From 3300aa171fa983a47cb5f12e9287f60fd2891ff7 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Tue, 5 Mar 2024 08:30:27 -0500 Subject: [PATCH 1/2] Correctly validate leaf certificate trust HashiCorp Vault v1.14.10 reports fixing the following security vulnerability: > auth/cert: compare public keys of trusted non-CA certificates with > incoming client certificates to prevent trusting certs with the same > serial number but not the same public/private key. [GH-25649] From this, we can deduce that there is an issue with validating the authenticity of leaf certificates. Luckily there is only one code path so the fix location is obvious. Note that the issue lies in how the check is performed: a client may present an arbitrary certificate from an arbitrary CA (even a self-signed one if it contains an AuthorityKeyId extension), which will be accepted, assuming it matches the AKID and Serial Number of a present, explicitly trusted leaf certificate. In particular, while the authenticity of the TLS connection is verified (insofar as the presented certificate matches the TLS channel via valid signature), the authorization check is malformed as it does not correctly tie the channel's connection key to the key contained in the certificate. This check is sufficient to differentiate certificates from different CAs, say, for the purpose of chain building, but is not strong enough for authentication and authorization. In the past, several CAs (such as the production grade Dogtag PKI or a manual OpenSSL CA) have defaulted to sequential serial numbers, though, AKIDs would likely still be unique unless key material was reused between different CAs (typically unlikely unless an intermediate CA was re-issued with the same key material but longer expiration). However, most CAs correspond to the CA/BF's guidelines which require at least 20 bits of entropy, and thus would be less likely to run into this organically, even with reused CA public keys. See also: https://github.com/hashicorp/vault/releases/tag/v1.14.10 See also: https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382 See also: https://cabforum.org/working-groups/server/baseline-requirements/documents/ Resolves: #172 Signed-off-by: Alexander Scheel --- builtin/credential/cert/backend_test.go | 340 ++++++++++++++++++++++++ builtin/credential/cert/path_login.go | 5 +- changelog/173.txt | 3 + 3 files changed, 345 insertions(+), 3 deletions(-) create mode 100644 changelog/173.txt diff --git a/builtin/credential/cert/backend_test.go b/builtin/credential/cert/backend_test.go index 1ee1a79bb8..c5aa6bfe89 100644 --- a/builtin/credential/cert/backend_test.go +++ b/builtin/credential/cert/backend_test.go @@ -2340,3 +2340,343 @@ func TestBackend_CertUpgrade(t *testing.T) { t.Fatal(diff) } } + +const ( + RegTrustedLeafCertA = `-----BEGIN CERTIFICATE----- +MIIFcTCCA1mgAwIBAgICBAAwDQYJKoZIhvcNAQELBQAwRzESMBAGA1UEChMJQ0lQ +SEVSQk9ZMRMwEQYDVQQLEwpwa2ktdG9tY2F0MRwwGgYDVQQDExNDQSBSb290IENl +cnRpZmljYXRlMCAXDTI0MDMwNDE0MDMxOVoYDzIxMjQwMzA0MTQwMzE5WjAuMRIw +EAYDVQQKEwlDSVBIRVJCT1kxGDAWBgNVBAMTD2EuY2lwaGVyYm95LmNvbTCCAiIw +DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBALy9sQmv3OBXiIJD+CYZ8UNx6Tix +AKmpXwBwvHsM/GzbIHW5DbJtCdmM2RPN6qmRRiBwc+8Sogj7Lm4h2vY0+AWOldfe +g533cMI1uAWMtJEdcrRO7V7HdHPiO0bbBX3F3ZRIqYEWlYLWWqYEPQrPv5UtbDyv +Gg7+OXqmd+qMk76+klOAZ0CCxJf/AHGdYGaBsh/+Z8dEi1L6VDSAXhmdNfSlAsZt +zZAUk0FiNQpxqZjI38MOvVYKAUGnqIkJatoqMPH+krYQxCA+HhKGepsCWfchAcFG +Fa2FoLM/+akLId5QKJ5jLLoZ0BMScjmRgp9VCmPmt5hoVvgMiOwABz5SnGpgqgLJ +uOxkOtm+VFoyD3qKH72KQZOTwU4mzqrWHIiYCThYzJwWvwmSQ4u2QNSF5pXU2Mct +sT8sJzDPu02fMGR+cZzcVSdYSJWiDgHc/IlfREeBiNO2HayPkgpiETv1UX/mNBbf +CYLJnGnYrtLyWb4tX898cfKWFt0LMdOYcKIjvc/78F45O9LD4oqKR8QTv9LkRdF6 +cNfPECieBhR7gITmqMew85LmF87yscEEPUGYF7LPPz2B2Gfrs5bIuIlhiCOR7xso +xOQDGToIHw6cLdYW9aPAOkUJwBtp6TL5nrgX1EAaUutPluhHqC60JJxITTEtfqcQ +aFcvHfgRxDxUC6nPAgMBAAGjfjB8MEAGCCsGAQUFBwEBBDQwMjAwBggrBgEFBQcw +AYYkaHR0cDovL2NhLmNpcGhlcmJveS5jb206ODA4MC9jYS9vY3NwMAkGA1UdIwQC +MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA4GA1UdDwEB/wQEAwIE +sDANBgkqhkiG9w0BAQsFAAOCAgEAj/kfWWOfvokxk0cN0vngml61uEw6HkMs2D9C +68vuH3L+EBnU+RjUngVbeZ08H/dxQHwymW25CwdnfAXMn7PzSrUwjD1Qd/K0mWFg +CexGKpXnepyo2mL3ZEzRfdQ87DCfyIX6C1SVlGkU5/kLYd20nbJaqNe1OVHj1Vrr +aZpdbO2v2gMhbUP4EqEtfFNa41jnSZE845nE+2N/avbfLlq//v4FwU1JZVdeyP1Q +o4rGNaGpWLveRrtqhNLEyq35gN4uRElE0SxYuYzXInfJC5h1gB1yBtvi7Wson8S8 +Hn/Sf95SBHJwSPs49WwWBtIaQyfvqnYrjX2mwp/TCbUuhIB8edlOWD8BTZ7+AKFH +7qji8Qj+rHauEMryR30x6wqrSQyh30Xv0azaVIpK/kT/XsvRCowgCRhgaejHAN5a +zKtj41B6VfVCRxGYC5wr8tWOWpJysBej1OtmQwEP7XhZFQh/ME3OPwqXXAXOUUnv +0Up84wvWFHBkDPJeTSiS2qefZk/HDeEL5xgFp0A4PLjrSO43KTc6nyPxl5+xFJ7b +/zY+XAR1YD5SzsgI7rkdx538u89vR+sKKJ+XPAJUa5JhPQjTVL9Exr3cqc5kazwT +Rp+Yy6n6wYsGA9916PqKVfC3dqSbNyO5Gdw8V5bMdp/E0j9f+D6sgsJFFFVKCB2t +arXtCcc= +-----END CERTIFICATE----- +` + RegTrustedLeafKeyA = `-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC8vbEJr9zgV4iC +Q/gmGfFDcek4sQCpqV8AcLx7DPxs2yB1uQ2ybQnZjNkTzeqpkUYgcHPvEqII+y5u +Idr2NPgFjpXX3oOd93DCNbgFjLSRHXK0Tu1ex3Rz4jtG2wV9xd2USKmBFpWC1lqm +BD0Kz7+VLWw8rxoO/jl6pnfqjJO+vpJTgGdAgsSX/wBxnWBmgbIf/mfHRItS+lQ0 +gF4ZnTX0pQLGbc2QFJNBYjUKcamYyN/DDr1WCgFBp6iJCWraKjDx/pK2EMQgPh4S +hnqbAln3IQHBRhWthaCzP/mpCyHeUCieYyy6GdATEnI5kYKfVQpj5reYaFb4DIjs +AAc+UpxqYKoCybjsZDrZvlRaMg96ih+9ikGTk8FOJs6q1hyImAk4WMycFr8JkkOL +tkDUheaV1NjHLbE/LCcwz7tNnzBkfnGc3FUnWEiVog4B3PyJX0RHgYjTth2sj5IK +YhE79VF/5jQW3wmCyZxp2K7S8lm+LV/PfHHylhbdCzHTmHCiI73P+/BeOTvSw+KK +ikfEE7/S5EXRenDXzxAongYUe4CE5qjHsPOS5hfO8rHBBD1BmBeyzz89gdhn67OW +yLiJYYgjke8bKMTkAxk6CB8OnC3WFvWjwDpFCcAbaeky+Z64F9RAGlLrT5boR6gu +tCScSE0xLX6nEGhXLx34EcQ8VAupzwIDAQABAoICADZF/+ousX+rfBwlam6eaCPC +VlPQhkXDaAeq43Ao+E9fJbLkf11PAJWX7HZG8NNI7Jb4b0YQoBqgDCZsQtgovCdw +7ILSQBvFIx4dr2idIPFXu/vAdH6cMU7/f5cs9SPJKaHx0RhHQ8AHXrK9pkX9HnTJ +xoWevooQLbwosXP3b6baix5K3qYM1HZ2xAxnumhPpEaR9Aq3ma7HQD6GqUiJThIm +/yjLO2DSodOb52+05pWCMeIX03cx0lGsYgjh9eF9X2y/DTYglR1Gb4RZOllnsDIh +wizvN92Zfu/8lhC3nEoe18dP8nUjZhON6t3GC39Ax4eZuTKw0k1q4Van3W1c+RAY +whIHT5JIQzisZ5lFHKhels1IRtNvbhupE+SwugWCwIJ80673T7Ej+CysRZwh8cku +04pm69LQMm+BKzbGnstMfJzGOj0fEIQTKDbnzCKehl8/pj+YFK1ZlOFDucs8m6gD +9O+yPEqraewAypnNzD3VA3gHybBPgVk+wHZdzArKThVEr2sY8m3mv54H0yxCg3CS +jiM4mYNUSGIPVPfSFV5otE4o9q4MgFy4jyUIPCMxmqAOv5yXmKRcvYnkxPwx2Ffw +DahgYP4U+dYxkpu9rsLEHiMUkSew1SCCw/px6TMo+Vi73RH/ZFRI7mR7zy7o8lWF +3PCTlOgbAuEFfNU8sQGhAoIBAQD1fB0ybGedpxLiI9J0DPPTS6e7DSXxu6xOZcCv +Im39lxTbPW4fdi6BxnGfX7ALp/qW0faa3PfOQeGJAJaVFK6tvM4WObscqnB9d5yk +M6WRZL3LgBhoSs25N7idN18vv/5jZYEv1K19D6Lm1YgGBGNRVzozVVIxBwZQYfez +Vj5ox3tIJFEjAU5zZ7YDdruvd2ur65gOVWFhlfYRNsN5OdwYU4DzVvXEFRX/OiBr +8zO9zyRMJcbVNg7F/rrsmbMaae/vtcXVWizzO4gjnAtTqnPmzoeT6vOB3Ty8Gpdv +3EDrAswWeLwoXXM593LZH+UZesPYCrgjxjKbs54AFSZOR7QhAoIBAQDE01kLVVOj +JlZF5BHLhu5fFg0yK61cA/lFN9TdQMB4AoA5j8C+Ikp+Ml3m82Ti0QBCXtm5Ff0o +BIQ50kqBIa5523U1fzbGcGYJ8DFKGpz7J/OIARgUSM1Z25hS1OsTwpqnV5lewuCJ +gC+NppardHX6DqQdsaStjS7efOYkAXYjj9ZmbREjAQ0asy4inft/csqWlTI0tTxw +kJmP/rPhYSKPR4Yzv5s8Q2FF87lahtLhcByMtTwxGMZ+lQQJnYsqpSSLCNa/j+AD +BfZ5MWNjGqoAmJNigCZk/3B+G0KR/VoRlPXNSZU2Hy7fzrjS0y2RJAVKR8kgTQdk +NDY3LZsO+p/vAoIBAQDu8ds9jHUi6FAiHDoqSb0/iyF9maO4czOZr8No9TtYniln +6Zh6OT+1hCJuveYOwnfRPBgszy7J7iiIgTERdWs9o0x6J8Fwepo6FiY7UiYzqnpv +TYT0ZvNt+MXTCeW2BcyolVG06+/ejkzDIU9gg/7kWuJEuyTgofTMYz+GqUjgFmNy +ah8r0oa5IFbzcivn9HayhgSg1wyNvzkfsk18fww0BXu74IYiUV/y6XJLgRN5CtpK +4G50dETXBkaOLGFAMaOhkS46qKaeLvEpsCb6Tiy4mYkwOn7BhkYq1jtXX201E6jx +qp2DMMsKvkhk/X2zWmKstGpeL/pswd3mOK/rfDHhAoIBAHCXvk5fZ1LjMWMVzqAw +9ddrE+1pUuhaVZQlFh3jVrbQJ23GMCoUD60VPuZIwaOGj7Fn9QCN9Z2Yx9MT2w73 +p4mJ4wjRVxI5ZgW1Y1zS0I5UElnw1kd0RhRrLD3mEvvgzPuBfvjYXf4KWCmd7H70 +RjDfgz6BSoUFSJR5umVKeLxrIejB55WwmkB106R131LO5dkyS+Ae9Q4nidD3kQsS +t+RitACSUUkt+k072QJSMfxIV+yeGGq1k4cB06d0ehHRGpB2Y/J9aVYRaSd2+zXM +IQfqQBWO3WfVQBLDoVdGKOn53oqq1zJ4sCXTaaMgruZiRqxxWDqkFeBahdEWw6bT +8/0CggEAQoxU1jXAYYtMh7Q7tVugskAVRJTEh7ig2w3PMtcQEnqm8n5wSn8c/KD2 +Z2SQs2jJoYCPvFvofCUVsVioqDHblvLBmIanqmRGjR7o6e0c10OYkUXZcRCFUlWl +iRzO9uiItOba0d0IC8LekQ3NG0nIK1T4BTNAtg0xPlttp87LpwgaF/4XOBPg68L6 +v7i3qQV44LfXOEhoiU3yHDw2R75ctxGm8PxCDuJldO0dvQjaLivtBWG76GseTfXi +8kDfQMjmKz2LT3qJ8LpussY5bCHnbEzOcbz94HCY7rlKfOWZN5ytBHTZP9dMyeN/ +Qy9lVAuKDEh15921mPxb074a6ByNMg== +-----END PRIVATE KEY----- +` + RegTrustedLeafCertB = `-----BEGIN CERTIFICATE----- +MIIFcDCCA1igAwIBAgICBAAwDQYJKoZIhvcNAQELBQAwRjESMBAGA1UEChMJQ0lQ +SEVSQk9ZMRMwEQYDVQQLEwpwa2ktdG9tY2F0MRswGQYDVQQDExJDQSBTdWIgQ2Vy +dGlmaWNhdGUwIBcNMjQwMzA0MTQwMzIwWhgPMjEyNDAzMDQxNDAzMjBaMC4xEjAQ +BgNVBAoTCUNJUEhFUkJPWTEYMBYGA1UEAxMPYi5jaXBoZXJib3kuY29tMIICIjAN +BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAztMFwBX8R7lsWz9WpFtEK5ZXXBjk +IZ5GkdY9gPXRyKPdBj0gckjNOWy74xJ+TYxT2+EPPDwe4KD7IGDM0PG9JGATzG9O +OQ7kJuNycG4zFu+BSzMGcfRc1y88j/GBubfy2R4tNpUb4KJ4C8JaWo2BIjjmywJS +ywq4CwaDUVgJOGIr57y2iljCuCVGfTpB6g5AHlJ6eMX6Yl254dHmcUA9JlP49C5H +XmJbAB9vn4EHEBN8zIjWLUIckwAxKjDdfjrwNfheHSGVs+uP8u8PC09pAs7y6jnT +3QEwqg9wIoK4L4bxy4Gj0D4ZxDpEgYlZNIFRcHrabm+IjKSy2eB01Vpkc2tgZmfs +uYEzuxg/HfujosJYrfeYD3lZGU8xnoJzE0MXbfGCEQLyCm3XShqNIh/D4st/gptJ +5IxknNfIKtQ8n5KIbVvCasPxyy0hHN6NE2Z4pzA59JoWQa8gBC7pHCJ/kLLbgLf1 +5dHwJcf444oh54hddQOgzhVxiMxwcJDEh/jKiqAYw4cF559QYBlrHx3U8VMJNi0M +ai9jWVsz7/KRrjuO1bvV/M6BrAVfmeywrmcFaZF6r3q5JThdPoao24ba9j5m8brx +F1vN2tSxml/xNCNrgdjPUTw8rBexoCmt9NRF4SGZyhL3EjYSNvECncqRRTIkdgP+ +x0FEbsI7NxrpMokCAwEAAaN+MHwwQAYIKwYBBQUHAQEENDAyMDAGCCsGAQUFBzAB +hiRodHRwOi8vY2EuY2lwaGVyYm95LmNvbTo4MDgwL2NhL29jc3AwCQYDVR0jBAIw +ADAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDgYDVR0PAQH/BAQDAgSw +MA0GCSqGSIb3DQEBCwUAA4ICAQC7JJ3kIB0hW5wRTUZKKWL2cfJ3To7YStXh78P3 +h2nby4cD6UbPkQW9Yn3Av0sMqBHr6Pk3mHKL+3sE895/PyGMTqQbLyVDMi4HOd2i +sUf3snhNjRRRvM7IeHNhjvI004XKlGIqo9rfn3CFnWo663za3He8jsc4i+hxTnya +KaW8D8gJkTJRW3fg1ACsESEG4ITY83PkERrzBJvPLcza75tjtrPUrHy4qEwVnQcD +XWZN0Y6pTD4M4mtBXfaoKKeujxf+kT/XvnPgAR1OL0vs3ttotZSAQe35hn5hlNX3 +Aa4ZzxIhNGihyNHPKD1I/F3izCkUeDHtk/aLAgv9F7CfJux80cbnkzAqE0S/bdbR +PQlPKDp0REy6nOXbJ35R5Agadn6i4r8fFDKzR8aGylymGcsF4YOlowo+PaS51SFc +lBOM/sQdZVs3K7HEIzUkAudwVE2/sj5cZlNykW741LkB+Ezk2QMAVwkyCsaC9Tu/ +GTdMC0+AtueG9NvJ7fv36hBeXAFuS728K5mPPtzhCmmHcplNaf23NiTob++sb96k +EJy3f0IRpQji0cgIfrqcgbm4BNwepGAq46c+gyGWD7HOTaNVe0hNOgmBAZRDfIJ8 +Mt/hEsvQYDL/Y4OSv+fQD/KVy9nx7zbXPMqcko+9w+TT/2AVfqX2uRo3DPoVwJy7 +mLG5gA== +-----END CERTIFICATE----- +` + RegTrustedLeafKeyB = `-----BEGIN PRIVATE KEY----- +MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDO0wXAFfxHuWxb +P1akW0QrlldcGOQhnkaR1j2A9dHIo90GPSBySM05bLvjEn5NjFPb4Q88PB7goPsg +YMzQ8b0kYBPMb045DuQm43JwbjMW74FLMwZx9FzXLzyP8YG5t/LZHi02lRvgongL +wlpajYEiOObLAlLLCrgLBoNRWAk4YivnvLaKWMK4JUZ9OkHqDkAeUnp4xfpiXbnh +0eZxQD0mU/j0LkdeYlsAH2+fgQcQE3zMiNYtQhyTADEqMN1+OvA1+F4dIZWz64/y +7w8LT2kCzvLqOdPdATCqD3AigrgvhvHLgaPQPhnEOkSBiVk0gVFwetpub4iMpLLZ +4HTVWmRza2BmZ+y5gTO7GD8d+6Oiwlit95gPeVkZTzGegnMTQxdt8YIRAvIKbddK +Go0iH8Piy3+Cm0nkjGSc18gq1DyfkohtW8Jqw/HLLSEc3o0TZninMDn0mhZBryAE +LukcIn+QstuAt/Xl0fAlx/jjiiHniF11A6DOFXGIzHBwkMSH+MqKoBjDhwXnn1Bg +GWsfHdTxUwk2LQxqL2NZWzPv8pGuO47Vu9X8zoGsBV+Z7LCuZwVpkXqverklOF0+ +hqjbhtr2PmbxuvEXW83a1LGaX/E0I2uB2M9RPDysF7GgKa301EXhIZnKEvcSNhI2 +8QKdypFFMiR2A/7HQURuwjs3GukyiQIDAQABAoICADCcaZgVssd63exubSNRLise +eWb0lL4QEN8bHzaN0GJbnUnnmRYzZUTveROsV5JLfrRJ6AZMzScXvx6DkfA0OTPw +/wZITPbdOKOpRs8FH63u2hE+K3AiMqYC/LWKWma3xPTiAld3YWeBWDzPT+RDqQvN +mvUxFRuS5+HzhG7chcJCVLZxZOgMZ6vXWwN462AjPE/EK/Px+GEhTVy1tHd+1UCK +cROXQv/8lw3m1ZoEPhA5vFXofYqCpOuqGmQjuxN9r9LHjvtC1whEP/+lz3/liLV3 +xaFmuRSTQIhf+4eo+Lh2+6LM1B9QUUcNOOfHS/eqw2TwAyH8xffkiALsnhk9Vylb +chfaEFmpUpG3/CbGZuf3wfSmerychffbe/1Mdf3GImYyXLXotGAjAKI/hzfFBPPa +6wctFWYj3oaFrq4obIjN5NWXt6ttDZ0ZhJOKmkGVetTn5omLKeMedl9TdJ1qlDlm +uX6p8QsK06FnSw1vkwx09mpVbeTv/HGb4w3yYHboBLTAN12qGtm6c2KVvmw0N51t +dSb5aEU6h1vCvwqPZucDicBTTNK9pd7mrrelqnQPwgpI/zvXmygPdG/YIjL+4WgD +ftIdBlejnB24FbXJ1UbYmR6klY+YK+Yl5Orucwbo4Su+PiOPzBLer7W9TWqUB+Nm +URSf3EHDJMFrmi+vwxdZAoIBAQDocxE2Ykj8Z/lJQro49i6B44DSBcUSUI8/JSGJ +1FFZNF/MNbm9sRi7HNu9lLcu96YbbZspdvH8R8nOc3iARtq6GPDOcdHkptpsxeJm +XEi5Vq9EVF8zxBq5lxOKYVDKN7Rz2+KfOOEZ40h+LTN/kc0pzmUP0h95KwmYIE95 +FxA2d6B8rz2mqOY6bc4ZaHUmhkJDW4s13CKj7HF38hJNWxpksiHf0E1iNd8OduaL +nvvHqC9004jPMOPNqFCIjDQZkYhkY4exSEmbPsimifCu3dCPzGWAnjJWiEp+LMdh +4R85WjgVzkTx0boZTfCsiSJslyHVTi0aMFFhLZ33xGWj2+2VAoIBAQDjx1O+uI4f +qW24hLMG2R/QLU5x+T9e/Pc6tJ2axdOFHpKmQE/msRZnkeZpgqvWEd3xC9P7MSsq +Ms463LjsmXwcaEg7jwSa5wVXRIiJfrWoKjJxi1Tv7q3fCDmH4zZp1CNtvivjRykq ++u+0PJKOVOdJ8cC81ZCW0VxBkp5lqIKtrjObR3RrAxZ+97W4wxYmJPda9J43pMW1 +HrvpGBQ7vu803/IXOAAadZb9z/1858Egvv23NwNSpHCKM3D+1Yt/ECjj5X0i3z8u +hsn7PfGLuvyBBDZIyDkegJB4a38aczlOxKkQas43GR4hbVrvCfVDsZphaGOBchhR +JMZlzkYpEWwlAoIBAQC+/nUhI2bnBiOdn5dV4GncTet2JkmEP+9DqiXBk1P4IQGp +0Gc6xv4UGKUxQ7W0gMXaeZfpXRN+ABqAaP6VICLukDmk137oCnUktP/OrXsP1nsS +gOTsqvBumAT1SfrQ/S5nmD/AJkNHOypAirFq24khFbaSZkt4CvXKKppCW8H1jxut +92uHufXaAok69Up1ChH+OITND4DjAg9FyABj0TyBiqAsv4Il9S+/OdE63bnxlm7P +5lPeMkSroeXyHIlejObt3Z4L++KHDfJebK73b8jDruWj5dhko33Z6L823HwEau30 +dNTPgU0RJ6peihtf8FpbYu3KO/NSDuJiR9xf5AB1AoIBAQC9DOFK+G6thLgWX70f +P/KRnCjxm8enFRo1VVdB8FOAt0FMTzCB7hUEXSn6BISOpkGpIQIOCF8lJQnZ/PxX +E4TZJwxcsnVGA9yA89bHF626J1u6tcQHZ/hTlsX5LPIqn/HP0fknKBbZH3D4DRYu +n/VfgBFSKYdaReXmXsSs51GeyWj3xjSv5N40/2+KLBEkE6ZhjYoL8OxPSXT5IA0b +EXwETKLn9ojPbS2m94wSsV+vyBVYjYZqfyUQ72UnfSHMkiL+E6jq2pPcD+9wYZcr +PET65/4OJnCSCm7eI4pY761u3PbdM2h4fpZtdA/3OjKgvrW9hyCffY0FPBqWwL+m +slkpAoIBAHjFpjW2AE/YUuksQObNfuPGxMZBbQeyPW9FIETTi22V7hnnfNcl/CaK +b3eUwdJFfMXEufr7naav9BZ1rxE20pQGRYRfi0uV5v2PosVoQep/yZvL+l6U3X7V +F0VyEzVaA6D4IfrTgWqvRr/yePkhWPzd3BP/PuBDDugK1BLlt2bWWQ7bmGVbwloE +AbeZa5GxuXIvzGiU5fJE5xB86T6frusTYfnTRL//tUT7bxqMH792i3ccWY/onFfR +RzSOgzNfqAIvvol4Co+phDKz7sNg3R1Hf1dan052BFZtTZxxqmdHJ1yBPLyejflh +mr2dJsMn54TXDOZYRQd5WVKDDu8xoJI= +-----END PRIVATE KEY----- +` +) + +func TestBackend_RegressionDifferentTrustedLeaf(t *testing.T) { + // Cert auth method + coreConfig := &vault.CoreConfig{ + DisableMlock: true, + DisableCache: true, + Logger: log.NewNullLogger(), + CredentialBackends: map[string]logical.Factory{ + "cert": Factory, + }, + } + cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{ + HandlerFunc: vaulthttp.Handler, + }) + cluster.Start() + defer cluster.Cleanup() + cores := cluster.Cores + vault.TestWaitActive(t, cores[0].Core) + client := cores[0].Client + + var err error + + // Enable the cert auth method + err = client.Sys().EnableAuthWithOptions("cert", &api.EnableAuthOptions{ + Type: "cert", + }) + if err != nil { + t.Fatal(err) + } + + // Set the first leaf cert as a trusted certificate in the backend + _, err = client.Logical().Write("auth/cert/certs/trusted-leaf", map[string]interface{}{ + "display_name": "trusted-cert", + "policies": "default", + "certificate": RegTrustedLeafCertA, + }) + if err != nil { + t.Fatal(err) + } + + // Create temporary files for CA cert, client cert and client cert key. + // This is used to configure TLS in the api client. + caCertFile, err := ioutil.TempFile("", "caCert") + if err != nil { + t.Fatal(err) + } + defer os.Remove(caCertFile.Name()) + if _, err := caCertFile.Write([]byte(cluster.CACertPEM)); err != nil { + t.Fatal(err) + } + if err := caCertFile.Close(); err != nil { + t.Fatal(err) + } + + leafCertAFile, err := ioutil.TempFile("", "leafCertA") + if err != nil { + t.Fatal(err) + } + defer os.Remove(leafCertAFile.Name()) + if _, err := leafCertAFile.Write([]byte(RegTrustedLeafCertA)); err != nil { + t.Fatal(err) + } + if err := leafCertAFile.Close(); err != nil { + t.Fatal(err) + } + + leafCertAKeyFile, err := ioutil.TempFile("", "leafCertAKey") + if err != nil { + t.Fatal(err) + } + defer os.Remove(leafCertAKeyFile.Name()) + if _, err := leafCertAKeyFile.Write([]byte(RegTrustedLeafKeyA)); err != nil { + t.Fatal(err) + } + if err := leafCertAKeyFile.Close(); err != nil { + t.Fatal(err) + } + + leafCertBFile, err := ioutil.TempFile("", "leafCertB") + if err != nil { + t.Fatal(err) + } + defer os.Remove(leafCertBFile.Name()) + if _, err := leafCertBFile.Write([]byte(RegTrustedLeafCertB)); err != nil { + t.Fatal(err) + } + if err := leafCertBFile.Close(); err != nil { + t.Fatal(err) + } + + leafCertBKeyFile, err := ioutil.TempFile("", "leafCertBKey") + if err != nil { + t.Fatal(err) + } + defer os.Remove(leafCertBKeyFile.Name()) + if _, err := leafCertBKeyFile.Write([]byte(RegTrustedLeafKeyB)); err != nil { + t.Fatal(err) + } + if err := leafCertBKeyFile.Close(); err != nil { + t.Fatal(err) + } + + // This function is a copy-pasta from the NewTestCluster, with the + // modification to reconfigure the TLS on the api client with the leaf + // certificate generated above. + getAPIClient := func(port int, tlsConfig *tls.Config, leafCert string, leafKey string) *api.Client { + transport := cleanhttp.DefaultPooledTransport() + transport.TLSClientConfig = tlsConfig.Clone() + if err := http2.ConfigureTransport(transport); err != nil { + t.Fatal(err) + } + client := &http.Client{ + Transport: transport, + CheckRedirect: func(*http.Request, []*http.Request) error { + // This can of course be overridden per-test by using its own client + return fmt.Errorf("redirects not allowed in these tests") + }, + } + config := api.DefaultConfig() + if config.Error != nil { + t.Fatal(config.Error) + } + config.Address = fmt.Sprintf("https://127.0.0.1:%d", port) + config.HttpClient = client + + // Set the above issued certificates as the client certificates + config.ConfigureTLS(&api.TLSConfig{ + CACert: caCertFile.Name(), + ClientCert: leafCert, + ClientKey: leafKey, + }) + + apiClient, err := api.NewClient(config) + if err != nil { + t.Fatal(err) + } + return apiClient + } + + // Create a new api client with the incorrect leaf; it should fail. + newBClient := getAPIClient(cores[0].Listeners[0].Address.Port, cores[0].TLSConfig(), leafCertBFile.Name(), leafCertBKeyFile.Name()) + + secret, err := newBClient.Logical().Write("auth/cert/login", map[string]interface{}{ + "name": "trusted-leaf", + }) + if err == nil { + t.Fatalf("when logging in with different leaf from trusted, expected err but got none: err=%v / secret=%v", err, secret) + } + if secret != nil { + t.Fatalf("when logging in with different leaf from trusted, expected empty secret but got %v", secret) + } + + // Create a new API client with the correct leaf; it should succeed. + newAClient := getAPIClient(cores[0].Listeners[0].Address.Port, cores[0].TLSConfig(), leafCertAFile.Name(), leafCertAKeyFile.Name()) + + secret, err = newAClient.Logical().Write("auth/cert/login", map[string]interface{}{ + "name": "trusted-leaf", + }) + if err != nil { + t.Fatal(err) + } + if secret.Auth == nil || secret.Auth.ClientToken == "" { + t.Fatalf("expected a successful authentication") + } +} diff --git a/builtin/credential/cert/path_login.go b/builtin/credential/cert/path_login.go index 2390a5c2c2..2e76cd5480 100644 --- a/builtin/credential/cert/path_login.go +++ b/builtin/credential/cert/path_login.go @@ -4,8 +4,8 @@ package cert import ( - "bytes" "context" + "crypto/subtle" "crypto/tls" "crypto/x509" "encoding/asn1" @@ -277,8 +277,7 @@ func (b *backend) verifyCredentials(ctx context.Context, req *logical.Request, d for _, trustedNonCA := range trustedNonCAs { tCert := trustedNonCA.Certificates[0] // Check for client cert being explicitly listed in the config (and matching other constraints) - if tCert.SerialNumber.Cmp(clientCert.SerialNumber) == 0 && - bytes.Equal(tCert.AuthorityKeyId, clientCert.AuthorityKeyId) { + if subtle.ConstantTimeCompare(tCert.Raw, clientCert.Raw) == 1 { matches, err := b.matchesConstraints(ctx, clientCert, trustedNonCA.Certificates, trustedNonCA, verifyConf) // matchesConstraints returns an error when OCSP verification fails, diff --git a/changelog/173.txt b/changelog/173.txt new file mode 100644 index 0000000000..92fc5067ac --- /dev/null +++ b/changelog/173.txt @@ -0,0 +1,3 @@ +```release-note:security +auth/cert: compare full bytes of trusted leaf certificates with incoming client certificates to prevent trusting certs with the same serial number but not the same public/private key. +``` From 37a0b1bf35ca696ca92f3ca99028a052c6836813 Mon Sep 17 00:00:00 2001 From: Alexander Scheel Date: Sat, 2 Mar 2024 19:06:54 -0500 Subject: [PATCH 2/2] Fix build & CI pipelines This retains the original HashiCorp upstream build & test pipelines, cleaning them up for OpenBao and removing HashiCorp internal tooling references that aren't necessary for us. The CI pipeline currently fails with test errors and commenting will need to be tested on the main repository with an appropriately scoped token. However, builds pass and produce usable, unsigned artifacts. This can form the basis of a proper (signed) release pipeline eventually, taking actions from the build stage of the tagged release commit and signing and verifying them. In order to fix CI, some changes to the Go modules were done, removing redundant tooling packages and re-adding the kubernetes integration tests. This also fixes CI to correctly run api & sdk tests, fixing #61 again. Removed, unnecessary actions: - actionlint was used to allow-list actions upstream, - add-hashicorp-contributed-label was used to add a label to internal PRs for visibility, - backport was the tool to automatically backport PRs, - milestone-checker was used to ensure PRs had appropriate milestones prior to merge, - oss was used to classify issues against the specified label category - remove-labels was used to clean up issues & PRs - security-scan requires internal tooling not made public - test-ci-bootstrap & test-ci-cleanup are both part of the complex Enos integration tests, which were removed in 85455fb252c65f3ed7367b2a4d4b392de47b7e4a due to resource requirements. Resolves: #31 Resolves: #42 Resolves: #152 Related: #153 Signed-off-by: Alexander Scheel --- .github/actions/set-up-go/action.yml | 4 - .github/scripts/gh_comment.sh | 8 +- .github/scripts/report_failed_builds.sh | 4 +- .github/scripts/report_failed_tests.sh | 6 +- .github/workflows/actionlint.yml | 17 - .../add-hashicorp-contributed-label.yml | 26 - .github/workflows/backport.yml | 23 - .github/workflows/build-vault-ce.yml | 27 +- .github/workflows/build.yml | 241 +------- .github/workflows/ci.yml | 206 +------ .github/workflows/code-checker.yml | 6 - .github/workflows/milestone-checker.yml | 23 - .github/workflows/oss.yml | 128 ---- .github/workflows/remove-labels.yml | 19 - .github/workflows/security-scan.yml | 85 --- .github/workflows/test-ci-bootstrap.yml | 51 -- .github/workflows/test-ci-cleanup.yml | 88 --- .github/workflows/test-go.yml | 126 +--- .../workflows/test-run-acc-tests-for-path.yml | 2 - .release/ci.hcl | 176 ------ .release/docker/docker-entrypoint.sh | 84 +-- .release/docker/ubi-docker-entrypoint.sh | 92 +-- .../vault.env => openbao/openbao.env} | 0 .../linux/package/etc/openbao/openbao.hcl | 37 ++ .release/linux/package/etc/vault.d/vault.hcl | 50 -- .../system/{vault.service => openbao.service} | 14 +- .release/linux/postinst | 35 +- .release/linux/postrm | 2 +- .release/linux/preinst | 2 +- .release/release-metadata.hcl | 14 +- .release/security-scan.hcl | 16 - api/auth/approle/go.mod | 2 + api/auth/approle/go.sum | 2 - api/auth/kubernetes/go.mod | 2 + api/auth/kubernetes/go.sum | 2 - api/auth/ldap/go.mod | 2 + api/auth/ldap/go.sum | 2 - api/auth/userpass/go.mod | 2 + api/auth/userpass/go.sum | 2 - builtin/credential/jwt/tools/go.mod | 13 - builtin/credential/jwt/tools/go.sum | 55 -- builtin/credential/jwt/tools/tools.go | 19 - .../kubernetes/integrationtest/go.mod | 66 --- .../kubernetes/integrationtest/go.sum | 545 ------------------ builtin/logical/openldap/tools/go.mod | 13 - builtin/logical/openldap/tools/go.sum | 55 -- builtin/logical/openldap/tools/tools.go | 19 - go.mod | 1 + go.sum | 5 + plugins/database/redis/tools/go.mod | 13 - plugins/database/redis/tools/go.sum | 20 - plugins/database/redis/tools/tools.go | 19 - scripts/ci-helper.sh | 25 +- scripts/cross/Dockerfile | 4 +- scripts/dist.sh | 79 --- scripts/semgrep_plugin_repos.sh | 23 - scripts/testciphers.sh | 29 - scripts/update_plugin_modules.sh | 51 -- scripts/windows/build.bat | 96 --- 59 files changed, 238 insertions(+), 2540 deletions(-) delete mode 100644 .github/workflows/actionlint.yml delete mode 100644 .github/workflows/add-hashicorp-contributed-label.yml delete mode 100644 .github/workflows/backport.yml delete mode 100644 .github/workflows/milestone-checker.yml delete mode 100644 .github/workflows/oss.yml delete mode 100644 .github/workflows/remove-labels.yml delete mode 100644 .github/workflows/security-scan.yml delete mode 100644 .github/workflows/test-ci-bootstrap.yml delete mode 100644 .github/workflows/test-ci-cleanup.yml delete mode 100644 .release/ci.hcl rename .release/linux/package/etc/{vault.d/vault.env => openbao/openbao.env} (100%) create mode 100644 .release/linux/package/etc/openbao/openbao.hcl delete mode 100644 .release/linux/package/etc/vault.d/vault.hcl rename .release/linux/package/usr/lib/systemd/system/{vault.service => openbao.service} (63%) delete mode 100644 .release/security-scan.hcl delete mode 100644 builtin/credential/jwt/tools/go.mod delete mode 100644 builtin/credential/jwt/tools/go.sum delete mode 100644 builtin/credential/jwt/tools/tools.go delete mode 100644 builtin/credential/kubernetes/integrationtest/go.mod delete mode 100644 builtin/credential/kubernetes/integrationtest/go.sum delete mode 100644 builtin/logical/openldap/tools/go.mod delete mode 100644 builtin/logical/openldap/tools/go.sum delete mode 100644 builtin/logical/openldap/tools/tools.go delete mode 100644 plugins/database/redis/tools/go.mod delete mode 100644 plugins/database/redis/tools/go.sum delete mode 100644 plugins/database/redis/tools/tools.go delete mode 100755 scripts/dist.sh delete mode 100755 scripts/semgrep_plugin_repos.sh delete mode 100755 scripts/testciphers.sh delete mode 100755 scripts/update_plugin_modules.sh delete mode 100644 scripts/windows/build.bat diff --git a/.github/actions/set-up-go/action.yml b/.github/actions/set-up-go/action.yml index e6289b4427..f959f5dc0c 100644 --- a/.github/actions/set-up-go/action.yml +++ b/.github/actions/set-up-go/action.yml @@ -3,9 +3,6 @@ name: Set up Go with a shared module cache description: Set up Go with a shared module cache inputs: - github-token: - description: "An elevated Github token to access private modules if necessary" - type: string no-restore: description: "Whether or not to restore the Go module cache on a cache hit" type: boolean @@ -61,7 +58,6 @@ runs: name: Download go modules shell: bash run: | - git config --global url."https://${{ inputs.github-token }}@github.com".insteadOf https://github.com for mod in $(find . -type f -name go.mod); do pushd "$(dirname $mod)" go list ./... diff --git a/.github/scripts/gh_comment.sh b/.github/scripts/gh_comment.sh index b47df541a4..a68cbf22a7 100644 --- a/.github/scripts/gh_comment.sh +++ b/.github/scripts/gh_comment.sh @@ -16,7 +16,7 @@ function update_or_create_comment { -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ --paginate \ - /repos/hashicorp/"$REPO"/issues/"$PR_NUMBER"/comments | jq -r --arg SEARCH_KEY "$SEARCH_KEY" '.[] | select (.body | contains($SEARCH_KEY)) | .id') + /repos/openbao/"$REPO"/issues/"$PR_NUMBER"/comments | jq -r --arg SEARCH_KEY "$SEARCH_KEY" '.[] | select (.body | contains($SEARCH_KEY)) | .id') if [[ "$comment_id" != "" ]]; then # update the comment with the new body @@ -24,7 +24,7 @@ function update_or_create_comment { --method PATCH \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/hashicorp/"$REPO"/issues/comments/"$comment_id" \ + /repos/openbao/"$REPO"/issues/comments/"$comment_id" \ -f body="$BODY" else # create a comment with the new body @@ -32,7 +32,7 @@ function update_or_create_comment { --method POST \ -H "Accept: application/vnd.github+json" \ -H "X-GitHub-Api-Version: 2022-11-28" \ - /repos/hashicorp/"$REPO"/issues/"$PR_NUMBER"/comments \ + /repos/openbao/"$REPO"/issues/"$PR_NUMBER"/comments \ -f body="$BODY" fi -} \ No newline at end of file +} diff --git a/.github/scripts/report_failed_builds.sh b/.github/scripts/report_failed_builds.sh index c3a3fcf401..79c99e3072 100755 --- a/.github/scripts/report_failed_builds.sh +++ b/.github/scripts/report_failed_builds.sh @@ -14,11 +14,9 @@ set -e [ ${BUILD_DARWIN:?} ] [ ${BUILD_DOCKER:?} ] [ ${BUILD_UBI:?} ] -[ ${TEST:?} ] -[ ${TEST_DOCKER_K8S:?} ] # listing out all of the jobs with the status -jobs=( "build-other:$BUILD_OTHER" "build-linux:$BUILD_LINUX" "build-darwin:$BUILD_DARWIN" "build-docker:$BUILD_DOCKER" "build-ubi:$BUILD_UBI" "test:$TEST" "test-docker-k8s:$TEST_DOCKER_K8S" ) +jobs=( "build-other:$BUILD_OTHER" "build-linux:$BUILD_LINUX" "build-darwin:$BUILD_DARWIN" "build-docker:$BUILD_DOCKER" "build-ubi:$BUILD_UBI" ) # there is a case where even if a job is failed, it reports as cancelled. So, we look for both. failed_jobs=() diff --git a/.github/scripts/report_failed_tests.sh b/.github/scripts/report_failed_tests.sh index d69d43a167..a79162bb05 100755 --- a/.github/scripts/report_failed_tests.sh +++ b/.github/scripts/report_failed_tests.sh @@ -15,8 +15,8 @@ else # Remove any rows that don't have a test name # Only keep the test type, test package, test name, and logs column # Remove the scroll emoji - # Remove "github.com/hashicorp/vault" from the package name - TABLE_DATA=$(echo "$TABLE_DATA" | awk -F\| '{if ($4 != " - ") { print "|" $2 "|" $3 "|" $4 "|" $7 }}' | sed -r 's/ :scroll://' | sed -r 's/github.com\/hashicorp\/vault\///') + # Remove "github.com/openbao/openbao" from the package name + TABLE_DATA=$(echo "$TABLE_DATA" | awk -F\| '{if ($4 != " - ") { print "|" $2 "|" $3 "|" $4 "|" $7 }}' | sed -r 's/ :scroll://' | sed -r 's/github.com\/openbao\/openbao\///') NUM_FAILURES=$(wc -l <<< "$TABLE_DATA") # Check if the number of failures is greater than the maximum tests to display @@ -39,4 +39,4 @@ fi source ./.github/scripts/gh_comment.sh -update_or_create_comment "$REPO" "$PR_NUMBER" "CI Results:" "$BODY" \ No newline at end of file +update_or_create_comment "$REPO" "$PR_NUMBER" "CI Results:" "$BODY" diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml deleted file mode 100644 index 8b466e7172..0000000000 --- a/.github/workflows/actionlint.yml +++ /dev/null @@ -1,17 +0,0 @@ -name: Lint GitHub Actions Workflows -on: - pull_request: - paths: - - '.github/**' - types: [opened, synchronize, reopened, ready_for_review] - -jobs: - actionlint: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: "Check workflow files" - uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:93834930f56ca380be3e9a3377670d7aa5921be251b9c774891a39b3629b83b8 - with: - # milestoned and demilestoned work (https://github.com/github/docs/issues/23909) but they aren't listed in the github documentation, so actionlint complains about them - args: "-ignore=\"invalid activity type \\\"demilestoned\\\" for \\\"pull_request\\\" Webhook event\" -ignore=\"invalid activity type \\\"milestoned\\\" for \\\"pull_request\\\" Webhook event\"" diff --git a/.github/workflows/add-hashicorp-contributed-label.yml b/.github/workflows/add-hashicorp-contributed-label.yml deleted file mode 100644 index 379b8cc9c8..0000000000 --- a/.github/workflows/add-hashicorp-contributed-label.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: Add HashiCorp contributed label - -# The purpose of this job is to label all HashiCorp contributed PRs, so that -# we can more easily identify community contributed PRs (anything that doesn't -# have this label). -# While it might seem like this is the 'reverse' of what we should do, GitHub -# (rightly) does not allow branches from forks to have write permissions, so -# making PRs from forks self-label themselves as community-contributed is not -# possible. - -on: - # On every pull request, on every branch - pull_request: - types: [opened, synchronize, reopened] - -jobs: - add-hashicorp-contributed-label: - # Only run if this is NOT coming from a fork of hashicorp/vault (if this is not true, it's community contributed) - if: ${{ github.repository == 'hashicorp/vault' && (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name) }} - runs-on: ubuntu-latest - steps: - - name: "Add label to PR" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - PR: ${{ github.event.pull_request.html_url }} - run: gh pr edit "$PR" --add-label 'hashicorp-contributed-pr' diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml deleted file mode 100644 index f78464a8c8..0000000000 --- a/.github/workflows/backport.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -name: Backport Assistant Runner (for OSS & ENT) - -on: - pull_request_target: - types: - - closed - - labeled - -jobs: - backport-targeted-release-branch: - if: github.event.pull_request.merged - runs-on: ubuntu-latest - container: hashicorpdev/backport-assistant:0.3.3 - steps: - - name: Backport changes to targeted release branch - run: | - backport-assistant backport -merge-method=squash -gh-automerge - env: - BACKPORT_LABEL_REGEXP: "backport/(?P\\d+\\.\\d+\\.[+\\w]+)" - BACKPORT_TARGET_TEMPLATE: "release/{{.target}}" - BACKPORT_MERGE_COMMIT: true - GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }} diff --git a/.github/workflows/build-vault-ce.yml b/.github/workflows/build-vault-ce.yml index 5d0f2d2fef..7e2fe1b7d7 100644 --- a/.github/workflows/build-vault-ce.yml +++ b/.github/workflows/build-vault-ce.yml @@ -25,8 +25,8 @@ on: type: string package-name: type: string - default: vault - vault-version: + default: bao + bao-version: type: string required: true web-ui-cache-key: @@ -35,13 +35,11 @@ on: jobs: build: - runs-on: custom-linux-xl-vault-latest - name: Vault ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.vault-version }} + runs-on: ubuntu-latest + name: OpenBao ${{ inputs.goos }} ${{ inputs.goarch }} v${{ inputs.bao-version }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: ./.github/actions/set-up-go - with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Restore UI from cache uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: @@ -50,22 +48,22 @@ jobs: fail-on-cache-miss: true path: http/web_ui key: ${{ inputs.web-ui-cache-key }} - - name: Build Vault + - name: Build OpenBao env: GO_TAGS: ${{ inputs.go-tags }} CGO_ENABLED: ${{ inputs.cgo-enabled }} GOARCH: ${{ inputs.goarch }} GOOS: ${{ inputs.goos }} - VERSION: ${{ inputs.vault-version }} + VERSION: ${{ inputs.bao-version }} run: make ci-build - name: Determine artifact basename env: GOARCH: ${{ inputs.goarch }} GOOS: ${{ inputs.goos }} - VERSION: ${{ inputs.vault-version }} + VERSION: ${{ inputs.bao-version }} run: echo "ARTIFACT_BASENAME=$(make ci-get-artifact-basename)" >> "$GITHUB_ENV" - - name: Bundle Vault + - name: Bundle OpenBao env: BUNDLE_PATH: out/${{ env.ARTIFACT_BASENAME }}.zip run: make ci-bundle @@ -78,11 +76,12 @@ jobs: uses: hashicorp/actions-packaging-linux@v1 with: name: ${{ github.event.repository.name }} - description: Vault is a tool for secrets management, encryption as a service, and privileged access management. + description: OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. arch: ${{ inputs.goarch }} - version: ${{ inputs.vault-version }} - maintainer: HashiCorp - homepage: https://github.com/hashicorp/vault + version: ${{ inputs.bao-version }} + vendor: OpenBao + maintainer: OpenBao + homepage: https://github.com/openbao/openbao license: MPL-2.0 binary: dist/${{ inputs.package-name }} deb_depends: openssl diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3e69ab5354..199296d9cd 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,16 +35,15 @@ jobs: build-date: ${{ steps.get-metadata.outputs.build-date }} filepath: ${{ steps.generate-metadata-file.outputs.filepath }} package-name: ${{ steps.get-metadata.outputs.package-name }} - vault-revision: ${{ steps.get-metadata.outputs.vault-revision }} - vault-version: ${{ steps.set-product-version.outputs.product-version }} - vault-version-package: ${{ steps.get-metadata.outputs.vault-version-package }} + bao-revision: ${{ steps.get-metadata.outputs.bao-revision }} + bao-version: ${{ steps.set-product-version.outputs.product-version }} + bao-version-package: ${{ steps.get-metadata.outputs.bao-version-package }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Ensure Go modules are cached uses: ./.github/actions/set-up-go id: set-up-go with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} no-restore: true # don't download them on a cache hit - name: Set Product version id: set-product-version @@ -52,16 +51,17 @@ jobs: - name: Get metadata id: get-metadata env: - VAULT_VERSION: ${{ steps.set-product-version.outputs.product-version }} + OPENBAO_VERSION: ${{ steps.set-product-version.outputs.product-version }} run: | # shellcheck disable=SC2129 echo "build-date=$(make ci-get-date)" >> "$GITHUB_OUTPUT" - echo "package-name=vault" >> "$GITHUB_OUTPUT" - echo "vault-revision=$(make ci-get-revision)" >> "$GITHUB_OUTPUT" - echo "vault-version-package=$(make ci-get-version-package)" >> "$GITHUB_OUTPUT" + echo "package-name=bao" >> "$GITHUB_OUTPUT" + echo "bao-revision=$(make ci-get-revision)" >> "$GITHUB_OUTPUT" + echo "bao-version-package=$(make ci-get-version-package)" >> "$GITHUB_OUTPUT" - uses: hashicorp/actions-generate-metadata@v1 id: generate-metadata-file with: + repositoryOwner: 'openbao' version: ${{ steps.set-product-version.outputs.product-version }} product: ${{ steps.get-metadata.outputs.package-name }} - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 @@ -72,7 +72,7 @@ jobs: build-ui: name: UI - runs-on: custom-linux-xl-vault-latest + runs-on: ubuntu-latest outputs: cache-key: ui-${{ steps.ui-hash.outputs.ui-hash }} steps: @@ -126,7 +126,7 @@ jobs: go-tags: ui package-name: ${{ needs.product-metadata.outputs.package-name }} web-ui-cache-key: ${{ needs.build-ui.outputs.cache-key }} - vault-version: ${{ needs.product-metadata.outputs.vault-version }} + bao-version: ${{ needs.product-metadata.outputs.bao-version }} secrets: inherit build-linux: @@ -137,7 +137,7 @@ jobs: strategy: matrix: goos: [linux] - goarch: [arm, arm64, 386, amd64] + goarch: [arm, arm64, 386, amd64, riscv64] fail-fast: true uses: ./.github/workflows/build-vault-ce.yml with: @@ -146,7 +146,7 @@ jobs: go-tags: ui package-name: ${{ needs.product-metadata.outputs.package-name }} web-ui-cache-key: ${{ needs.build-ui.outputs.cache-key }} - vault-version: ${{ needs.product-metadata.outputs.vault-version }} + bao-version: ${{ needs.product-metadata.outputs.bao-version }} secrets: inherit build-darwin: @@ -167,7 +167,7 @@ jobs: go-tags: ui package-name: ${{ needs.product-metadata.outputs.package-name }} web-ui-cache-key: ${{ needs.build-ui.outputs.cache-key }} - vault-version: ${{ needs.product-metadata.outputs.vault-version }} + bao-version: ${{ needs.product-metadata.outputs.bao-version }} secrets: inherit build-docker: @@ -181,18 +181,18 @@ jobs: arch: [arm, arm64, 386, amd64] env: repo: ${{ github.event.repository.name }} - version: ${{ needs.product-metadata.outputs.vault-version }} + version: ${{ needs.product-metadata.outputs.bao-version }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: hashicorp/actions-docker-build@v1 with: + bin_name: bao version: ${{ env.version }} target: default arch: ${{ matrix.arch }} - zip_artifact_name: vault_${{ env.version }}_linux_${{ matrix.arch }}.zip + zip_artifact_name: openbao_${{ env.version }}_linux_${{ matrix.arch }}.zip tags: | - docker.io/hashicorp/${{ env.repo }}:${{ env.version }} - public.ecr.aws/hashicorp/${{ env.repo }}:${{ env.version }} + docker.io/openbao/${{ env.repo }}:${{ env.version }} build-ubi: name: UBI image @@ -205,80 +205,18 @@ jobs: arch: [amd64] env: repo: ${{ github.event.repository.name }} - version: ${{ needs.product-metadata.outputs.vault-version }} + version: ${{ needs.product-metadata.outputs.bao-version }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: hashicorp/actions-docker-build@v1 with: + bin_name: bao version: ${{ env.version }} target: ubi arch: ${{ matrix.arch }} - zip_artifact_name: vault_${{ env.version }}_linux_${{ matrix.arch }}.zip - # The redhat_tag differs on CE and ENT editions. Be mindful when resolving merge conflicts. - redhat_tag: quay.io/redhat-isv-containers/5f89bb5e0b94cf64cfeb500a:${{ env.version }}-ubi - - test: - name: Test ${{ matrix.build-artifact-name }} - # Only run the Enos workflow against branches that are created from the - # hashicorp/vault repository. This has the effect of limiting execution of - # Enos scenarios to branches that originate from authors that have write - # access to hashicorp/vault repository. This is required as Github Actions - # will not populate the required secrets for branches created by outside - # contributors in order to protect the secrets integrity. - # This condition can be removed in future if enos workflow is updated to - # workflow_run event - if: "! github.event.pull_request.head.repo.fork" - needs: - - product-metadata - - build-linux - uses: ./.github/workflows/test-run-enos-scenario-matrix.yml - strategy: - fail-fast: false - matrix: - include: - - sample-name: build_ce_linux_amd64_deb - build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version-package }}-1_amd64.deb - - sample-name: build_ce_linux_arm64_deb - build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version-package }}-1_arm64.deb - - sample-name: build_ce_linux_amd64_rpm - build-artifact-name: vault-${{ needs.product-metadata.outputs.vault-version-package }}-1.x86_64.rpm - - sample-name: build_ce_linux_arm64_rpm - build-artifact-name: vault-${{ needs.product-metadata.outputs.vault-version-package }}-1.aarch64.rpm - - sample-name: build_ce_linux_amd64_zip - build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_amd64.zip - - sample-name: build_ce_linux_arm64_zip - build-artifact-name: vault_${{ needs.product-metadata.outputs.vault-version }}_linux_arm64.zip - with: - build-artifact-name: ${{ matrix.build-artifact-name }} - sample-max: 1 - sample-name: ${{ matrix.sample-name }} - ssh-key-name: ${{ github.event.repository.name }}-ci-ssh-key - vault-revision: ${{ needs.product-metadata.outputs.vault-revision }} - vault-version: ${{ needs.product-metadata.outputs.vault-version }} - secrets: inherit - - test-docker-k8s: - name: Test Docker K8s - # Only run the Enos workflow against branches that are created from the - # hashicorp/vault repository. This has the effect of limiting execution of - # Enos scenarios to branches that originate from authors that have write - # access to hashicorp/vault repository. This is required as Github Actions - # will not populate the required secrets for branches created by outside - # contributors in order to protect the secrets integrity. - # GHA secrets are only ready on workflow_run for public repo - # This condition can be removed in future if enos workflow is updated to - # workflow_run event - if: "! github.event.pull_request.head.repo.fork" - needs: - - product-metadata - - build-docker - uses: ./.github/workflows/enos-run-k8s.yml - with: - artifact-build-date: ${{ needs.product-metadata.outputs.build-date }} - artifact-name: ${{ github.event.repository.name }}_default_linux_amd64_${{ needs.product-metadata.outputs.vault-version }}_${{ needs.product-metadata.outputs.vault-revision }}.docker.tar - artifact-revision: ${{ needs.product-metadata.outputs.vault-revision }} - artifact-version: ${{ needs.product-metadata.outputs.vault-version }} - secrets: inherit + zip_artifact_name: openbao_${{ env.version }}_linux_${{ matrix.arch }}.zip + tags: | + docker.io/openbao/${{ env.repo }}-ubi:${{ env.version }} report-build-failures: name: Report Build Failures @@ -288,8 +226,6 @@ jobs: - build-darwin - build-docker - build-ubi - - test - - test-docker-k8s if: (success() || failure()) && github.head_ref != '' runs-on: ubuntu-latest steps: @@ -305,8 +241,6 @@ jobs: BUILD_DARWIN: ${{ needs.build-darwin.result }} BUILD_DOCKER: ${{ needs.build-docker.result }} BUILD_UBI: ${{ needs.build-ubi.result }} - TEST: ${{ needs.test.result }} - TEST_DOCKER_K8S: ${{ needs.test-docker-k8s.result }} run: ./.github/scripts/report_failed_builds.sh completed-successfully: @@ -320,137 +254,6 @@ jobs: - build-darwin - build-docker - build-ubi - - test - - test-docker-k8s steps: - run: | tr -d '\n' <<< '${{ toJSON(needs.*.result) }}' | grep -q -v -E '(failure|cancelled)' - - notify-completed-successfully-failures-ce: - if: ${{ always() && github.repository == 'hashicorp/vault' && needs.completed-successfully.result == 'failure' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) }} - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - fail-fast: false - needs: - - completed-successfully - - build-other - - build-linux - - build-darwin - - build-docker - - build-ubi - - test - - test-docker-k8s - steps: - - name: send-notification - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 - # We intentionally aren't using the following here since it's from an internal repo - # uses: hashicorp/cloud-gha-slack-notifier@730a033037b8e603adf99ebd3085f0fdfe75e2f4 #v1 - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - with: - channel-id: "C05AABYEA9Y" # sent to #feed-vault-ci-official, use "C05Q4D5V89W"/test-vault-ci-slack-integration for testing - payload: | - { - "text": "CE build failures on ${{ github.ref_name }}", - "blocks": [ - { - "type": "header", - "text": { - "type": "plain_text", - "text": ":rotating_light: CE build failures on ${{ github.ref_name }} :rotating_light:", - "emoji": true - } - }, - { - "type": "divider" - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "${{ (needs.build-other.result != 'failure' && needs.build-linux.result != 'failure' && needs.build-darwin.result != 'failure' && needs.build-docker.result != 'failure' && needs.build-ubi.result != 'failure') && ':white_check_mark:' || ':x:' }} Build results\n${{ (needs.test.result != 'failure' && needs.test-docker-k8s.result != 'failure') && ':white_check_mark:' || ':x:' }} Enos tests" - }, - "accessory": { - "type": "button", - "text": { - "type": "plain_text", - "text": "View Failing Workflow", - "emoji": true - }, - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - } - ] - } - - notify-completed-successfully-failures-ent: - if: ${{ always() && github.repository == 'hashicorp/vault-enterprise' && needs.completed-successfully.result == 'failure' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) }} - runs-on: ['self-hosted', 'linux', 'small'] - permissions: - id-token: write - contents: read - strategy: - fail-fast: false - needs: - - completed-successfully - - build-other - - build-linux - - build-darwin - - build-docker - - build-ubi - - test - - test-docker-k8s - steps: - - id: vault-auth - name: Vault Authenticate - run: vault-auth - - id: secrets - name: Fetch Vault Secrets - uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/github_actions_notifications_bot token | SLACK_BOT_TOKEN; - - name: send-notification - uses: hashicorp/cloud-gha-slack-notifier@730a033037b8e603adf99ebd3085f0fdfe75e2f4 #v1 - with: - channel-id: "C05AABYEA9Y" # sent to #feed-vault-ci-official, use "C05Q4D5V89W"/test-vault-ci-slack-integration for testing - slack-bot-token: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} - payload: | - { - "text": "Enterprise build failures on ${{ github.ref_name }}", - "blocks": [ - { - "type": "header", - "text": { - "type": "plain_text", - "text": ":rotating_light: Enterprise build failures on ${{ github.ref_name }} :rotating_light:", - "emoji": true - } - }, - { - "type": "divider" - }, - { - "type": "section", - "text": { - "type": "mrkdwn", - "text": "${{ (needs.build-other.result != 'failure' && needs.build-linux.result != 'failure' && needs.build-darwin.result != 'failure' && needs.build-docker.result != 'failure' && needs.build-ubi.result != 'failure') && ':white_check_mark:' || ':x:' }} Build results\n${{ (needs.test.result != 'failure' && needs.test-docker-k8s.result != 'failure') && ':white_check_mark:' || ':x:' }} Enos tests" - }, - "accessory": { - "type": "button", - "text": { - "type": "plain_text", - "text": "View Failing Workflow", - "emoji": true - }, - "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - } - ] - } \ No newline at end of file diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 105ed947f3..6198609067 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,44 +21,13 @@ jobs: name: Setup runs-on: ubuntu-latest outputs: - compute-small: ${{ steps.setup-outputs.outputs.compute-small }} - compute-medium: ${{ steps.setup-outputs.outputs.compute-medium }} - compute-large: ${{ steps.setup-outputs.outputs.compute-large }} - compute-largem: ${{ steps.setup-outputs.outputs.compute-largem }} - compute-xlarge: ${{ steps.setup-outputs.outputs.compute-xlarge }} - enterprise: ${{ steps.setup-outputs.outputs.enterprise }} - go-tags: ${{ steps.setup-outputs.outputs.go-tags }} + go-tags: "" checkout-ref: ${{ steps.checkout-ref-output.outputs.checkout-ref }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - id: setup-outputs - name: Setup outputs - run: | - github_repository="${{ github.repository }}" - - if [ "${github_repository##*/}" == "vault-enterprise" ] ; then - # shellcheck disable=SC2129 - echo 'compute-small=["self-hosted","ondemand","linux","type=c6a.large"]' >> "$GITHUB_OUTPUT" # 2x vCPUs, 4 GiB RAM, - echo 'compute-medium=["self-hosted","ondemand","linux","type=c6a.xlarge"]' >> "$GITHUB_OUTPUT" # 4x vCPUs, 8 GiB RAM, - echo 'compute-large=["self-hosted","ondemand","linux","type=c6a.2xlarge","disk_gb=64"]' >> "$GITHUB_OUTPUT" # 8x vCPUs, 16 GiB RAM, - echo 'compute-largem=["self-hosted","ondemand","linux","type=m6a.2xlarge"]' >> "$GITHUB_OUTPUT" # 8x vCPUs, 32 GiB RAM, - echo 'compute-xlarge=["self-hosted","ondemand","linux","type=c6a.4xlarge"]' >> "$GITHUB_OUTPUT" # 16x vCPUs, 32 GiB RAM, - echo 'enterprise=1' >> "$GITHUB_OUTPUT" - echo 'go-tags=ent,enterprise' >> "$GITHUB_OUTPUT" - else - # shellcheck disable=SC2129 - echo 'compute-small="ubuntu-latest"' >> "$GITHUB_OUTPUT" # 2x vCPUs, 7 GiB RAM, 14 GB SSD - echo 'compute-medium="custom-linux-small-vault-latest"' >> "$GITHUB_OUTPUT" # 8x vCPUs, 32 GiB RAM, 300 GB SSD - echo 'compute-large="custom-linux-medium-vault-latest"' >> "$GITHUB_OUTPUT" # 16x vCPUs, 64 GiB RAM, 600 GB SSD - echo 'compute-largem="custom-linux-medium-vault-latest"' >> "$GITHUB_OUTPUT" # 16x vCPUs, 64 GiB RAM, 600 GB SSD - echo 'compute-xlarge="custom-linux-xl-vault-latest"' >> "$GITHUB_OUTPUT" # 32x vCPUs, 128 GiB RAM, 1200 GB SSD - echo 'enterprise=' >> "$GITHUB_OUTPUT" - echo 'go-tags=' >> "$GITHUB_OUTPUT" - fi - name: Ensure Go modules are cached uses: ./.github/actions/set-up-go with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} no-restore: true # don't download them on a cache hit # control checking out head instead of default ref by a GH label # if checkout-head label is added to a PR, checkout HEAD otherwise checkout ref @@ -69,39 +38,6 @@ jobs: - id: checkout-ref-output run: echo "checkout-ref=${{ env.CHECKOUT_REF }}" >> "$GITHUB_OUTPUT" - diff-oss-ci: - name: Diff OSS - needs: - - setup - if: ${{ needs.setup.outputs.enterprise != '' && github.base_ref != '' }} - runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - fetch-depth: 0 - - id: determine-branch - run: | - branch="${{ github.base_ref }}" - - if [[ $branch = release/* ]] ; then - branch=${branch%%+ent} - - # Add OSS remote - git config --global user.email "github-team-secret-vault-core@hashicorp.com" - git config --global user.name "hc-github-team-secret-vault-core" - git remote add oss https://github.com/hashicorp/vault.git - git fetch oss "$branch" - - branch="oss/$branch" - else - branch="origin/$branch" - fi - - echo "BRANCH=$branch" >> "$GITHUB_OUTPUT" - - id: diff - run: | - ./.github/scripts/oss-diff.sh ${{ steps.determine-branch.outputs.BRANCH }} HEAD - verify-changes: name: Verify doc-ui only PRs uses: ./.github/workflows/verify_changes.yml @@ -124,8 +60,7 @@ jobs: total-runners: 16 go-arch: amd64 go-tags: '${{ needs.setup.outputs.go-tags }},deadlock' - runs-on: ${{ needs.setup.outputs.compute-large }} - enterprise: ${{ needs.setup.outputs.enterprise }} + runs-on: ubuntu-latest checkout-ref: ${{ needs.setup.outputs.checkout-ref }} secrets: inherit @@ -144,8 +79,7 @@ jobs: total-runners: 2 # test runners cannot be less than 2 go-arch: amd64 go-tags: '${{ needs.setup.outputs.go-tags }},deadlock,testonly' - runs-on: ${{ needs.setup.outputs.compute-large }} - enterprise: ${{ needs.setup.outputs.enterprise }} + runs-on: ubuntu-latest secrets: inherit test-go-race: @@ -168,39 +102,11 @@ jobs: extra-flags: '-race' go-arch: amd64 go-tags: ${{ needs.setup.outputs.go-tags }} - runs-on: ${{ needs.setup.outputs.compute-large }} - enterprise: ${{ needs.setup.outputs.enterprise }} + runs-on: ubuntu-latest name: "race" checkout-ref: ${{ needs.setup.outputs.checkout-ref }} secrets: inherit - test-go-fips: - name: Run Go tests with FIPS configuration - # Only run fips on the enterprise repo, and only if it's main or a release branch - # (i.e. not a PR), or is a PR with the label "fips" - if: | - needs.setup.outputs.enterprise == 1 && - needs.verify-changes.outputs.is_docs_change == 'false' && - needs.verify-changes.outputs.is_ui_change == 'false' && - (contains(github.event.pull_request.labels.*.name, 'fips') || github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) - needs: - - setup - - verify-changes - uses: ./.github/workflows/test-go.yml - with: - total-runners: 16 - env-vars: | - { - "GOEXPERIMENT": "boringcrypto" - } - go-arch: amd64 - go-tags: '${{ needs.setup.outputs.go-tags }},deadlock,cgo,fips,fips_140_2' - runs-on: ${{ needs.setup.outputs.compute-large }} - enterprise: ${{ needs.setup.outputs.enterprise }} - name: "fips" - checkout-ref: ${{ needs.setup.outputs.checkout-ref }} - secrets: inherit - test-ui: name: Test UI # The test-ui job is only run on: @@ -219,12 +125,10 @@ jobs: permissions: id-token: write contents: read - runs-on: ${{ fromJSON(needs.setup.outputs.compute-largem) }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: ./.github/actions/set-up-go - with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} # Setup node.js without caching to allow running npm install -g yarn (next step) - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 with: @@ -246,26 +150,6 @@ jobs: run: | yarn install --frozen-lockfile npm rebuild node-sass - - id: vault-auth - name: Authenticate to Vault - if: github.repository == 'hashicorp/vault-enterprise' - run: vault-auth - - id: secrets - name: Fetch secrets - if: github.repository == 'hashicorp/vault-enterprise' - uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/hashicorp/vault-enterprise/github-token token | PRIVATE_REPO_GITHUB_TOKEN; - kv/data/github/hashicorp/vault-enterprise/license license_1 | VAULT_LICENSE; - - id: setup-git - name: Setup Git - if: github.repository == 'hashicorp/vault-enterprise' - run: | - git config --global url."https://${{ steps.secrets.outputs.PRIVATE_REPO_GITHUB_TOKEN }}@github.com".insteadOf https://github.com - id: build-go-dev name: build-go-dev run: | @@ -275,15 +159,9 @@ jobs: make ci-bootstrap dev - id: test-ui name: test-ui - env: - VAULT_LICENSE: ${{ steps.secrets.outputs.VAULT_LICENSE }} run: | export PATH="${PWD}/bin:${PATH}" - if [ "${{ github.repository }}" == 'hashicorp/vault' ] ; then - export VAULT_LICENSE="${{ secrets.VAULT_LICENSE }}" - fi - # Run Ember tests cd ui mkdir -p test-results/qunit @@ -305,80 +183,11 @@ jobs: - test-go - test-ui if: always() - runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} + runs-on: ubuntu-latest steps: - run: | tr -d '\n' <<< '${{ toJSON(needs.*.result) }}' | grep -q -v -E '(failure|cancelled)' - notify-tests-completed-failures-oss: - if: | - always() && - github.repository == 'hashicorp/vault' && - (needs.test-go.result == 'failure' || - needs.test-go-fips.result == 'failure' || - needs.test-go-race.result == 'failure') && - (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) - runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - strategy: - fail-fast: false - needs: - - test-go - - test-go-fips - - test-go-race - steps: - - name: send-notification - uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0 - # We intentionally aren't using the following here since it's from an internal repo - # uses: hashicorp/cloud-gha-slack-notifier@730a033037b8e603adf99ebd3085f0fdfe75e2f4 #v1 - env: - SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} - with: - channel-id: "C05AABYEA9Y" # sent to #feed-vault-ci-official - payload: | - {"text":"OSS test failures on ${{ github.ref_name }}","blocks":[{"type":"header","text":{"type":"plain_text","text":":rotating_light: OSS test failures :rotating_light:","emoji":true}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"test(s) failed on ${{ github.ref_name }}"},"accessory":{"type":"button","text":{"type":"plain_text","text":"View Failing Workflow","emoji":true},"url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}}]} - - notify-tests-completed-failures-ent: - if: | - always() && - github.repository == 'hashicorp/vault-enterprise' && - (needs.test-go.result == 'failure' || - needs.test-go-fips.result == 'failure' || - needs.test-go-race.result == 'failure') && - (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) - runs-on: ['self-hosted', 'linux', 'small'] - permissions: - id-token: write - contents: read - strategy: - fail-fast: false - needs: - - test-go - - test-go-fips - - test-go-race - steps: - - id: vault-auth - name: Vault Authenticate - run: vault-auth - - id: secrets - name: Fetch Vault Secrets - uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/github_actions_notifications_bot token | SLACK_BOT_TOKEN; - - name: send-notification - uses: hashicorp/cloud-gha-slack-notifier@730a033037b8e603adf99ebd3085f0fdfe75e2f4 #v1 - with: - channel-id: "C05AABYEA9Y" # sent to #feed-vault-ci-official - slack-bot-token: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }} - payload: | - {"text":"Enterprise test failures on ${{ github.ref_name }}","blocks":[{"type":"header","text":{"type":"plain_text","text":":rotating_light: Enterprise test failures :rotating_light:","emoji":true}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"test(s) failed on ${{ github.ref_name }}"},"accessory":{"type":"button","text":{"type":"plain_text","text":"View Failing Workflow","emoji":true},"url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}}]} - test-summary: name: Go test failures runs-on: ubuntu-latest @@ -386,13 +195,10 @@ jobs: always() && (needs.test-go.result == 'success' || needs.test-go.result == 'failure' || - needs.test-go-fips.result == 'success' || - needs.test-go-fips.result == 'failure' || needs.test-go-race.result == 'success' || needs.test-go-race.result == 'failure') needs: - test-go - - test-go-fips - test-go-race steps: - name: Download failure summary diff --git a/.github/workflows/code-checker.yml b/.github/workflows/code-checker.yml index f9f5ab2c7b..87b7862740 100644 --- a/.github/workflows/code-checker.yml +++ b/.github/workflows/code-checker.yml @@ -22,8 +22,6 @@ jobs: with: fetch-depth: 0 - uses: ./.github/actions/set-up-go - with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - run: make ci-deprecations name: Check deprecations @@ -36,8 +34,6 @@ jobs: with: fetch-depth: 0 - uses: ./.github/actions/set-up-go - with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} # Note: if there is a function we want to ignore the nilnil check for, # You can add 'ignore-nil-nil-function-check' somewhere in the # godoc for the function. @@ -50,8 +46,6 @@ jobs: steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: ./.github/actions/set-up-go - with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - name: Go format run: | make ci-bootstrap diff --git a/.github/workflows/milestone-checker.yml b/.github/workflows/milestone-checker.yml deleted file mode 100644 index 0cfaab4bed..0000000000 --- a/.github/workflows/milestone-checker.yml +++ /dev/null @@ -1,23 +0,0 @@ -# This workflow checks that there is either a 'pr/no-milestone' label applied to a PR -# or there is a milestone associated with a PR - -name: Check Milestone - -on: - pull_request: - # milestoned and demilestoned work (https://github.com/github/docs/issues/23909) but they aren't listed in the github documentation - types: [opened, synchronize, labeled, unlabeled, milestoned, demilestoned] - # Runs on PRs to main and release branches - branches: - - main - - release/** - -jobs: - # checks that a milestone entry is present for a PR - milestone-check: - # If there is a `pr/no-milestone` label we ignore this check - if: "!contains(github.event.pull_request.labels.*.name, 'pr/no-milestone')" - runs-on: ubuntu-latest - steps: - - name: Check milestone - run: ${{ github.event.pull_request.milestone != null }} diff --git a/.github/workflows/oss.yml b/.github/workflows/oss.yml deleted file mode 100644 index 3eaa1f9a56..0000000000 --- a/.github/workflows/oss.yml +++ /dev/null @@ -1,128 +0,0 @@ -# Open Source Community Workflows - -name: Project triage -on: - pull_request: - types: [opened, reopened] - # Runs on PRs to main - branches: - - main - - issues: - types: [opened, reopened] - -jobs: - add-to-projects: - # exclude internal PRs - if: github.event.pull_request.head.repo.owner.login != 'hashicorp' && ((github.event.action == 'reopened') || (github.event.action == 'opened')) - name: Add issue or PR to projects - runs-on: ubuntu-latest - steps: - - if: github.event.pull_request != null - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - if: github.event.pull_request != null - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # v2.11.1 - id: changes - with: - # derived from CODEOWNERS - filters: | - cryptosec: - - 'builtin/logical/pki/**' - - 'builtin/logical/ssh/**' - - 'builtin/logical/totp/**' - - 'builtin/logical/transit/**' - ecosystem: - - 'builtin/credential/aws/**' - - 'builtin/credential/github/**' - - 'builtin/credential/ldap/**' - - 'builtin/credential/okta/**' - - 'builtin/logical/aws/**' - - 'builtin/logical/cassandra/**' - - 'builtin/logical/consul/**' - - 'builtin/logical/database/**' - - 'builtin/logical/mongodb/**' - - 'builtin/logical/mssql/**' - - 'builtin/logical/mysql/**' - - 'builtin/logical/nomad/**' - - 'builtin/logical/postgresql/**' - - 'builtin/logical/rabbitmq/**' - - 'command/agent/**' - - 'plugins/**' - - 'vault/plugin_catalog.go' - - 'ui/app/components/auth-jwt.js' - - 'ui/app/routes/vault/cluster/oidc-*.js' - devex: - - 'api/**' - - 'command/**' - ui: - - 'ui/**' - - - name: "Default to core board" - run: echo "PROJECT=170" >> "$GITHUB_ENV" - - if: github.event.pull_request != null && steps.changes.outputs.cryptosec == 'true' - run: echo "PROJECT=172" >> "$GITHUB_ENV" - - if: github.event.pull_request != null && steps.changes.outputs.ecosystem == 'true' - run: echo "PROJECT=169" >> "$GITHUB_ENV" - - if: github.event.pull_request != null && steps.changes.outputs.devex == 'true' - run: echo "PROJECT=176" >> "$GITHUB_ENV" - - if: github.event.pull_request != null && steps.changes.outputs.ui == 'true' - run: echo "PROJECT=171" >> "$GITHUB_ENV" - - - uses: actions/add-to-project@a9f041ddd462ed185893ea1024cec954f50dbe42 # v0.3.0 # TSCCR: no entry for repository "actions/add-to-project" - with: - project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }} - github-token: ${{ secrets.TRIAGE_GITHUB_TOKEN }} - - # example of something more complicated: deleting an issue or PR automatically (though this is done in the project workflows already) - # we have to use the GraphQL API for anything involving projects. - # - # get-project: - # name: Get project data - # runs-on: ubuntu-latest - # if: github.event.action == 'closed' || github.event.action == 'deleted' - # outputs: - # project_id: ${{ steps.get-project.outputs.project_id }} - # steps: - # - id: get-project - # name: Get project data - # env: - # GITHUB_TOKEN: ${{ secrets.TRIAGE_GITHUB_TOKEN }} - # ORGANIZATION: hashicorp - # PROJECT_NUMBER: 169 - # run: | - # gh api graphql -f query=' - # query($org: String!, $number: Int!) { - # organization(login: $org){ - # projectV2(number: $number) { - # id - # } - # } - # }' -f org=$ORGANIZATION -F number=$PROJECT_NUMBER > project_data.json - # echo "::set-output name=project_id::$(jq '.data.organization.projectV2.id' project_data.json)" - - # delete-from-project: - # name: Remove issue or PR from project - # needs: [get-project] - # if: github.event.action == 'closed' || github.event.action == 'deleted' - # runs-on: ubuntu-latest - # steps: - # - name: Remove issue or PR - # env: - # GITHUB_TOKEN: ${{ secrets.TRIAGE_GITHUB_TOKEN }} - # run: | - # PROJECT_ID=${{ needs.get-project.outputs.project_id }} - # item_id=${{ github.event.issue.node_id }} - # if [ -z "$item_id" ]; then - # item_id=${{ github.event.pull_request.node_id }} - # fi - # gh api graphql -f query=' - # mutation($project_id: ID!, $item_id: ID!) { - # deleteProjectV2Item( - # input: { - # projectId: $project_id - # itemId: $item_id - # } - # ) { - # deletedItemId - # } - # }' -f project_id=$PROJECT_ID -f item_id=$item_id || true diff --git a/.github/workflows/remove-labels.yml b/.github/workflows/remove-labels.yml deleted file mode 100644 index 014b6752af..0000000000 --- a/.github/workflows/remove-labels.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Autoremove Labels - -on: - issues: - types: [closed] - pull_request_target: - types: [closed] - -jobs: - - RemoveWaitingLabelFromClosedIssueOrPR: - if: github.event.action == 'closed' - runs-on: ubuntu-latest - steps: - - name: Remove triaging labels from closed issues and PRs - uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0 - with: - labels: | - waiting-for-response \ No newline at end of file diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml deleted file mode 100644 index 3618601535..0000000000 --- a/.github/workflows/security-scan.yml +++ /dev/null @@ -1,85 +0,0 @@ -name: Security Scan - -on: - push: - branches: [main] - pull_request: - branches: - - 'main' - - '!oss-merge-main*' - -jobs: - scan: - runs-on: ['linux', 'large'] - if: ${{ github.actor != 'dependabot[bot]' || github.actor != 'hc-github-team-secure-vault-core' }} - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - - name: Set up Go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 - with: - cache: false # save cache space for vault builds: https://github.com/hashicorp/vault/pull/21764 - go-version-file: .go-version - - - name: Set up Python - uses: actions/setup-python@bd6b4b6205c4dbad673328db7b31b7fab9e241c0 # v4.6.1 - with: - python-version: 3.x - - - name: Clone Security Scanner repo - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - with: - repository: hashicorp/security-scanner - token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }} - path: security-scanner - ref: 52d94588851f38a416f11c1e727131b3c8b0dd4d - - - name: Install dependencies - shell: bash - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - mkdir "$HOME/.bin" - cd "$GITHUB_WORKSPACE/security-scanner/pkg/sdk/examples/scan-plugin-semgrep" - go build -o scan-plugin-semgrep . - mv scan-plugin-semgrep "$HOME/.bin" - - cd "$GITHUB_WORKSPACE/security-scanner/pkg/sdk/examples/scan-plugin-codeql" - go build -o scan-plugin-codeql . - mv scan-plugin-codeql "$HOME/.bin" - - # Semgrep - python3 -m pip install semgrep - - # CodeQL - LATEST=$(gh release list --repo https://github.com/github/codeql-action | cut -f 3 | sort --version-sort | tail -n1) - gh release download --repo https://github.com/github/codeql-action --pattern codeql-bundle-linux64.tar.gz "$LATEST" - tar xf codeql-bundle-linux64.tar.gz -C "$HOME/.bin" - - # Add to PATH - echo "$HOME/.bin" >> "$GITHUB_PATH" - echo "$HOME/.bin/codeql" >> "$GITHUB_PATH" - - - name: Scan - id: scan - uses: ./security-scanner - # env: - # Note: this _should_ work, but causes some issues with Semgrep. - # Instead, rely on filtering in the SARIF Output step. - #SEMGREP_BASELINE_REF: ${{ github.base_ref }} - with: - repository: "$PWD" - cache-build: true - cache-go-modules: false - - - name: SARIF Output - shell: bash - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - run: | - cat results.sarif - - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@46a6823b81f2d7c67ddf123851eea88365bc8a67 # codeql-bundle-v2.13.5 - with: - sarif_file: results.sarif diff --git a/.github/workflows/test-ci-bootstrap.yml b/.github/workflows/test-ci-bootstrap.yml deleted file mode 100644 index 4a812615ac..0000000000 --- a/.github/workflows/test-ci-bootstrap.yml +++ /dev/null @@ -1,51 +0,0 @@ -name: test-ci-bootstrap - -on: - workflow_dispatch: - pull_request: - branches: - - main - paths: - - enos/ci/** - - .github/workflows/test-ci-bootstrap.yml - push: - branches: - - main - paths: - - enos/ci/** - - .github/workflows/test-ci-bootstrap.yml - -jobs: - bootstrap-ci: - runs-on: ubuntu-latest - env: - TF_WORKSPACE: "${{ github.event.repository.name }}-ci-enos-bootstrap" - TF_VAR_repository: ${{ github.event.repository.name }} - TF_VAR_aws_ssh_public_key: ${{ secrets.SSH_KEY_PUBLIC_CI }} - TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} - steps: - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Set up Terraform - uses: hashicorp/setup-terraform@v2 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} - aws-region: us-east-1 - role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} - role-skip-session-tagging: true - role-duration-seconds: 3600 - - name: Init Terraform - id: tf_init - run: | - terraform -chdir=enos/ci/bootstrap init - - name: Plan Terraform - id: tf_plan - run: | - terraform -chdir=enos/ci/bootstrap plan - - name: Apply Terraform - if: ${{ github.ref == 'refs/heads/main' }} - id: tf_apply - run: | - terraform -chdir=enos/ci/bootstrap apply -auto-approve diff --git a/.github/workflows/test-ci-cleanup.yml b/.github/workflows/test-ci-cleanup.yml deleted file mode 100644 index 731a96809b..0000000000 --- a/.github/workflows/test-ci-cleanup.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: test-ci-cleanup -on: - schedule: - # * is a special character in YAML so you have to quote this string - - cron: '05 02 * * *' - -jobs: - setup: - runs-on: ubuntu-latest - outputs: - regions: ${{steps.setup.outputs.regions}} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} - aws-region: us-east-1 - role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} - role-skip-session-tagging: true - role-duration-seconds: 3600 - - name: Get all regions - id: setup - run: | - echo "regions=$(aws ec2 describe-regions --region us-east-1 --output json --query 'Regions[].RegionName' | tr -d '\n ')" >> "$GITHUB_OUTPUT" - - aws-nuke: - needs: setup - runs-on: ubuntu-latest - container: - image: rebuy/aws-nuke - options: - --user root - -t - env: - AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} - TIME_LIMIT: "72h" - timeout-minutes: 60 - steps: - - name: Configure AWS credentials - id: aws-configure - uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} - aws-region: us-east-1 - role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} - role-skip-session-tagging: true - role-duration-seconds: 3600 - mask-aws-account-id: false - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - name: Configure - run: | - cp enos/ci/aws-nuke.yml . - sed -i "s/ACCOUNT_NUM/${{ steps.aws-configure.outputs.aws-account-id }}/g" aws-nuke.yml - sed -i "s/TIME_LIMIT/${TIME_LIMIT}/g" aws-nuke.yml - # We don't care if cleanup succeeds or fails, because dependencies be dependenceies, - # we'll fail on actually actionable things in the quota steep afterwards. - - name: Clean up abandoned resources - # Filter STDERR because it's super noisy about things we don't have access to - run: | - aws-nuke -c aws-nuke.yml -q --no-dry-run --force 2>/tmp/aws-nuke-error.log || true - - check-quotas: - needs: [ setup, aws-nuke ] - runs-on: ubuntu-latest - container: - image: jantman/awslimitchecker - env: - AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID_CI }} - AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY_CI }} - strategy: - matrix: - region: ${{ fromJSON(needs.setup.outputs.regions) }} - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} - aws-region: us-east-1 - role-to-assume: ${{ secrets.AWS_ROLE_ARN_CI }} - role-skip-session-tagging: true - role-duration-seconds: 3600 - # Currently just checking VPC limits across all region, can add more checks here in future - - name: Check AWS Quotas - run: awslimitchecker -S "VPC" -r ${{matrix.region}} diff --git a/.github/workflows/test-go.yml b/.github/workflows/test-go.yml index b414f9024d..806b9ea31c 100644 --- a/.github/workflows/test-go.yml +++ b/.github/workflows/test-go.yml @@ -5,10 +5,6 @@ on: description: The execution architecture (arm, amd64, etc.) required: true type: string - enterprise: - description: A flag indicating if this workflow is executing for the enterprise repository. - required: true - type: string total-runners: description: Number of runners to use for executing non-binary tests. required: true @@ -70,44 +66,14 @@ jobs: permissions: id-token: write # Note: this permission is explicitly required for Vault auth contents: read - runs-on: ${{ fromJSON(inputs.runs-on) }} + runs-on: ubuntu-latest steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/set-up-go - with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - name: Authenticate to Vault - id: vault-auth - if: github.repository == 'hashicorp/vault-enterprise' - run: vault-auth - - name: Fetch Secrets - id: secrets - if: github.repository == 'hashicorp/vault-enterprise' - uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY; - kv/data/github/${{ github.repository }}/github-token username-and-token | github-token; - kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE_CI; - kv/data/github/${{ github.repository }}/license license_2 | VAULT_LICENSE_2; - kv/data/github/${{ github.repository }}/hcp-link HCP_API_ADDRESS; - kv/data/github/${{ github.repository }}/hcp-link HCP_AUTH_URL; - kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_ID; - kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_SECRET; - kv/data/github/${{ github.repository }}/hcp-link HCP_RESOURCE_ID; - - id: setup-git-private - name: Setup Git configuration (private) - if: github.repository == 'hashicorp/vault-enterprise' - run: | - git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com - - id: setup-git-public name: Setup Git configuration (public) - if: github.repository != 'hashicorp/vault-enterprise' + - id: setup-git-public run: | git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com - uses: ./.github/actions/set-up-gotestsum @@ -123,19 +89,15 @@ jobs: - name: Build matrix excluding binary, integration, and testonly tests id: build-non-binary if: ${{ !inputs.testonly }} - env: - GOPRIVATE: github.com/hashicorp/* run: | # testonly tests need additional build tag though let's exclude them anyway for clarity ( - go list ./... | grep -v "_binary" | grep -v "vault/integ" | grep -v "testonly" | gotestsum tool ci-matrix --debug \ + go list ./... github.com/openbao/openbao/api/... github.com/openbao/openbao/sdk/... | grep -v "_binary" | grep -v "vault/integ" | grep -v "testonly" | gotestsum tool ci-matrix --debug \ --partitions "${{ inputs.total-runners }}" \ --timing-files 'test-results/go-test/*.json' > matrix.json ) - name: Build matrix for tests tagged with testonly if: ${{ inputs.testonly }} - env: - GOPRIVATE: github.com/hashicorp/* run: | set -exo pipefail # enable glob expansion @@ -153,7 +115,7 @@ jobs: if: inputs.binary-tests id: list-binary-tests run: | - LIST="$(go list ./... | grep "_binary" | xargs)" + LIST="$(go list ./... github.com/openbao/openbao/api/... github.com/openbao/openbao/sdk/... | grep "_binary" | xargs)" echo "list=$LIST" >> "$GITHUB_OUTPUT" - name: Build complete matrix id: build @@ -193,57 +155,24 @@ jobs: actions: read contents: read id-token: write # Note: this permission is explicitly required for Vault auth - runs-on: ${{ fromJSON(inputs.runs-on) }} + runs-on: ubuntu-latest strategy: fail-fast: false matrix: id: ${{ fromJSON(needs.test-matrix.outputs.matrix_ids) }} env: - GOPRIVATE: github.com/hashicorp/* TIMEOUT_IN_MINUTES: ${{ inputs.timeout-minutes }} steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 with: ref: ${{ inputs.checkout-ref }} - uses: ./.github/actions/set-up-go - with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - name: Authenticate to Vault - id: vault-auth - if: github.repository == 'hashicorp/vault-enterprise' - run: vault-auth - - name: Fetch Secrets - id: secrets - if: github.repository == 'hashicorp/vault-enterprise' - uses: hashicorp/vault-action@130d1f5f4fe645bb6c83e4225c04d64cfb62de6e - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog-ci DATADOG_API_KEY; - kv/data/github/${{ github.repository }}/github-token username-and-token | github-token; - kv/data/github/${{ github.repository }}/license license_1 | VAULT_LICENSE_CI; - kv/data/github/${{ github.repository }}/license license_2 | VAULT_LICENSE_2; - kv/data/github/${{ github.repository }}/hcp-link HCP_API_ADDRESS; - kv/data/github/${{ github.repository }}/hcp-link HCP_AUTH_URL; - kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_ID; - kv/data/github/${{ github.repository }}/hcp-link HCP_CLIENT_SECRET; - kv/data/github/${{ github.repository }}/hcp-link HCP_RESOURCE_ID; - - id: setup-git-private - name: Setup Git configuration (private) - if: github.repository == 'hashicorp/vault-enterprise' - run: | - git config --global url."https://${{ steps.secrets.outputs.github-token }}@github.com".insteadOf https://github.com - id: setup-git-public name: Setup Git configuration (public) - if: github.repository != 'hashicorp/vault-enterprise' run: | git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN}}@github.com".insteadOf https://github.com - id: build if: inputs.binary-tests && matrix.id == inputs.total-runners - env: - GOPRIVATE: github.com/hashicorp/* run: time make ci-bootstrap dev - uses: ./.github/actions/set-up-gotestsum - id: run-go-tests @@ -263,31 +192,10 @@ jobs: echo "no test packages to run" exit 1 fi - # We don't want VAULT_LICENSE set when running Go tests, because that's - # not what developers have in their environments and it could break some - # tests; it would be like setting VAULT_TOKEN. However some non-Go - # CI commands, like the UI tests, shouldn't have to worry about licensing. - # So we provide the tests which want an externally supplied license with licenses - # via the VAULT_LICENSE_CI and VAULT_LICENSE_2 environment variables, and here we unset it. - # shellcheck disable=SC2034 - VAULT_LICENSE= - - # Assign test licenses to relevant variables if they aren't already - if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then - export VAULT_LICENSE_CI=${{ secrets.ci_license }} - export VAULT_LICENSE_2=${{ secrets.ci_license_2 }} - export HCP_API_ADDRESS=${{ secrets.HCP_API_ADDRESS }} - export HCP_AUTH_URL=${{ secrets.HCP_AUTH_URL }} - export HCP_CLIENT_ID=${{ secrets.HCP_CLIENT_ID }} - export HCP_CLIENT_SECRET=${{ secrets.HCP_CLIENT_SECRET }} - export HCP_RESOURCE_ID=${{ secrets.HCP_RESOURCE_ID }} - # Temporarily removing this variable to cause HCP Link tests - # to be skipped. - #export HCP_SCADA_ADDRESS=${{ secrets.HCP_SCADA_ADDRESS }} - fi - if [ -f bin/vault ]; then - VAULT_BINARY="$(pwd)/bin/vault" + # shellcheck disable=SC2034 + if [ -f bin/bao ]; then + VAULT_BINARY="$(pwd)/bin/bao" export VAULT_BINARY fi @@ -311,22 +219,6 @@ jobs: -timeout=${{ env.TIMEOUT_IN_MINUTES }}m \ -parallel=${{ inputs.go-test-parallelism }} \ ${{ inputs.extra-flags }} \ - - name: Prepare datadog-ci - if: github.repository == 'hashicorp/vault' && (success() || failure()) - continue-on-error: true - run: | - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - - name: Upload test results to DataDog - continue-on-error: true - env: - DD_ENV: ci - run: | - if [[ ${{ github.repository }} == 'hashicorp/vault' ]]; then - export DATADOG_API_KEY=${{ secrets.DATADOG_API_KEY }} - fi - datadog-ci junit upload --service "$GITHUB_REPOSITORY" test-results/go-test/results-${{ matrix.id }}.xml - if: success() || failure() - name: Archive test results uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: @@ -407,7 +299,7 @@ jobs: test-collect-reports: if: ${{ ! cancelled() }} needs: test-go - runs-on: ${{ fromJSON(inputs.runs-on) }} + runs-on: ubuntu-latest steps: - uses: actions/cache@88522ab9f39a2ea568f7027eddc7d8d8bc9d59c8 # v3.3.1 with: diff --git a/.github/workflows/test-run-acc-tests-for-path.yml b/.github/workflows/test-run-acc-tests-for-path.yml index b3096a393a..cbd066f6c8 100644 --- a/.github/workflows/test-run-acc-tests-for-path.yml +++ b/.github/workflows/test-run-acc-tests-for-path.yml @@ -22,8 +22,6 @@ jobs: steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - uses: ./.github/actions/set-up-go - with: - github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - run: go test -v ./${{ inputs.path }}/... 2>&1 | tee ${{ inputs.name }}.txt - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 with: diff --git a/.release/ci.hcl b/.release/ci.hcl deleted file mode 100644 index 8cd7eb85f6..0000000000 --- a/.release/ci.hcl +++ /dev/null @@ -1,176 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -schema = "1" - -project "vault" { - team = "vault" - slack { - notification_channel = "C03RXFX5M4L" // #feed-vault-releases - } - github { - organization = "hashicorp" - repository = "vault" - release_branches = [ - "main", - "release/**", - ] - } -} - -event "merge" { - // "entrypoint" to use if build is not run automatically - // i.e. send "merge" complete signal to orchestrator to trigger build -} - -event "build" { - depends = ["merge"] - action "build" { - organization = "hashicorp" - repository = "vault" - workflow = "build" - } -} - -event "prepare" { - depends = ["build"] - action "prepare" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "prepare" - depends = ["build"] - } - - notification { - on = "fail" - } -} - -event "enos-release-testing-oss" { - depends = ["prepare"] - action "enos-release-testing-oss" { - organization = "hashicorp" - repository = "vault" - workflow = "enos-release-testing-oss" - } - - notification { - on = "fail" - } -} - -## These events are publish and post-publish events and should be added to the end of the file -## after the verify event stanza. - -event "trigger-staging" { -// This event is dispatched by the bob trigger-promotion command -// and is required - do not delete. -} - -event "promote-staging" { - depends = ["trigger-staging"] - action "promote-staging" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "promote-staging" - config = "release-metadata.hcl" - } - - notification { - on = "always" - } -} - -event "promote-staging-docker" { - depends = ["promote-staging"] - action "promote-staging-docker" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "promote-staging-docker" - } - - notification { - on = "always" - } -} - -event "trigger-production" { -// This event is dispatched by the bob trigger-promotion command -// and is required - do not delete. -} - -event "promote-production" { - depends = ["trigger-production"] - action "promote-production" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "promote-production" - } - - notification { - on = "always" - } -} - -event "promote-production-docker" { - depends = ["promote-production"] - action "promote-production-docker" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "promote-production-docker" - } - - notification { - on = "always" - } -} - -event "promote-production-packaging" { - depends = ["promote-production-docker"] - action "promote-production-packaging" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "promote-production-packaging" - } - - notification { - on = "always" - } -} - -# The post-publish-website event should not be merged into the enterprise repo. -# It is for OSS use only. -event "post-publish-website" { - depends = ["promote-production-packaging"] - action "post-publish-website" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "post-publish-website" - } - - notification { - on = "always" - } -} - -event "bump-version" { - depends = ["post-publish-website"] - action "bump-version" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "bump-version" - } -} - -event "update-ironbank" { - depends = ["bump-version"] - action "update-ironbank" { - organization = "hashicorp" - repository = "crt-workflows-common" - workflow = "update-ironbank" - } - - notification { - on = "fail" - } -} diff --git a/.release/docker/docker-entrypoint.sh b/.release/docker/docker-entrypoint.sh index 2b9b8f35a1..a7087974f4 100755 --- a/.release/docker/docker-entrypoint.sh +++ b/.release/docker/docker-entrypoint.sh @@ -12,10 +12,10 @@ set -e # Prevent core dumps ulimit -c 0 -# Allow setting VAULT_REDIRECT_ADDR and VAULT_CLUSTER_ADDR using an interface +# Allow setting BAO_REDIRECT_ADDR and BAO_CLUSTER_ADDR using an interface # name instead of an IP address. The interface name is specified using -# VAULT_REDIRECT_INTERFACE and VAULT_CLUSTER_INTERFACE environment variables. If -# VAULT_*_ADDR is also set, the resulting URI will combine the protocol and port +# BAO_REDIRECT_INTERFACE and BAO_CLUSTER_INTERFACE environment variables. If +# BAO_*_ADDR is also set, the resulting URI will combine the protocol and port # number with the IP of the named interface. get_addr () { local if_name=$1 @@ -26,81 +26,81 @@ get_addr () { exit}' } -if [ -n "$VAULT_REDIRECT_INTERFACE" ]; then - export VAULT_REDIRECT_ADDR=$(get_addr $VAULT_REDIRECT_INTERFACE ${VAULT_REDIRECT_ADDR:-"http://0.0.0.0:8200"}) - echo "Using $VAULT_REDIRECT_INTERFACE for VAULT_REDIRECT_ADDR: $VAULT_REDIRECT_ADDR" +if [ -n "$BAO_REDIRECT_INTERFACE" ]; then + export BAO_REDIRECT_ADDR=$(get_addr $BAO_REDIRECT_INTERFACE ${BAO_REDIRECT_ADDR:-"http://0.0.0.0:8200"}) + echo "Using $BAO_REDIRECT_INTERFACE for BAO_REDIRECT_ADDR: $BAO_REDIRECT_ADDR" fi -if [ -n "$VAULT_CLUSTER_INTERFACE" ]; then - export VAULT_CLUSTER_ADDR=$(get_addr $VAULT_CLUSTER_INTERFACE ${VAULT_CLUSTER_ADDR:-"https://0.0.0.0:8201"}) - echo "Using $VAULT_CLUSTER_INTERFACE for VAULT_CLUSTER_ADDR: $VAULT_CLUSTER_ADDR" +if [ -n "$BAO_CLUSTER_INTERFACE" ]; then + export BAO_CLUSTER_ADDR=$(get_addr $BAO_CLUSTER_INTERFACE ${BAO_CLUSTER_ADDR:-"https://0.0.0.0:8201"}) + echo "Using $BAO_CLUSTER_INTERFACE for BAO_CLUSTER_ADDR: $BAO_CLUSTER_ADDR" fi -# VAULT_CONFIG_DIR isn't exposed as a volume but you can compose additional +# BAO_CONFIG_DIR isn't exposed as a volume but you can compose additional # config files in there if you use this image as a base, or use -# VAULT_LOCAL_CONFIG below. -VAULT_CONFIG_DIR=/vault/config +# BAO_LOCAL_CONFIG below. +BAO_CONFIG_DIR=/openbao/config -# You can also set the VAULT_LOCAL_CONFIG environment variable to pass some -# Vault configuration JSON without having to bind any volumes. -if [ -n "$VAULT_LOCAL_CONFIG" ]; then - echo "$VAULT_LOCAL_CONFIG" > "$VAULT_CONFIG_DIR/local.json" +# You can also set the BAO_LOCAL_CONFIG environment variable to pass some +# OpenBao configuration JSON without having to bind any volumes. +if [ -n "$BAO_LOCAL_CONFIG" ]; then + echo "$BAO_LOCAL_CONFIG" > "$BAO_CONFIG_DIR/local.json" fi -# If the user is trying to run Vault directly with some arguments, then -# pass them to Vault. +# If the user is trying to run OpenBao directly with some arguments, then +# pass them to OpenBao. if [ "${1:0:1}" = '-' ]; then - set -- vault "$@" + set -- bao "$@" fi -# Look for Vault subcommands. +# Look for OpenBao subcommands. if [ "$1" = 'server' ]; then shift - set -- vault server \ - -config="$VAULT_CONFIG_DIR" \ - -dev-root-token-id="$VAULT_DEV_ROOT_TOKEN_ID" \ - -dev-listen-address="${VAULT_DEV_LISTEN_ADDRESS:-"0.0.0.0:8200"}" \ + set -- bao server \ + -config="$BAO_CONFIG_DIR" \ + -dev-root-token-id="$BAO_DEV_ROOT_TOKEN_ID" \ + -dev-listen-address="${BAO_DEV_LISTEN_ADDRESS:-"0.0.0.0:8200"}" \ "$@" elif [ "$1" = 'version' ]; then # This needs a special case because there's no help output. - set -- vault "$@" -elif vault --help "$1" 2>&1 | grep -q "vault $1"; then + set -- bao "$@" +elif bao --help "$1" 2>&1 | grep -q "bao $1"; then # We can't use the return code to check for the existence of a subcommand, so # we have to use grep to look for a pattern in the help output. - set -- vault "$@" + set -- bao "$@" fi -# If we are running Vault, make sure it executes as the proper user. -if [ "$1" = 'vault' ]; then +# If we are running OpenBao, make sure it executes as the proper user. +if [ "$1" = 'bao' ]; then if [ -z "$SKIP_CHOWN" ]; then # If the config dir is bind mounted then chown it - if [ "$(stat -c %u /vault/config)" != "$(id -u vault)" ]; then - chown -R vault:vault /vault/config || echo "Could not chown /vault/config (may not have appropriate permissions)" + if [ "$(stat -c %u /openbao/config)" != "$(id -u openbao)" ]; then + chown -R openbao:openbao /openbao/config || echo "Could not chown /openbao/config (may not have appropriate permissions)" fi # If the logs dir is bind mounted then chown it - if [ "$(stat -c %u /vault/logs)" != "$(id -u vault)" ]; then - chown -R vault:vault /vault/logs + if [ "$(stat -c %u /openbao/logs)" != "$(id -u openbao)" ]; then + chown -R openbao:openbao /openbao/logs fi # If the file dir is bind mounted then chown it - if [ "$(stat -c %u /vault/file)" != "$(id -u vault)" ]; then - chown -R vault:vault /vault/file + if [ "$(stat -c %u /openbao/file)" != "$(id -u openbao)" ]; then + chown -R openbao:openbao /openbao/file fi fi if [ -z "$SKIP_SETCAP" ]; then - # Allow mlock to avoid swapping Vault memory to disk - setcap cap_ipc_lock=+ep $(readlink -f $(which vault)) + # Allow mlock to avoid swapping OpenBao memory to disk + setcap cap_ipc_lock=+ep $(readlink -f $(which bao)) - # In the case vault has been started in a container without IPC_LOCK privileges - if ! vault -version 1>/dev/null 2>/dev/null; then - >&2 echo "Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --cap-add IPC_LOCK" - setcap cap_ipc_lock=-ep $(readlink -f $(which vault)) + # In the case bao has been started in a container without IPC_LOCK privileges + if ! bao -version 1>/dev/null 2>/dev/null; then + >&2 echo "Couldn't start bao with IPC_LOCK. Disabling IPC_LOCK, please use --cap-add IPC_LOCK" + setcap cap_ipc_lock=-ep $(readlink -f $(which bao)) fi fi if [ "$(id -u)" = '0' ]; then - set -- su-exec vault "$@" + set -- su-exec openbao "$@" fi fi diff --git a/.release/docker/ubi-docker-entrypoint.sh b/.release/docker/ubi-docker-entrypoint.sh index 794e69c614..bd028beb3d 100755 --- a/.release/docker/ubi-docker-entrypoint.sh +++ b/.release/docker/ubi-docker-entrypoint.sh @@ -7,10 +7,10 @@ set -e # Prevent core dumps ulimit -c 0 -# Allow setting VAULT_REDIRECT_ADDR and VAULT_CLUSTER_ADDR using an interface +# Allow setting BAO_REDIRECT_ADDR and BAO_CLUSTER_ADDR using an interface # name instead of an IP address. The interface name is specified using -# VAULT_REDIRECT_INTERFACE and VAULT_CLUSTER_INTERFACE environment variables. If -# VAULT_*_ADDR is also set, the resulting URI will combine the protocol and port +# BAO_REDIRECT_INTERFACE and BAO_CLUSTER_INTERFACE environment variables. If +# BAO_*_ADDR is also set, the resulting URI will combine the protocol and port # number with the IP of the named interface. get_addr () { local if_name=$1 @@ -21,81 +21,81 @@ get_addr () { exit}' } -if [ -n "$VAULT_REDIRECT_INTERFACE" ]; then - export VAULT_REDIRECT_ADDR=$(get_addr $VAULT_REDIRECT_INTERFACE ${VAULT_REDIRECT_ADDR:-"http://0.0.0.0:8200"}) - echo "Using $VAULT_REDIRECT_INTERFACE for VAULT_REDIRECT_ADDR: $VAULT_REDIRECT_ADDR" +if [ -n "$BAO_REDIRECT_INTERFACE" ]; then + export BAO_REDIRECT_ADDR=$(get_addr $BAO_REDIRECT_INTERFACE ${BAO_REDIRECT_ADDR:-"http://0.0.0.0:8200"}) + echo "Using $BAO_REDIRECT_INTERFACE for BAO_REDIRECT_ADDR: $BAO_REDIRECT_ADDR" fi -if [ -n "$VAULT_CLUSTER_INTERFACE" ]; then - export VAULT_CLUSTER_ADDR=$(get_addr $VAULT_CLUSTER_INTERFACE ${VAULT_CLUSTER_ADDR:-"https://0.0.0.0:8201"}) - echo "Using $VAULT_CLUSTER_INTERFACE for VAULT_CLUSTER_ADDR: $VAULT_CLUSTER_ADDR" +if [ -n "$BAO_CLUSTER_INTERFACE" ]; then + export BAO_CLUSTER_ADDR=$(get_addr $BAO_CLUSTER_INTERFACE ${BAO_CLUSTER_ADDR:-"https://0.0.0.0:8201"}) + echo "Using $BAO_CLUSTER_INTERFACE for BAO_CLUSTER_ADDR: $BAO_CLUSTER_ADDR" fi -# VAULT_CONFIG_DIR isn't exposed as a volume but you can compose additional +# BAO_CONFIG_DIR isn't exposed as a volume but you can compose additional # config files in there if you use this image as a base, or use -# VAULT_LOCAL_CONFIG below. -VAULT_CONFIG_DIR=/vault/config +# BAO_LOCAL_CONFIG below. +BAO_CONFIG_DIR=/openbao/config -# You can also set the VAULT_LOCAL_CONFIG environment variable to pass some -# Vault configuration JSON without having to bind any volumes. -if [ -n "$VAULT_LOCAL_CONFIG" ]; then - echo "$VAULT_LOCAL_CONFIG" > "$VAULT_CONFIG_DIR/local.json" +# You can also set the BAO_LOCAL_CONFIG environment variable to pass some +# OpenBao configuration JSON without having to bind any volumes. +if [ -n "$BAO_LOCAL_CONFIG" ]; then + echo "$BAO_LOCAL_CONFIG" > "$BAO_CONFIG_DIR/local.json" fi # Due to OpenShift environment compatibility, we have to allow group write -# access to the Vault configuration. This requires us to disable the stricter -# file permissions checks introduced in Vault v1.11.0. -export VAULT_DISABLE_FILE_PERMISSIONS_CHECK=true +# access to the OpenBao configuration. This requires us to disable the stricter +# file permissions checks introduced in OpenBao v1.11.0. +export BAO_DISABLE_FILE_PERMISSIONS_CHECK=true -# If the user is trying to run Vault directly with some arguments, then -# pass them to Vault. +# If the user is trying to run OpenBao directly with some arguments, then +# pass them to OpenBao. if [ "${1:0:1}" = '-' ]; then - set -- vault "$@" + set -- bao "$@" fi -# Look for Vault subcommands. +# Look for OpenBao subcommands. if [ "$1" = 'server' ]; then shift - set -- vault server \ - -config="$VAULT_CONFIG_DIR" \ - -dev-root-token-id="$VAULT_DEV_ROOT_TOKEN_ID" \ - -dev-listen-address="${VAULT_DEV_LISTEN_ADDRESS:-"0.0.0.0:8200"}" \ + set -- bao server \ + -config="$BAO_CONFIG_DIR" \ + -dev-root-token-id="$BAO_DEV_ROOT_TOKEN_ID" \ + -dev-listen-address="${BAO_DEV_LISTEN_ADDRESS:-"0.0.0.0:8200"}" \ "$@" elif [ "$1" = 'version' ]; then # This needs a special case because there's no help output. - set -- vault "$@" -elif vault --help "$1" 2>&1 | grep -q "vault $1"; then + set -- bao "$@" +elif bao --help "$1" 2>&1 | grep -q "bao $1"; then # We can't use the return code to check for the existence of a subcommand, so # we have to use grep to look for a pattern in the help output. - set -- vault "$@" + set -- bao "$@" fi -# If we are running Vault, make sure it executes as the proper user. -if [ "$1" = 'vault' ]; then +# If we are running OpenBao, make sure it executes as the proper user. +if [ "$1" = 'bao' ]; then if [ -z "$SKIP_CHOWN" ]; then # If the config dir is bind mounted then chown it - if [ "$(stat -c %u /vault/config)" != "$(id -u vault)" ]; then - chown -R vault:vault /vault/config || echo "Could not chown /vault/config (may not have appropriate permissions)" + if [ "$(stat -c %u /openbao/config)" != "$(id -u openbao)" ]; then + chown -R openbao:openbao /openbao/config || echo "Could not chown /openbao/config (may not have appropriate permissions)" fi # If the logs dir is bind mounted then chown it - if [ "$(stat -c %u /vault/logs)" != "$(id -u vault)" ]; then - chown -R vault:vault /vault/logs + if [ "$(stat -c %u /openbao/logs)" != "$(id -u openbao)" ]; then + chown -R openbao:openbao /openbao/logs fi # If the file dir is bind mounted then chown it - if [ "$(stat -c %u /vault/file)" != "$(id -u vault)" ]; then - chown -R vault:vault /vault/file + if [ "$(stat -c %u /openbao/file)" != "$(id -u openbao)" ]; then + chown -R openbao:openbao /openbao/file fi fi if [ -z "$SKIP_SETCAP" ]; then - # Allow mlock to avoid swapping Vault memory to disk - setcap cap_ipc_lock=+ep $(readlink -f /bin/vault) + # Allow mlock to avoid swapping OpenBao memory to disk + setcap cap_ipc_lock=+ep $(readlink -f /bin/bao) - # In the case vault has been started in a container without IPC_LOCK privileges - if ! vault -version 1>/dev/null 2>/dev/null; then - >&2 echo "Couldn't start vault with IPC_LOCK. Disabling IPC_LOCK, please use --cap-add IPC_LOCK" - setcap cap_ipc_lock=-ep $(readlink -f /bin/vault) + # In the case bao has been started in a container without IPC_LOCK privileges + if ! bao -version 1>/dev/null 2>/dev/null; then + >&2 echo "Couldn't start bao with IPC_LOCK. Disabling IPC_LOCK, please use --cap-add IPC_LOCK" + setcap cap_ipc_lock=-ep $(readlink -f /bin/bao) fi fi fi @@ -103,14 +103,14 @@ fi # In case of Docker, where swap may be enabled, we # still require mlocking to be available. So this script # was executed as root to make this happen, however, -# we're now rerunning the entrypoint script as the Vault +# we're now rerunning the entrypoint script as the OpenBao # user but no longer need to run setup code for setcap # or chowning directories (previously done on the first run). if [[ "$(id -u)" == '0' ]] then export SKIP_CHOWN="true" export SKIP_SETCAP="true" - exec su vault -p "$0" -- "$@" + exec su openbao -p "$0" -- "$@" else exec "$@" fi diff --git a/.release/linux/package/etc/vault.d/vault.env b/.release/linux/package/etc/openbao/openbao.env similarity index 100% rename from .release/linux/package/etc/vault.d/vault.env rename to .release/linux/package/etc/openbao/openbao.env diff --git a/.release/linux/package/etc/openbao/openbao.hcl b/.release/linux/package/etc/openbao/openbao.hcl new file mode 100644 index 0000000000..30f565793c --- /dev/null +++ b/.release/linux/package/etc/openbao/openbao.hcl @@ -0,0 +1,37 @@ +# Copyright (c) HashiCorp, Inc. +# SPDX-License-Identifier: MPL-2.0 + +# Full configuration options can be found at https://github.com/openbao/openbao/tree/main/website/content/docs/configuration + +ui = true + +#mlock = true +#disable_mlock = true + +storage "file" { + path = "/opt/openbao/data" +} + +#storage "consul" { +# address = "127.0.0.1:8500" +# path = "openbao" +#} + +# HTTP listener +#listener "tcp" { +# address = "127.0.0.1:8200" +# tls_disable = 1 +#} + +# HTTPS listener +listener "tcp" { + address = "0.0.0.0:8200" + tls_cert_file = "/opt/openbao/tls/tls.crt" + tls_key_file = "/opt/openbao/tls/tls.key" +} + +# Example AWS KMS auto unseal +#seal "awskms" { +# region = "us-east-1" +# kms_key_id = "REPLACE-ME" +#} diff --git a/.release/linux/package/etc/vault.d/vault.hcl b/.release/linux/package/etc/vault.d/vault.hcl deleted file mode 100644 index 4a59d36725..0000000000 --- a/.release/linux/package/etc/vault.d/vault.hcl +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -# Full configuration options can be found at https://www.vaultproject.io/docs/configuration - -ui = true - -#mlock = true -#disable_mlock = true - -storage "file" { - path = "/opt/vault/data" -} - -#storage "consul" { -# address = "127.0.0.1:8500" -# path = "vault" -#} - -# HTTP listener -#listener "tcp" { -# address = "127.0.0.1:8200" -# tls_disable = 1 -#} - -# HTTPS listener -listener "tcp" { - address = "0.0.0.0:8200" - tls_cert_file = "/opt/vault/tls/tls.crt" - tls_key_file = "/opt/vault/tls/tls.key" -} - -# Enterprise license_path -# This will be required for enterprise as of v1.8 -#license_path = "/etc/vault.d/vault.hclic" - -# Example AWS KMS auto unseal -#seal "awskms" { -# region = "us-east-1" -# kms_key_id = "REPLACE-ME" -#} - -# Example HSM auto unseal -#seal "pkcs11" { -# lib = "/usr/vault/lib/libCryptoki2_64.so" -# slot = "0" -# pin = "AAAA-BBBB-CCCC-DDDD" -# key_label = "vault-hsm-key" -# hmac_key_label = "vault-hsm-hmac-key" -#} diff --git a/.release/linux/package/usr/lib/systemd/system/vault.service b/.release/linux/package/usr/lib/systemd/system/openbao.service similarity index 63% rename from .release/linux/package/usr/lib/systemd/system/vault.service rename to .release/linux/package/usr/lib/systemd/system/openbao.service index 45c896b2c9..ab3d1f8f50 100644 --- a/.release/linux/package/usr/lib/systemd/system/vault.service +++ b/.release/linux/package/usr/lib/systemd/system/openbao.service @@ -1,17 +1,17 @@ [Unit] -Description="HashiCorp Vault - A tool for managing secrets" -Documentation=https://www.vaultproject.io/docs/ +Description="OpenBao - A tool for managing secrets" +Documentation=https://github.com/openbao/openbao/tree/main/website/content/docs Requires=network-online.target After=network-online.target -ConditionFileNotEmpty=/etc/vault.d/vault.hcl +ConditionFileNotEmpty=/etc/openbao/openbao.hcl StartLimitIntervalSec=60 StartLimitBurst=3 [Service] Type=notify -EnvironmentFile=/etc/vault.d/vault.env -User=vault -Group=vault +EnvironmentFile=/etc/openbao.d/openbao.env +User=openbao +Group=openbao ProtectSystem=full ProtectHome=read-only PrivateTmp=yes @@ -20,7 +20,7 @@ SecureBits=keep-caps AmbientCapabilities=CAP_IPC_LOCK CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK NoNewPrivileges=yes -ExecStart=/usr/bin/vault server -config=/etc/vault.d/vault.hcl +ExecStart=/usr/bin/bao server -config=/etc/openbao/openbao.hcl ExecReload=/bin/kill --signal HUP $MAINPID KillMode=process KillSignal=SIGINT diff --git a/.release/linux/postinst b/.release/linux/postinst index 2a08b7a152..08b0989893 100644 --- a/.release/linux/postinst +++ b/.release/linux/postinst @@ -1,18 +1,18 @@ #!/bin/bash -if [[ -f /opt/vault/tls/tls.crt ]] && [[ -f /opt/vault/tls/tls.key ]]; then - echo "Vault TLS key and certificate already exist. Exiting." +if [[ -f /opt/openbao/tls/tls.crt ]] && [[ -f /opt/openbao/tls/tls.key ]]; then + echo "OpenBao TLS key and certificate already exist. Exiting." exit 0 fi -echo "Generating Vault TLS key and self-signed certificate..." +echo "Generating OpenBao TLS key and self-signed certificate..." # Create TLS and Data directory -mkdir --parents /opt/vault/tls -mkdir --parents /opt/vault/data +mkdir --parents /opt/openbao/tls +mkdir --parents /opt/openbao/data # Generate TLS key and certificate -cd /opt/vault/tls +cd /opt/openbao/tls openssl req \ -out tls.crt \ -new \ @@ -21,27 +21,20 @@ openssl req \ -nodes \ -sha256 \ -x509 \ - -subj "/O=HashiCorp/CN=Vault" \ + -subj "/O=OpenBao/CN=OpenBao" \ -days 1095 # 3 years # Update file permissions -chown --recursive vault:vault /etc/vault.d -chown --recursive vault:vault /opt/vault -chmod 600 /opt/vault/tls/tls.crt /opt/vault/tls/tls.key -chmod 700 /opt/vault/tls +chown --recursive openbao:openbao /etc/openbao +chown --recursive openbao:openbao /opt/openbao +chmod 600 /opt/openbao/tls/tls.crt /opt/openbao/tls/tls.key +chmod 700 /opt/openbao/tls -echo "Vault TLS key and self-signed certificate have been generated in '/opt/vault/tls'." +echo "OpenBao TLS key and self-signed certificate have been generated in '/opt/openbao/tls'." -# Set IPC_LOCK capabilities on vault -setcap cap_ipc_lock=+ep /usr/bin/vault +# Set IPC_LOCK capabilities on bao +setcap cap_ipc_lock=+ep /usr/bin/bao if [ -d /run/systemd/system ]; then systemctl --system daemon-reload >/dev/null || true fi - -if [[ $(vault version) == *+ent* ]]; then -echo " -The following shall apply unless your organization has a separately signed Enterprise License Agreement or Evaluation Agreement governing your use of the software: -Software in this repository is subject to the license terms located in the software, copies of which are also available at https://eula.hashicorp.com/ClickThruELA-Global.pdf or https://www.hashicorp.com/terms-of-evaluation as applicable. Please read the license terms prior to using the software. Your installation and use of the software constitutes your acceptance of these terms. If you do not accept the terms, do not use the software. -" -fi diff --git a/.release/linux/postrm b/.release/linux/postrm index 64dd1e5fce..4b91639727 100644 --- a/.release/linux/postrm +++ b/.release/linux/postrm @@ -2,7 +2,7 @@ if [ "$1" = "purge" ] then - userdel vault + userdel openbao fi exit 0 diff --git a/.release/linux/preinst b/.release/linux/preinst index 6de6e2e1fb..c6e2f6b9e7 100644 --- a/.release/linux/preinst +++ b/.release/linux/preinst @@ -2,7 +2,7 @@ set -eu -USER="vault" +USER="openbao" if ! id -u $USER > /dev/null 2>&1; then useradd \ diff --git a/.release/release-metadata.hcl b/.release/release-metadata.hcl index 3a49b69c59..20d12a5728 100644 --- a/.release/release-metadata.hcl +++ b/.release/release-metadata.hcl @@ -1,9 +1,5 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -url_docker_registry_dockerhub = "https://hub.docker.com/r/hashicorp/vault" -url_docker_registry_ecr = "https://gallery.ecr.aws/hashicorp/vault" -url_license = "https://github.com/hashicorp/vault/blob/main/LICENSE" -url_project_website = "https://www.vaultproject.io/" -url_source_repository = "https://github.com/hashicorp/vault" -url_release_notes = "https://www.vaultproject.io/docs/release-notes" +url_docker_registry_dockerhub = "https://hub.docker.com/r/openbao/openbao" +url_license = "https://github.com/openbao/openbao/blob/main/LICENSE" +url_project_website = "https://github.com/openbao/openbao" +url_source_repository = "https://github.com/openbao/openbao" +url_release_notes = "https://github.com/openbao/openbao/tree/main/CHANGELOG.md" diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl deleted file mode 100644 index 62460e431d..0000000000 --- a/.release/security-scan.hcl +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -container { - dependencies = true - alpine_secdb = true - secrets = true -} - -binary { - secrets = false - go_modules = false - osv = true - oss_index = true - nvd = false -} diff --git a/api/auth/approle/go.mod b/api/auth/approle/go.mod index 831eb24a74..9472384e1d 100644 --- a/api/auth/approle/go.mod +++ b/api/auth/approle/go.mod @@ -2,4 +2,6 @@ module github.com/openbao/openbao/api/auth/approle go 1.16 +replace github.com/openbao/openbao/api => ../../ + require github.com/openbao/openbao/api v1.9.2 diff --git a/api/auth/approle/go.sum b/api/auth/approle/go.sum index f84aba84ab..39404f8d2d 100644 --- a/api/auth/approle/go.sum +++ b/api/auth/approle/go.sum @@ -39,8 +39,6 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/openbao/openbao/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as= -github.com/openbao/openbao/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= diff --git a/api/auth/kubernetes/go.mod b/api/auth/kubernetes/go.mod index 63847e9e95..3451831305 100644 --- a/api/auth/kubernetes/go.mod +++ b/api/auth/kubernetes/go.mod @@ -2,4 +2,6 @@ module github.com/openbao/openbao/api/auth/kubernetes go 1.16 +replace github.com/openbao/openbao/api => ../../ + require github.com/openbao/openbao/api v1.9.2 diff --git a/api/auth/kubernetes/go.sum b/api/auth/kubernetes/go.sum index f84aba84ab..39404f8d2d 100644 --- a/api/auth/kubernetes/go.sum +++ b/api/auth/kubernetes/go.sum @@ -39,8 +39,6 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/openbao/openbao/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as= -github.com/openbao/openbao/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= diff --git a/api/auth/ldap/go.mod b/api/auth/ldap/go.mod index b573016aa5..97e7fc9e5b 100644 --- a/api/auth/ldap/go.mod +++ b/api/auth/ldap/go.mod @@ -2,4 +2,6 @@ module github.com/openbao/openbao/api/auth/ldap go 1.16 +replace github.com/openbao/openbao/api => ../../ + require github.com/openbao/openbao/api v1.9.2 diff --git a/api/auth/ldap/go.sum b/api/auth/ldap/go.sum index f84aba84ab..39404f8d2d 100644 --- a/api/auth/ldap/go.sum +++ b/api/auth/ldap/go.sum @@ -39,8 +39,6 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/openbao/openbao/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as= -github.com/openbao/openbao/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= diff --git a/api/auth/userpass/go.mod b/api/auth/userpass/go.mod index dfab3f2498..fef5a98513 100644 --- a/api/auth/userpass/go.mod +++ b/api/auth/userpass/go.mod @@ -2,4 +2,6 @@ module github.com/openbao/openbao/api/auth/userpass go 1.16 +replace github.com/openbao/openbao/api => ../../ + require github.com/openbao/openbao/api v1.9.2 diff --git a/api/auth/userpass/go.sum b/api/auth/userpass/go.sum index f84aba84ab..39404f8d2d 100644 --- a/api/auth/userpass/go.sum +++ b/api/auth/userpass/go.sum @@ -39,8 +39,6 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/openbao/openbao/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as= -github.com/openbao/openbao/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= diff --git a/builtin/credential/jwt/tools/go.mod b/builtin/credential/jwt/tools/go.mod deleted file mode 100644 index 2dc63fb799..0000000000 --- a/builtin/credential/jwt/tools/go.mod +++ /dev/null @@ -1,13 +0,0 @@ -module github.com/hashicorp/vault-plugin-scaffolding/tools - -go 1.17 - -require mvdan.cc/gofumpt v0.3.1 - -require ( - github.com/google/go-cmp v0.5.7 // indirect - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect - golang.org/x/sys v0.1.0 // indirect - golang.org/x/tools v0.1.10 // indirect -) diff --git a/builtin/credential/jwt/tools/go.sum b/builtin/credential/jwt/tools/go.sum deleted file mode 100644 index 404fcfac1c..0000000000 --- a/builtin/credential/jwt/tools/go.sum +++ /dev/null @@ -1,55 +0,0 @@ -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/frankban/quicktest v1.14.2 h1:SPb1KFFmM+ybpEjPUhCCkZOM5xlovT5UbrMvWnXyBns= -github.com/frankban/quicktest v1.14.2/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= -github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= -github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= -github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= -github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= -golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -mvdan.cc/gofumpt v0.3.1 h1:avhhrOmv0IuvQVK7fvwV91oFSGAk5/6Po8GXTzICeu8= -mvdan.cc/gofumpt v0.3.1/go.mod h1:w3ymliuxvzVx8DAutBnVyDqYb1Niy/yCJt/lk821YCE= diff --git a/builtin/credential/jwt/tools/tools.go b/builtin/credential/jwt/tools/tools.go deleted file mode 100644 index 283ffd86bb..0000000000 --- a/builtin/credential/jwt/tools/tools.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -//go:build tools - -// This file ensures tool dependencies are kept in sync. This is the -// recommended way of doing this according to -// https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module -// To install the following tools at the version used by this repo run: -// $ make bootstrap -// or -// $ go generate -tags tools tools/tools.go - -package tools - -//go:generate go install mvdan.cc/gofumpt -import ( - _ "mvdan.cc/gofumpt" -) diff --git a/builtin/credential/kubernetes/integrationtest/go.mod b/builtin/credential/kubernetes/integrationtest/go.mod deleted file mode 100644 index 0dcf07d8da..0000000000 --- a/builtin/credential/kubernetes/integrationtest/go.mod +++ /dev/null @@ -1,66 +0,0 @@ -module github.com/hashicorp/vault-plugin-auth-kubernetes/integrationtest - -go 1.20 - -require ( - github.com/hashicorp/vault/api v1.9.2 - k8s.io/api v0.27.3 - k8s.io/apimachinery v0.27.3 - k8s.io/client-go v0.27.3 -) - -require ( - github.com/cenkalti/backoff/v3 v3.0.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.9.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.1 // indirect - github.com/go-logr/logr v1.2.3 // indirect - github.com/go-openapi/jsonpointer v0.19.6 // indirect - github.com/go-openapi/jsonreference v0.20.1 // indirect - github.com/go-openapi/swag v0.22.3 // indirect - github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/google/gnostic v0.5.7-v3refs // indirect - github.com/google/go-cmp v0.5.9 // indirect - github.com/google/gofuzz v1.1.0 // indirect - github.com/google/uuid v1.3.0 // indirect - github.com/hashicorp/errwrap v1.1.0 // indirect - github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.6.6 // indirect - github.com/hashicorp/go-rootcerts v1.0.2 // indirect - github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect - github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect - github.com/hashicorp/go-sockaddr v1.0.2 // indirect - github.com/hashicorp/hcl v1.0.0 // indirect - github.com/imdario/mergo v0.3.6 // indirect - github.com/josharian/intern v1.0.0 // indirect - github.com/json-iterator/go v1.1.12 // indirect - github.com/mailru/easyjson v0.7.7 // indirect - github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect - github.com/moby/spdystream v0.2.0 // indirect - github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect - github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/ryanuber/go-glob v1.0.0 // indirect - github.com/spf13/pflag v1.0.5 // indirect - golang.org/x/crypto v0.17.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect - golang.org/x/sys v0.15.0 // indirect - golang.org/x/term v0.15.0 // indirect - golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.28.1 // indirect - gopkg.in/inf.v0 v0.9.1 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/klog/v2 v2.90.1 // indirect - k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect - k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect - sigs.k8s.io/yaml v1.3.0 // indirect -) diff --git a/builtin/credential/kubernetes/integrationtest/go.sum b/builtin/credential/kubernetes/integrationtest/go.sum deleted file mode 100644 index 4badddb2b7..0000000000 --- a/builtin/credential/kubernetes/integrationtest/go.sum +++ /dev/null @@ -1,545 +0,0 @@ -cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= -cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= -cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= -cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= -cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= -cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= -cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= -cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= -cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= -cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= -cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= -cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= -cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= -cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= -cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= -cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= -cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= -cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= -cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= -cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= -cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= -cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= -github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= -github.com/cenkalti/backoff/v3 v3.0.0 h1:ske+9nBpD9qZsTBoF41nW5L+AIuFBKMeze18XQ3eG1c= -github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= -github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= -github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= -github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= -github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= -github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= -github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= -github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= -github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= -github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= -github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 h1:p104kn46Q8WdvHunIJ9dAyjPVtrBPhSr3KT2yUst43I= -github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw= -github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= -github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= -github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= -github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= -github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= -github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= -github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= -github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= -github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= -github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= -github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= -github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= -github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= -github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= -github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= -github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= -github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= -github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= -github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.16.2 h1:K4ev2ib4LdQETX5cSZBG0DVLk1jwGqSPXBjdah3veNs= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= -github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.6.6 h1:HJunrbHTDDbBb/ay4kxa1n+dLmttUlnP3V9oNE4hmsM= -github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= -github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 h1:om4Al8Oy7kCm/B86rLCLah4Dt5Aa0Fr5rYBG60OzwHQ= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= -github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= -github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/vault/api v1.9.2 h1:YjkZLJ7K3inKgMZ0wzCU9OHqc+UqMQyXsPXnf3Cl2as= -github.com/hashicorp/vault/api v1.9.2/go.mod h1:jo5Y/ET+hNyz+JnKDt8XLAdKs+AM0G5W0Vp1IrFI8N8= -github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= -github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= -github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= -github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= -github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= -github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= -github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= -github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= -github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.12 h1:wuysRhFDzyxgEmMf5xjvJ2M9dZoWAXNNr5LSBS7uHXY= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= -github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= -github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= -github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= -github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= -github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= -github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.9.1 h1:zie5Ly042PD3bsCvsSOPvRnFwyo3rKe64TJlD6nu0mk= -github.com/onsi/gomega v1.27.4 h1:Z2AnStgsdSayCMDiCU42qIz+HLqEPcgiOCXjAU/w+8E= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= -github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= -github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= -github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= -github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= -go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= -golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= -golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= -golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= -golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= -golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= -golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= -golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= -golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= -golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= -golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= -golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= -golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= -golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= -golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= -golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= -golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b h1:clP8eMhB30EHdc0bd2Twtq6kgU7yl5ub2cQLSdrv1Dg= -golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= -golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= -golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= -golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= -golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= -golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= -golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= -golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= -golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.7.0 h1:W4OVu8VVOaIO0yzWMNdepAulS7YfoS3Zabrm8DOXXU4= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= -google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= -google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= -google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= -google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= -google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= -google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= -google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= -google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= -google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= -google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= -google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= -google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= -google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= -google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= -google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= -google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= -google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= -google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= -google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= -google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= -google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= -google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= -google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= -google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= -google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= -google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= -google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= -gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= -gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= -gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= -gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.27.3 h1:yR6oQXXnUEBWEWcvPWS0jQL575KoAboQPfJAuKNrw5Y= -k8s.io/api v0.27.3/go.mod h1:C4BNvZnQOF7JA/0Xed2S+aUyJSfTGkGFxLXz9MnpIpg= -k8s.io/apimachinery v0.27.3 h1:Ubye8oBufD04l9QnNtW05idcOe9Z3GQN8+7PqmuVcUM= -k8s.io/apimachinery v0.27.3/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= -k8s.io/client-go v0.27.3 h1:7dnEGHZEJld3lYwxvLl7WoehK6lAq7GvgjxpA3nv1E8= -k8s.io/client-go v0.27.3/go.mod h1:2MBEKuTo6V1lbKy3z1euEGnhPfGZLKTS9tiJ2xodM48= -k8s.io/klog/v2 v2.90.1 h1:m4bYOKall2MmOiRaR1J+We67Do7vm9KiQVlT96lnHUw= -k8s.io/klog/v2 v2.90.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= -k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= -k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= -k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= -rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= -rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= -sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= -sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo= -sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8= diff --git a/builtin/logical/openldap/tools/go.mod b/builtin/logical/openldap/tools/go.mod deleted file mode 100644 index 25fd6a0b7a..0000000000 --- a/builtin/logical/openldap/tools/go.mod +++ /dev/null @@ -1,13 +0,0 @@ -module github.com/openbao/openbao/builtin/logical/openldap/tools - -go 1.17 - -require mvdan.cc/gofumpt v0.3.1 - -require ( - github.com/google/go-cmp v0.5.7 // indirect - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect - golang.org/x/sys v0.1.0 // indirect - golang.org/x/tools v0.1.10 // indirect -) diff --git a/builtin/logical/openldap/tools/go.sum b/builtin/logical/openldap/tools/go.sum deleted file mode 100644 index 404fcfac1c..0000000000 --- a/builtin/logical/openldap/tools/go.sum +++ /dev/null @@ -1,55 +0,0 @@ -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/frankban/quicktest v1.14.2 h1:SPb1KFFmM+ybpEjPUhCCkZOM5xlovT5UbrMvWnXyBns= -github.com/frankban/quicktest v1.14.2/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= -github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= -github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= -github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= -github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= -github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= -github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220319134239-a9b59b0215f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= -golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8= -gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= -mvdan.cc/gofumpt v0.3.1 h1:avhhrOmv0IuvQVK7fvwV91oFSGAk5/6Po8GXTzICeu8= -mvdan.cc/gofumpt v0.3.1/go.mod h1:w3ymliuxvzVx8DAutBnVyDqYb1Niy/yCJt/lk821YCE= diff --git a/builtin/logical/openldap/tools/tools.go b/builtin/logical/openldap/tools/tools.go deleted file mode 100644 index 283ffd86bb..0000000000 --- a/builtin/logical/openldap/tools/tools.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -//go:build tools - -// This file ensures tool dependencies are kept in sync. This is the -// recommended way of doing this according to -// https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module -// To install the following tools at the version used by this repo run: -// $ make bootstrap -// or -// $ go generate -tags tools tools/tools.go - -package tools - -//go:generate go install mvdan.cc/gofumpt -import ( - _ "mvdan.cc/gofumpt" -) diff --git a/go.mod b/go.mod index 83a450a85a..b3028edaf8 100644 --- a/go.mod +++ b/go.mod @@ -295,6 +295,7 @@ require ( github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/miekg/dns v1.1.43 // indirect github.com/moby/patternmatcher v0.5.0 // indirect + github.com/moby/spdystream v0.2.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect diff --git a/go.sum b/go.sum index 284cc3a3b4..be020a5492 100644 --- a/go.sum +++ b/go.sum @@ -161,6 +161,8 @@ github.com/armon/go-metrics v0.4.1/go.mod h1:E6amYzXo6aW1tqzoZGT755KkbgrJsSdpwZ+ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= @@ -512,6 +514,7 @@ github.com/gorilla/sessions v1.2.1 h1:DHd3rPN5lE3Ts3D8rKkQ8x/0kqfeNmBAaiSi+o7Fsg github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.1/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= @@ -862,6 +865,8 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= +github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= +github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= diff --git a/plugins/database/redis/tools/go.mod b/plugins/database/redis/tools/go.mod deleted file mode 100644 index 51e4dad6c0..0000000000 --- a/plugins/database/redis/tools/go.mod +++ /dev/null @@ -1,13 +0,0 @@ -module github.com/hashicorp/vault-plugin-scaffolding/tools - -go 1.19 - -require mvdan.cc/gofumpt v0.3.1 - -require ( - github.com/google/go-cmp v0.5.7 // indirect - golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 // indirect - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect - golang.org/x/sys v0.1.0 // indirect - golang.org/x/tools v0.1.10 // indirect -) diff --git a/plugins/database/redis/tools/go.sum b/plugins/database/redis/tools/go.sum deleted file mode 100644 index 620a7091d5..0000000000 --- a/plugins/database/redis/tools/go.sum +++ /dev/null @@ -1,20 +0,0 @@ -github.com/frankban/quicktest v1.14.2 h1:SPb1KFFmM+ybpEjPUhCCkZOM5xlovT5UbrMvWnXyBns= -github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= -github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= -github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A= -github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3 h1:kQgndtyPBW/JIYERgdxfwMYh3AVStj88WQTlNDi2a+o= -golang.org/x/mod v0.6.0-dev.0.20220106191415-9b9b3d81d5e3/go.mod h1:3p9vT2HGsQu2K1YbXdKPJLVgG5VJdoTa1poYQBtP1AY= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.1.0 h1:kunALQeHf1/185U1i0GOB/fy1IPRDDpuoOOqRReG57U= -golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= -golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= -gopkg.in/errgo.v2 v2.1.0 h1:0vLT13EuvQ0hNvakwLuFZ/jYrLp5F3kcWHXdRggjCE8= -mvdan.cc/gofumpt v0.3.1 h1:avhhrOmv0IuvQVK7fvwV91oFSGAk5/6Po8GXTzICeu8= -mvdan.cc/gofumpt v0.3.1/go.mod h1:w3ymliuxvzVx8DAutBnVyDqYb1Niy/yCJt/lk821YCE= diff --git a/plugins/database/redis/tools/tools.go b/plugins/database/redis/tools/tools.go deleted file mode 100644 index 283ffd86bb..0000000000 --- a/plugins/database/redis/tools/tools.go +++ /dev/null @@ -1,19 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -//go:build tools - -// This file ensures tool dependencies are kept in sync. This is the -// recommended way of doing this according to -// https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module -// To install the following tools at the version used by this repo run: -// $ make bootstrap -// or -// $ go generate -tags tools tools/tools.go - -package tools - -//go:generate go install mvdan.cc/gofumpt -import ( - _ "mvdan.cc/gofumpt" -) diff --git a/scripts/ci-helper.sh b/scripts/ci-helper.sh index 58a6d3584c..0fda3ecd55 100755 --- a/scripts/ci-helper.sh +++ b/scripts/ci-helper.sh @@ -3,7 +3,7 @@ # SPDX-License-Identifier: MPL-2.0 -# The ci-helper is used to determine build metadata, build Vault binaries, +# The ci-helper is used to determine build metadata, build OpenBao binaries, # package those binaries into artifacts, and execute tests with those artifacts. set -euo pipefail @@ -31,7 +31,7 @@ function repo() { # Determine the artifact basename based on metadata function artifact_basename() { - : "${PKG_NAME:="vault"}" + : "${PKG_NAME:="openbao"}" : "${GOOS:=$(go env GOOS)}" : "${GOARCH:=$(go env GOARCH)}" @@ -46,7 +46,7 @@ function artifact_basename() { # Bundle the dist directory into a zip function bundle() { - : "${BUNDLE_PATH:=$(repo_root)/vault.zip}" + : "${BUNDLE_PATH:=$(repo_root)/openbao.zip}" echo "--> Bundling dist/* to $BUNDLE_PATH" zip -r -j "$BUNDLE_PATH" dist/ } @@ -71,7 +71,7 @@ function build_ui() { popd } -# Build Vault +# Build OpenBao function build() { local revision local build_date @@ -88,7 +88,7 @@ function build() { (unset GOOS; unset GOARCH; go generate ./...) # Build our ldflags - msg="--> Building Vault revision $revision, built $build_date" + msg="--> Building OpenBao revision $revision, built $build_date" # Keep the symbol and dwarf information by default if [ -n "$REMOVE_SYMBOLS" ]; then @@ -104,35 +104,32 @@ function build() { ldflags="${ldflags} -X github.com/openbao/openbao/version.VersionMetadata=$VERSION_METADATA" fi - # Build vault + # Build OpenBao echo "$msg" pushd "$(repo_root)" mkdir -p dist mkdir -p out set -x - go build -v -tags "$GO_TAGS" -ldflags "$ldflags" -o dist/ + go build -v -tags "$GO_TAGS" -ldflags "$ldflags" -o dist/bao set +x popd } # Prepare legal requirements for packaging function prepare_legal() { - : "${PKG_NAME:="vault"}" + : "${PKG_NAME:="openbao"}" pushd "$(repo_root)" mkdir -p dist - curl -o dist/EULA.txt https://eula.hashicorp.com/EULA.txt - curl -o dist/TermsOfEvaluation.txt https://eula.hashicorp.com/TermsOfEvaluation.txt mkdir -p ".release/linux/package/usr/share/doc/$PKG_NAME" - cp dist/EULA.txt ".release/linux/package/usr/share/doc/$PKG_NAME/EULA.txt" - cp dist/TermsOfEvaluation.txt ".release/linux/package/usr/share/doc/$PKG_NAME/TermsOfEvaluation.txt" + cp LICENSE ".release/linux/package/usr/share/doc/$PKG_NAME/LICENSE" popd } -# Package version converts a vault version string into a compatible representation for system +# Package version converts an OpenBao version string into a compatible representation for system # packages. function version_package() { - awk '{ gsub("-","~",$1); print $1 }' <<< "$VAULT_VERSION" + awk '{ gsub("-","~",$1); print $1 }' <<< "$OPENBAO_VERSION" } # Run the CI Helper diff --git a/scripts/cross/Dockerfile b/scripts/cross/Dockerfile index c0fddb3b05..a107d069bf 100644 --- a/scripts/cross/Dockerfile +++ b/scripts/cross/Dockerfile @@ -35,6 +35,6 @@ ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH RUN go get golang.org/x/tools/cmd/goimports -RUN mkdir -p /gopath/src/github.com/hashicorp/vault -WORKDIR /gopath/src/github.com/hashicorp/vault +RUN mkdir -p /gopath/src/github.com/openbao/openbao +WORKDIR /gopath/src/github.com/openbao/openbao CMD make static-dist bin diff --git a/scripts/dist.sh b/scripts/dist.sh deleted file mode 100755 index fc605d4fdd..0000000000 --- a/scripts/dist.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env bash -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -set -e - -# Get the version from the command line -VERSION=$1 -if [ -z $VERSION ]; then - echo "Please specify a version." - exit 1 -fi - -# Make sure we have AWS API keys -if ([ -z $AWS_ACCESS_KEY_ID ] || [ -z $AWS_SECRET_ACCESS_KEY ]) && [ ! -z $HC_RELEASE ]; then - echo "Please set your AWS access key information in the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY env vars." - exit 1 -fi - -if [ -z $NOBUILD ] && [ -z $DOCKER_CROSS_IMAGE ]; then - echo "Please set the Docker cross-compile image in DOCKER_CROSS_IMAGE" - exit 1 -fi - -# Get the parent directory of where this script is. -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done -DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )" - -# Change into that dir because we expect that -cd $DIR - -if [ -z $RELBRANCH ]; then - RELBRANCH=main -fi - -# Tag, unless told not to -if [ -z $NOTAG ]; then - echo "==> Tagging..." - git commit --allow-empty --gpg-sign=348FFC4C -m "Cut version $VERSION" - git tag -a -m "Version $VERSION" -s -u 348FFC4C "v${VERSION}" $RELBRANCH -fi - -# Build the packages -if [ -z $NOBUILD ]; then - # This should be a local build of the Dockerfile in the cross dir - docker run --rm -v "$(pwd)":/gopath/src/github.com/hashicorp/vault -w /gopath/src/github.com/hashicorp/vault ${DOCKER_CROSS_IMAGE} -fi - -# Zip all the files -rm -rf ./pkg/dist -mkdir -p ./pkg/dist -for FILENAME in $(find ./pkg -mindepth 1 -maxdepth 1 -type f); do - FILENAME=$(basename $FILENAME) - cp ./pkg/${FILENAME} ./pkg/dist/vault_${VERSION}_${FILENAME} -done - -if [ -z $NOSIGN ]; then - echo "==> Signing..." - pushd ./pkg/dist - rm -f ./vault_${VERSION}_SHA256SUMS* - shasum -a256 * > ./vault_${VERSION}_SHA256SUMS - gpg --default-key 348FFC4C --detach-sig ./vault_${VERSION}_SHA256SUMS - popd -fi - -# Upload -if [ ! -z $HC_RELEASE ]; then - hc-releases upload $DIR/pkg/dist - hc-releases publish - - curl -X PURGE https://releases.hashicorp.com/vault/${VERSION} - for FILENAME in $(find $DIR/pkg/dist -type f); do - FILENAME=$(basename $FILENAME) - curl -X PURGE https://releases.hashicorp.com/vault/${VERSION}/${FILENAME} - done -fi - -exit 0 diff --git a/scripts/semgrep_plugin_repos.sh b/scripts/semgrep_plugin_repos.sh deleted file mode 100755 index 6dc7407320..0000000000 --- a/scripts/semgrep_plugin_repos.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - - -set -e -set -x - -## Make a temp dir -tempdir=$(mktemp -d plugin-semgrep.XXXXXX) -vaultdir=$(pwd) -## Set paths -cd $tempdir - -for plugin in $(grep github.com/hashicorp/vault-plugin- $vaultdir/go.mod | cut -f 2 | cut -d ' ' -f 1 | cut -d '/' -f 3) -do - if [ -z $SKIP_MODULE_UPDATING ] - then - echo "Fetching $plugin..." - git clone https://github.com/hashicorp/$plugin - semgrep --include '*.go' --exclude 'vendor' -a -f $vaultdir/tools/semgrep/ci/ $plugin/. > $plugin.semgrep.txt - fi -done diff --git a/scripts/testciphers.sh b/scripts/testciphers.sh deleted file mode 100755 index f9684f570b..0000000000 --- a/scripts/testciphers.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/usr/bin/env bash -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - - -# Adapted from https://superuser.com/a/224263 - -# OpenSSL requires the port number. -SERVER=$1 -ciphers=$(openssl ciphers 'ALL:eNULL' | sed -e 's/:/ /g') - -echo Obtaining cipher list from $(openssl version). - -for cipher in ${ciphers[@]} -do -echo -n Testing $cipher... -result=$(echo -n | openssl s_client -cipher "$cipher" -alpn req_fw_sb-act_v1 -connect $SERVER 2>&1) -if [[ "$result" =~ ":error:" ]] ; then - error=$(echo -n $result | cut -d':' -f6) - echo NO \($error\) -else - if [[ "$result" =~ "Cipher is ${cipher}" || "$result" =~ "Cipher :" ]] ; then - echo YES - else - echo UNKNOWN RESPONSE - echo $result - fi -fi -done diff --git a/scripts/update_plugin_modules.sh b/scripts/update_plugin_modules.sh deleted file mode 100755 index e74e746e2d..0000000000 --- a/scripts/update_plugin_modules.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/bin/sh -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - - -set -e - -## Make a temp dir -tempdir=$(mktemp -d update-plugin-modules.XXXXXX) - -## Set paths -cd $tempdir - -## Get Vault -echo "Fetching vault..." -git clone https://github.com/hashicorp/vault - -for plugin in $(grep github.com/hashicorp/vault-plugin- vault/go.mod | cut -f 2 | cut -d ' ' -f 1 | cut -d '/' -f 3) -do - if [ -z $SKIP_MODULE_UPDATING ] - then - echo "Fetching $plugin..." - git clone https://github.com/hashicorp/$plugin - cd $plugin - rm -rf vendor - go get github.com/openbao/openbao/api${API_BRANCH} - go mod tidy - go mod vendor - git add . - git commit --allow-empty -m "Updating vault dep" - if [ ! -z $PUSH_COMMITS ] - then - git push - fi - cd .. - fi - cd vault - go get github.com/hashicorp/$plugin@main - cd .. -done - -cd vault -go mod tidy -rm -rf vendor -go mod vendor -git add . -git commit --allow-empty -m "Updating plugin deps" -if [ ! -z $PUSH_VAULT_COMMIT ] -then - git push -fi diff --git a/scripts/windows/build.bat b/scripts/windows/build.bat deleted file mode 100644 index 2733f621ef..0000000000 --- a/scripts/windows/build.bat +++ /dev/null @@ -1,96 +0,0 @@ -@echo off -setlocal - -set _EXITCODE=0 -set _DEV_BUILD=0 - -if not exist %1 exit /b 1 -if x%2 == xVAULT_DEV set _DEV_BUILD=1 - -cd %1 -md bin 2>nul - -:: Get the git commit -set _GIT_COMMIT_FILE=%TEMP%\vault-git_commit.txt -set _GIT_DIRTY_FILE=%TEMP%\vault-git_dirty.txt -set _GIT_COMMIT_DATE_FILE=%TEMP%\vault-git_commit_date.txt - -set _NUL_CMP_FILE=%TEMP%\vault-nul_cmp.txt -type nul >%_NUL_CMP_FILE% - -git rev-parse HEAD >"%_GIT_COMMIT_FILE%" -set /p _GIT_COMMIT=<"%_GIT_COMMIT_FILE%" -del /f "%_GIT_COMMIT_FILE%" 2>nul - -git show -s --format=%cd --date=format:"%Y-%m-%dT%H:%M:%SZ" HEAD >"%_GIT_COMMIT__DATE_FILE%" -set /p _BUILD_DATE=<"%_GIT_COMMIT_DATE_FILE%" -del /f "%_GIT_COMMIT_DATE_FILE%" 2>nul - -set _GIT_DIRTY= -git status --porcelain >"%_GIT_DIRTY_FILE%" -fc "%_GIT_DIRTY_FILE%" "%_NUL_CMP_FILE%" >nul -if errorlevel 1 set _GIT_DIRTY=+CHANGES -del /f "%_GIT_DIRTY_FILE%" 2>nul -del /f "%_NUL_CMP_FILE%" 2>nul - -REM Determine the arch/os combos we're building for -set _XC_ARCH=386 amd64 arm -set _XC_OS=linux darwin windows freebsd openbsd - -REM Install dependencies -echo ==^> Installing dependencies... -go get ./... - -REM Clean up the old binaries and packages. -echo ==^> Cleaning old builds... -rd /s /q bin pkg 2>nul -md bin 2>nul - -REM If its dev mode, only build for ourself -if not %_DEV_BUILD% equ 1 goto build - -:devbuild -echo ==^> Preparing for development build... -set _GO_ENV_TMP_FILE=%TEMP%\vault-go-env.txt -go env GOARCH >"%_GO_ENV_TMP_FILE%" -set /p _XC_ARCH=<"%_GO_ENV_TMP_FILE%" -del /f "%_GO_ENV_TMP_FILE%" 2>nul -go env GOOS >"%_GO_ENV_TMP_FILE%" -set /p _XC_OS=<"%_GO_ENV_TMP_FILE%" -del /f "%_GO_ENV_TMP_FILE%" 2>nul - -:build -REM Build! -echo ==^> Building... -go build^ - -ldflags "-X github.com/openbao/openbao/version.GitCommit=%_GIT_COMMIT%%_GIT_DIRTY% -X github.com/openbao/openbao/version.BuildDate=%_BUILD_DATE%"^ - -o "bin/vault.exe"^ - . - -if %ERRORLEVEL% equ 1 set %_EXITCODE%=1 - -if %_EXITCODE% equ 1 exit /b %_EXITCODE% - -set _GO_ENV_TMP_FILE=%TEMP%\vault-go-env.txt - -go env GOPATH >"%_GO_ENV_TMP_FILE%" -set /p _GOPATH=<"%_GO_ENV_TMP_FILE%" -del /f "%_GO_ENV_TMP_FILE%" 2>nul - -go env GOARCH >"%_GO_ENV_TMP_FILE%" -set /p _GOARCH=<"%_GO_ENV_TMP_FILE%" -del /f "%_GO_ENV_TMP_FILE%" 2>nul - -go env GOOS >"%_GO_ENV_TMP_FILE%" -set /p _GOOS=<"%_GO_ENV_TMP_FILE%" -del /f "%_GO_ENV_TMP_FILE%" 2>nul - -REM TODO(ceh): package dist - -REM Done! -echo. -echo ==^> Results: -echo. -for %%A in ("bin\*") do echo %%~fA - -exit /b %_EXITCODE%