Update go.mod to reference latest public gcp-auth plugin (#9813)
* Point to the public, recent version of vault-plugin-auth-gcp * Vendor the subsequent changes
This commit is contained in:
Scott Miller
GitHub
parent
b96f073e23
commit
0dc0a8233f
2
go.mod
2
go.mod
|
|
@ -74,7 +74,7 @@ require (
|
|||
github.com/hashicorp/vault-plugin-auth-azure v0.5.6
|
||||
github.com/hashicorp/vault-plugin-auth-centrify v0.5.5
|
||||
github.com/hashicorp/vault-plugin-auth-cf v0.5.4
|
||||
github.com/hashicorp/vault-plugin-auth-gcp v0.7.0
|
||||
github.com/hashicorp/vault-plugin-auth-gcp v0.7.1-0.20200721115240-07ff53341dfe
|
||||
github.com/hashicorp/vault-plugin-auth-jwt v0.7.1
|
||||
github.com/hashicorp/vault-plugin-auth-kerberos v0.1.6
|
||||
github.com/hashicorp/vault-plugin-auth-kubernetes v0.7.0
|
||||
|
|
|
|||
2
go.sum
2
go.sum
|
|
@ -539,6 +539,8 @@ github.com/hashicorp/vault-plugin-auth-cf v0.5.4/go.mod h1:idkFYHc6ske2BE7fe00Sp
|
|||
github.com/hashicorp/vault-plugin-auth-gcp v0.5.1/go.mod h1:eLj92eX8MPI4vY1jaazVLF2sVbSAJ3LRHLRhF/pUmlI=
|
||||
github.com/hashicorp/vault-plugin-auth-gcp v0.7.0 h1:38xERGtaK55lx5QOxBZP3i6aJZ/UvdfxVJlTai2FlE8=
|
||||
github.com/hashicorp/vault-plugin-auth-gcp v0.7.0/go.mod h1:sHDguHmyGScoalGLEjuxvDCrMPVlw2c3f+ieeiHcv6w=
|
||||
github.com/hashicorp/vault-plugin-auth-gcp v0.7.1-0.20200721115240-07ff53341dfe h1:eh3UrWk1CIXTT54gqSXHHqFGkDQ9uFPB8sr4IymU4bE=
|
||||
github.com/hashicorp/vault-plugin-auth-gcp v0.7.1-0.20200721115240-07ff53341dfe/go.mod h1:sHDguHmyGScoalGLEjuxvDCrMPVlw2c3f+ieeiHcv6w=
|
||||
github.com/hashicorp/vault-plugin-auth-jwt v0.7.1 h1:6nuMtCs/c/rphMv05Z7Y4Nrt6Ae+AZjGb7yYdbJXIe8=
|
||||
github.com/hashicorp/vault-plugin-auth-jwt v0.7.1/go.mod h1:pyR4z5f2Vuz9TXucuN0rivUJTtSdlOtDdZ16IqBjZVo=
|
||||
github.com/hashicorp/vault-plugin-auth-kerberos v0.1.6 h1:l5wu8J7aiQBLsTtkKhf1QQjGoeVjcfcput+uJ/pu2MM=
|
||||
|
|
|
|||
|
|
@ -194,14 +194,14 @@ func (b *GcpAuthBackend) parseAndValidateJwt(ctx context.Context, req *logical.R
|
|||
}
|
||||
loginInfo.EmailOrId = baseClaims.Subject
|
||||
|
||||
if customClaims.Google != nil && customClaims.Google.Compute != nil && len(customClaims.Google.Compute.InstanceId) > 0 {
|
||||
loginInfo.GceMetadata = customClaims.Google.Compute
|
||||
if loginInfo.Role.RoleType == gceRoleType {
|
||||
if customClaims.Google != nil && customClaims.Google.Compute != nil && len(customClaims.Google.Compute.InstanceId) > 0 {
|
||||
loginInfo.GceMetadata = customClaims.Google.Compute
|
||||
}
|
||||
if loginInfo.GceMetadata == nil {
|
||||
return nil, errors.New("expected JWT to have claims with GCE metadata")
|
||||
}
|
||||
}
|
||||
|
||||
if loginInfo.Role.RoleType == gceRoleType && loginInfo.GceMetadata == nil {
|
||||
return nil, errors.New("expected JWT to have claims with GCE metadata")
|
||||
}
|
||||
|
||||
return loginInfo, nil
|
||||
}
|
||||
|
||||
|
|
@ -221,18 +221,21 @@ func (b *GcpAuthBackend) getSigningKey(ctx context.Context, token *jwt.JSONWebTo
|
|||
return k, nil
|
||||
}
|
||||
|
||||
// If that failed, try to get account-specific key
|
||||
b.Logger().Debug("Unable to get Google-wide OAuth2 Key, trying service-account public key")
|
||||
saId, err := getJWTSubject(rawToken)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
k, saErr := gcputil.ServiceAccountPublicKey(saId, kid)
|
||||
if saErr != nil {
|
||||
|
||||
if role.RoleType == iamRoleType {
|
||||
// If that failed, and the authentication type is IAM, try to get account-specific key
|
||||
b.Logger().Debug("Unable to get Google-wide OAuth2 Key, trying service-account public key")
|
||||
k, saErr := gcputil.ServiceAccountPublicKey(saId, kid)
|
||||
if saErr == nil {
|
||||
return k, nil
|
||||
}
|
||||
return nil, errwrap.Wrapf(fmt.Sprintf("unable to get public key %q for JWT subject %q: {{err}}", kid, saId), saErr)
|
||||
}
|
||||
|
||||
return k, nil
|
||||
return nil, fmt.Errorf("unable to get public key %q for JWT subject %q: no Google OAuth2 provider key found for GCE role", kid, saId)
|
||||
}
|
||||
|
||||
// getJWTSubject grabs 'sub' claim given an unverified signed JWT.
|
||||
|
|
|
|||
|
|
@ -465,7 +465,7 @@ github.com/hashicorp/vault-plugin-auth-cf/signatures
|
|||
github.com/hashicorp/vault-plugin-auth-cf/testing/certificates
|
||||
github.com/hashicorp/vault-plugin-auth-cf/testing/cf
|
||||
github.com/hashicorp/vault-plugin-auth-cf/util
|
||||
# github.com/hashicorp/vault-plugin-auth-gcp v0.7.0
|
||||
# github.com/hashicorp/vault-plugin-auth-gcp v0.7.1-0.20200721115240-07ff53341dfe
|
||||
github.com/hashicorp/vault-plugin-auth-gcp/plugin
|
||||
github.com/hashicorp/vault-plugin-auth-gcp/plugin/cache
|
||||
# github.com/hashicorp/vault-plugin-auth-jwt v0.7.1
|
||||
|
|
|
|||
Loading…
Reference in New Issue