Merge pull request #1655 from hashicorp/f-travis-vault

Update install of Vault

.travis.yml

@@ -17,6 +17,8 @@ before_install:
     - sudo apt-get update
     - sudo apt-get install -y docker-engine
     - sudo apt-get install -y qemu
+    - ./scripts/install_consul.sh
+    - ./scripts/install_vault.sh
 
 install:
   - make bootstrap

GNUmakefile

@@ -7,8 +7,7 @@ EXTERNAL_TOOLS=\
 	golang.org/x/tools/cmd/cover \
 	github.com/axw/gocov/gocov \
 	gopkg.in/matm/v1/gocov-html \
-	github.com/ugorji/go/codec/codecgen \
-	github.com/hashicorp/vault
+	github.com/ugorji/go/codec/codecgen
 
 GOFILES_NOVENDOR = $(shell find . -type f -name '*.go' -not -path "./vendor/*")
 

vendor/github.com/hashicorp/vault/CONTRIBUTING.md

@@ -0,0 +1,72 @@
+# Contributing to Vault
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that. 
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Google Group][2]. Sometimes Vault devs are in `#vault-tool`
+on Freenode, too.
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `master`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected 
+  results as well as the actual results. Please provide text, not screen shots!
+
+* If you are seeing an internal Vault error (a status code of 5xx), please be
+  sure to post relevant parts of (or the entire) Vault log, as often these
+  errors are logged on the server but not reported to the user
+
+* If you experienced a panic, please create a [gist](https://gist.github.com)
+  of the *entire* generated crash log for us to look at. Double check
+  no sensitive items were in the log.
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Setting up Go to work on Vault
+
+If you have never worked with Go before, you will have to complete the
+following steps listed in the README, under the section [Developing Vault][1].
+
+
+[1]: https://github.com/hashicorp/vault#developing-vault
+[2]: https://groups.google.com/group/vault-tool

vendor/github.com/hashicorp/vault/Makefile

@@ -0,0 +1,63 @@
+TEST?=$$(go list ./... | grep -v /vendor/)
+VETARGS?=-asmdecl -atomic -bool -buildtags -copylocks -methods -nilfunc -printf -rangeloops -shift -structtags -unsafeptr
+EXTERNAL_TOOLS=\
+	github.com/mitchellh/gox
+BUILD_TAGS?=vault
+
+default: dev 
+
+# bin generates the releaseable binaries for Vault
+bin: generate
+	@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/build.sh'"
+
+# dev creates binaries for testing Vault locally. These are put
+# into ./bin/ as well as $GOPATH/bin
+dev: generate
+	@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
+
+dev-dynamic: generate
+	@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
+
+# test runs the unit tests and vets the code
+test: generate
+	CGO_ENABLED=0 VAULT_TOKEN= VAULT_ACC= go test -tags='$(BUILD_TAGS)' $(TEST) $(TESTARGS) -timeout=10m -parallel=4
+
+# testacc runs acceptance tests
+testacc: generate
+	@if [ "$(TEST)" = "./..." ]; then \
+		echo "ERROR: Set TEST to a specific package"; \
+		exit 1; \
+	fi
+	VAULT_ACC=1 go test -tags='$(BUILD_TAGS)' $(TEST) -v $(TESTARGS) -timeout 45m
+
+# testrace runs the race checker
+testrace: generate
+	CGO_ENABLED=1 VAULT_TOKEN= VAULT_ACC= go test -tags='$(BUILD_TAGS)' -race $(TEST) $(TESTARGS) -timeout=20m -parallel=4
+
+cover:
+	./scripts/coverage.sh --html
+
+# vet runs the Go source code static analysis tool `vet` to find
+# any common errors.
+vet:
+	@go list -f '{{.Dir}}' ./... | grep -v /vendor/ \
+		| grep -v '.*github.com/hashicorp/vault$$' \
+		| xargs go tool vet ; if [ $$? -eq 1 ]; then \
+			echo ""; \
+			echo "Vet found suspicious constructs. Please check the reported constructs"; \
+			echo "and fix them if necessary before submitting the code for reviewal."; \
+		fi
+
+# generate runs `go generate` to build the dynamically generated
+# source files.
+generate:
+	go generate $(go list ./... | grep -v /vendor/)
+
+# bootstrap the build by downloading additional tools
+bootstrap:
+	@for tool in  $(EXTERNAL_TOOLS) ; do \
+		echo "Installing $$tool" ; \
+		go get $$tool; \
+	done
+
+.PHONY: bin default generate test vet bootstrap

vendor/github.com/hashicorp/vault/README.md

@@ -0,0 +1,130 @@
+Vault [![Build Status](https://travis-ci.org/hashicorp/vault.svg)](https://travis-ci.org/hashicorp/vault)
+=========
+**Please note**: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault, _please responsibly disclose_ by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+=========
+
+-	Website: https://www.vaultproject.io
+-	IRC: `#vault-tool` on Freenode
+-	Announcement list: [Google Groups](https://groups.google.com/group/hashicorp-announce)
+-	Discussion list: [Google Groups](https://groups.google.com/group/vault-tool)
+
+![Vault](https://raw.githubusercontent.com/hashicorp/vault/master/website/source/assets/images/logo-big.png?token=AAAFE8XmW6YF5TNuk3cosDGBK-sUGPEjks5VSAa2wA%3D%3D)
+
+Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log.
+
+A modern system requires access to a multitude of secrets: database credentials, API keys for external services, credentials for service-oriented architecture communication, etc. Understanding who is accessing what secrets is already very difficult and platform-specific. Adding on key rolling, secure storage, and detailed audit logs is almost impossible without a custom solution. This is where Vault steps in.
+
+The key features of Vault are:
+
+* **Secure Secret Storage**: Arbitrary key/value secrets can be stored
+  in Vault. Vault encrypts these secrets prior to writing them to persistent
+  storage, so gaining access to the raw storage isn't enough to access
+  your secrets. Vault can write to disk, [Consul](https://www.consul.io),
+  and more.
+
+* **Dynamic Secrets**: Vault can generate secrets on-demand for some
+  systems, such as AWS or SQL databases. For example, when an application
+  needs to access an S3 bucket, it asks Vault for credentials, and Vault
+  will generate an AWS keypair with valid permissions on demand. After
+  creating these dynamic secrets, Vault will also automatically revoke them
+  after the lease is up.
+
+* **Data Encryption**: Vault can encrypt and decrypt data without storing
+  it. This allows security teams to define encryption parameters and
+  developers to store encrypted data in a location such as SQL without
+  having to design their own encryption methods.
+
+* **Leasing and Renewal**: All secrets in Vault have a _lease_ associated
+  with it. At the end of the lease, Vault will automatically revoke that
+  secret. Clients are able to renew leases via built-in renew APIs.
+
+* **Revocation**: Vault has built-in support for secret revocation. Vault
+  can revoke not only single secrets, but a tree of secrets, for example
+  all secrets read by a specific user, or all secrets of a particular type.
+  Revocation assists in key rolling as well as locking down systems in the
+  case of an intrusion.
+
+For more information, see the [introduction section](https://www.vaultproject.io/intro)
+of the Vault website.
+
+Getting Started & Documentation
+-------------------------------
+
+All documentation is available on the [Vault website](https://www.vaultproject.io).
+
+Developing Vault
+--------------------
+
+If you wish to work on Vault itself or any of its built-in systems,
+you'll first need [Go](https://www.golang.org) installed on your
+machine (version 1.7+ is *required*).
+
+For local dev first make sure Go is properly installed, including setting up a
+[GOPATH](https://golang.org/doc/code.html#GOPATH). Next, clone this repository
+into `$GOPATH/src/github.com/hashicorp/vault`. You can then download any
+required build tools by bootstrapping your environment:
+
+```sh
+$ make bootstrap
+...
+```
+
+To compile a development version of Vault, run `make` or `make dev`. This will
+put the Vault binary in the `bin` and `$GOPATH/bin` folders:
+
+```sh
+$ make dev
+...
+$ bin/vault
+...
+```
+
+To run tests, type `make test`. Note: this requires Docker to be installed. If
+this exits with exit status 0, then everything is working!
+
+```sh
+$ make test
+...
+```
+
+If you're developing a specific package, you can run tests for just that
+package by specifying the `TEST` variable. For example below, only
+`vault` package tests will be run.
+
+```sh
+$ make test TEST=./vault
+...
+```
+
+### Acceptance Tests
+
+Vault has comprehensive [acceptance tests](https://en.wikipedia.org/wiki/Acceptance_testing)
+covering most of the features of the secret and auth backends.
+
+If you're working on a feature of a secret or auth backend and want to
+verify it is functioning (and also hasn't broken anything else), we recommend
+running the acceptance tests.
+
+**Warning:** The acceptance tests create/destroy/modify *real resources*, which
+may incur real costs in some cases. In the presence of a bug, it is technically
+possible that broken backends could leave dangling data behind. Therefore,
+please run the acceptance tests at your own risk. At the very least,
+we recommend running them in their own private account for whatever backend
+you're testing.
+
+To run the acceptance tests, invoke `make testacc`:
+
+```sh
+$ make testacc TEST=./builtin/logical/consul
+...
+```
+
+The `TEST` variable is required, and you should specify the folder where the
+backend is. The `TESTARGS` variable is recommended to filter down to a specific
+resource to test, since testing all of them at once can sometimes take a very
+long time.
+
+Acceptance tests typically require other environment variables to be set for
+things such as access keys. The test itself should error early and tell
+you what to set, so it is not documented here.

vendor/github.com/hashicorp/vault/main.go

@@ -0,0 +1,11 @@
+package main // import "github.com/hashicorp/vault"
+
+import (
+	"os"
+
+	"github.com/hashicorp/vault/cli"
+)
+
+func main() {
+	os.Exit(cli.Run(os.Args[1:]))
+}

vendor/github.com/hashicorp/vault/make.bat

@@ -0,0 +1,107 @@
+@echo off
+setlocal
+
+set _EXITCODE=0
+
+REM If no target is provided, default to test.
+if [%1]==[] goto test
+
+set _TARGETS=bin,dev,generate,test,testacc,testrace,vet
+
+REM Run target.
+for %%a in (%_TARGETS%) do (if x%1==x%%a goto %%a)
+goto usage
+
+REM bin generates the releaseable binaries for Vault
+:bin
+	call :generate
+	call .\scripts\windows\build.bat "%CD%"
+	goto :eof
+
+REM dev creates binaries for testing Vault locally. These are put
+REM into ./bin/ as well as %GOPATH%/bin
+:dev
+	call :generate
+	call .\scripts\windows\build.bat "%CD%" VAULT_DEV
+	goto :eof
+
+REM generate runs `go generate` to build the dynamically generated
+REM source files.
+:generate
+	go list ./... | findstr /v vendor | go generate
+	goto :eof
+
+REM test runs the unit tests and vets the code.
+:test
+	call :testsetup
+	go test %_TEST% %TESTARGS% -timeout=30s -parallel=4
+	call :setMaxExitCode %ERRORLEVEL%
+	echo.
+	goto vet
+
+REM testacc runs acceptance tests.
+:testacc
+	call :testsetup
+	if x%_TEST% == x./... goto testacc_fail
+	if x%_TEST% == x.\... goto testacc_fail
+	set VAULT_ACC=1
+	go test %_TEST% -v %TESTARGS% -timeout 45m
+	exit /b %ERRORLEVEL%
+:testacc_fail
+	echo ERROR: Set %%TEST%% to a specific package.
+	exit /b 1
+
+REM testrace runs the race checker.
+:testrace
+	call :testsetup
+	go test -race %_TEST% %TESTARGS%
+	exit /b %ERRORLEVEL%
+
+REM testsetup calls `go generate` and defines the variables VAULT_ACC
+REM and _TEST. VAULT_ACC is always cleared. _TEST defaults to the value
+REM of the TEST environment variable, provided that TEST is defined,
+REM otherwise _TEST it is set to "./...".
+:testsetup
+	call :generate
+	set VAULT_ACC=
+	set _TEST=./...
+	if defined TEST set _TEST=%TEST%
+	goto :eof
+
+REM vet runs the Go source code static analysis tool `vet` to find
+REM any common errors.
+:vet
+	set _VETARGS=-asmdecl -atomic -bool -buildtags -copylocks -methods -nilfunc -printf -rangeloops -shift -structtags -unsafeptr
+	if defined VETARGS set _VETARGS=%VETARGS%
+
+	go tool vet 2>nul
+	if %ERRORLEVEL% equ 3 go get golang.org/x/tools/cmd/vet
+	
+	set _vetExitCode=0
+	set _VAULT_PKG_DIRS=%TEMP%\vault-pkg-dirs.txt
+
+	go list -f {{.Dir}} ./... | findstr /v vendor >"%_VAULT_PKG_DIRS%"
+	REM Skip the first row, which is the main vault package (.*github.com/hashicorp/vault$)
+	for /f "delims= skip=1" %%d in ("%_VAULT_PKG_DIRS%") do (
+		go tool vet %_VETARGS% "%%d"
+		if ERRORLEVEL 1 set _vetExitCode=1
+		call :setMaxExitCode %_vetExitCode%
+	)
+	del /f "%_VAULT_PKG_DIRS%" 2>NUL
+	if %_vetExitCode% equ 0 exit /b %_EXITCODE%
+	echo.
+	echo Vet found suspicious constructs. Please check the reported constructs
+	echo and fix them if necessary before submitting the code for reviewal.
+	exit /b %_EXITCODE%
+
+:setMaxExitCode
+	if %1 gtr %_EXITCODE% set _EXITCODE=%1
+	goto :eof
+
+:usage
+	echo usage: make [target]
+	echo.
+	echo target is in {%_TARGETS%}.
+	echo target defaults to test if none is provided.
+	exit /b 2
+	goto :eof

vendor/vendor.json

@@ -623,16 +623,16 @@
 			"revisionTime": "2016-06-09T00:18:40Z"
 		},
 		{
-			"checksumSHA1": "RAJfRxZ8UmcL6+7VuXAZxBlnM/4=",
+			"checksumSHA1": "eGzvBRMFD6ZB3A6uO750np7Om/E=",
 			"path": "github.com/hashicorp/vault",
-			"revision": "fece3ca069fc5bafec5280bbcb0c0693ff69fdaf",
-			"revisionTime": "2016-08-17T21:47:06Z"
+			"revision": "182ba68a9589d4cef95234134aaa498a686e3de3",
+			"revisionTime": "2016-08-21T23:40:57Z"
 		},
 		{
 			"checksumSHA1": "JH8wmQ8cWdn7mYu1T7gJ3IMIrec=",
 			"path": "github.com/hashicorp/vault/api",
-			"revision": "fece3ca069fc5bafec5280bbcb0c0693ff69fdaf",
-			"revisionTime": "2016-08-17T21:47:06Z"
+			"revision": "182ba68a9589d4cef95234134aaa498a686e3de3",
+			"revisionTime": "2016-08-21T23:40:57Z"
 		},
 		{
 			"checksumSHA1": "5lR6EdY0ARRdKAq3hZcL38STD8Q=",