From 4a45851681e18fb3f43efaae2d7498ba29a8ee85 Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Tue, 3 Apr 2018 22:40:35 -0400 Subject: [PATCH] Update plugins --- .../plugin/path_config.go | 9 +-- .../plugin/path_login.go | 37 +++------ .../plugin/path_role.go | 25 +++--- .../vault-plugin-auth-centrify/Gopkg.lock | 51 ++++-------- .../vault-plugin-auth-centrify/Gopkg.toml | 4 - .../vault-plugin-auth-centrify/path_config.go | 11 ++- .../plugin/path_config.go | 4 - .../plugin/path_login.go | 43 ++--------- .../vault-plugin-auth-kubernetes/Gopkg.lock | 77 +++++++------------ .../vault-plugin-auth-kubernetes/Gopkg.toml | 4 - .../vault-plugin-auth-kubernetes/README.md | 2 +- .../path_config.go | 3 - .../path_login.go | 25 ++---- .../plugin/backend.go | 9 ++- .../plugin/iamutil/iam_handle.go | 3 +- .../plugin/iamutil/iam_policy.go | 1 + .../plugin/iamutil/iam_resources.go | 5 +- .../plugin/path_config.go | 8 +- .../plugin/path_role_set.go | 1 + .../plugin/role_set.go | 3 +- .../plugin/rollback.go | 1 + .../plugin/secrets_access_token.go | 11 +-- .../plugin/secrets_service_account_key.go | 29 ++----- .../plugin/util/parse_bindings.go | 7 +- .../plugin/util/testing.go | 3 +- vendor/vendor.json | 46 +++++------ 26 files changed, 148 insertions(+), 274 deletions(-) diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_config.go index 8152df5e1..1e434fd32 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_config.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_config.go @@ -147,11 +147,10 @@ func (b *azureAuthBackend) pathConfigRead(ctx context.Context, req *logical.Requ resp := &logical.Response{ Data: map[string]interface{}{ - "tenant_id": config.TenantID, - "resource": config.Resource, - "environment": config.Environment, - "client_id": config.ClientID, - "client_secret": config.ClientSecret, + "tenant_id": config.TenantID, + "resource": config.Resource, + "environment": config.Environment, + "client_id": config.ClientID, }, } return resp, nil diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_login.go b/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_login.go index ecce90688..048b5bfa3 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_login.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_login.go @@ -121,6 +121,7 @@ func (b *azureAuthBackend) pathLogin(ctx context.Context, req *logical.Request, LeaseOptions: logical.LeaseOptions{ Renewable: true, TTL: role.TTL, + MaxTTL: role.MaxTTL, }, }, } @@ -135,21 +136,6 @@ func (b *azureAuthBackend) pathLogin(ctx context.Context, req *logical.Request, }) } - if resp.Auth.TTL == 0 { - resp.Auth.TTL = b.System().DefaultLeaseTTL() - } - if role.MaxTTL > 0 { - maxTTL := role.MaxTTL - if maxTTL > b.System().MaxLeaseTTL() { - maxTTL = b.System().MaxLeaseTTL() - } - - if resp.Auth.TTL > maxTTL { - resp.Auth.TTL = maxTTL - resp.AddWarning(fmt.Sprintf("Effective TTL of '%s' exceeded the effective max_ttl of '%s'; TTL value is capped accordingly", resp.Auth.TTL, maxTTL)) - } - } - return resp, nil } @@ -159,7 +145,9 @@ func (b *azureAuthBackend) verifyClaims(claims *additionalClaims, role *azureRol return fmt.Errorf("token is not yet valid (Token Not Before: %v)", notBefore) } - if len(role.BoundServicePrincipalIDs) > 0 { + switch { + case len(role.BoundServicePrincipalIDs) == 1 && role.BoundServicePrincipalIDs[0] == "*": + case len(role.BoundServicePrincipalIDs) > 0: if !strutil.StrListContains(role.BoundServicePrincipalIDs, claims.ObjectID) { return fmt.Errorf("service principal not authorized: %s", claims.ObjectID) } @@ -208,7 +196,7 @@ func (b *azureAuthBackend) verifyResource(ctx context.Context, subscriptionID, r return errors.New("token object id does not match virtual machine principal id") } - // Check bound subsriptions + // Check bound subscriptions if len(role.BoundSubscriptionsIDs) > 0 && !strutil.StrListContains(role.BoundSubscriptionsIDs, subscriptionID) { return errors.New("subscription not authorized") } @@ -246,16 +234,11 @@ func (b *azureAuthBackend) pathLoginRenew(ctx context.Context, req *logical.Requ return nil, fmt.Errorf("role %s does not exist during renewal", roleName) } - // If 'Period' is set on the Role, the token should never expire. - // Replenish the TTL with 'Period's value. - if role.Period > time.Duration(0) { - // If 'Period' was updated after the token was issued, - // token will bear the updated 'Period' value as its TTL. - req.Auth.TTL = role.Period - return &logical.Response{Auth: req.Auth}, nil - } - - return framework.LeaseExtend(role.TTL, role.MaxTTL, b.System())(ctx, req, data) + resp := &logical.Response{Auth: req.Auth} + resp.Auth.TTL = role.TTL + resp.Auth.MaxTTL = role.MaxTTL + resp.Auth.Period = role.Period + return resp, nil } type additionalClaims struct { diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_role.go b/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_role.go index d5f8e6731..6e2c1280c 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_role.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-azure/plugin/path_role.go @@ -50,8 +50,7 @@ to 0, in which case the value will fall back to the system/mount defaults.`, be renewed. Defaults to 0, in which case the value will fall back to the system/mount defaults.`, }, "period": &framework.FieldSchema{ - Type: framework.TypeDurationSecond, - Default: 0, + Type: framework.TypeDurationSecond, Description: `If set, indicates that the token generated using this role should never expire. The token should be renewed within the duration specified by this value. At each renewal, the token's @@ -243,9 +242,9 @@ func (b *azureAuthBackend) pathRoleCreateUpdate(ctx context.Context, req *logica periodRaw, ok := data.GetOk("period") if ok { - role.Period = time.Second * time.Duration(periodRaw.(int)) + role.Period = time.Duration(periodRaw.(int)) * time.Second } else if req.Operation == logical.CreateOperation { - role.Period = time.Second * time.Duration(data.Get("period").(int)) + role.Period = time.Duration(data.Get("period").(int)) * time.Second } if role.Period > b.System().MaxLeaseTTL() { return logical.ErrorResponse(fmt.Sprintf("'period' of '%q' is greater than the backend's maximum lease TTL of '%q'", role.Period.String(), b.System().MaxLeaseTTL().String())), nil @@ -261,15 +260,15 @@ func (b *azureAuthBackend) pathRoleCreateUpdate(ctx context.Context, req *logica } if tokenTTLRaw, ok := data.GetOk("ttl"); ok { - role.TTL = time.Second * time.Duration(tokenTTLRaw.(int)) + role.TTL = time.Duration(tokenTTLRaw.(int)) * time.Second } else if req.Operation == logical.CreateOperation { - role.TTL = time.Second * time.Duration(data.Get("ttl").(int)) + role.TTL = time.Duration(data.Get("ttl").(int)) * time.Second } if tokenMaxTTLRaw, ok := data.GetOk("max_ttl"); ok { - role.MaxTTL = time.Second * time.Duration(tokenMaxTTLRaw.(int)) + role.MaxTTL = time.Duration(tokenMaxTTLRaw.(int)) * time.Second } else if req.Operation == logical.CreateOperation { - role.MaxTTL = time.Second * time.Duration(data.Get("max_ttl").(int)) + role.MaxTTL = time.Duration(data.Get("max_ttl").(int)) * time.Second } if boundServicePrincipalIDs, ok := data.GetOk("bound_service_principal_ids"); ok { @@ -292,10 +291,18 @@ func (b *azureAuthBackend) pathRoleCreateUpdate(ctx context.Context, req *logica role.BoundLocations = boundLocations.([]string) } + if len(role.BoundServicePrincipalIDs) == 0 && + len(role.BoundGroupIDs) == 0 && + len(role.BoundSubscriptionsIDs) == 0 && + len(role.BoundResourceGroups) == 0 && + len(role.BoundLocations) == 0 { + return logical.ErrorResponse("must have at least one bound constraint when creating/updating a role"), nil + } + // Check that the TTL value provided is less than the MaxTTL. // Sanitizing the TTL and MaxTTL is not required now and can be performed // at credential issue time. - if role.MaxTTL > time.Duration(0) && role.TTL > role.MaxTTL { + if role.MaxTTL > 0 && role.TTL > role.MaxTTL { return logical.ErrorResponse("ttl should not be greater than max_ttl"), nil } diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock index 787562a18..80bf9fbd1 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.lock @@ -67,7 +67,7 @@ branch = "master" name = "github.com/hashicorp/go-hclog" packages = ["."] - revision = "5bcb0f17e36442247290887cc914a6e507afa5c4" + revision = "69ff559dc25f3b435631604f573a5fa1efdb6433" [[projects]] branch = "master" @@ -79,7 +79,7 @@ branch = "master" name = "github.com/hashicorp/go-plugin" packages = ["."] - revision = "8068b0bdcfb702b4ab69d0e42c6023b4996c3026" + revision = "e8d22c780116115ae5624720c9af0c97afe4f551" [[projects]] branch = "master" @@ -97,7 +97,7 @@ branch = "master" name = "github.com/hashicorp/go-version" packages = ["."] - revision = "4fe82ae3040f80a03d04d2cccb5606a626b8e1ee" + revision = "23480c0665776210b5fbbac6eaaee40e3e6a96b7" [[projects]] branch = "master" @@ -122,7 +122,7 @@ "json/scanner", "json/token" ] - revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8" + revision = "061bf373e402ebb186988085a71ac748949594a9" [[projects]] branch = "master" @@ -135,8 +135,7 @@ "helper/errutil", "helper/jsonutil", "helper/locksutil", - "helper/logbridge", - "helper/logformat", + "helper/logging", "helper/mlock", "helper/parseutil", "helper/password", @@ -153,7 +152,7 @@ "physical/inmem", "version" ] - revision = "f90c4c9c12a5c25d9eb79a4e0a6b3bd89c7b2c01" + revision = "26487ae3d34a4d9d2c021ef19f5a8b4d08783d8d" [[projects]] branch = "master" @@ -161,30 +160,6 @@ packages = ["."] revision = "2658be15c5f05e76244154714161f17e3e77de2e" -[[projects]] - name = "github.com/mattn/go-colorable" - packages = ["."] - revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072" - version = "v0.0.9" - -[[projects]] - name = "github.com/mattn/go-isatty" - packages = ["."] - revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39" - version = "v0.0.3" - -[[projects]] - branch = "master" - name = "github.com/mgutz/ansi" - packages = ["."] - revision = "9520e82c474b0a04dd04f8a40959027271bab992" - -[[projects]] - name = "github.com/mgutz/logxi" - packages = ["v1"] - revision = "aebf8a7d67ab4625e0fd4a665766fef9a709161b" - version = "v1" - [[projects]] branch = "master" name = "github.com/mitchellh/go-homedir" @@ -225,7 +200,7 @@ branch = "master" name = "golang.org/x/crypto" packages = ["ssh/terminal"] - revision = "c3a3ad6d03f7a915c0f7e194b7152974bb73d287" + revision = "b2aa35443fbc700ab74c586ae79b81c171851023" [[projects]] branch = "master" @@ -239,7 +214,7 @@ "lex/httplex", "trace" ] - revision = "6078986fec03a1dcc236c34816c71b0e05018fda" + revision = "b68f30494add4df6bd8ef5e82803f308e7f7c59c" [[projects]] branch = "master" @@ -248,7 +223,7 @@ "unix", "windows" ] - revision = "7ceb54c8418b8f9cdf0177b511d5cbb06e9fae39" + revision = "378d26f46672a356c46195c28f61bdb4c0a781dd" [[projects]] name = "golang.org/x/text" @@ -275,7 +250,7 @@ branch = "master" name = "google.golang.org/genproto" packages = ["googleapis/rpc/status"] - revision = "f8c8703595236ae70fdf8789ecb656ea0bcdcf46" + revision = "35de2414665fc36f56b72d982c5af480d86de5ab" [[projects]] name = "google.golang.org/grpc" @@ -306,12 +281,12 @@ "tap", "transport" ] - revision = "8e4536a86ab602859c20df5ebfd0bd4228d08655" - version = "v1.10.0" + revision = "1e2570b1b19ade82d8dbb31bba4e65e9f9ef5b34" + version = "v1.11.1" [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "2eff6761499c3523a5e35b28372261854d82ff51a6b5cc3aead2d373e7a2a7cd" + inputs-digest = "3ecee3c628919dbb9661e17bc01e8a786a3eb5c615c5e3b4d979f9a90944a734" solver-name = "gps-cdcl" solver-version = 1 diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.toml b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.toml index 3d1b2d8d0..39a1a56af 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.toml +++ b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/Gopkg.toml @@ -37,10 +37,6 @@ name = "github.com/hashicorp/vault" branch = "master" -[[constraint]] - name = "github.com/mgutz/logxi" - version = "1.0.0" - [prune] go-tests = true unused-packages = true diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/path_config.go index 20f5ed597..4094ceedf 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-centrify/path_config.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-centrify/path_config.go @@ -164,12 +164,11 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, data resp := &logical.Response{ Data: map[string]interface{}{ - "client_id": config.ClientID, - "client_secret": config.ClientSecret, - "service_url": config.ServiceURL, - "app_id": config.AppID, - "scope": config.Scope, - "policies": config.Policies, + "client_id": config.ClientID, + "service_url": config.ServiceURL, + "app_id": config.AppID, + "scope": config.Scope, + "policies": config.Policies, }, } return resp, nil diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go index 8427a873e..4dfe0ca17 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_config.go @@ -10,8 +10,6 @@ import ( "github.com/hashicorp/vault/logical/framework" ) -const warningACLReadAccess string = "Read access to this endpoint should be controlled via ACLs as it will return the configuration information as-is, including any passwords." - func pathConfig(b *GcpAuthBackend) *framework.Path { return &framework.Path{ Pattern: "config", @@ -78,13 +76,11 @@ func (b *GcpAuthBackend) pathConfigRead(ctx context.Context, req *logical.Reques "client_email": config.Credentials.ClientEmail, "client_id": config.Credentials.ClientId, "private_key_id": config.Credentials.PrivateKeyId, - "private_key": config.Credentials.PrivateKey, "project_id": config.Credentials.ProjectId, "google_certs_endpoint": config.GoogleCertsEndpoint, }, } - resp.AddWarning(warningACLReadAccess) return resp, nil } diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go index 424d6b08c..4a813c3d8 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go @@ -95,14 +95,11 @@ func (b *GcpAuthBackend) pathLoginRenew(ctx context.Context, req *logical.Reques return nil, fmt.Errorf("unexpected role type '%s' for login renewal", role.RoleType) } - // If 'Period' is set on the Role, the token should never expire. - if role.Period > 0 { - // Replenish the TTL with current role's Period. - req.Auth.TTL = role.Period - return &logical.Response{Auth: req.Auth}, nil - } else { - return framework.LeaseExtend(role.TTL, role.MaxTTL, b.System())(ctx, req, data) - } + resp := &logical.Response{Auth: req.Auth} + resp.Auth.Period = role.Period + resp.Auth.TTL = role.TTL + resp.Auth.MaxTTL = role.MaxTTL + return resp, nil } // gcpLoginInfo represents the data given to Vault for logging in using the IAM method. @@ -317,24 +314,11 @@ func (b *GcpAuthBackend) pathIamLogin(ctx context.Context, req *logical.Request, LeaseOptions: logical.LeaseOptions{ Renewable: true, TTL: role.TTL, + MaxTTL: role.MaxTTL, }, }, } - if role.MaxTTL > time.Duration(0) { - // Cap maxTTL to the sysview's max TTL - maxTTL := role.MaxTTL - if maxTTL > b.System().MaxLeaseTTL() { - maxTTL = b.System().MaxLeaseTTL() - } - - // Cap TTL to MaxTTL - if resp.Auth.TTL > maxTTL { - resp.AddWarning(fmt.Sprintf("Effective TTL of '%s' exceeded the effective max_ttl of '%s'; TTL value is capped accordingly", (resp.Auth.TTL / time.Second), (maxTTL / time.Second))) - resp.Auth.TTL = maxTTL - } - } - return resp, nil } @@ -447,24 +431,11 @@ func (b *GcpAuthBackend) pathGceLogin(ctx context.Context, req *logical.Request, LeaseOptions: logical.LeaseOptions{ Renewable: true, TTL: role.TTL, + MaxTTL: role.MaxTTL, }, }, } - if role.MaxTTL > time.Duration(0) { - // Cap maxTTL to the sysview's max TTL - maxTTL := role.MaxTTL - if maxTTL > b.System().MaxLeaseTTL() { - maxTTL = b.System().MaxLeaseTTL() - } - - // Cap TTL to MaxTTL - if resp.Auth.TTL > maxTTL { - resp.AddWarning(fmt.Sprintf("Effective TTL of '%s' exceeded the effective max_ttl of '%s'; TTL value is capped accordingly", (resp.Auth.TTL / time.Second), (maxTTL / time.Second))) - resp.Auth.TTL = maxTTL - } - } - return resp, nil } diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock index b3e88017b..2986b8bfa 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.lock @@ -49,25 +49,25 @@ branch = "master" name = "github.com/go-openapi/jsonpointer" packages = ["."] - revision = "779f45308c19820f1a69e9a4cd965f496e0da10f" + revision = "3a0015ad55fa9873f41605d3e8f28cd279c32ab2" [[projects]] branch = "master" name = "github.com/go-openapi/jsonreference" packages = ["."] - revision = "36d33bfe519efae5632669801b180bf1a245da3b" + revision = "3fb327e6747da3043567ee86abd02bb6376b6be2" [[projects]] branch = "master" name = "github.com/go-openapi/spec" packages = ["."] - revision = "1de3e0542de65ad8d75452a595886fdd0befb363" + revision = "9acd88844bc186c3ec7f318cd3d56f1114b4ab99" [[projects]] branch = "master" name = "github.com/go-openapi/swag" packages = ["."] - revision = "0d03ad0b6405ada874d59d97c416b5cf4234e154" + revision = "ceb469cb0fdf2d792f28d771bc05da6c606f55e5" [[projects]] name = "github.com/gogo/protobuf" @@ -124,7 +124,7 @@ branch = "master" name = "github.com/hashicorp/go-hclog" packages = ["."] - revision = "5bcb0f17e36442247290887cc914a6e507afa5c4" + revision = "69ff559dc25f3b435631604f573a5fa1efdb6433" [[projects]] branch = "master" @@ -136,7 +136,7 @@ branch = "master" name = "github.com/hashicorp/go-plugin" packages = ["."] - revision = "baa83ead6ff956b3f99bcd609ae3499c028e019e" + revision = "e8d22c780116115ae5624720c9af0c97afe4f551" [[projects]] branch = "master" @@ -148,13 +148,13 @@ branch = "master" name = "github.com/hashicorp/go-uuid" packages = ["."] - revision = "64130c7a86d732268a38cb04cfbaf0cc987fda98" + revision = "27454136f0364f2d44b1276c552d69105cf8c498" [[projects]] branch = "master" name = "github.com/hashicorp/go-version" packages = ["."] - revision = "4fe82ae3040f80a03d04d2cccb5606a626b8e1ee" + revision = "23480c0665776210b5fbbac6eaaee40e3e6a96b7" [[projects]] branch = "master" @@ -179,7 +179,7 @@ "json/scanner", "json/token" ] - revision = "23c074d0eceb2b8a5bfdbb271ab780cde70f05a8" + revision = "061bf373e402ebb186988085a71ac748949594a9" [[projects]] branch = "master" @@ -192,8 +192,7 @@ "helper/errutil", "helper/jsonutil", "helper/locksutil", - "helper/logbridge", - "helper/logformat", + "helper/logging", "helper/mlock", "helper/parseutil", "helper/pluginutil", @@ -209,13 +208,13 @@ "physical/inmem", "version" ] - revision = "e296886cb6531a8283920cf3d7f30018d59d662d" + revision = "205c40489422f350b58e3d57b242fe8e6e36134a" [[projects]] branch = "master" name = "github.com/hashicorp/yamux" packages = ["."] - revision = "683f49123a33db61abfb241b7ac5e4af4dc54d55" + revision = "2658be15c5f05e76244154714161f17e3e77de2e" [[projects]] branch = "master" @@ -225,31 +224,7 @@ "jlexer", "jwriter" ] - revision = "32fa128f234d041f196a9f3e0fea5ac9772c08e1" - -[[projects]] - name = "github.com/mattn/go-colorable" - packages = ["."] - revision = "167de6bfdfba052fa6b2d3664c8f5272e23c9072" - version = "v0.0.9" - -[[projects]] - name = "github.com/mattn/go-isatty" - packages = ["."] - revision = "0360b2af4f38e8d38c7fce2a9f4e702702d73a39" - version = "v0.0.3" - -[[projects]] - branch = "master" - name = "github.com/mgutz/ansi" - packages = ["."] - revision = "9520e82c474b0a04dd04f8a40959027271bab992" - -[[projects]] - name = "github.com/mgutz/logxi" - packages = ["v1"] - revision = "aebf8a7d67ab4625e0fd4a665766fef9a709161b" - version = "v1" + revision = "8b799c424f57fa123fc63a99d6383bc6e4c02578" [[projects]] branch = "master" @@ -285,7 +260,7 @@ branch = "master" name = "github.com/sethgrid/pester" packages = ["."] - revision = "b18953f5db2922a73aaf89652abf7b5ee95cb516" + revision = "ed9870dad3170c0b25ab9b11830cc57c3a7798fb" [[projects]] name = "github.com/spf13/pflag" @@ -305,13 +280,13 @@ "lex/httplex", "trace" ] - revision = "cbe0f9307d0156177f9dd5dc85da1a31abc5f2fb" + revision = "b68f30494add4df6bd8ef5e82803f308e7f7c59c" [[projects]] branch = "master" name = "golang.org/x/sys" packages = ["unix"] - revision = "f6cff0780e542efa0c8e864dc8fa522808f6a598" + revision = "378d26f46672a356c46195c28f61bdb4c0a781dd" [[projects]] name = "golang.org/x/text" @@ -339,7 +314,7 @@ branch = "master" name = "google.golang.org/genproto" packages = ["googleapis/rpc/status"] - revision = "2b5a72b8730b0b16380010cfe5286c42108d88e7" + revision = "35de2414665fc36f56b72d982c5af480d86de5ab" [[projects]] name = "google.golang.org/grpc" @@ -370,26 +345,26 @@ "tap", "transport" ] - revision = "8e4536a86ab602859c20df5ebfd0bd4228d08655" - version = "v1.10.0" + revision = "1e2570b1b19ade82d8dbb31bba4e65e9f9ef5b34" + version = "v1.11.1" [[projects]] name = "gopkg.in/inf.v0" packages = ["."] - revision = "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4" - version = "v0.9.0" + revision = "d2d2541c53f18d2a059457998ce2876cc8e67cbf" + version = "v0.9.1" [[projects]] name = "gopkg.in/yaml.v2" packages = ["."] - revision = "7f97868eec74b32b0982dd158a51a446d1da7eb5" - version = "v2.1.1" + revision = "5420a8b6744d3b0345ab293f6fcba19c978f1183" + version = "v2.2.1" [[projects]] branch = "release-1.8" name = "k8s.io/api" packages = ["authentication/v1"] - revision = "389dfa299845bcf399c16af89987e8775718ea48" + revision = "3c2a58f9923aeb5d27fa4d91249e45a1460ca3bd" [[projects]] branch = "release-1.8" @@ -417,7 +392,7 @@ "pkg/watch", "third_party/forked/golang/reflect" ] - revision = "4972c8e335e32ab65ba45bde0a99c6544c8a8e4c" + revision = "ab7fc865fb0881d161f37adef3e5a67b89a18d05" [[projects]] branch = "master" @@ -428,6 +403,6 @@ [solve-meta] analyzer-name = "dep" analyzer-version = 1 - inputs-digest = "88822523ccf1a3b5ac409bbc717788f0a34ee921ddb7a32e8939179dc6f7d02d" + inputs-digest = "a69af5a76c28ebbd0b1a9adcdad48149c12ee59f167992d6581fe9269ccec8f3" solver-name = "gps-cdcl" solver-version = 1 diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.toml b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.toml index 950fe8cd7..eb0630c65 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.toml +++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/Gopkg.toml @@ -41,10 +41,6 @@ name = "github.com/hashicorp/vault" branch = "master" -[[constraint]] - name = "github.com/mgutz/logxi" - version = "1.0.0" - [[constraint]] branch = "master" name = "github.com/mitchellh/mapstructure" diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/README.md b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/README.md index 1571bd92f..0f40e061e 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/README.md +++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/README.md @@ -7,7 +7,7 @@ This plugin allows for Kubernetes Service Accounts to authenticate with Vault. ## Quick Links - Vault Website: https://www.vaultproject.io - - Kunernetes Auth Docs: https://www.vaultproject.io/docs/auth/kubernetes.html + - Kubernetes Auth Docs: https://www.vaultproject.io/docs/auth/kubernetes.html - Main Project Github: https://www.github.com/hashicorp/vault diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go index 3a14742d8..0156d47f8 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_config.go @@ -13,8 +13,6 @@ import ( "github.com/hashicorp/vault/logical/framework" ) -const warningACLReadAccess string = "Read access to this endpoint should be controlled via ACLs as it will return the configuration information as-is, including any passwords." - // pathConfig returns the path configuration for CRUD operations on the backend // configuration. func pathConfig(b *kubeAuthBackend) *framework.Path { @@ -67,7 +65,6 @@ func (b *kubeAuthBackend) pathConfigRead() framework.OperationFunc { Data: map[string]interface{}{ "kubernetes_host": config.Host, "kubernetes_ca_cert": config.CACert, - "token_reviewer_jwt": config.TokenReviewerJWT, "pem_keys": config.PEMKeys, }, } diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_login.go b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_login.go index 948cb9133..4c328eb9a 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_login.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-kubernetes/path_login.go @@ -6,7 +6,6 @@ import ( "crypto/rsa" "errors" "fmt" - "time" "github.com/SermoDigital/jose/crypto" "github.com/SermoDigital/jose/jws" @@ -119,18 +118,11 @@ func (b *kubeAuthBackend) pathLogin() framework.OperationFunc { LeaseOptions: logical.LeaseOptions{ Renewable: true, TTL: role.TTL, + MaxTTL: role.MaxTTL, }, }, } - // If 'Period' is set, use the value of 'Period' as the TTL. - // Otherwise, set the normal TTL. - if role.Period > time.Duration(0) { - resp.Auth.TTL = role.Period - } else { - resp.Auth.TTL = role.TTL - } - return resp, nil } } @@ -329,16 +321,11 @@ func (b *kubeAuthBackend) pathLoginRenew() framework.OperationFunc { return nil, fmt.Errorf("role %s does not exist during renewal", roleName) } - // If 'Period' is set on the Role, the token should never expire. - // Replenish the TTL with 'Period's value. - if role.Period > time.Duration(0) { - // If 'Period' was updated after the token was issued, - // token will bear the updated 'Period' value as its TTL. - req.Auth.TTL = role.Period - return &logical.Response{Auth: req.Auth}, nil - } - - return framework.LeaseExtend(role.TTL, role.MaxTTL, b.System())(ctx, req, data) + resp := &logical.Response{Auth: req.Auth} + resp.Auth.TTL = role.TTL + resp.Auth.MaxTTL = role.MaxTTL + resp.Auth.Period = role.Period + return resp, nil } } diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/backend.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/backend.go index fd1b9af1c..6269eb951 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/backend.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/backend.go @@ -2,6 +2,11 @@ package gcpsecrets import ( "context" + "net/http" + "strings" + "sync" + "time" + "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-gcp-common/gcputil" "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil" @@ -9,10 +14,6 @@ import ( "github.com/hashicorp/vault/logical/framework" "golang.org/x/oauth2" "google.golang.org/api/iam/v1" - "net/http" - "strings" - "sync" - "time" ) type backend struct { diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_handle.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_handle.go index 1da4a6896..37faedeea 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_handle.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_handle.go @@ -3,10 +3,11 @@ package iamutil import ( "context" "encoding/json" + "net/http" + "github.com/hashicorp/errwrap" "google.golang.org/api/gensupport" "google.golang.org/api/googleapi" - "net/http" ) type IamHandle struct { diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_policy.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_policy.go index b70fdb6e7..a1b67c3af 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_policy.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_policy.go @@ -2,6 +2,7 @@ package iamutil import ( "fmt" + "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util" ) diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources.go index d680a26ae..b46620135 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources.go @@ -5,12 +5,13 @@ package iamutil import ( "errors" "fmt" - "github.com/hashicorp/go-gcp-common/gcputil" - "google.golang.org/api/googleapi" "io" "net/http" "net/url" "strings" + + "github.com/hashicorp/go-gcp-common/gcputil" + "google.golang.org/api/googleapi" ) const ( diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_config.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_config.go index 112915e7d..8a5913c4d 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_config.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_config.go @@ -3,14 +3,11 @@ package gcpsecrets import ( "context" "fmt" + "time" + "github.com/hashicorp/go-gcp-common/gcputil" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" - "time" -) - -const ( - cfgReadWarning = "omitted sensitive credentials from read output" ) func pathConfig(b *backend) *framework.Path { @@ -55,7 +52,6 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, data "ttl": int64(cfg.TTL / time.Second), "max_ttl": int64(cfg.MaxTTL / time.Second), }, - Warnings: []string{cfgReadWarning}, }, nil } diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_role_set.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_role_set.go index 79b0ca112..781cb0994 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_role_set.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/path_role_set.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "github.com/hashicorp/errwrap" "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil" "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util" diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/role_set.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/role_set.go index 522639cde..c9841ccae 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/role_set.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/role_set.go @@ -6,6 +6,8 @@ import ( "encoding/base64" "errors" "fmt" + "time" + "github.com/hashicorp/errwrap" "github.com/hashicorp/go-gcp-common/gcputil" "github.com/hashicorp/go-multierror" @@ -15,7 +17,6 @@ import ( "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" "google.golang.org/api/iam/v1" - "time" ) const ( diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/rollback.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/rollback.go index bb56e4653..80627e2b1 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/rollback.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/rollback.go @@ -3,6 +3,7 @@ package gcpsecrets import ( "context" "fmt" + "github.com/hashicorp/errwrap" "github.com/hashicorp/go-gcp-common/gcputil" "github.com/hashicorp/go-multierror" diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_access_token.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_access_token.go index 7123c2cd6..780a1fe22 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_access_token.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_access_token.go @@ -5,6 +5,10 @@ import ( "encoding/base64" "errors" "fmt" + "net/http" + "net/url" + "time" + "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" @@ -12,9 +16,6 @@ import ( "golang.org/x/oauth2/google" "google.golang.org/api/googleapi" "google.golang.org/api/iam/v1" - "net/http" - "net/url" - "time" ) const ( @@ -129,8 +130,8 @@ func (b *backend) getSecretAccessToken(ctx context.Context, s logical.Storage, r "role_set_bindings": rs.bindingHash(), } resp := b.Secret(SecretTypeAccessToken).Response(secretD, internalD) - resp.Secret.LeaseOptions.TTL = token.Expiry.Sub(time.Now()) - resp.Secret.LeaseOptions.Renewable = false + resp.Secret.TTL = token.Expiry.Sub(time.Now()) + resp.Secret.Renewable = false return resp, err } diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_service_account_key.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_service_account_key.go index 422fb7831..5328ed77f 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_service_account_key.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/secrets_service_account_key.go @@ -3,11 +3,11 @@ package gcpsecrets import ( "context" "fmt" + "github.com/hashicorp/errwrap" "github.com/hashicorp/vault/logical" "github.com/hashicorp/vault/logical/framework" "google.golang.org/api/iam/v1" - "time" ) const ( @@ -102,8 +102,10 @@ func (b *backend) secretKeyRenew(ctx context.Context, req *logical.Request, d *f cfg = &config{} } - f := framework.LeaseExtend(cfg.TTL, cfg.MaxTTL, b.System()) - return f(ctx, req, d) + resp.Secret = req.Secret + resp.Secret.TTL = cfg.TTL + resp.Secret.MaxTTL = cfg.MaxTTL + return resp, nil } func (b *backend) verifySecretServiceKeyExists(ctx context.Context, req *logical.Request) (*logical.Response, error) { @@ -164,26 +166,10 @@ func secretKeyRevoke(ctx context.Context, req *logical.Request, d *framework.Fie } func (b *backend) getSecretKey(ctx context.Context, s logical.Storage, rs *RoleSet, keyType, keyAlgorithm string) (*logical.Response, error) { - var ttl time.Duration cfg, err := getConfig(ctx, s) if err != nil { return nil, errwrap.Wrapf("could not read backend config: {{err}}", err) } - max := b.System().MaxLeaseTTL() - if cfg == nil { - ttl = b.System().DefaultLeaseTTL() - } else { - if cfg.MaxTTL != 0 && cfg.MaxTTL < max { - max = cfg.MaxTTL - } - if cfg.TTL > 0 { - ttl = cfg.TTL - } - } - - if ttl > max { - ttl = max - } iamC, err := newIamAdmin(ctx, s) if err != nil { @@ -216,8 +202,9 @@ func (b *backend) getSecretKey(ctx context.Context, s logical.Storage, rs *RoleS } resp := b.Secret(SecretTypeKey).Response(secretD, internalD) - resp.Secret.LeaseOptions.TTL = ttl - resp.Secret.LeaseOptions.Renewable = true + resp.Secret.TTL = cfg.TTL + resp.Secret.MaxTTL = cfg.MaxTTL + resp.Secret.Renewable = true return resp, nil } diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/parse_bindings.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/parse_bindings.go index d0d912185..20e983db4 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/parse_bindings.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/parse_bindings.go @@ -5,13 +5,14 @@ import ( "encoding/base64" "errors" "fmt" + "io/ioutil" + "strings" + "text/template" + "github.com/hashicorp/errwrap" "github.com/hashicorp/go-multierror" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" - "io/ioutil" - "strings" - "text/template" ) const bindingTemplate = "util/bindings_template" diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/testing.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/testing.go index a69e3d322..99f06e7d1 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/testing.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util/testing.go @@ -1,9 +1,10 @@ package util import ( - "github.com/hashicorp/go-gcp-common/gcputil" "os" "testing" + + "github.com/hashicorp/go-gcp-common/gcputil" ) const googleCredentialsEnv = "TEST_GOOGLE_CREDENTIALS" diff --git a/vendor/vendor.json b/vendor/vendor.json index 6042e7d9d..cc3cf10a2 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1279,52 +1279,52 @@ "revisionTime": "2018-02-03T00:31:27Z" }, { - "checksumSHA1": "C6sgT2K7ZAv4y/MFMWppVs7oqTM=", + "checksumSHA1": "EICjMIsgJ+wPE15LeQMZwh5CSjg=", "path": "github.com/hashicorp/vault-plugin-auth-azure/plugin", - "revision": "29767bb64e3fd21c7661a5008aa62a2eda1aebb8", - "revisionTime": "2018-03-23T20:42:11Z" + "revision": "cae8d43247122bd4d0fe0a765568e27fbea8b6bb", + "revisionTime": "2018-04-03T22:17:13Z" }, { - "checksumSHA1": "xApm6AbAzE3wMLMaozaZ53pb7AU=", + "checksumSHA1": "z3uh8zJmu5wVa22xfPcTt5JDBJg=", "path": "github.com/hashicorp/vault-plugin-auth-centrify", - "revision": "28c35cabb20c9dc4100d1c322cb88a841a2b29a9", - "revisionTime": "2018-03-20T18:08:51Z" + "revision": "3bf2341fe15ee93c6b42c600c51eadde9a707941", + "revisionTime": "2018-04-03T19:19:30Z" }, { - "checksumSHA1": "eVlMWanJ2W+/9c1kz72iefRcrYM=", + "checksumSHA1": "vEweDZmRP5eIif9mmvuIruZZmbU=", "path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin", - "revision": "64da7a2f54258c792f2b594e3fbad5b73877de68", - "revisionTime": "2018-03-20T18:07:35Z" + "revision": "802aebd1f7f76aba82863a7e4b1daef0e4186a4f", + "revisionTime": "2018-04-03T18:54:50Z" }, { "checksumSHA1": "ffJQvzbQvmCG/PdaElGSfGnDgNM=", "path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin/util", - "revision": "64da7a2f54258c792f2b594e3fbad5b73877de68", - "revisionTime": "2018-03-20T18:07:35Z" + "revision": "802aebd1f7f76aba82863a7e4b1daef0e4186a4f", + "revisionTime": "2018-04-03T18:54:50Z" }, { - "checksumSHA1": "O0HdHCxJRoDUYlBts3MfjLEgPXI=", + "checksumSHA1": "I3b7HgnguhModU0rkNBp3PjzpZ8=", "path": "github.com/hashicorp/vault-plugin-auth-kubernetes", - "revision": "6c7dd3f219b06c4fa249bff2b859733a2f262e3b", - "revisionTime": "2018-03-20T18:05:36Z" + "revision": "d3c2f16719dedd34911cd626a98bd5879e1caaff", + "revisionTime": "2018-04-03T19:54:48Z" }, { - "checksumSHA1": "w+bhfXfIBMWNMuH2SJqw6Y5c6mk=", + "checksumSHA1": "0wzWab/JiPNjFvIx3yg5ztABJ7M=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin", - "revision": "7633b05ac6d9a8f77f9255ef5aea09f35a145b0b", - "revisionTime": "2018-03-22T03:06:48Z" + "revision": "963249c4107fa592ba935ccdddd07155214a83bd", + "revisionTime": "2018-04-03T22:22:59Z" }, { - "checksumSHA1": "0bNwTVNqwHHUJ+r1usgdtGsiSJs=", + "checksumSHA1": "sV9w7yCitfGr2/4RjdKkdZjYAmA=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil", - "revision": "69b9785fc3a7b4e7ca40c13f1d5b6284d43bf273", - "revisionTime": "2018-03-21T19:18:39Z" + "revision": "963249c4107fa592ba935ccdddd07155214a83bd", + "revisionTime": "2018-04-03T22:22:59Z" }, { - "checksumSHA1": "qF5wbamqBc44thWKDSmF8ayi6nI=", + "checksumSHA1": "81kYL49zTBoj1NYczxB2Xbr2d6Y=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util", - "revision": "69b9785fc3a7b4e7ca40c13f1d5b6284d43bf273", - "revisionTime": "2018-03-21T19:18:39Z" + "revision": "963249c4107fa592ba935ccdddd07155214a83bd", + "revisionTime": "2018-04-03T22:22:59Z" }, { "checksumSHA1": "4Sp0A91EzXy/7mhDadD+2kH7gGk=",