diff options
Diffstat (limited to 'vendor/github.com/hashicorp/vault')
28 files changed, 831 insertions, 251 deletions
diff --git a/vendor/github.com/hashicorp/vault/api/auth_token.go b/vendor/github.com/hashicorp/vault/api/auth_token.go index 4f74f61..c66fba3 100644 --- a/vendor/github.com/hashicorp/vault/api/auth_token.go +++ b/vendor/github.com/hashicorp/vault/api/auth_token.go @@ -1,5 +1,7 @@ package api +import "context" + // TokenAuth is used to perform token backend operations on Vault type TokenAuth struct { c *Client @@ -16,7 +18,9 @@ func (c *TokenAuth) Create(opts *TokenCreateRequest) (*Secret, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -31,7 +35,9 @@ func (c *TokenAuth) CreateOrphan(opts *TokenCreateRequest) (*Secret, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -46,7 +52,9 @@ func (c *TokenAuth) CreateWithRole(opts *TokenCreateRequest, roleName string) (* return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -63,7 +71,9 @@ func (c *TokenAuth) Lookup(token string) (*Secret, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -79,7 +89,10 @@ func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error) { }); err != nil { return nil, err } - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -91,7 +104,9 @@ func (c *TokenAuth) LookupAccessor(accessor string) (*Secret, error) { func (c *TokenAuth) LookupSelf() (*Secret, error) { r := c.c.NewRequest("GET", "/v1/auth/token/lookup-self") - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -109,7 +124,9 @@ func (c *TokenAuth) Renew(token string, increment int) (*Secret, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -126,7 +143,9 @@ func (c *TokenAuth) RenewSelf(increment int) (*Secret, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -146,7 +165,9 @@ func (c *TokenAuth) RenewTokenAsSelf(token string, increment int) (*Secret, erro return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -164,7 +185,10 @@ func (c *TokenAuth) RevokeAccessor(accessor string) error { }); err != nil { return err } - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return err } @@ -183,7 +207,9 @@ func (c *TokenAuth) RevokeOrphan(token string) error { return err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return err } @@ -197,7 +223,10 @@ func (c *TokenAuth) RevokeOrphan(token string) error { // an effect. func (c *TokenAuth) RevokeSelf(token string) error { r := c.c.NewRequest("PUT", "/v1/auth/token/revoke-self") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return err } @@ -217,7 +246,9 @@ func (c *TokenAuth) RevokeTree(token string) error { return err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return err } diff --git a/vendor/github.com/hashicorp/vault/api/client.go b/vendor/github.com/hashicorp/vault/api/client.go index 8f0d3f8..c7ced82 100644 --- a/vendor/github.com/hashicorp/vault/api/client.go +++ b/vendor/github.com/hashicorp/vault/api/client.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/go-cleanhttp" retryablehttp "github.com/hashicorp/go-retryablehttp" "github.com/hashicorp/go-rootcerts" + "github.com/hashicorp/vault/helper/consts" "github.com/hashicorp/vault/helper/parseutil" "golang.org/x/net/http2" "golang.org/x/time/rate" @@ -464,6 +465,19 @@ func (c *Client) SetMFACreds(creds []string) { c.mfaCreds = creds } +// SetNamespace sets the namespace supplied either via the environment +// variable or via the command line. +func (c *Client) SetNamespace(namespace string) { + c.modifyLock.Lock() + defer c.modifyLock.Unlock() + + if c.headers == nil { + c.headers = make(http.Header) + } + + c.headers.Set(consts.NamespaceHeaderName, namespace) +} + // Token returns the access token being used by this client. It will // return the empty string if there is no token set. func (c *Client) Token() string { @@ -490,6 +504,26 @@ func (c *Client) ClearToken() { c.token = "" } +// Headers gets the current set of headers used for requests. This returns a +// copy; to modify it make modifications locally and use SetHeaders. +func (c *Client) Headers() http.Header { + c.modifyLock.RLock() + defer c.modifyLock.RUnlock() + + if c.headers == nil { + return nil + } + + ret := make(http.Header) + for k, v := range c.headers { + for _, val := range v { + ret[k] = append(ret[k], val) + } + } + + return ret +} + // SetHeaders sets the headers to be used for future requests. func (c *Client) SetHeaders(headers http.Header) { c.modifyLock.Lock() @@ -608,6 +642,13 @@ func (c *Client) NewRequest(method, requestPath string) *Request { // a Vault server not configured with this client. This is an advanced operation // that generally won't need to be called externally. func (c *Client) RawRequest(r *Request) (*Response, error) { + return c.RawRequestWithContext(context.Background(), r) +} + +// RawRequestWithContext performs the raw request given. This request may be against +// a Vault server not configured with this client. This is an advanced operation +// that generally won't need to be called externally. +func (c *Client) RawRequestWithContext(ctx context.Context, r *Request) (*Response, error) { c.modifyLock.RLock() token := c.token @@ -622,7 +663,7 @@ func (c *Client) RawRequest(r *Request) (*Response, error) { c.modifyLock.RUnlock() if limiter != nil { - limiter.Wait(context.Background()) + limiter.Wait(ctx) } // Sanity check the token before potentially erroring from the API @@ -643,13 +684,10 @@ START: return nil, fmt.Errorf("nil request created") } - // Set the timeout, if any - var cancelFunc context.CancelFunc if timeout != 0 { - var ctx context.Context - ctx, cancelFunc = context.WithTimeout(context.Background(), timeout) - req.Request = req.Request.WithContext(ctx) + ctx, _ = context.WithTimeout(ctx, timeout) } + req.Request = req.Request.WithContext(ctx) if backoff == nil { backoff = retryablehttp.LinearJitterBackoff @@ -667,9 +705,6 @@ START: var result *Response resp, err := client.Do(req) - if cancelFunc != nil { - cancelFunc() - } if resp != nil { result = &Response{Response: resp} } diff --git a/vendor/github.com/hashicorp/vault/api/help.go b/vendor/github.com/hashicorp/vault/api/help.go index b9ae100..472ca03 100644 --- a/vendor/github.com/hashicorp/vault/api/help.go +++ b/vendor/github.com/hashicorp/vault/api/help.go @@ -1,6 +1,7 @@ package api import ( + "context" "fmt" ) @@ -8,7 +9,10 @@ import ( func (c *Client) Help(path string) (*Help, error) { r := c.NewRequest("GET", fmt.Sprintf("/v1/%s", path)) r.Params.Add("help", "1") - resp, err := c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/vault/api/logical.go b/vendor/github.com/hashicorp/vault/api/logical.go index 346a711..d13daac 100644 --- a/vendor/github.com/hashicorp/vault/api/logical.go +++ b/vendor/github.com/hashicorp/vault/api/logical.go @@ -2,8 +2,10 @@ package api import ( "bytes" + "context" "fmt" "io" + "net/url" "os" "github.com/hashicorp/errwrap" @@ -45,8 +47,29 @@ func (c *Client) Logical() *Logical { } func (c *Logical) Read(path string) (*Secret, error) { + return c.ReadWithData(path, nil) +} + +func (c *Logical) ReadWithData(path string, data map[string][]string) (*Secret, error) { r := c.c.NewRequest("GET", "/v1/"+path) - resp, err := c.c.RawRequest(r) + + var values url.Values + for k, v := range data { + if values == nil { + values = make(url.Values) + } + for _, val := range v { + values.Add(k, val) + } + } + + if values != nil { + r.Params = values + } + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if resp != nil { defer resp.Body.Close() } @@ -77,7 +100,10 @@ func (c *Logical) List(path string) (*Secret, error) { // handle the wrapping lookup function r.Method = "GET" r.Params.Set("list", "true") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if resp != nil { defer resp.Body.Close() } @@ -108,7 +134,9 @@ func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, erro return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if resp != nil { defer resp.Body.Close() } @@ -129,16 +157,15 @@ func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, erro return nil, err } - if resp.StatusCode == 200 { - return ParseSecret(resp.Body) - } - - return nil, nil + return ParseSecret(resp.Body) } func (c *Logical) Delete(path string) (*Secret, error) { r := c.c.NewRequest("DELETE", "/v1/"+path) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if resp != nil { defer resp.Body.Close() } @@ -159,11 +186,7 @@ func (c *Logical) Delete(path string) (*Secret, error) { return nil, err } - if resp.StatusCode == 200 { - return ParseSecret(resp.Body) - } - - return nil, nil + return ParseSecret(resp.Body) } func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) { @@ -183,7 +206,9 @@ func (c *Logical) Unwrap(wrappingToken string) (*Secret, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if resp != nil { defer resp.Body.Close() } diff --git a/vendor/github.com/hashicorp/vault/api/secret.go b/vendor/github.com/hashicorp/vault/api/secret.go index b6517c4..e259626 100644 --- a/vendor/github.com/hashicorp/vault/api/secret.go +++ b/vendor/github.com/hashicorp/vault/api/secret.go @@ -1,6 +1,7 @@ package api import ( + "bytes" "fmt" "io" "time" @@ -298,9 +299,20 @@ type SecretAuth struct { // ParseSecret is used to parse a secret value from JSON from an io.Reader. func ParseSecret(r io.Reader) (*Secret, error) { + // First read the data into a buffer. Not super efficient but we want to + // know if we actually have a body or not. + var buf bytes.Buffer + _, err := buf.ReadFrom(r) + if err != nil { + return nil, err + } + if buf.Len() == 0 { + return nil, nil + } + // First decode the JSON into a map[string]interface{} var secret Secret - if err := jsonutil.DecodeJSONFromReader(r, &secret); err != nil { + if err := jsonutil.DecodeJSONFromReader(&buf, &secret); err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/vault/api/ssh.go b/vendor/github.com/hashicorp/vault/api/ssh.go index a17b0eb..837eac4 100644 --- a/vendor/github.com/hashicorp/vault/api/ssh.go +++ b/vendor/github.com/hashicorp/vault/api/ssh.go @@ -1,6 +1,9 @@ package api -import "fmt" +import ( + "context" + "fmt" +) // SSH is used to return a client to invoke operations on SSH backend. type SSH struct { @@ -28,7 +31,9 @@ func (c *SSH) Credential(role string, data map[string]interface{}) (*Secret, err return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -45,7 +50,9 @@ func (c *SSH) SignKey(role string, data map[string]interface{}) (*Secret, error) return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/vault/api/ssh_agent.go b/vendor/github.com/hashicorp/vault/api/ssh_agent.go index 032fb43..1dd681a 100644 --- a/vendor/github.com/hashicorp/vault/api/ssh_agent.go +++ b/vendor/github.com/hashicorp/vault/api/ssh_agent.go @@ -1,6 +1,7 @@ package api import ( + "context" "crypto/tls" "crypto/x509" "fmt" @@ -207,7 +208,9 @@ func (c *SSHHelper) Verify(otp string) (*SSHVerifyResponse, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/vault/api/sys_audit.go b/vendor/github.com/hashicorp/vault/api/sys_audit.go index 05cd756..2448c03 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_audit.go +++ b/vendor/github.com/hashicorp/vault/api/sys_audit.go @@ -1,6 +1,8 @@ package api import ( + "context" + "errors" "fmt" "github.com/mitchellh/mapstructure" @@ -16,56 +18,58 @@ func (c *Sys) AuditHash(path string, input string) (string, error) { return "", err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return "", err } defer resp.Body.Close() - type d struct { - Hash string `json:"hash"` - } - - var result d - err = resp.DecodeJSON(&result) + secret, err := ParseSecret(resp.Body) if err != nil { return "", err } + if secret == nil || secret.Data == nil { + return "", errors.New("data from server response is empty") + } - return result.Hash, err + hash, ok := secret.Data["hash"] + if !ok { + return "", errors.New("hash not found in response data") + } + hashStr, ok := hash.(string) + if !ok { + return "", errors.New("could not parse hash in response data") + } + + return hashStr, nil } func (c *Sys) ListAudit() (map[string]*Audit, error) { r := c.c.NewRequest("GET", "/v1/sys/audit") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) + if err != nil { return nil, err } defer resp.Body.Close() - var result map[string]interface{} - err = resp.DecodeJSON(&result) + secret, err := ParseSecret(resp.Body) if err != nil { return nil, err } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } mounts := map[string]*Audit{} - for k, v := range result { - switch v.(type) { - case map[string]interface{}: - default: - continue - } - var res Audit - err = mapstructure.Decode(v, &res) - if err != nil { - return nil, err - } - // Not a mount, some other api.Secret data - if res.Type == "" { - continue - } - mounts[k] = &res + err = mapstructure.Decode(secret.Data, &mounts) + if err != nil { + return nil, err } return mounts, nil @@ -87,7 +91,10 @@ func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) e return err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) + if err != nil { return err } @@ -98,7 +105,11 @@ func (c *Sys) EnableAuditWithOptions(path string, options *EnableAuditOptions) e func (c *Sys) DisableAudit(path string) error { r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/audit/%s", path)) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) + if err == nil { defer resp.Body.Close() } @@ -110,16 +121,16 @@ func (c *Sys) DisableAudit(path string) error { // documentation. Please refer to that documentation for more details. type EnableAuditOptions struct { - Type string `json:"type"` - Description string `json:"description"` - Options map[string]string `json:"options"` - Local bool `json:"local"` + Type string `json:"type" mapstructure:"type"` + Description string `json:"description" mapstructure:"description"` + Options map[string]string `json:"options" mapstructure:"options"` + Local bool `json:"local" mapstructure:"local"` } type Audit struct { - Path string - Type string - Description string - Options map[string]string - Local bool + Type string `json:"type" mapstructure:"type"` + Description string `json:"description" mapstructure:"description"` + Options map[string]string `json:"options" mapstructure:"options"` + Local bool `json:"local" mapstructure:"local"` + Path string `json:"path" mapstructure:"path"` } diff --git a/vendor/github.com/hashicorp/vault/api/sys_auth.go b/vendor/github.com/hashicorp/vault/api/sys_auth.go index 0b1a319..447c5d5 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_auth.go +++ b/vendor/github.com/hashicorp/vault/api/sys_auth.go @@ -1,6 +1,8 @@ package api import ( + "context" + "errors" "fmt" "github.com/mitchellh/mapstructure" @@ -8,35 +10,27 @@ import ( func (c *Sys) ListAuth() (map[string]*AuthMount, error) { r := c.c.NewRequest("GET", "/v1/sys/auth") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() - var result map[string]interface{} - err = resp.DecodeJSON(&result) + secret, err := ParseSecret(resp.Body) if err != nil { return nil, err } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } mounts := map[string]*AuthMount{} - for k, v := range result { - switch v.(type) { - case map[string]interface{}: - default: - continue - } - var res AuthMount - err = mapstructure.Decode(v, &res) - if err != nil { - return nil, err - } - // Not a mount, some other api.Secret data - if res.Type == "" { - continue - } - mounts[k] = &res + err = mapstructure.Decode(secret.Data, &mounts) + if err != nil { + return nil, err } return mounts, nil @@ -56,7 +50,9 @@ func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) err return err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return err } @@ -67,7 +63,10 @@ func (c *Sys) EnableAuthWithOptions(path string, options *EnableAuthOptions) err func (c *Sys) DisableAuth(path string) error { r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/auth/%s", path)) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } diff --git a/vendor/github.com/hashicorp/vault/api/sys_capabilities.go b/vendor/github.com/hashicorp/vault/api/sys_capabilities.go index cbb3a72..242acf9 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_capabilities.go +++ b/vendor/github.com/hashicorp/vault/api/sys_capabilities.go @@ -1,6 +1,12 @@ package api -import "fmt" +import ( + "context" + "errors" + "fmt" + + "github.com/mitchellh/mapstructure" +) func (c *Sys) CapabilitiesSelf(path string) ([]string, error) { return c.Capabilities(c.c.Token(), path) @@ -22,28 +28,27 @@ func (c *Sys) Capabilities(token, path string) ([]string, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() - var result map[string]interface{} - err = resp.DecodeJSON(&result) + secret, err := ParseSecret(resp.Body) if err != nil { return nil, err } - - if result["capabilities"] == nil { - return nil, nil - } - var capabilities []string - capabilitiesRaw, ok := result["capabilities"].([]interface{}) - if !ok { - return nil, fmt.Errorf("error interpreting returned capabilities") + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") } - for _, capability := range capabilitiesRaw { - capabilities = append(capabilities, capability.(string)) + + var res []string + err = mapstructure.Decode(secret.Data[path], &res) + if err != nil { + return nil, err } - return capabilities, nil + + return res, nil } diff --git a/vendor/github.com/hashicorp/vault/api/sys_config_cors.go b/vendor/github.com/hashicorp/vault/api/sys_config_cors.go index e7f2a59..d153a47 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_config_cors.go +++ b/vendor/github.com/hashicorp/vault/api/sys_config_cors.go @@ -1,15 +1,37 @@ package api +import ( + "context" + "errors" + + "github.com/mitchellh/mapstructure" +) + func (c *Sys) CORSStatus() (*CORSResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/config/cors") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() + secret, err := ParseSecret(resp.Body) + if err != nil { + return nil, err + } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + var result CORSResponse - err = resp.DecodeJSON(&result) + err = mapstructure.Decode(secret.Data, &result) + if err != nil { + return nil, err + } + return &result, err } @@ -19,38 +41,65 @@ func (c *Sys) ConfigureCORS(req *CORSRequest) (*CORSResponse, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() + secret, err := ParseSecret(resp.Body) + if err != nil { + return nil, err + } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + var result CORSResponse - err = resp.DecodeJSON(&result) + err = mapstructure.Decode(secret.Data, &result) + if err != nil { + return nil, err + } + return &result, err } func (c *Sys) DisableCORS() (*CORSResponse, error) { r := c.c.NewRequest("DELETE", "/v1/sys/config/cors") - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() + secret, err := ParseSecret(resp.Body) + if err != nil { + return nil, err + } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + var result CORSResponse - err = resp.DecodeJSON(&result) - return &result, err + err = mapstructure.Decode(secret.Data, &result) + if err != nil { + return nil, err + } + return &result, err } type CORSRequest struct { - AllowedOrigins string `json:"allowed_origins"` - Enabled bool `json:"enabled"` + AllowedOrigins string `json:"allowed_origins" mapstructure:"allowed_origins"` + Enabled bool `json:"enabled" mapstructure:"enabled"` } type CORSResponse struct { - AllowedOrigins string `json:"allowed_origins"` - Enabled bool `json:"enabled"` + AllowedOrigins string `json:"allowed_origins" mapstructure:"allowed_origins"` + Enabled bool `json:"enabled" mapstructure:"enabled"` } diff --git a/vendor/github.com/hashicorp/vault/api/sys_generate_root.go b/vendor/github.com/hashicorp/vault/api/sys_generate_root.go index adb5496..66f72df 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_generate_root.go +++ b/vendor/github.com/hashicorp/vault/api/sys_generate_root.go @@ -1,5 +1,7 @@ package api +import "context" + func (c *Sys) GenerateRootStatus() (*GenerateRootStatusResponse, error) { return c.generateRootStatusCommon("/v1/sys/generate-root/attempt") } @@ -10,7 +12,10 @@ func (c *Sys) GenerateDROperationTokenStatus() (*GenerateRootStatusResponse, err func (c *Sys) generateRootStatusCommon(path string) (*GenerateRootStatusResponse, error) { r := c.c.NewRequest("GET", path) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -40,7 +45,9 @@ func (c *Sys) generateRootInitCommon(path, otp, pgpKey string) (*GenerateRootSta return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -61,7 +68,10 @@ func (c *Sys) GenerateDROperationTokenCancel() error { func (c *Sys) generateRootCancelCommon(path string) error { r := c.c.NewRequest("DELETE", path) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -87,7 +97,9 @@ func (c *Sys) generateRootUpdateCommon(path, shard, nonce string) (*GenerateRoot return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -107,4 +119,6 @@ type GenerateRootStatusResponse struct { EncodedToken string `json:"encoded_token"` EncodedRootToken string `json:"encoded_root_token"` PGPFingerprint string `json:"pgp_fingerprint"` + OTP string `json:"otp"` + OTPLength int `json:"otp_length"` } diff --git a/vendor/github.com/hashicorp/vault/api/sys_health.go b/vendor/github.com/hashicorp/vault/api/sys_health.go index 82fd1f6..f49d05b 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_health.go +++ b/vendor/github.com/hashicorp/vault/api/sys_health.go @@ -1,5 +1,7 @@ package api +import "context" + func (c *Sys) Health() (*HealthResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/health") // If the code is 400 or above it will automatically turn into an error, @@ -9,7 +11,10 @@ func (c *Sys) Health() (*HealthResponse, error) { r.Params.Add("sealedcode", "299") r.Params.Add("standbycode", "299") r.Params.Add("drsecondarycode", "299") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/vault/api/sys_init.go b/vendor/github.com/hashicorp/vault/api/sys_init.go index f824ab7..0e499c6 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_init.go +++ b/vendor/github.com/hashicorp/vault/api/sys_init.go @@ -1,8 +1,13 @@ package api +import "context" + func (c *Sys) InitStatus() (bool, error) { r := c.c.NewRequest("GET", "/v1/sys/init") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return false, err } @@ -19,7 +24,9 @@ func (c *Sys) Init(opts *InitRequest) (*InitResponse, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/vault/api/sys_leader.go b/vendor/github.com/hashicorp/vault/api/sys_leader.go index 4951c46..170a55f 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_leader.go +++ b/vendor/github.com/hashicorp/vault/api/sys_leader.go @@ -1,8 +1,13 @@ package api +import "context" + func (c *Sys) Leader() (*LeaderResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/leader") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/vault/api/sys_leases.go b/vendor/github.com/hashicorp/vault/api/sys_leases.go index 34bd99e..09c9642 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_leases.go +++ b/vendor/github.com/hashicorp/vault/api/sys_leases.go @@ -1,5 +1,10 @@ package api +import ( + "context" + "errors" +) + func (c *Sys) Renew(id string, increment int) (*Secret, error) { r := c.c.NewRequest("PUT", "/v1/sys/leases/renew") @@ -11,7 +16,9 @@ func (c *Sys) Renew(id string, increment int) (*Secret, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -22,7 +29,10 @@ func (c *Sys) Renew(id string, increment int) (*Secret, error) { func (c *Sys) Revoke(id string) error { r := c.c.NewRequest("PUT", "/v1/sys/leases/revoke/"+id) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -31,7 +41,10 @@ func (c *Sys) Revoke(id string) error { func (c *Sys) RevokePrefix(id string) error { r := c.c.NewRequest("PUT", "/v1/sys/leases/revoke-prefix/"+id) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -40,9 +53,53 @@ func (c *Sys) RevokePrefix(id string) error { func (c *Sys) RevokeForce(id string) error { r := c.c.NewRequest("PUT", "/v1/sys/leases/revoke-force/"+id) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) + if err == nil { + defer resp.Body.Close() + } + return err +} + +func (c *Sys) RevokeWithOptions(opts *RevokeOptions) error { + if opts == nil { + return errors.New("nil options provided") + } + + // Construct path + path := "/v1/sys/leases/revoke/" + switch { + case opts.Force: + path = "/v1/sys/leases/revoke-force/" + case opts.Prefix: + path = "/v1/sys/leases/revoke-prefix/" + } + path += opts.LeaseID + + r := c.c.NewRequest("PUT", path) + if !opts.Force { + body := map[string]interface{}{ + "sync": opts.Sync, + } + if err := r.SetJSONBody(body); err != nil { + return err + } + } + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } return err } + +type RevokeOptions struct { + LeaseID string + Force bool + Prefix bool + Sync bool +} diff --git a/vendor/github.com/hashicorp/vault/api/sys_mounts.go b/vendor/github.com/hashicorp/vault/api/sys_mounts.go index 8ac5b45..8a32b09 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_mounts.go +++ b/vendor/github.com/hashicorp/vault/api/sys_mounts.go @@ -1,6 +1,8 @@ package api import ( + "context" + "errors" "fmt" "github.com/mitchellh/mapstructure" @@ -8,35 +10,27 @@ import ( func (c *Sys) ListMounts() (map[string]*MountOutput, error) { r := c.c.NewRequest("GET", "/v1/sys/mounts") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() - var result map[string]interface{} - err = resp.DecodeJSON(&result) + secret, err := ParseSecret(resp.Body) if err != nil { return nil, err } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } mounts := map[string]*MountOutput{} - for k, v := range result { - switch v.(type) { - case map[string]interface{}: - default: - continue - } - var res MountOutput - err = mapstructure.Decode(v, &res) - if err != nil { - return nil, err - } - // Not a mount, some other api.Secret data - if res.Type == "" { - continue - } - mounts[k] = &res + err = mapstructure.Decode(secret.Data, &mounts) + if err != nil { + return nil, err } return mounts, nil @@ -48,7 +42,9 @@ func (c *Sys) Mount(path string, mountInfo *MountInput) error { return err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return err } @@ -59,7 +55,10 @@ func (c *Sys) Mount(path string, mountInfo *MountInput) error { func (c *Sys) Unmount(path string) error { r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/mounts/%s", path)) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -77,7 +76,9 @@ func (c *Sys) Remount(from, to string) error { return err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -90,7 +91,9 @@ func (c *Sys) TuneMount(path string, config MountConfigInput) error { return err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -100,14 +103,24 @@ func (c *Sys) TuneMount(path string, config MountConfigInput) error { func (c *Sys) MountConfig(path string) (*MountConfigOutput, error) { r := c.c.NewRequest("GET", fmt.Sprintf("/v1/sys/mounts/%s/tune", path)) - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() + secret, err := ParseSecret(resp.Body) + if err != nil { + return nil, err + } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + var result MountConfigOutput - err = resp.DecodeJSON(&result) + err = mapstructure.Decode(secret.Data, &result) if err != nil { return nil, err } @@ -128,6 +141,7 @@ type MountInput struct { type MountConfigInput struct { Options map[string]string `json:"options" mapstructure:"options"` DefaultLeaseTTL string `json:"default_lease_ttl" mapstructure:"default_lease_ttl"` + Description *string `json:"description,omitempty" mapstructure:"description"` MaxLeaseTTL string `json:"max_lease_ttl" mapstructure:"max_lease_ttl"` ForceNoCache bool `json:"force_no_cache" mapstructure:"force_no_cache"` PluginName string `json:"plugin_name,omitempty" mapstructure:"plugin_name"` diff --git a/vendor/github.com/hashicorp/vault/api/sys_plugins.go b/vendor/github.com/hashicorp/vault/api/sys_plugins.go index 8183b10..b2f18d9 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_plugins.go +++ b/vendor/github.com/hashicorp/vault/api/sys_plugins.go @@ -1,6 +1,7 @@ package api import ( + "context" "fmt" "net/http" ) @@ -11,7 +12,7 @@ type ListPluginsInput struct{} // ListPluginsResponse is the response from the ListPlugins call. type ListPluginsResponse struct { // Names is the list of names of the plugins. - Names []string + Names []string `json:"names"` } // ListPlugins lists all plugins in the catalog and returns their names as a @@ -19,7 +20,10 @@ type ListPluginsResponse struct { func (c *Sys) ListPlugins(i *ListPluginsInput) (*ListPluginsResponse, error) { path := "/v1/sys/plugins/catalog" req := c.c.NewRequest("LIST", path) - resp, err := c.c.RawRequest(req) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, req) if err != nil { return nil, err } @@ -54,18 +58,23 @@ type GetPluginResponse struct { func (c *Sys) GetPlugin(i *GetPluginInput) (*GetPluginResponse, error) { path := fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Name) req := c.c.NewRequest(http.MethodGet, path) - resp, err := c.c.RawRequest(req) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, req) if err != nil { return nil, err } defer resp.Body.Close() - var result GetPluginResponse + var result struct { + Data GetPluginResponse + } err = resp.DecodeJSON(&result) if err != nil { return nil, err } - return &result, err + return &result.Data, err } // RegisterPluginInput is used as input to the RegisterPlugin function. @@ -91,7 +100,9 @@ func (c *Sys) RegisterPlugin(i *RegisterPluginInput) error { return err } - resp, err := c.c.RawRequest(req) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, req) if err == nil { defer resp.Body.Close() } @@ -109,7 +120,10 @@ type DeregisterPluginInput struct { func (c *Sys) DeregisterPlugin(i *DeregisterPluginInput) error { path := fmt.Sprintf("/v1/sys/plugins/catalog/%s", i.Name) req := c.c.NewRequest(http.MethodDelete, path) - resp, err := c.c.RawRequest(req) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, req) if err == nil { defer resp.Body.Close() } diff --git a/vendor/github.com/hashicorp/vault/api/sys_policy.go b/vendor/github.com/hashicorp/vault/api/sys_policy.go index 9c9d9c0..1fa3259 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_policy.go +++ b/vendor/github.com/hashicorp/vault/api/sys_policy.go @@ -1,39 +1,47 @@ package api -import "fmt" +import ( + "context" + "errors" + "fmt" + + "github.com/mitchellh/mapstructure" +) func (c *Sys) ListPolicies() ([]string, error) { r := c.c.NewRequest("GET", "/v1/sys/policy") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() - var result map[string]interface{} - err = resp.DecodeJSON(&result) + secret, err := ParseSecret(resp.Body) if err != nil { return nil, err } - - var ok bool - if _, ok = result["policies"]; !ok { - return nil, fmt.Errorf("policies not found in response") + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") } - listRaw := result["policies"].([]interface{}) - var policies []string - - for _, val := range listRaw { - policies = append(policies, val.(string)) + var result []string + err = mapstructure.Decode(secret.Data["policies"], &result) + if err != nil { + return nil, err } - return policies, err + return result, err } func (c *Sys) GetPolicy(name string) (string, error) { - r := c.c.NewRequest("GET", fmt.Sprintf("/v1/sys/policy/%s", name)) - resp, err := c.c.RawRequest(r) + r := c.c.NewRequest("GET", fmt.Sprintf("/v1/sys/policies/acl/%s", name)) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if resp != nil { defer resp.Body.Close() if resp.StatusCode == 404 { @@ -44,16 +52,15 @@ func (c *Sys) GetPolicy(name string) (string, error) { return "", err } - var result map[string]interface{} - err = resp.DecodeJSON(&result) + secret, err := ParseSecret(resp.Body) if err != nil { return "", err } - - if rulesRaw, ok := result["rules"]; ok { - return rulesRaw.(string), nil + if secret == nil || secret.Data == nil { + return "", errors.New("data from server response is empty") } - if policyRaw, ok := result["policy"]; ok { + + if policyRaw, ok := secret.Data["policy"]; ok { return policyRaw.(string), nil } @@ -70,7 +77,9 @@ func (c *Sys) PutPolicy(name, rules string) error { return err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return err } @@ -81,7 +90,10 @@ func (c *Sys) PutPolicy(name, rules string) error { func (c *Sys) DeletePolicy(name string) error { r := c.c.NewRequest("DELETE", fmt.Sprintf("/v1/sys/policy/%s", name)) - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } diff --git a/vendor/github.com/hashicorp/vault/api/sys_rekey.go b/vendor/github.com/hashicorp/vault/api/sys_rekey.go index ddeac01..55f1a70 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_rekey.go +++ b/vendor/github.com/hashicorp/vault/api/sys_rekey.go @@ -1,8 +1,18 @@ package api +import ( + "context" + "errors" + + "github.com/mitchellh/mapstructure" +) + func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/rekey/init") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -15,7 +25,10 @@ func (c *Sys) RekeyStatus() (*RekeyStatusResponse, error) { func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/rekey-recovery-key/init") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -28,7 +41,10 @@ func (c *Sys) RekeyRecoveryKeyStatus() (*RekeyStatusResponse, error) { func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/rekey/verify") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -41,7 +57,10 @@ func (c *Sys) RekeyVerificationStatus() (*RekeyVerificationStatusResponse, error func (c *Sys) RekeyRecoveryKeyVerificationStatus() (*RekeyVerificationStatusResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/rekey-recovery-key/verify") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -58,7 +77,9 @@ func (c *Sys) RekeyInit(config *RekeyInitRequest) (*RekeyStatusResponse, error) return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -75,7 +96,9 @@ func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusRespon return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -88,7 +111,10 @@ func (c *Sys) RekeyRecoveryKeyInit(config *RekeyInitRequest) (*RekeyStatusRespon func (c *Sys) RekeyCancel() error { r := c.c.NewRequest("DELETE", "/v1/sys/rekey/init") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -97,7 +123,10 @@ func (c *Sys) RekeyCancel() error { func (c *Sys) RekeyRecoveryKeyCancel() error { r := c.c.NewRequest("DELETE", "/v1/sys/rekey-recovery-key/init") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -106,7 +135,10 @@ func (c *Sys) RekeyRecoveryKeyCancel() error { func (c *Sys) RekeyVerificationCancel() error { r := c.c.NewRequest("DELETE", "/v1/sys/rekey/verify") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -115,7 +147,10 @@ func (c *Sys) RekeyVerificationCancel() error { func (c *Sys) RekeyRecoveryKeyVerificationCancel() error { r := c.c.NewRequest("DELETE", "/v1/sys/rekey-recovery-key/verify") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -133,7 +168,9 @@ func (c *Sys) RekeyUpdate(shard, nonce string) (*RekeyUpdateResponse, error) { return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -155,7 +192,9 @@ func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -168,33 +207,66 @@ func (c *Sys) RekeyRecoveryKeyUpdate(shard, nonce string) (*RekeyUpdateResponse, func (c *Sys) RekeyRetrieveBackup() (*RekeyRetrieveResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/rekey/backup") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() + secret, err := ParseSecret(resp.Body) + if err != nil { + return nil, err + } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + var result RekeyRetrieveResponse - err = resp.DecodeJSON(&result) + err = mapstructure.Decode(secret.Data, &result) + if err != nil { + return nil, err + } + return &result, err } func (c *Sys) RekeyRetrieveRecoveryBackup() (*RekeyRetrieveResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/rekey/recovery-backup") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() + secret, err := ParseSecret(resp.Body) + if err != nil { + return nil, err + } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + var result RekeyRetrieveResponse - err = resp.DecodeJSON(&result) + err = mapstructure.Decode(secret.Data, &result) + if err != nil { + return nil, err + } + return &result, err } func (c *Sys) RekeyDeleteBackup() error { r := c.c.NewRequest("DELETE", "/v1/sys/rekey/backup") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -204,7 +276,10 @@ func (c *Sys) RekeyDeleteBackup() error { func (c *Sys) RekeyDeleteRecoveryBackup() error { r := c.c.NewRequest("DELETE", "/v1/sys/rekey/recovery-backup") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -223,7 +298,9 @@ func (c *Sys) RekeyVerificationUpdate(shard, nonce string) (*RekeyVerificationUp return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -245,7 +322,9 @@ func (c *Sys) RekeyRecoveryKeyVerificationUpdate(shard, nonce string) (*RekeyVer return nil, err } - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } @@ -290,9 +369,9 @@ type RekeyUpdateResponse struct { } type RekeyRetrieveResponse struct { - Nonce string `json:"nonce"` - Keys map[string][]string `json:"keys"` - KeysB64 map[string][]string `json:"keys_base64"` + Nonce string `json:"nonce" mapstructure:"nonce"` + Keys map[string][]string `json:"keys" mapstructure:"keys"` + KeysB64 map[string][]string `json:"keys_base64" mapstructure:"keys_base64"` } type RekeyVerificationStatusResponse struct { diff --git a/vendor/github.com/hashicorp/vault/api/sys_rotate.go b/vendor/github.com/hashicorp/vault/api/sys_rotate.go index 8108dce..c525feb 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_rotate.go +++ b/vendor/github.com/hashicorp/vault/api/sys_rotate.go @@ -1,10 +1,18 @@ package api -import "time" +import ( + "context" + "encoding/json" + "errors" + "time" +) func (c *Sys) Rotate() error { r := c.c.NewRequest("POST", "/v1/sys/rotate") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -13,15 +21,54 @@ func (c *Sys) Rotate() error { func (c *Sys) KeyStatus() (*KeyStatus, error) { r := c.c.NewRequest("GET", "/v1/sys/key-status") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } defer resp.Body.Close() - result := new(KeyStatus) - err = resp.DecodeJSON(result) - return result, err + secret, err := ParseSecret(resp.Body) + if err != nil { + return nil, err + } + if secret == nil || secret.Data == nil { + return nil, errors.New("data from server response is empty") + } + + var result KeyStatus + + termRaw, ok := secret.Data["term"] + if !ok { + return nil, errors.New("term not found in response") + } + term, ok := termRaw.(json.Number) + if !ok { + return nil, errors.New("could not convert term to a number") + } + term64, err := term.Int64() + if err != nil { + return nil, err + } + result.Term = int(term64) + + installTimeRaw, ok := secret.Data["install_time"] + if !ok { + return nil, errors.New("install_time not found in response") + } + installTimeStr, ok := installTimeRaw.(string) + if !ok { + return nil, errors.New("could not convert install_time to a string") + } + installTime, err := time.Parse(time.RFC3339Nano, installTimeStr) + if err != nil { + return nil, err + } + result.InstallTime = installTime + + return &result, err } type KeyStatus struct { diff --git a/vendor/github.com/hashicorp/vault/api/sys_seal.go b/vendor/github.com/hashicorp/vault/api/sys_seal.go index 3d594ba..7cc32ac 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_seal.go +++ b/vendor/github.com/hashicorp/vault/api/sys_seal.go @@ -1,5 +1,7 @@ package api +import "context" + func (c *Sys) SealStatus() (*SealStatusResponse, error) { r := c.c.NewRequest("GET", "/v1/sys/seal-status") return sealStatusRequest(c, r) @@ -7,7 +9,10 @@ func (c *Sys) SealStatus() (*SealStatusResponse, error) { func (c *Sys) Seal() error { r := c.c.NewRequest("PUT", "/v1/sys/seal") - resp, err := c.c.RawRequest(r) + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err == nil { defer resp.Body.Close() } @@ -37,7 +42,9 @@ func (c *Sys) Unseal(shard string) (*SealStatusResponse, error) { } func sealStatusRequest(c *Sys, r *Request) (*SealStatusResponse, error) { - resp, err := c.c.RawRequest(r) + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) if err != nil { return nil, err } diff --git a/vendor/github.com/hashicorp/vault/api/sys_stepdown.go b/vendor/github.com/hashicorp/vault/api/sys_stepdown.go index 421e5f1..55dc6fb 100644 --- a/vendor/github.com/hashicorp/vault/api/sys_stepdown.go +++ b/vendor/github.com/hashicorp/vault/api/sys_stepdown.go @@ -1,10 +1,15 @@ package api +import "context" + func (c *Sys) StepDown() error { r := c.c.NewRequest("PUT", "/v1/sys/step-down") - resp, err := c.c.RawRequest(r) - if err == nil { - defer resp.Body.Close() + + ctx, cancelFunc := context.WithCancel(context.Background()) + defer cancelFunc() + resp, err := c.c.RawRequestWithContext(ctx, r) + if resp != nil && resp.Body != nil { + resp.Body.Close() } return err } diff --git a/vendor/github.com/hashicorp/vault/helper/consts/consts.go b/vendor/github.com/hashicorp/vault/helper/consts/consts.go new file mode 100644 index 0000000..972a69f --- /dev/null +++ b/vendor/github.com/hashicorp/vault/helper/consts/consts.go @@ -0,0 +1,14 @@ +package consts + +const ( + // ExpirationRestoreWorkerCount specifies the number of workers to use while + // restoring leases into the expiration manager + ExpirationRestoreWorkerCount = 64 + + // NamespaceHeaderName is the header set to specify which namespace the + // request is indented for. + NamespaceHeaderName = "X-Vault-Namespace" + + // AuthHeaderName is the name of the header containing the token. + AuthHeaderName = "X-Vault-Token" +) diff --git a/vendor/github.com/hashicorp/vault/helper/consts/error.go b/vendor/github.com/hashicorp/vault/helper/consts/error.go new file mode 100644 index 0000000..06977d5 --- /dev/null +++ b/vendor/github.com/hashicorp/vault/helper/consts/error.go @@ -0,0 +1,16 @@ +package consts + +import "errors" + +var ( + // ErrSealed is returned if an operation is performed on a sealed barrier. + // No operation is expected to succeed before unsealing + ErrSealed = errors.New("Vault is sealed") + + // ErrStandby is returned if an operation is performed on a standby Vault. + // No operation is expected to succeed until active. + ErrStandby = errors.New("Vault is in standby mode") + + // Used when .. is used in a path + ErrPathContainsParentReferences = errors.New("path cannot contain parent references") +) diff --git a/vendor/github.com/hashicorp/vault/helper/consts/replication.go b/vendor/github.com/hashicorp/vault/helper/consts/replication.go new file mode 100644 index 0000000..c109977 --- /dev/null +++ b/vendor/github.com/hashicorp/vault/helper/consts/replication.go @@ -0,0 +1,82 @@ +package consts + +type ReplicationState uint32 + +const ( + _ ReplicationState = iota + OldReplicationPrimary + OldReplicationSecondary + OldReplicationBootstrapping + // Don't add anything here. Adding anything to this Old block would cause + // the rest of the values to change below. This was done originally to + // ensure no overlap between old and new values. + + ReplicationUnknown ReplicationState = 0 + ReplicationPerformancePrimary ReplicationState = 1 << iota + ReplicationPerformanceSecondary + OldSplitReplicationBootstrapping + ReplicationDRPrimary + ReplicationDRSecondary + ReplicationPerformanceBootstrapping + ReplicationDRBootstrapping + ReplicationPerformanceDisabled + ReplicationDRDisabled +) + +func (r ReplicationState) string() string { + switch r { + case ReplicationPerformanceSecondary: + return "secondary" + case ReplicationPerformancePrimary: + return "primary" + case ReplicationPerformanceBootstrapping: + return "bootstrapping" + case ReplicationPerformanceDisabled: + return "disabled" + case ReplicationDRPrimary: + return "primary" + case ReplicationDRSecondary: + return "secondary" + case ReplicationDRBootstrapping: + return "bootstrapping" + case ReplicationDRDisabled: + return "disabled" + } + + return "unknown" +} + +func (r ReplicationState) GetDRString() string { + switch { + case r.HasState(ReplicationDRBootstrapping): + return ReplicationDRBootstrapping.string() + case r.HasState(ReplicationDRPrimary): + return ReplicationDRPrimary.string() + case r.HasState(ReplicationDRSecondary): + return ReplicationDRSecondary.string() + case r.HasState(ReplicationDRDisabled): + return ReplicationDRDisabled.string() + default: + return "unknown" + } +} + +func (r ReplicationState) GetPerformanceString() string { + switch { + case r.HasState(ReplicationPerformanceBootstrapping): + return ReplicationPerformanceBootstrapping.string() + case r.HasState(ReplicationPerformancePrimary): + return ReplicationPerformancePrimary.string() + case r.HasState(ReplicationPerformanceSecondary): + return ReplicationPerformanceSecondary.string() + case r.HasState(ReplicationPerformanceDisabled): + return ReplicationPerformanceDisabled.string() + default: + return "unknown" + } +} + +func (r ReplicationState) HasState(flag ReplicationState) bool { return r&flag != 0 } +func (r *ReplicationState) AddState(flag ReplicationState) { *r |= flag } +func (r *ReplicationState) ClearState(flag ReplicationState) { *r &= ^flag } +func (r *ReplicationState) ToggleState(flag ReplicationState) { *r ^= flag } diff --git a/vendor/github.com/hashicorp/vault/helper/parseutil/parseutil.go b/vendor/github.com/hashicorp/vault/helper/parseutil/parseutil.go index ae8c58b..9b32bf7 100644 --- a/vendor/github.com/hashicorp/vault/helper/parseutil/parseutil.go +++ b/vendor/github.com/hashicorp/vault/helper/parseutil/parseutil.go @@ -28,7 +28,7 @@ func ParseDurationSecond(in interface{}) (time.Duration, error) { } var err error // Look for a suffix otherwise its a plain second value - if strings.HasSuffix(inp, "s") || strings.HasSuffix(inp, "m") || strings.HasSuffix(inp, "h") { + if strings.HasSuffix(inp, "s") || strings.HasSuffix(inp, "m") || strings.HasSuffix(inp, "h") || strings.HasSuffix(inp, "ms") { dur, err = time.ParseDuration(inp) if err != nil { return dur, err diff --git a/vendor/github.com/hashicorp/vault/helper/strutil/strutil.go b/vendor/github.com/hashicorp/vault/helper/strutil/strutil.go index a77e60d..8d84c1e 100644 --- a/vendor/github.com/hashicorp/vault/helper/strutil/strutil.go +++ b/vendor/github.com/hashicorp/vault/helper/strutil/strutil.go @@ -43,9 +43,9 @@ func StrListSubset(super, sub []string) bool { return true } -// Parses a comma separated list of strings into a slice of strings. -// The return slice will be sorted and will not contain duplicate or -// empty items. +// ParseDedupAndSortStrings parses a comma separated list of strings +// into a slice of strings. The return slice will be sorted and will +// not contain duplicate or empty items. func ParseDedupAndSortStrings(input string, sep string) []string { input = strings.TrimSpace(input) parsed := []string{} @@ -56,9 +56,10 @@ func ParseDedupAndSortStrings(input string, sep string) []string { return RemoveDuplicates(strings.Split(input, sep), false) } -// Parses a comma separated list of strings into a slice of strings. -// The return slice will be sorted and will not contain duplicate or -// empty items. The values will be converted to lower case. +// ParseDedupLowercaseAndSortStrings parses a comma separated list of +// strings into a slice of strings. The return slice will be sorted and +// will not contain duplicate or empty items. The values will be converted +// to lower case. func ParseDedupLowercaseAndSortStrings(input string, sep string) []string { input = strings.TrimSpace(input) parsed := []string{} @@ -69,8 +70,8 @@ func ParseDedupLowercaseAndSortStrings(input string, sep string) []string { return RemoveDuplicates(strings.Split(input, sep), true) } -// Parses a comma separated list of `<key>=<value>` tuples into a -// map[string]string. +// ParseKeyValues parses a comma separated list of `<key>=<value>` tuples +// into a map[string]string. func ParseKeyValues(input string, out map[string]string, sep string) error { if out == nil { return fmt.Errorf("'out is nil") @@ -97,8 +98,8 @@ func ParseKeyValues(input string, out map[string]string, sep string) error { return nil } -// Parses arbitrary <key,value> tuples. The input can be one of -// the following: +// ParseArbitraryKeyValues parses arbitrary <key,value> tuples. The input +// can be one of the following: // * JSON string // * Base64 encoded JSON string // * Comma separated list of `<key>=<value>` pairs @@ -144,8 +145,8 @@ func ParseArbitraryKeyValues(input string, out map[string]string, sep string) er return nil } -// Parses a `sep`-separated list of strings into a -// []string. +// ParseStringSlice parses a `sep`-separated list of strings into a +// []string with surrounding whitespace removed. // // The output will always be a valid slice but may be of length zero. func ParseStringSlice(input string, sep string) []string { @@ -157,14 +158,14 @@ func ParseStringSlice(input string, sep string) []string { splitStr := strings.Split(input, sep) ret := make([]string, len(splitStr)) for i, val := range splitStr { - ret[i] = val + ret[i] = strings.TrimSpace(val) } return ret } -// Parses arbitrary string slice. The input can be one of -// the following: +// ParseArbitraryStringSlice parses arbitrary string slice. The input +// can be one of the following: // * JSON string // * Base64 encoded JSON string // * `sep` separated list of values @@ -215,8 +216,9 @@ func TrimStrings(items []string) []string { return ret } -// Removes duplicate and empty elements from a slice of strings. This also may -// convert the items in the slice to lower case and returns a sorted slice. +// RemoveDuplicates removes duplicate and empty elements from a slice of +// strings. This also may convert the items in the slice to lower case and +// returns a sorted slice. func RemoveDuplicates(items []string, lowercase bool) []string { itemsMap := map[string]bool{} for _, item := range items { @@ -230,7 +232,7 @@ func RemoveDuplicates(items []string, lowercase bool) []string { itemsMap[item] = true } items = make([]string, 0, len(itemsMap)) - for item, _ := range itemsMap { + for item := range itemsMap { items = append(items, item) } sort.Strings(items) @@ -260,10 +262,10 @@ func EquivalentSlices(a, b []string) bool { // Now we'll build our checking slices var sortedA, sortedB []string - for keyA, _ := range mapA { + for keyA := range mapA { sortedA = append(sortedA, keyA) } - for keyB, _ := range mapB { + for keyB := range mapB { sortedB = append(sortedB, keyB) } sort.Strings(sortedA) @@ -299,6 +301,8 @@ func StrListDelete(s []string, d string) []string { return s } +// GlobbedStringsMatch compares item to val with support for a leading and/or +// trailing wildcard '*' in item. func GlobbedStringsMatch(item, val string) bool { if len(item) < 2 { return val == item @@ -325,3 +329,20 @@ func AppendIfMissing(slice []string, i string) []string { } return append(slice, i) } + +// MergeSlices adds an arbitrary number of slices together, uniquely +func MergeSlices(args ...[]string) []string { + all := map[string]struct{}{} + for _, slice := range args { + for _, v := range slice { + all[v] = struct{}{} + } + } + + result := make([]string, 0, len(all)) + for k, _ := range all { + result = append(result, k) + } + sort.Strings(result) + return result +} |