88d96439dcd84" name = "github.com/ryanuber/go-glob" @@ -302,6 +302,19 @@ revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3" version = "v1.2.0" +[[projects]] + branch = "master" + digest = "1:5bce6a1c0d1492cef01d74084ddbac09c4bbc4cbc1db3fdd0c138ed9bc945bf8" + name = "golang.org/x/crypto" + packages = [ + "blake2b", + "ed25519", + "ed25519/internal/edwards25519", + "pbkdf2", + ] + pruneopts = "UT" + revision = "a1f597ede03a7bef967a422b5b3a5bd08805a01e" + [[projects]] branch = "master" digest = "1:505dbee0833715a72a529bb57c354826ad42a4496fad787fa143699b4de1a6d0" @@ -320,9 +333,12 @@ [[projects]] branch = "master" - digest = "1:746ccf620ef9726c42453032e8e039860851ab5914278d24202f343a479a3073" + digest = "1:34dba4831be6a0b6d780592a05023eab016122cd5ba1cb37e172546ead4bbdcb" name = "golang.org/x/sys" - packages = ["unix"] + packages = [ + "cpu", + "unix", + ] pruneopts = "UT" revision = "af653ce8b74f808d092db8ca9741fbb63d2a469d" @@ -402,6 +418,19 @@ revision = "8dea3dc473e90c8179e519d91302d0597c0ca1d1" version = "v1.15.0" +[[projects]] + digest = "1:005cbf8b937fcb1694b9dbb845b0aef618627be7faf7bb330eb2490e3f506ef8" + name = "gopkg.in/square/go-jose.v2" + packages = [ + ".", + "cipher", + "json", + "jwt", + ] + pruneopts = "UT" + revision = "628223f44a71f715d2881ea69afc795a1e9c01be" + version = "v2.3.0" + [solve-meta] analyzer-name = "dep" analyzer-version = 1 diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/Gopkg.toml b/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/Gopkg.toml index 9efa1184c1..239a576500 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/Gopkg.toml +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-alicloud/Gopkg.toml @@ -39,7 +39,7 @@ [[constraint]] name = "github.com/hashicorp/vault" - version = "0.10.4" + branch = "master" [prune] go-tests = true diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-azure/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-secrets-azure/Gopkg.lock index d373932942..8e2565b449 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-azure/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-azure/Gopkg.lock @@ -33,19 +33,6 @@ revision = "39013ecb48eaf6ced3f4e3e1d95515140ce6b3cf" version = "v10.15.2" -[[projects]] - digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "UT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" - [[projects]] branch = "master" digest = "1:6bf6d532e503d9526d46e69aff04d11632c8c1e28b847dbd226babc1689aa723" @@ -149,12 +136,12 @@ revision = "a4620f9913d19f03a6bf19b2f304daaaf83ea130" [[projects]] - branch = "master" - digest = "1:183f00c472fb9b2446659618eebf4899872fa267b92f926539411abdc8b941df" + digest = "1:d260503602063d71718eb21f85c02133ad5eac894c2a6f0e0546b7dc017dc97e" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "UT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "73489d0a1476f0c9e6fb03f9c39241523a496dfd" + version = "v0.5.2" [[projects]] branch = "master" @@ -219,16 +206,18 @@ [[projects]] branch = "master" - digest = "1:eda2edac4eb0d58535d11624f1dfd04acb2db8c0cbce99cb65b13ce4ba87e144" + digest = "1:621c9ff2b7352cac17dd2538b94deae7b6e478cc04801cb26bd3b49c0db7dff5" name = "github.com/hashicorp/vault" packages = [ "api", "helper/certutil", "helper/compressutil", "helper/consts", + "helper/cryptoutil", "helper/errutil", "helper/hclutil", "helper/jsonutil", + "helper/license", "helper/locksutil", "helper/logging", "helper/mlock", @@ -248,7 +237,7 @@ "version", ] pruneopts = "UT" - revision = "add60e6dc7ff7b94487f3b5b680d00d7c05fe621" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" @@ -290,6 +279,17 @@ revision = "4dadeb3030eda0273a12382bb2348ffc7c9d1a39" version = "v1.0.0" +[[projects]] + digest = "1:d4c88b5ad20151a96c1e5a55547a944b6af623aa315f69ee0d172b00f95d27fb" + name = "github.com/pierrec/lz4" + packages = [ + ".", + "internal/xxh32", + ] + pruneopts = "UT" + revision = "062282ea0dcff40c9fb8525789eef9644b1fbd6e" + version = "v2.1.0" + [[projects]] digest = "1:0e792eea6c96ec55ff302ef33886acbaa5006e900fefe82689e88d96439dcd84" name = "github.com/ryanuber/go-glob" @@ -300,9 +300,13 @@ [[projects]] branch = "master" - digest = "1:1d18232beafad93272158a9e9810f417b418c2f967e0506f3e2609c10310fe31" + digest = "1:c6db51b9b9c1657a35c45a7f32443e678db660e9d25bda5af143f787c09d479a" name = "golang.org/x/crypto" packages = [ + "blake2b", + "ed25519", + "ed25519/internal/edwards25519", + "pbkdf2", "pkcs12", "pkcs12/internal/rc2", ] @@ -327,9 +331,12 @@ [[projects]] branch = "master" - digest = "1:05662433b3a13c921587a6e622b5722072edff83211efd1cd79eeaeedfd83f07" + digest = "1:a989b95f72fce8876213e8e20492525b4cf69a9e7fee7f1d9897983ee0d547e9" name = "golang.org/x/sys" - packages = ["unix"] + packages = [ + "cpu", + "unix", + ] pruneopts = "UT" revision = "1c9583448a9c3aa0f9a6a5241bf73c0bd8aafded" @@ -409,6 +416,19 @@ revision = "32fb0ac620c32ba40a4626ddf94d90d12cce3455" version = "v1.14.0" +[[projects]] + digest = "1:005cbf8b937fcb1694b9dbb845b0aef618627be7faf7bb330eb2490e3f506ef8" + name = "gopkg.in/square/go-jose.v2" + packages = [ + ".", + "cipher", + "json", + "jwt", + ] + pruneopts = "UT" + revision = "628223f44a71f715d2881ea69afc795a1e9c01be" + version = "v2.3.0" + [solve-meta] analyzer-name = "dep" analyzer-version = 1 diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/Gopkg.lock index 3b93272ef0..7bc2fa176e 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/Gopkg.lock @@ -2,29 +2,16 @@ [[projects]] - digest = "1:226522dec866d632e6c36590ec55e8add86646b42d84b98670d6a9eb01fd65af" + branch = "master" + digest = "1:b43c8fa11f5939f7f66f3446f010ba52837f5d54147e572beb4614b6fb218c79" name = "cloud.google.com/go" packages = [ "compute/metadata", - "internal/version", + "iam", "kms/apiv1", ] pruneopts = "NUT" - revision = "dfffe386c33fb24c34ee501e5723df5b97b98514" - version = "v0.30.0" - -[[projects]] - digest = "1:cd2ab7a9dd7ee86b3ca7cfbd9f34fc05ff961207f82979c5942475185dfef0a8" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "NUT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" + revision = "f52f9bc132541d2aa914f42100c36d10b1ef7e0c" [[projects]] digest = "1:e5ca3dcabf1452b51be600af6e2ce0a93a94978ae231af802cf9736bdbd835cb" @@ -36,22 +23,23 @@ [[projects]] branch = "master" - digest = "1:f47fd73fc2d4c3f7773fbb27b68901c9ce97cc172e838d4ec5be72a1a86d595c" + digest = "1:0a90432b0033459a4df444fa9ae7f1904b254c4985f9a6f4348359e8471868a5" name = "github.com/gammazero/deque" packages = ["."] pruneopts = "NUT" - revision = "f6adf94963e448a692b33e9ddc931ff10afbb79b" + revision = "2afb3858e9c73b567e0e05ea79906f4e1138bd4e" [[projects]] branch = "master" - digest = "1:0e6ce155bc2a245080c9da84aab657653e966075956b8d88ac5a9fc6e800b277" + digest = "1:2a0ce6bbf5a8c2b99d4ede59fdfccc23d112dfe96b63303ea00726c29ee29a3a" name = "github.com/gammazero/workerpool" packages = ["."] pruneopts = "NUT" - revision = "48371c973101f1425ff30aef37cbaf0c65822b22" + revision = "86a96b5d5d92a0b49e0b9f278ae4615090b6172d" [[projects]] - digest = "1:ff7e2617be05411759c00ce23e8f7011e781ef9a11339114af536e7796130e97" + branch = "master" + digest = "1:64e5ff9415042a0ffcbf81db4b5459a93b1afd41986b9e25d60a6e60783471a8" name = "github.com/golang/protobuf" packages = [ "proto", @@ -64,11 +52,9 @@ "ptypes/wrappers", ] pruneopts = "NUT" - revision = "aa810b61a9c79d51363740d207bb46cf8e620ed5" - version = "v1.2.0" + revision = "b5d812f8a3706043e23a9cd5babf2e5423744d30" [[projects]] - branch = "master" digest = "1:7f114b78210bf5b75f307fc97cff293633c835bab1e0ea8a744a44b39c042dfe" name = "github.com/golang/snappy" packages = ["."] @@ -76,12 +62,12 @@ revision = "2e65f85255dbc3072edf28d6b5b8efc472979f5a" [[projects]] - digest = "1:fe852c57b4fc4d11e6ef79bce1e930ee2f2f7d148b370afef8f8d012a80960ea" + digest = "1:fa300677001e58a995e10afe4e251d2a6e30d3815a234d553b5810db7795d5a2" name = "github.com/googleapis/gax-go" - packages = ["."] + packages = ["v2"] pruneopts = "NUT" - revision = "317e0006254c44a0ac427cc52a0e083ff0b9622f" - version = "v2.0.0" + revision = "c8a15bac9b9fe955bd9f900272f9a306465d28cf" + version = "v2.0.3" [[projects]] branch = "master" @@ -101,11 +87,11 @@ [[projects]] branch = "master" - digest = "1:26159b03ea04b155cb70d071c32bf599f0519548f8724be87df85fe8fd0a33a3" + digest = "1:f6294942c026c7c420ee9d1f6ab4456aa4d0b6e7574fdd324aa59f0ce27f7f5a" name = "github.com/hashicorp/go-hclog" packages = ["."] pruneopts = "NUT" - revision = "61d530d6c27f994fb6c83b80f99a69c54125ec8a" + revision = "6907afbebd2eef854f0be9194eb79b0ba75d7b29" [[projects]] digest = "1:1cf16b098a70d6c02899608abbb567296d11c7b830635014dfe6124a02dc1369" @@ -124,7 +110,6 @@ revision = "886a7fbe3eb1c874d46f623bfa70af45f425b3d1" [[projects]] - branch = "master" digest = "1:e34b211a329e5b3af38f4794aca585e329e0db3f5328756ea2c4e0796ed0bb77" name = "github.com/hashicorp/go-plugin" packages = ["."] @@ -132,15 +117,14 @@ revision = "314501b665e0b2cc71bbd829783179fc38840a85" [[projects]] - branch = "master" - digest = "1:f299bf12387ef9e1e36571851c4bb2c5024b5e66d16cfa77b220ad488b47d196" + digest = "1:6b405a8f146477e21c717a7848215ffeeb416d7670d07d2c2117bc88a071156b" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "NUT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "73489d0a1476f0c9e6fb03f9c39241523a496dfd" + version = "v0.5.2" [[projects]] - branch = "master" digest = "1:cdb5ce76cd7af19e3d2d5ba9b6458a2ee804f0d376711215dd3df5f51100d423" name = "github.com/hashicorp/go-rootcerts" packages = ["."] @@ -148,7 +132,6 @@ revision = "6bb64b370b90e7ef1fa532be9e591a81c3493e00" [[projects]] - branch = "master" digest = "1:ab128c55634eb166f6ab170896ac0f53979992250811071938d6bf2af7034690" name = "github.com/hashicorp/go-sockaddr" packages = ["."] @@ -183,7 +166,8 @@ version = "v0.5.0" [[projects]] - digest = "1:39f543569bf189e228c84a294c50aca8ea56c82b3d9df5c9b788249907d7049a" + branch = "master" + digest = "1:a0cf0cebf33237e580ef4f7bcc3e8174b74e955ba563a658b876fdc4962c6278" name = "github.com/hashicorp/hcl" packages = [ ".", @@ -197,18 +181,18 @@ "json/token", ] pruneopts = "NUT" - revision = "8cb6e5b959231cc1119e43259c4a608f9c51a241" - version = "v1.0.0" + revision = "65a6292f0157eff210d03ed1bf6c59b190b8b906" [[projects]] branch = "master" - digest = "1:5de0b6d0a5cae01b4157d5775d6c750872b03a55de6e6e3cfb5f55cb321f3b51" + digest = "1:e7f1cecbe833cb2c2d19817f263f32e8b5e6ebbb68c28a6ab6da6d70d24fd473" name = "github.com/hashicorp/vault" packages = [ "api", "helper/certutil", "helper/compressutil", "helper/consts", + "helper/cryptoutil", "helper/errutil", "helper/hclutil", "helper/jsonutil", @@ -232,7 +216,7 @@ "version", ] pruneopts = "NUT" - revision = "482b303b40426d8bdf1f545ba6d40e1f76d10a36" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" @@ -251,12 +235,12 @@ revision = "9d7fd7aa17f229da501a53ec2de5d2b8612cc65b" [[projects]] - digest = "1:a4df73029d2c42fabcb6b41e327d2f87e685284ec03edf76921c267d9cfc9c23" + digest = "1:f9f72e583aaacf1d1ac5d6121abd4afd3c690baa9e14e1d009df26bf831ba347" name = "github.com/mitchellh/go-homedir" packages = ["."] pruneopts = "NUT" - revision = "ae18d6b8b3205b561c79e8e5f69bff09736185f4" - version = "v1.0.0" + revision = "af06845cf3004701891bf4fdb884bfe4920b3727" + version = "v1.1.0" [[projects]] digest = "1:18b773b92ac82a451c1276bd2776c1e55ce057ee202691ab33c8d6690efcc048" @@ -294,26 +278,24 @@ version = "v2.0.7" [[projects]] - digest = "1:cb24eec7a9478395847671abfbea162885f0be9c7ff6ef20b699dc20804ae1a4" + digest = "1:09d61699d553a4e6ec998ad29816177b1f3d3ed0c18fe923d2c174ec065c99c8" name = "github.com/ryanuber/go-glob" packages = ["."] pruneopts = "NUT" - revision = "572520ed46dbddaed19ea3d9541bdd0494163693" - version = "v0.1" + revision = "256dc444b735e061061cf46c809487313d5b0065" [[projects]] - digest = "1:6bc0652ea6e39e22ccd522458b8bdd8665bf23bdc5a20eec90056e4dc7e273ca" + branch = "master" + digest = "1:5ac0fbcd505c34fff82274992b82b0528f80fbed290125cdd04edc88d6246fd6" name = "github.com/satori/go.uuid" packages = ["."] pruneopts = "NUT" - revision = "f58768cc1a7a7e77a3bd49e98cdd21419399b6a3" - version = "v1.2.0" + revision = "b2ce2384e17bbe0c6d34077efa39dbab3e09123b" [[projects]] - digest = "1:d04de18a0e0bf8fcdb79e8dc755c9b15dbe7f1b2ea3f8fbf11e55ea2d26ac182" + digest = "1:c0ae5a4135d67428c0afa2453859735d387f8383b5435731b0acfaa6cb61a887" name = "go.opencensus.io" packages = [ - ".", "internal", "internal/tagencoding", "plugin/ocgrpc", @@ -326,15 +308,26 @@ "trace", "trace/internal", "trace/propagation", - "trace/tracestate", ] pruneopts = "NUT" - revision = "79993219becaa7e29e3b60cb67f5b8e82dee11d6" - version = "v0.17.0" + revision = "0095aec66ae14801c6711210f6f0716411cefdd3" + version = "v0.8.0" + +[[projects]] + digest = "1:e6c04d62699efee546107b79e0074fcfae0387c58232a1c05b700f96acafc5cc" + name = "golang.org/x/crypto" + packages = [ + "blake2b", + "ed25519", + "ed25519/internal/edwards25519", + "pbkdf2", + ] + pruneopts = "NUT" + revision = "0c41d7ab0a0ee717d4590a44bcb987dfd9e183eb" [[projects]] branch = "master" - digest = "1:3033eba8bb0c8f2c6720e68e4c14e55b577ae9debb5f5b7b8cc6f319d89edc82" + digest = "1:7c35448236ff7720a4c38f0b2d8221c6d288dc92a19f4b5dbabd0def65e60664" name = "golang.org/x/net" packages = [ "context", @@ -347,11 +340,11 @@ "trace", ] pruneopts = "NUT" - revision = "49bb7cea24b1df9410e1712aa6433dae904ff66a" + revision = "d8887717615a059821345a5c23649351b52a1c0b" [[projects]] branch = "master" - digest = "1:dcb89c032286a9c3c5118a1496f8e0e237c1437f5356ac9602f6fdef560a5c21" + digest = "1:17ee74a4d9b6078611784b873cdbfe91892d2c73052c430724e66fcc015b6c7b" name = "golang.org/x/oauth2" packages = [ ".", @@ -361,15 +354,18 @@ "jwt", ] pruneopts = "NUT" - revision = "c57b0facaced709681d9f90397429b9430a74754" + revision = "e64efc72b421e893cbf63f17ba2221e7d6d0b0f3" [[projects]] branch = "master" - digest = "1:e1e75018db0765a0ac54aa7f9473417a7db770c75c9527b4bfff03d2e55f0a0a" + digest = "1:a982423eeceeee40954d188d6c8f6dad2cfc259e1abf42167f614cdf6e1d71fe" name = "golang.org/x/sys" - packages = ["unix"] + packages = [ + "cpu", + "unix", + ] pruneopts = "NUT" - revision = "fa43e7bc11baaae89f3f902b2b4d832b68234844" + revision = "fead79001313d15903fb4605b4a1b781532cd93e" [[projects]] digest = "1:e7071ed636b5422cc51c0e3a6cebc229d6c9fffc528814b519a980641422d619" @@ -395,7 +391,6 @@ version = "v0.3.0" [[projects]] - branch = "master" digest = "1:c9e7a4b4d47c0ed205d257648b0e5b0440880cb728506e318f8ac7cd36270bc4" name = "golang.org/x/time" packages = ["rate"] @@ -404,7 +399,7 @@ [[projects]] branch = "master" - digest = "1:6315913dfdc6e608db8ee170d44d9e6b8f06a4c72107736f85ceddbcb13f0f63" + digest = "1:05d78b6f0ef9a7412a66d15280b261b43e27255de9ba853a9499fc1c1a95b88d" name = "google.golang.org/api" packages = [ "googleapi/transport", @@ -417,10 +412,10 @@ "transport/http/internal/propagation", ] pruneopts = "NUT" - revision = "3f6e8463aa1d824abe11b439d178c02220079da5" + revision = "8778df036089cbbed9231c892a598e469ecf2c16" [[projects]] - digest = "1:300989288fc84e64d2230de8ece7a3f8aa8f5a688e75e26a186df1cba6b8cb5b" + digest = "1:898bf528e5c601c4a1111586f75ab9515467ebe7a41ae849d5a839720d4e2580" name = "google.golang.org/appengine" packages = [ ".", @@ -437,33 +432,37 @@ "urlfetch", ] pruneopts = "NUT" - revision = "ae0ab99deb4dc413a2b4bd6c8bdd0eb67f1e4d06" - version = "v1.2.0" + revision = "e9657d882bb81064595ca3b56cbe2546bbabf7b1" + version = "v1.4.0" [[projects]] branch = "master" - digest = "1:b1eb4a1f2237dd78dcd0f7504287218e38cfa123ebc7884ae20f08f4b37429cd" + digest = "1:b2eeceb8b6216245f29aab6a95a38ac84cb9a16e0d12873747889645bceea875" name = "google.golang.org/genproto" packages = [ "googleapis/api/annotations", "googleapis/cloud/kms/v1", + "googleapis/iam/v1", "googleapis/rpc/status", "protobuf/field_mask", ] pruneopts = "NUT" - revision = "94acd270e44e65579b9ee3cdab25034d33fed608" + revision = "5fe7a883aa19554f42890211544aa549836af7b7" [[projects]] - digest = "1:8782d0b6ca95df0868b28ba04851d29342f6d908c572180e9470ff2a2bb9a842" + branch = "master" + digest = "1:f1b4ec126742cf1ff8da8654ef2ec4e2fad761ea040b88c99500a9631e00fe67" name = "google.golang.org/grpc" packages = [ ".", "balancer", "balancer/base", "balancer/roundrobin", + "binarylog/grpc_binarylog_v1", "codes", "connectivity", "credentials", + "credentials/internal", "credentials/oauth", "encoding", "encoding/proto", @@ -472,9 +471,12 @@ "health/grpc_health_v1", "internal", "internal/backoff", + "internal/binarylog", "internal/channelz", "internal/envconfig", "internal/grpcrand", + "internal/grpcsync", + "internal/syscall", "internal/transport", "keepalive", "metadata", @@ -488,8 +490,20 @@ "tap", ] pruneopts = "NUT" - revision = "8dea3dc473e90c8179e519d91302d0597c0ca1d1" - version = "v1.15.0" + revision = "77ce7bc228475a8f28dc50a9d74ac4994fc019e7" + +[[projects]] + digest = "1:d5547d77e1c9ca9850f3d868d29eed275742611eeae2b99bcd8a1f18f368b6e8" + name = "gopkg.in/square/go-jose.v2" + packages = [ + ".", + "cipher", + "json", + "jwt", + ] + pruneopts = "NUT" + revision = "628223f44a71f715d2881ea69afc795a1e9c01be" + version = "v2.3.0" [solve-meta] analyzer-name = "dep" diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/Gopkg.toml b/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/Gopkg.toml index 919796a4f5..1707491a0c 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/Gopkg.toml +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcpkms/Gopkg.toml @@ -1,14 +1,14 @@ [[constraint]] + branch = "master" name = "cloud.google.com/go" - version = "0.30.0" [[constraint]] branch = "master" name = "github.com/gammazero/workerpool" [[constraint]] + branch = "master" name = "github.com/golang/protobuf" - version = "1.2.0" [[constraint]] branch = "master" @@ -31,8 +31,8 @@ name = "github.com/jeffchao/backoff" [[constraint]] + branch = "master" name = "github.com/satori/go.uuid" - version = "1.2.0" [[constraint]] branch = "master" @@ -47,8 +47,8 @@ name = "google.golang.org/genproto" [[constraint]] + branch = "master" name = "google.golang.org/grpc" - version = "1.15.0" [prune] non-go = true diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-kv/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-secrets-kv/Gopkg.lock index 1547e0ca0f..1c17840f96 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-kv/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-kv/Gopkg.lock @@ -1,19 +1,6 @@ # This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'. -[[projects]] - digest = "1:a69ab3f1445ffd4815add4bd31ba05b65b3b9fec1ade5057d5d717f30e6efd6d" - name = "github.com/SermoDigital/jose" - packages = [ - ".", - "crypto", - "jws", - "jwt", - ] - pruneopts = "UT" - revision = "f6df55f235c24f236d11dbcf665249a59ac2021f" - version = "1.1" - [[projects]] branch = "master" digest = "1:6bf6d532e503d9526d46e69aff04d11632c8c1e28b847dbd226babc1689aa723" @@ -93,12 +80,12 @@ revision = "a4620f9913d19f03a6bf19b2f304daaaf83ea130" [[projects]] - branch = "master" - digest = "1:183f00c472fb9b2446659618eebf4899872fa267b92f926539411abdc8b941df" + digest = "1:d260503602063d71718eb21f85c02133ad5eac894c2a6f0e0546b7dc017dc97e" name = "github.com/hashicorp/go-retryablehttp" packages = ["."] pruneopts = "UT" - revision = "e651d75abec6fbd4f2c09508f72ae7af8a8b7171" + revision = "73489d0a1476f0c9e6fb03f9c39241523a496dfd" + version = "v0.5.2" [[projects]] branch = "master" @@ -163,14 +150,14 @@ [[projects]] branch = "master" - digest = "1:404934732c38cae3ff1be32409b9e435dcc6d790dab5a4fefdb6b5d9daa9ff63" + digest = "1:5d3cdbf593765a4625d4dbc295dfad65658f20bedf6dda921ee81edd6c4e9837" name = "github.com/hashicorp/vault" packages = [ "api", - "helper/base62", "helper/certutil", "helper/compressutil", "helper/consts", + "helper/cryptoutil", "helper/errutil", "helper/hclutil", "helper/jsonutil", @@ -195,7 +182,7 @@ "version", ] pruneopts = "UT" - revision = "35328c50e74da4eaeb3db806d5e7964c751b011f" + revision = "208c76d345731837087b6a96493b5c1652eaf39b" [[projects]] branch = "master" @@ -258,15 +245,17 @@ [[projects]] branch = "master" - digest = "1:943384d730fded533ad79c10beda11b7e99e70b527b88bb32b4b5efba74146c4" + digest = "1:a92143c3345d4a59f303129f88f1fe43b2fc56c4665785a12064495e126477eb" name = "golang.org/x/crypto" packages = [ + "blake2b", "chacha20poly1305", "ed25519", "ed25519/internal/edwards25519", "hkdf", "internal/chacha20", "internal/subtle", + "pbkdf2", "poly1305", ] pruneopts = "UT" @@ -375,6 +364,19 @@ revision = "32fb0ac620c32ba40a4626ddf94d90d12cce3455" version = "v1.14.0" +[[projects]] + digest = "1:005cbf8b937fcb1694b9dbb845b0aef618627be7faf7bb330eb2490e3f506ef8" + name = "gopkg.in/square/go-jose.v2" + packages = [ + ".", + "cipher", + "json", + "jwt", + ] + pruneopts = "UT" + revision = "628223f44a71f715d2881ea69afc795a1e9c01be" + version = "v2.3.0" + [solve-meta] analyzer-name = "dep" analyzer-version = 1 diff --git a/vendor/vendor.json b/vendor/vendor.json index eb5406b1ee..7b4b7a650d 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1355,112 +1355,118 @@ "revisionTime": "2018-09-07T13:02:40Z" }, { - "checksumSHA1": "X+7nogMjQUasRQaYh+0TGgbSrU8=", + "checksumSHA1": "LBoA/yJNdq++9kn4Al0Aa6slE5Q=", "path": "github.com/hashicorp/vault-plugin-auth-alicloud", - "revision": "98628998247dcf8ab75c5134a493230f852746a7", - "revisionTime": "2019-03-11T15:55:55Z" + "revision": "36e70c54375fad6bdbcb3fd73c341ea41859eaee", + "revisionTime": "2019-03-20T21:12:38Z" }, { "checksumSHA1": "xdrSQoX7B7Hr4iWm9T2+5wHVpHQ=", "path": "github.com/hashicorp/vault-plugin-auth-alicloud/tools", - "revision": "98628998247dcf8ab75c5134a493230f852746a7", - "revisionTime": "2019-03-11T15:55:55Z" + "revision": "36e70c54375fad6bdbcb3fd73c341ea41859eaee", + "revisionTime": "2019-03-20T21:12:38Z" }, { - "checksumSHA1": "UgLfwpXoRLpMOF0rzaj+cRcTtdo=", + "checksumSHA1": "wNFcsf7tNkzKetrxPe2jAIzKF9M=", "path": "github.com/hashicorp/vault-plugin-auth-azure", - "revision": "0af1d040b5b329f41904cadcd96be55179468880", - "revisionTime": "2019-02-01T22:26:32Z" + "revision": "f34b96803f04692842bb52d39f6c605448c9ffe2", + "revisionTime": "2019-03-20T21:11:38Z" }, { - "checksumSHA1": "4Z/niOo76EcP8KpLdSL5GdDcy78=", + "checksumSHA1": "QxyR7YxllpSSuWUZeUgRiERqklQ=", "path": "github.com/hashicorp/vault-plugin-auth-centrify", - "revision": "66b0a34a58bffb678532d5a5d6d6ae2eb0206563", - "revisionTime": "2018-08-16T20:11:31Z" + "revision": "44eb061bdfd8cc891dcace94ce3cb5c1e7067944", + "revisionTime": "2019-03-20T21:13:57Z" }, { - "checksumSHA1": "Nd9aBfL80t7N8B9VVsNBgihA5f4=", + "checksumSHA1": "a1DSDFYBTXvAst7+Srn/+OgqDnU=", "path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin", - "revision": "7d4c2101e7d0b61ec9fb0dc3c75d79920c6369c5", - "revisionTime": "2019-02-01T21:54:14Z" + "revision": "e8308b5e41c9ea3e7dad0075ab1bfb1d779f29be", + "revisionTime": "2019-03-20T21:44:13Z" }, { - "checksumSHA1": "r7ippC2dY/9/NRSVplFA+Iwb+0c=", + "checksumSHA1": "SF3ju0Tm+0lZZAeinRSCXoFy2oE=", + "path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin/cache", + "revision": "e8308b5e41c9ea3e7dad0075ab1bfb1d779f29be", + "revisionTime": "2019-03-20T21:44:13Z" + }, + { + "checksumSHA1": "6Q2aZXkqfidN3ItF8x4ogjXZ6T8=", "path": "github.com/hashicorp/vault-plugin-auth-jwt", - "revision": "86b44673ce1e396c1c2f0e620b1cb68f14f3d109", - "revisionTime": "2019-03-14T21:15:03Z" + "revision": "c6ec63d2528c96ac0632be8e6345eeed80e7509b", + "revisionTime": "2019-03-20T20:53:10Z" }, { - "checksumSHA1": "NfVgV3CmKXGRsXk1sYVgMMRZ5Zc=", + "checksumSHA1": "NrmhGV/cWJihaeCGXnZRa+DORjg=", "path": "github.com/hashicorp/vault-plugin-auth-kubernetes", - "revision": "db96aa4ab438cbc1cf544cec758d0d16ca4e9681", - "revisionTime": "2019-02-01T22:22:09Z" + "revision": "426b5188498e0daecf301fb3e9080766f9d55aea", + "revisionTime": "2019-03-20T21:02:28Z" }, { "checksumSHA1": "PmhyvCKVlEMEP6JO31ozW+CBIiE=", "path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin", - "revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8", - "revisionTime": "2019-01-31T22:24:16Z" + "revision": "127b63e898e6daa85026659e3a0535b2e45cf75a", + "revisionTime": "2019-03-20T21:17:35Z" }, { "checksumSHA1": "GOxdFElG31lXWgKFG9aqpDcG47M=", "path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin/client", - "revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8", - "revisionTime": "2019-01-31T22:24:16Z" + "revision": "127b63e898e6daa85026659e3a0535b2e45cf75a", + "revisionTime": "2019-03-20T21:17:35Z" }, { "checksumSHA1": "RaH2xTkjaToCk+RoPhap7I66ibo=", "path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin/util", - "revision": "4796d99801253c6f10d7d96b968a3204a9a1ead8", - "revisionTime": "2019-01-31T22:24:16Z" + "revision": "127b63e898e6daa85026659e3a0535b2e45cf75a", + "revisionTime": "2019-03-20T21:17:35Z" }, { - "checksumSHA1": "l0xVOHA0/SIjNfrmBRbrFvMVOaw=", + "checksumSHA1": "+FpRiSHCp9eaGQNVAn74MMcLFB4=", "path": "github.com/hashicorp/vault-plugin-secrets-alicloud", - "revision": "b0abe36195cb171e673a9f6425df977eff1ef825", - "revisionTime": "2019-01-31T21:18:12Z" + "revision": "3307bdf683cbdaf4be224bd6a51270dbd77b7be5", + "revisionTime": "2019-03-20T21:35:17Z" }, { "checksumSHA1": "e96mN6plz/ApctpjvU2kiCumOl0=", "path": "github.com/hashicorp/vault-plugin-secrets-alicloud/clients", - "revision": "b0abe36195cb171e673a9f6425df977eff1ef825", - "revisionTime": "2019-01-31T21:18:12Z" + "revision": "3307bdf683cbdaf4be224bd6a51270dbd77b7be5", + "revisionTime": "2019-03-20T21:35:17Z" }, { - "checksumSHA1": "rgeBhrdLyF2orH3QA/H66ZSSbuo=", + "checksumSHA1": "mYG6MOdZn5bhazkiBU3Gd0A3uqw=", "path": "github.com/hashicorp/vault-plugin-secrets-azure", - "revision": "0087bdef705a9db855528525a6ede4d768a2639c", - "revisionTime": "2018-12-07T23:25:00Z" + "revision": "2dc8a8a5e490e7b9027831cd39882b9e798f020e", + "revisionTime": "2019-03-20T21:19:22Z" }, { "checksumSHA1": "QRHQkEIrTKzFEO3CNwo0jYNizxE=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin", - "revision": "621231cb86fe0c4bb5d77f6a0be4bf7daef5f078", - "revisionTime": "2019-03-11T20:06:49Z" + "revision": "71903323ecb49843dd1118c3bf130fad306964e7", + "revisionTime": "2019-03-20T21:14:52Z" }, { "checksumSHA1": "itK0aDL54CoWfKfpkCAp/7MdTgk=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil", - "revision": "621231cb86fe0c4bb5d77f6a0be4bf7daef5f078", - "revisionTime": "2019-03-11T20:06:49Z" + "revision": "71903323ecb49843dd1118c3bf130fad306964e7", + "revisionTime": "2019-03-20T21:14:52Z" }, { "checksumSHA1": "81kYL49zTBoj1NYczxB2Xbr2d6Y=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util", - "revision": "621231cb86fe0c4bb5d77f6a0be4bf7daef5f078", - "revisionTime": "2019-03-11T20:06:49Z" + "revision": "71903323ecb49843dd1118c3bf130fad306964e7", + "revisionTime": "2019-03-20T21:14:52Z" }, { - "checksumSHA1": "StwRTX92gyH7iHkyZk4df+dLISM=", + "checksumSHA1": "Kmkt2VgWs0WFq+8E1lnXhQow3w0=", "path": "github.com/hashicorp/vault-plugin-secrets-gcpkms", - "revision": "d6b25b0b4a39132ec3c02f19631b6a9bdadef042", - "revisionTime": "2019-01-16T16:49:38Z" + "revision": "9e326a9e802d49ff227fd75060dd50fb393c6176", + "revisionTime": "2019-03-20T21:33:25Z" }, { - "checksumSHA1": "gUjgN+DKgoG8H3Jjw8P5zv3NOeA=", + "checksumSHA1": "1j26RucsFw9nM2citz0eElSUk50=", "path": "github.com/hashicorp/vault-plugin-secrets-kv", - "revision": "195e0e9d07f18ada87fcc080be1a9ff43bffc81c", - "revisionTime": "2019-03-18T17:46:39Z" + "revision": "3ccc8684cf25a9169d033336261f252ee0686fd3", + "revisionTime": "2019-03-20T21:16:21Z" }, { "checksumSHA1": "ldkAQ1CpiAaQ9sti0qIch+UyRsI=",