luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Update plugins

Browse source
This commit is contained in:
Jeff Mitchell 2018-04-03 22:40:35 -04:00
parent 409524a829
commit 4a45851681
26 changed files with 148 additions and 274 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_config.go generated vendored
View file

@ -147,11 +147,10 @@ func (b *azureAuthBackend) pathConfigRead(ctx context.Context, req *logical.Requ
resp := &logical.Response{
Data: map[string]interface{}{
"tenant_id": config.TenantID,
"resource": config.Resource,
"environment": config.Environment,
"client_id": config.ClientID,
"client_secret": config.ClientSecret,
"tenant_id": config.TenantID,
"resource": config.Resource,
"environment": config.Environment,
"client_id": config.ClientID,
},
}
return resp, nil

37
vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_login.go generated vendored
View file

@ -121,6 +121,7 @@ func (b *azureAuthBackend) pathLogin(ctx context.Context, req *logical.Request,
LeaseOptions: logical.LeaseOptions{
Renewable: true,
TTL: role.TTL,
MaxTTL: role.MaxTTL,
},
},
}
@ -135,21 +136,6 @@ func (b *azureAuthBackend) pathLogin(ctx context.Context, req *logical.Request,
})
}
if resp.Auth.TTL == 0 {
resp.Auth.TTL = b.System().DefaultLeaseTTL()
}
if role.MaxTTL > 0 {
maxTTL := role.MaxTTL
if maxTTL > b.System().MaxLeaseTTL() {
maxTTL = b.System().MaxLeaseTTL()
}
if resp.Auth.TTL > maxTTL {
resp.Auth.TTL = maxTTL
resp.AddWarning(fmt.Sprintf("Effective TTL of '%s' exceeded the effective max_ttl of '%s'; TTL value is capped accordingly", resp.Auth.TTL, maxTTL))
}
}
return resp, nil
}
@ -159,7 +145,9 @@ func (b *azureAuthBackend) verifyClaims(claims *additionalClaims, role *azureRol
return fmt.Errorf("token is not yet valid (Token Not Before: %v)", notBefore)
}
if len(role.BoundServicePrincipalIDs) > 0 {
switch {
case len(role.BoundServicePrincipalIDs) == 1 && role.BoundServicePrincipalIDs[0] == "*":
case len(role.BoundServicePrincipalIDs) > 0:
if !strutil.StrListContains(role.BoundServicePrincipalIDs, claims.ObjectID) {
return fmt.Errorf("service principal not authorized: %s", claims.ObjectID)
}
@ -208,7 +196,7 @@ func (b *azureAuthBackend) verifyResource(ctx context.Context, subscriptionID, r
return errors.New("token object id does not match virtual machine principal id")
}
// Check bound subsriptions
// Check bound subscriptions
if len(role.BoundSubscriptionsIDs) > 0 && !strutil.StrListContains(role.BoundSubscriptionsIDs, subscriptionID) {
return errors.New("subscription not authorized")
}
@ -246,16 +234,11 @@ func (b *azureAuthBackend) pathLoginRenew(ctx context.Context, req *logical.Requ
return nil, fmt.Errorf("role %s does not exist during renewal", roleName)
}
// If 'Period' is set on the Role, the token should never expire.
// Replenish the TTL with 'Period's value.
if role.Period > time.Duration(0) {
// If 'Period' was updated after the token was issued,
// token will bear the updated 'Period' value as its TTL.
req.Auth.TTL = role.Period
return &logical.Response{Auth: req.Auth}, nil
}
return framework.LeaseExtend(role.TTL, role.MaxTTL, b.System())(ctx, req, data)
resp := &logical.Response{Auth: req.Auth}
resp.Auth.TTL = role.TTL
resp.Auth.MaxTTL = role.MaxTTL
resp.Auth.Period = role.Period
return resp, nil
}
type additionalClaims struct {

25
vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_role.go generated vendored
View file

@ -50,8 +50,7 @@ to 0, in which case the value will fall back to the system/mount defaults.`,
be renewed. Defaults to 0, in which case the value will fall back to the system/mount defaults.`,
},
"period": &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Default: 0,
Type: framework.TypeDurationSecond,
Description: `If set, indicates that the token generated using this role
should never expire. The token should be renewed within the
duration specified by this value. At each renewal, the token's
@ -243,9 +242,9 @@ func (b *azureAuthBackend) pathRoleCreateUpdate(ctx context.Context, req *logica
periodRaw, ok := data.GetOk("period")
if ok {
role.Period = time.Second * time.Duration(periodRaw.(int))
role.Period = time.Duration(periodRaw.(int)) * time.Second
} else if req.Operation == logical.CreateOperation {
role.Period = time.Second * time.Duration(data.Get("period").(int))
role.Period = time.Duration(data.Get("period").(int)) * time.Second
}
if role.Period > b.System().MaxLeaseTTL() {
return logical.ErrorResponse(fmt.Sprintf("'period' of '%q' is greater than the backend's maximum lease TTL of '%q'", role.Period.String(), b.System().MaxLeaseTTL().String())), nil
@ -261,15 +260,15 @@ func (b *azureAuthBackend) pathRoleCreateUpdate(ctx context.Context, req *logica
}
if tokenTTLRaw, ok := data.GetOk("ttl"); ok {
role.TTL = time.Second * time.Duration(tokenTTLRaw.(int))
role.TTL = time.Duration(tokenTTLRaw.(int)) * time.Second
} else if req.Operation == logical.CreateOperation {
role.TTL = time.Second * time.Duration(data.Get("ttl").(int))
role.TTL = time.Duration(data.Get("ttl").(int)) * time.Second
}
if tokenMaxTTLRaw, ok := data.GetOk("max_ttl"); ok {
role.MaxTTL = time.Second * time.Duration(tokenMaxTTLRaw.(int))
role.MaxTTL = time.Duration(tokenMaxTTLRaw.(int)) * time.Second
} else if req.Operation == logical.CreateOperation {
role.MaxTTL = time.Second * time.Duration(data.Get("max_ttl").(int))
role.MaxTTL = time.Duration(data.Get("max_ttl").(int)) * time.Second
}
if boundServicePrincipalIDs, ok := data.GetOk("bound_service_principal_ids"); ok {
@ -292,10 +291,18 @@ func (b *azureAuthBackend) pathRoleCreateUpdate(ctx context.Context, req *logica
role.BoundLocations = boundLocations.([]string)
}
if len(role.BoundServicePrincipalIDs) == 0 &&
len(role.BoundGroupIDs) == 0 &&
len(role.BoundSubscriptionsIDs) == 0 &&
len(role.BoundResourceGroups) == 0 &&
len(role.BoundLocations) == 0 {
return logical.ErrorResponse("must have at least one bound constraint when creating/updating a role"), nil
}
// Check that the TTL value provided is less than the MaxTTL.
// Sanitizing the TTL and MaxTTL is not required now and can be performed
// at credential issue time.
if role.MaxTTL > time.Duration(0) && role.TTL > role.MaxTTL {
if role.MaxTTL > 0 && role.TTL > role.MaxTTL {
return logical.ErrorResponse("ttl should not be greater than max_ttl"), nil
}

51
vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock generated vendored
View file

@ -67,7 +67,7 @@
branch = "master"
name = "github.com/hashicorp/go-hclog"
packages = ["."]
revision = "5bcb0f17e36442247290887cc914a6e507afa5c4"
revision = "69ff559dc25f3b435631604f573a5fa1efdb6433"
[[projects]]
branch = "master"
@ -79,7 +79,7 @@
branch = "master"
name = "github.com/hashicorp/go-plugin"
packages = ["."]
revision = "8068b0bdcfb702b4ab69d0e42c6023b4996c3026"
revision = "e8d22c780116115ae5624720c9af0c97afe4f551"
[[projects]]
branch = "master"
@ -97,7 +97,7 @@
branch = "master"
name = "github.com/hashicorp/go-version"
packages = ["."]
revision = "4fe82ae3040f80a03d04d2cccb5606a626b8e1ee"
revision = "23480c0665776210b5fbbac6eaaee40e3e6a96b7"
[[projects]]
branch = "master"
@ -122,7 +122,7 @@
"json/scanner",
"json/token"
]
revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8"
revision = "061bf373e402ebb186988085a71ac748949594a9"
[[projects]]
branch = "master"
@ -135,8 +135,7 @@
"helper/errutil",
"helper/jsonutil",
"helper/locksutil",
"helper/logbridge",
"helper/logformat",
"helper/logging",
"helper/mlock",
"helper/parseutil",
"helper/password",
@ -153,7 +152,7 @@
"physical/inmem",
"version"
]
revision = "f90c4c9c12a5c25d9eb79a4e0a6b3bd89c7b2c01"
revision = "26487ae3d34a4d9d2c021ef19f5a8b4d08783d8d"
[[projects]]
branch = "master"
@ -161,30 +160,6 @@
packages = ["."]
revision = "2658be15c5f05e76244154714161f17e3e77de2e"
[[projects]]
name = "github.com/mattn/go-colorable"
packages = ["."]
revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
version = "v0.0.9"
[[projects]]
name = "github.com/mattn/go-isatty"
packages = ["."]
revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"
version = "v0.0.3"
[[projects]]
branch = "master"
name = "github.com/mgutz/ansi"
packages = ["."]
revision = "9520e82c474b0a04dd04f8a40959027271bab992"
[[projects]]
name = "github.com/mgutz/logxi"
packages = ["v1"]
revision = "aebf8a7d67ab4625e0fd4a665766fef9a709161b"
version = "v1"
[[projects]]
branch = "master"
name = "github.com/mitchellh/go-homedir"
@ -225,7 +200,7 @@
branch = "master"
name = "golang.org/x/crypto"
packages = ["ssh/terminal"]
revision = "c3a3ad6d03f7a915c0f7e194b7152974bb73d287"
revision = "b2aa35443fbc700ab74c586ae79b81c171851023"
[[projects]]
branch = "master"
@ -239,7 +214,7 @@
"lex/httplex",
"trace"
]
revision = "6078986fec03a1dcc236c34816c71b0e05018fda"
revision = "b68f30494add4df6bd8ef5e82803f308e7f7c59c"
[[projects]]
branch = "master"
@ -248,7 +223,7 @@
"unix",
"windows"
]
revision = "7ceb54c8418b8f9cdf0177b511d5cbb06e9fae39"
revision = "378d26f46672a356c46195c28f61bdb4c0a781dd"
[[projects]]
name = "golang.org/x/text"
@ -275,7 +250,7 @@
branch = "master"
name = "google.golang.org/genproto"
packages = ["googleapis/rpc/status"]
revision = "f8c8703595236ae70fdf8789ecb656ea0bcdcf46"
revision = "35de2414665fc36f56b72d982c5af480d86de5ab"
[[projects]]
name = "google.golang.org/grpc"
@ -306,12 +281,12 @@
"tap",
"transport"
]
revision = "8e4536a86ab602859c20df5ebfd0bd4228d08655"
version = "v1.10.0"
revision = "1e2570b1b19ade82d8dbb31bba4e65e9f9ef5b34"
version = "v1.11.1"
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "2eff6761499c3523a5e35b28372261854d82ff51a6b5cc3aead2d373e7a2a7cd"
inputs-digest = "3ecee3c628919dbb9661e17bc01e8a786a3eb5c615c5e3b4d979f9a90944a734"
solver-name = "gps-cdcl"
solver-version = 1

4
vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.toml generated vendored
View file

@ -37,10 +37,6 @@
name = "github.com/hashicorp/vault"
branch = "master"
[[constraint]]
name = "github.com/mgutz/logxi"
version = "1.0.0"
[prune]
go-tests = true
unused-packages = true

11
vendor/github.com/hashicorp/vault-plugin-auth-centrify/path_config.go generated vendored
View file

@ -164,12 +164,11 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, data
resp := &logical.Response{
Data: map[string]interface{}{
"client_id": config.ClientID,
"client_secret": config.ClientSecret,
"service_url": config.ServiceURL,
"app_id": config.AppID,
"scope": config.Scope,
"policies": config.Policies,
"client_id": config.ClientID,
"service_url": config.ServiceURL,
"app_id": config.AppID,
"scope": config.Scope,
"policies": config.Policies,
},
}
return resp, nil

4
vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go generated vendored
View file

@ -10,8 +10,6 @@ import (
"github.com/hashicorp/vault/logical/framework"
)
const warningACLReadAccess string = "Read access to this endpoint should be controlled via ACLs as it will return the configuration information as-is, including any passwords."
func pathConfig(b *GcpAuthBackend) *framework.Path {
return &framework.Path{
Pattern: "config",
@ -78,13 +76,11 @@ func (b *GcpAuthBackend) pathConfigRead(ctx context.Context, req *logical.Reques
"client_email": config.Credentials.ClientEmail,
"client_id": config.Credentials.ClientId,
"private_key_id": config.Credentials.PrivateKeyId,
"private_key": config.Credentials.PrivateKey,
"project_id": config.Credentials.ProjectId,
"google_certs_endpoint": config.GoogleCertsEndpoint,
},
}
resp.AddWarning(warningACLReadAccess)
return resp, nil
}

43
vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go generated vendored
View file

@ -95,14 +95,11 @@ func (b *GcpAuthBackend) pathLoginRenew(ctx context.Context, req *logical.Reques
return nil, fmt.Errorf("unexpected role type '%s' for login renewal", role.RoleType)
}
// If 'Period' is set on the Role, the token should never expire.
if role.Period > 0 {
// Replenish the TTL with current role's Period.
req.Auth.TTL = role.Period
return &logical.Response{Auth: req.Auth}, nil
} else {
return framework.LeaseExtend(role.TTL, role.MaxTTL, b.System())(ctx, req, data)
}
resp := &logical.Response{Auth: req.Auth}
resp.Auth.Period = role.Period
resp.Auth.TTL = role.TTL
resp.Auth.MaxTTL = role.MaxTTL
return resp, nil
}
// gcpLoginInfo represents the data given to Vault for logging in using the IAM method.
@ -317,24 +314,11 @@ func (b *GcpAuthBackend) pathIamLogin(ctx context.Context, req *logical.Request,
LeaseOptions: logical.LeaseOptions{
Renewable: true,
TTL: role.TTL,
MaxTTL: role.MaxTTL,
},
},
}
if role.MaxTTL > time.Duration(0) {
// Cap maxTTL to the sysview's max TTL
maxTTL := role.MaxTTL
if maxTTL > b.System().MaxLeaseTTL() {
maxTTL = b.System().MaxLeaseTTL()
}
// Cap TTL to MaxTTL
if resp.Auth.TTL > maxTTL {
resp.AddWarning(fmt.Sprintf("Effective TTL of '%s' exceeded the effective max_ttl of '%s'; TTL value is capped accordingly", (resp.Auth.TTL / time.Second), (maxTTL / time.Second)))
resp.Auth.TTL = maxTTL
}
}
return resp, nil
}
@ -447,24 +431,11 @@ func (b *GcpAuthBackend) pathGceLogin(ctx context.Context, req *logical.Request,
LeaseOptions: logical.LeaseOptions{
Renewable: true,
TTL: role.TTL,
MaxTTL: role.MaxTTL,
},
},
}
if role.MaxTTL > time.Duration(0) {
// Cap maxTTL to the sysview's max TTL
maxTTL := role.MaxTTL
if maxTTL > b.System().MaxLeaseTTL() {
maxTTL = b.System().MaxLeaseTTL()
}
// Cap TTL to MaxTTL
if resp.Auth.TTL > maxTTL {
resp.AddWarning(fmt.Sprintf("Effective TTL of '%s' exceeded the effective max_ttl of '%s'; TTL value is capped accordingly", (resp.Auth.TTL / time.Second), (maxTTL / time.Second)))
resp.Auth.TTL = maxTTL
}
}
return resp, nil
}

77
vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock generated vendored
View file

@ -49,25 +49,25 @@
branch = "master"
name = "github.com/go-openapi/jsonpointer"
packages = ["."]
revision = "779f45308c19820f1a69e9a4cd965f496e0da10f"
revision = "3a0015ad55fa9873f41605d3e8f28cd279c32ab2"
[[projects]]
branch = "master"
name = "github.com/go-openapi/jsonreference"
packages = ["."]
revision = "36d33bfe519efae5632669801b180bf1a245da3b"
revision = "3fb327e6747da3043567ee86abd02bb6376b6be2"
[[projects]]
branch = "master"
name = "github.com/go-openapi/spec"
packages = ["."]
revision = "1de3e0542de65ad8d75452a595886fdd0befb363"
revision = "9acd88844bc186c3ec7f318cd3d56f1114b4ab99"
[[projects]]
branch = "master"
name = "github.com/go-openapi/swag"
packages = ["."]
revision = "0d03ad0b6405ada874d59d97c416b5cf4234e154"
revision = "ceb469cb0fdf2d792f28d771bc05da6c606f55e5"
[[projects]]
name = "github.com/gogo/protobuf"
@ -124,7 +124,7 @@
branch = "master"
name = "github.com/hashicorp/go-hclog"
packages = ["."]
revision = "5bcb0f17e36442247290887cc914a6e507afa5c4"
revision = "69ff559dc25f3b435631604f573a5fa1efdb6433"
[[projects]]
branch = "master"
@ -136,7 +136,7 @@
branch = "master"
name = "github.com/hashicorp/go-plugin"
packages = ["."]
revision = "baa83ead6ff956b3f99bcd609ae3499c028e019e"
revision = "e8d22c780116115ae5624720c9af0c97afe4f551"
[[projects]]
branch = "master"
@ -148,13 +148,13 @@
branch = "master"
name = "github.com/hashicorp/go-uuid"
packages = ["."]
revision = "64130c7a86d732268a38cb04cfbaf0cc987fda98"
revision = "27454136f0364f2d44b1276c552d69105cf8c498"
[[projects]]
branch = "master"
name = "github.com/hashicorp/go-version"
packages = ["."]
revision = "4fe82ae3040f80a03d04d2cccb5606a626b8e1ee"
revision = "23480c0665776210b5fbbac6eaaee40e3e6a96b7"
[[projects]]
branch = "master"
@ -179,7 +179,7 @@
"json/scanner",
"json/token"
]
revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8"
revision = "061bf373e402ebb186988085a71ac748949594a9"
[[projects]]
branch = "master"
@ -192,8 +192,7 @@
"helper/errutil",
"helper/jsonutil",
"helper/locksutil",
"helper/logbridge",
"helper/logformat",
"helper/logging",
"helper/mlock",
"helper/parseutil",
"helper/pluginutil",
@ -209,13 +208,13 @@
"physical/inmem",
"version"
]
revision = "e296886cb6531a8283920cf3d7f30018d59d662d"
revision = "205c40489422f350b58e3d57b242fe8e6e36134a"
[[projects]]
branch = "master"
name = "github.com/hashicorp/yamux"
packages = ["."]
revision = "683f49123a33db61abfb241b7ac5e4af4dc54d55"
revision = "2658be15c5f05e76244154714161f17e3e77de2e"
[[projects]]
branch = "master"
@ -225,31 +224,7 @@
"jlexer",
"jwriter"
]
revision = "32fa128f234d041f196a9f3e0fea5ac9772c08e1"
[[projects]]
name = "github.com/mattn/go-colorable"
packages = ["."]
revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072"
version = "v0.0.9"
[[projects]]
name = "github.com/mattn/go-isatty"
packages = ["."]
revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39"
version = "v0.0.3"
[[projects]]
branch = "master"
name = "github.com/mgutz/ansi"
packages = ["."]
revision = "9520e82c474b0a04dd04f8a40959027271bab992"
[[projects]]
name = "github.com/mgutz/logxi"
packages = ["v1"]
revision = "aebf8a7d67ab4625e0fd4a665766fef9a709161b"
version = "v1"
revision = "8b799c424f57fa123fc63a99d6383bc6e4c02578"
[[projects]]
branch = "master"
@ -285,7 +260,7 @@
branch = "master"
name = "github.com/sethgrid/pester"
packages = ["."]
revision = "b18953f5db2922a73aaf89652abf7b5ee95cb516"
revision = "ed9870dad3170c0b25ab9b11830cc57c3a7798fb"
[[projects]]
name = "github.com/spf13/pflag"
@ -305,13 +280,13 @@
"lex/httplex",
"trace"
]
revision = "cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb"
revision = "b68f30494add4df6bd8ef5e82803f308e7f7c59c"
[[projects]]
branch = "master"
name = "golang.org/x/sys"
packages = ["unix"]
revision = "f6cff0780e542efa0c8e864dc8fa522808f6a598"
revision = "378d26f46672a356c46195c28f61bdb4c0a781dd"
[[projects]]
name = "golang.org/x/text"
@ -339,7 +314,7 @@
branch = "master"
name = "google.golang.org/genproto"
packages = ["googleapis/rpc/status"]
revision = "2b5a72b8730b0b16380010cfe5286c42108d88e7"
revision = "35de2414665fc36f56b72d982c5af480d86de5ab"
[[projects]]
name = "google.golang.org/grpc"
@ -370,26 +345,26 @@
"tap",
"transport"
]
revision = "8e4536a86ab602859c20df5ebfd0bd4228d08655"
version = "v1.10.0"
revision = "1e2570b1b19ade82d8dbb31bba4e65e9f9ef5b34"
version = "v1.11.1"
[[projects]]
name = "gopkg.in/inf.v0"
packages = ["."]
revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4"
version = "v0.9.0"
revision = "d2d2541c53f18d2a059457998ce2876cc8e67cbf"
version = "v0.9.1"
[[projects]]
name = "gopkg.in/yaml.v2"
packages = ["."]
revision = "7f97868eec74b32b0982dd158a51a446d1da7eb5"
version = "v2.1.1"
revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183"
version = "v2.2.1"
[[projects]]
branch = "release-1.8"
name = "k8s.io/api"
packages = ["authentication/v1"]
revision = "389dfa299845bcf399c16af89987e8775718ea48"
revision = "3c2a58f9923aeb5d27fa4d91249e45a1460ca3bd"
[[projects]]
branch = "release-1.8"
@ -417,7 +392,7 @@
"pkg/watch",
"third_party/forked/golang/reflect"
]
revision = "4972c8e335e32ab65ba45bde0a99c6544c8a8e4c"
revision = "ab7fc865fb0881d161f37adef3e5a67b89a18d05"
[[projects]]
branch = "master"
@ -428,6 +403,6 @@
[solve-meta]
analyzer-name = "dep"
analyzer-version = 1
inputs-digest = "88822523ccf1a3b5ac409bbc717788f0a34ee921ddb7a32e8939179dc6f7d02d"
inputs-digest = "a69af5a76c28ebbd0b1a9adcdad48149c12ee59f167992d6581fe9269ccec8f3"
solver-name = "gps-cdcl"
solver-version = 1

4
vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.toml generated vendored
View file

@ -41,10 +41,6 @@
name = "github.com/hashicorp/vault"
branch = "master"
[[constraint]]
name = "github.com/mgutz/logxi"
version = "1.0.0"
[[constraint]]
branch = "master"
name = "github.com/mitchellh/mapstructure"

2
vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/README.md generated vendored
View file

@ -7,7 +7,7 @@ This plugin allows for Kubernetes Service Accounts to authenticate with Vault.
## Quick Links
- Vault Website: https://www.vaultproject.io
- Kunernetes Auth Docs: https://www.vaultproject.io/docs/auth/kubernetes.html
- Kubernetes Auth Docs: https://www.vaultproject.io/docs/auth/kubernetes.html
- Main Project Github: https://www.github.com/hashicorp/vault

3
vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go generated vendored
View file

@ -13,8 +13,6 @@ import (
"github.com/hashicorp/vault/logical/framework"
)
const warningACLReadAccess string = "Read access to this endpoint should be controlled via ACLs as it will return the configuration information as-is, including any passwords."
// pathConfig returns the path configuration for CRUD operations on the backend
// configuration.
func pathConfig(b *kubeAuthBackend) *framework.Path {
@ -67,7 +65,6 @@ func (b *kubeAuthBackend) pathConfigRead() framework.OperationFunc {
Data: map[string]interface{}{
"kubernetes_host": config.Host,
"kubernetes_ca_cert": config.CACert,
"token_reviewer_jwt": config.TokenReviewerJWT,
"pem_keys": config.PEMKeys,
},
}

25
vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_login.go generated vendored
View file

@ -6,7 +6,6 @@ import (
"crypto/rsa"
"errors"
"fmt"
"time"
"github.com/SermoDigital/jose/crypto"
"github.com/SermoDigital/jose/jws"
@ -119,18 +118,11 @@ func (b *kubeAuthBackend) pathLogin() framework.OperationFunc {
LeaseOptions: logical.LeaseOptions{
Renewable: true,
TTL: role.TTL,
MaxTTL: role.MaxTTL,
},
},
}
// If 'Period' is set, use the value of 'Period' as the TTL.
// Otherwise, set the normal TTL.
if role.Period > time.Duration(0) {
resp.Auth.TTL = role.Period
} else {
resp.Auth.TTL = role.TTL
}
return resp, nil
}
}
@ -329,16 +321,11 @@ func (b *kubeAuthBackend) pathLoginRenew() framework.OperationFunc {
return nil, fmt.Errorf("role %s does not exist during renewal", roleName)
}
// If 'Period' is set on the Role, the token should never expire.
// Replenish the TTL with 'Period's value.
if role.Period > time.Duration(0) {
// If 'Period' was updated after the token was issued,
// token will bear the updated 'Period' value as its TTL.
req.Auth.TTL = role.Period
return &logical.Response{Auth: req.Auth}, nil
}
return framework.LeaseExtend(role.TTL, role.MaxTTL, b.System())(ctx, req, data)
resp := &logical.Response{Auth: req.Auth}
resp.Auth.TTL = role.TTL
resp.Auth.MaxTTL = role.MaxTTL
resp.Auth.Period = role.Period
return resp, nil
}
}

9
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/backend.go generated vendored
View file

@ -2,6 +2,11 @@ package gcpsecrets
import (
"context"
"net/http"
"strings"
"sync"
"time"
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-gcp-common/gcputil"
"github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil"
@ -9,10 +14,6 @@ import (
"github.com/hashicorp/vault/logical/framework"
"golang.org/x/oauth2"
"google.golang.org/api/iam/v1"
"net/http"
"strings"
"sync"
"time"
)
type backend struct {

3
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_handle.go generated vendored
View file

@ -3,10 +3,11 @@ package iamutil
import (
"context"
"encoding/json"
"net/http"
"github.com/hashicorp/errwrap"
"google.golang.org/api/gensupport"
"google.golang.org/api/googleapi"
"net/http"
)
type IamHandle struct {

1
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_policy.go generated vendored
View file

@ -2,6 +2,7 @@ package iamutil
import (
"fmt"
"github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util"
)

5
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources.go generated vendored
View file

@ -5,12 +5,13 @@ package iamutil
import (
"errors"
"fmt"
"github.com/hashicorp/go-gcp-common/gcputil"
"google.golang.org/api/googleapi"
"io"
"net/http"
"net/url"
"strings"
"github.com/hashicorp/go-gcp-common/gcputil"
"google.golang.org/api/googleapi"
)
const (

8
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_config.go generated vendored
View file

@ -3,14 +3,11 @@ package gcpsecrets
import (
"context"
"fmt"
"time"
"github.com/hashicorp/go-gcp-common/gcputil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
"time"
)
const (
cfgReadWarning = "omitted sensitive credentials from read output"
)
func pathConfig(b *backend) *framework.Path {
@ -55,7 +52,6 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, data
"ttl": int64(cfg.TTL / time.Second),
"max_ttl": int64(cfg.MaxTTL / time.Second),
},
Warnings: []string{cfgReadWarning},
}, nil
}

1
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_role_set.go generated vendored
View file

@ -4,6 +4,7 @@ import (
"context"
"errors"
"fmt"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil"
"github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util"

3
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/role_set.go generated vendored
View file

@ -6,6 +6,8 @@ import (
"encoding/base64"
"errors"
"fmt"
"time"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-gcp-common/gcputil"
"github.com/hashicorp/go-multierror"
@ -15,7 +17,6 @@ import (
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
"google.golang.org/api/iam/v1"
"time"
)
const (

1
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/rollback.go generated vendored
View file

@ -3,6 +3,7 @@ package gcpsecrets
import (
"context"
"fmt"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-gcp-common/gcputil"
"github.com/hashicorp/go-multierror"

11
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_access_token.go generated vendored
View file

@ -5,6 +5,10 @@ import (
"encoding/base64"
"errors"
"fmt"
"net/http"
"net/url"
"time"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
@ -12,9 +16,6 @@ import (
"golang.org/x/oauth2/google"
"google.golang.org/api/googleapi"
"google.golang.org/api/iam/v1"
"net/http"
"net/url"
"time"
)
const (
@ -129,8 +130,8 @@ func (b *backend) getSecretAccessToken(ctx context.Context, s logical.Storage, r
"role_set_bindings": rs.bindingHash(),
}
resp := b.Secret(SecretTypeAccessToken).Response(secretD, internalD)
resp.Secret.LeaseOptions.TTL = token.Expiry.Sub(time.Now())
resp.Secret.LeaseOptions.Renewable = false
resp.Secret.TTL = token.Expiry.Sub(time.Now())
resp.Secret.Renewable = false
return resp, err
}

29
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_service_account_key.go generated vendored
View file

@ -3,11 +3,11 @@ package gcpsecrets
import (
"context"
"fmt"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
"google.golang.org/api/iam/v1"
"time"
)
const (
@ -102,8 +102,10 @@ func (b *backend) secretKeyRenew(ctx context.Context, req *logical.Request, d *f
cfg = &config{}
}
f := framework.LeaseExtend(cfg.TTL, cfg.MaxTTL, b.System())
return f(ctx, req, d)
resp.Secret = req.Secret
resp.Secret.TTL = cfg.TTL
resp.Secret.MaxTTL = cfg.MaxTTL
return resp, nil
}
func (b *backend) verifySecretServiceKeyExists(ctx context.Context, req *logical.Request) (*logical.Response, error) {
@ -164,26 +166,10 @@ func secretKeyRevoke(ctx context.Context, req *logical.Request, d *framework.Fie
}
func (b *backend) getSecretKey(ctx context.Context, s logical.Storage, rs *RoleSet, keyType, keyAlgorithm string) (*logical.Response, error) {
var ttl time.Duration
cfg, err := getConfig(ctx, s)
if err != nil {
return nil, errwrap.Wrapf("could not read backend config: {{err}}", err)
}
max := b.System().MaxLeaseTTL()
if cfg == nil {
ttl = b.System().DefaultLeaseTTL()
} else {
if cfg.MaxTTL != 0 && cfg.MaxTTL < max {
max = cfg.MaxTTL
}
if cfg.TTL > 0 {
ttl = cfg.TTL
}
}
if ttl > max {
ttl = max
}
iamC, err := newIamAdmin(ctx, s)
if err != nil {
@ -216,8 +202,9 @@ func (b *backend) getSecretKey(ctx context.Context, s logical.Storage, rs *RoleS
}
resp := b.Secret(SecretTypeKey).Response(secretD, internalD)
resp.Secret.LeaseOptions.TTL = ttl
resp.Secret.LeaseOptions.Renewable = true
resp.Secret.TTL = cfg.TTL
resp.Secret.MaxTTL = cfg.MaxTTL
resp.Secret.Renewable = true
return resp, nil
}

7
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/parse_bindings.go generated vendored
View file

@ -5,13 +5,14 @@ import (
"encoding/base64"
"errors"
"fmt"
"io/ioutil"
"strings"
"text/template"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/go-multierror"
"github.com/hashicorp/hcl"
"github.com/hashicorp/hcl/hcl/ast"
"io/ioutil"
"strings"
"text/template"
)
const bindingTemplate = "util/bindings_template"

3
vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/testing.go generated vendored
View file

@ -1,9 +1,10 @@
package util
import (
"github.com/hashicorp/go-gcp-common/gcputil"
"os"
"testing"
"github.com/hashicorp/go-gcp-common/gcputil"
)
const googleCredentialsEnv = "TEST_GOOGLE_CREDENTIALS"

46
vendor/vendor.json vendored
View file

@ -1279,52 +1279,52 @@
"revisionTime": "2018-02-03T00:31:27Z"
},
{
"checksumSHA1": "C6sgT2K7ZAv4y/MFMWppVs7oqTM=",
"checksumSHA1": "EICjMIsgJ+wPE15LeQMZwh5CSjg=",
"path": "github.com/hashicorp/vault-plugin-auth-azure/plugin",
"revision": "29767bb64e3fd21c7661a5008aa62a2eda1aebb8",
"revisionTime": "2018-03-23T20:42:11Z"
"revision": "cae8d43247122bd4d0fe0a765568e27fbea8b6bb",
"revisionTime": "2018-04-03T22:17:13Z"
},
{
"checksumSHA1": "xApm6AbAzE3wMLMaozaZ53pb7AU=",
"checksumSHA1": "z3uh8zJmu5wVa22xfPcTt5JDBJg=",
"path": "github.com/hashicorp/vault-plugin-auth-centrify",
"revision": "28c35cabb20c9dc4100d1c322cb88a841a2b29a9",
"revisionTime": "2018-03-20T18:08:51Z"
"revision": "3bf2341fe15ee93c6b42c600c51eadde9a707941",
"revisionTime": "2018-04-03T19:19:30Z"
},
{
"checksumSHA1": "eVlMWanJ2W+/9c1kz72iefRcrYM=",
"checksumSHA1": "vEweDZmRP5eIif9mmvuIruZZmbU=",
"path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin",
"revision": "64da7a2f54258c792f2b594e3fbad5b73877de68",
"revisionTime": "2018-03-20T18:07:35Z"
"revision": "802aebd1f7f76aba82863a7e4b1daef0e4186a4f",
"revisionTime": "2018-04-03T18:54:50Z"
},
{
"checksumSHA1": "ffJQvzbQvmCG/PdaElGSfGnDgNM=",
"path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin/util",
"revision": "64da7a2f54258c792f2b594e3fbad5b73877de68",
"revisionTime": "2018-03-20T18:07:35Z"
"revision": "802aebd1f7f76aba82863a7e4b1daef0e4186a4f",
"revisionTime": "2018-04-03T18:54:50Z"
},
{
"checksumSHA1": "O0HdHCxJRoDUYlBts3MfjLEgPXI=",
"checksumSHA1": "I3b7HgnguhModU0rkNBp3PjzpZ8=",
"path": "github.com/hashicorp/vault-plugin-auth-kubernetes",
"revision": "6c7dd3f219b06c4fa249bff2b859733a2f262e3b",
"revisionTime": "2018-03-20T18:05:36Z"
"revision": "d3c2f16719dedd34911cd626a98bd5879e1caaff",
"revisionTime": "2018-04-03T19:54:48Z"
},
{
"checksumSHA1": "w+bhfXfIBMWNMuH2SJqw6Y5c6mk=",
"checksumSHA1": "0wzWab/JiPNjFvIx3yg5ztABJ7M=",
"path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin",
"revision": "7633b05ac6d9a8f77f9255ef5aea09f35a145b0b",
"revisionTime": "2018-03-22T03:06:48Z"
"revision": "963249c4107fa592ba935ccdddd07155214a83bd",
"revisionTime": "2018-04-03T22:22:59Z"
},
{
"checksumSHA1": "0bNwTVNqwHHUJ+r1usgdtGsiSJs=",
"checksumSHA1": "sV9w7yCitfGr2/4RjdKkdZjYAmA=",
"path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil",
"revision": "69b9785fc3a7b4e7ca40c13f1d5b6284d43bf273",
"revisionTime": "2018-03-21T19:18:39Z"
"revision": "963249c4107fa592ba935ccdddd07155214a83bd",
"revisionTime": "2018-04-03T22:22:59Z"
},
{
"checksumSHA1": "qF5wbamqBc44thWKDSmF8ayi6nI=",
"checksumSHA1": "81kYL49zTBoj1NYczxB2Xbr2d6Y=",
"path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util",
"revision": "69b9785fc3a7b4e7ca40c13f1d5b6284d43bf273",
"revisionTime": "2018-03-21T19:18:39Z"
"revision": "963249c4107fa592ba935ccdddd07155214a83bd",
"revisionTime": "2018-04-03T22:22:59Z"
},
{
"checksumSHA1": "4Sp0A91EzXy/7mhDadD+2kH7gGk=",