Initial commit

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,15 @@
+# Overview
+A high level description of the contribution, including:
+Who the change affects or is for (stakeholders)?
+What is the change?
+Why is the change needed?
+How does this change affect the user experience (if at all)?
+
+# Related Issues/Pull Requests
+- [ ] [Issue #1234](https://github.com/hashicorp/vault/issues/1234)
+- [ ] [PR #1234](https://github.com/hashicorp/vault/pr/1234)
+
+# Contributor Checklist
+- [ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet
+- [ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests)
+- [ ] Backwards compatible

.github/workflows/actionlint.yaml

@@ -0,0 +1,10 @@
+name: Lint GitHub Actions Workflows
+on:
+  push:
+    paths:
+    - '.github/workflows/**'
+jobs:
+  actionlint:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main
+

.github/workflows/bulk-dep-upgrades.yaml

@@ -0,0 +1,16 @@
+name: Upgrade dependencies
+on:
+  workflow_dispatch:
+  schedule:
+    # Runs 12:00AM on the first of every month
+    - cron: '0 0 1 * *'
+jobs:
+  upgrade:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/bulk-dependency-updates.yaml@main
+    secrets:
+      VAULT_ECO_GITHUB_TOKEN: ${{ secrets.VAULT_ECO_GITHUB_TOKEN }}
+    with:
+      reviewer-team: hashicorp/vault-ecosystem-applications
+      repository: ${{ github.repository }}
+      run-id: ${{ github.run_id }}

.github/workflows/jira.yaml

@@ -0,0 +1,17 @@
+name: Jira Sync
+on:
+  issues:
+    types: [opened, closed, deleted, reopened]
+  pull_request_target:
+    types: [opened, closed, reopened]
+  issue_comment: # Also triggers when commenting on a PR from the conversation view
+    types: [created]
+jobs:
+  sync:
+    uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main
+    secrets:
+      JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
+      JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
+      JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
+    with:
+      teams-array: '["ecosystem", "applications-eco"]'

.github/workflows/tests.yaml

@@ -0,0 +1,7 @@
+name: Run Tests
+on:
+  push:
+jobs:
+  run-tests:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/tests.yaml@main

.gitignore

@@ -0,0 +1,7 @@
+.DS_Store
+.idea
+.vscode
+pkg/*
+bin/*
+go.work
+go.work.sum

.go-version

@@ -0,0 +1 @@
+1.20.4

CHANGELOG.md

@@ -0,0 +1 @@
+## Unreleased

Makefile

@@ -0,0 +1,39 @@
+# Determine this makefile's path.
+# Be sure to place this BEFORE `include` directives, if any.
+REPO_DIR := $(shell basename $(CURDIR))
+
+PLUGIN_NAME := $(shell command ls cmd/)
+
+.PHONY: default
+default: dev
+
+.PHONY: dev
+dev:
+	CGO_ENABLED=0 go build -o bin/$(PLUGIN_NAME) cmd/$(PLUGIN_NAME)/main.go
+
+# bootstrap the build by downloading additional tools
+.PHONY: bootstrap
+bootstrap:
+	@echo "Downloading tools ..."
+	@go generate -tags tools tools/tools.go
+	# This should only ever be performed once, so we lean on the cmd/ directory
+	# to indicate whether this has already been done.
+	@if [ "$(PLUGIN_NAME)" != "$(REPO_DIR)" ]; then \
+		echo "Renaming cmd/$(PLUGIN_NAME) to cmd/$(REPO_DIR) ..."; \
+		mv cmd/$(PLUGIN_NAME) to cmd/$(REPO_DIR); \
+		echo "Renaming Go module to github.com/hashicorp/$(REPO_DIR) ..."; \
+        go mod edit -module github.com/hashicorp/$(REPO_DIR); \
+	fi
+
+
+.PHONY: test
+test: fmtcheck
+	CGO_ENABLED=0 go test ./... $(TESTARGS) -timeout=20m
+
+.PHONY: fmtcheck
+fmtcheck:
+	@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"
+
+.PHONY: fmt
+fmt:
+	gofumpt -l -w .

README.md

@@ -0,0 +1,147 @@
+# Vault Plugin Scaffolding
+
+This is a standalone backend plugin for use with [Hashicorp
+Vault](https://www.github.com/hashicorp/vault).
+
+[//]: <> (Include a general statement about this plugin)
+
+Please note: We take Vault's security and our users' trust very seriously. If
+you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at [[email protected]](mailto:[email protected]).
+
+## Using this Template Repository
+
+_Note: Remove this instruction sub-heading once you've created a repository from this template_
+
+This repository is a template for a Vault secret engine and auth method plugins.
+It is intended as a starting point for creating Vault plugins, containing:
+
+- Changelog, readme, Makefile, pull request template
+- Scripts for internal tooling
+- Jira sync and basic testing GitHub actions
+- A base `main.go` for compiling the plugin
+
+There's some minimal GitHub Secrets setup required in order to get the Jira sync
+GH action working. Install the `gh` [CLI](https://cli.github.com/manual/) and
+perform the following commands to set secrets for this repository.
+
+```sh
+gh secret set JIRA_SYNC_BASE_URL 
+gh secret set JIRA_SYNC_USER_EMAIL 
+gh secret set JIRA_SYNC_API_TOKEN
+```
+
+
+This template repository does not include a Mozilla Public License 2.0 `LICENSE`
+since plugins created this way can be internal to hashicorp and for Vault
+Enterprise consumption. To add a license, follow [these GitHub
+instructions](https://docs.github.com/en/communities/setting-up-your-project-for-healthy-contributions/adding-a-license-to-a-repository),
+or obtain one from one of our public Vault plugins.
+
+Please see the [GitHub template repository
+documentation](https://help.github.com/en/github/creating-cloning-and-archiving-repositories/creating-a-repository-from-a-template)
+for how to create a new repository from this template on GitHub.
+
+Things _not_ handled by this template repository:
+- Repository settings, such as branch protection rules
+- Memberships and permissions
+- GitHub secrets for this repository
+
+Please see the [Repository Configuration Page](https://hashicorp.atlassian.net/wiki/spaces/VAULT/pages/2103476333/Repository+Configuration)
+for the setting proper repository configuration values.
+
+## Quick Links
+
+- [Vault Website](https://developer.hashicorp.com/vault)
+- [Vault Project GitHub](https://www.github.com/hashicorp/vault)
+
+[//]: <> (Include any other quick links relevant to your plugin)
+
+## Getting Started
+
+This is a [Vault plugin](https://developer.hashicorp.com/vault/docs/plugins)
+and is meant to work with Vault. This guide assumes you have already installed
+Vault and have a basic understanding of how Vault works.
+
+Otherwise, first read this guide on how to [get started with
+Vault](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install).
+
+
+## Usage
+
+[//]: <> (Provide usage instructions and/or links to this plugin)
+
+## Developing
+
+If you wish to work on this plugin, you'll first need
+[Go](https://www.golang.org) installed on your machine.
+
+If you're developing for the first time, run `make bootstrap` to install the
+necessary tools. Bootstrap will also update repository name references if that
+has not been performed ever before.
+
+```sh
+$ make bootstrap
+```
+
+To compile a development version of this plugin, run `make` or `make dev`.
+This will put the plugin binary in the `bin` and `$GOPATH/bin` folders. `dev`
+mode will only generate the binary for your platform and is faster:
+
+```sh
+$ make dev
+```
+
+Put the plugin binary into a location of your choice. This directory
+will be specified as the [`plugin_directory`](https://developer.hashicorp.com/vault/docs/configuration#plugin_directory)
+in the Vault config used to start the server.
+
+```hcl
+# config.hcl
+plugin_directory = "path/to/plugin/directory"
+...
+```
+
+Start a Vault server with this config file:
+
+```sh
+$ vault server -dev -config=path/to/config.hcl ...
+...
+```
+
+Once the server is started, register the plugin in the Vault server's [plugin catalog](https://developer.hashicorp.com/vault/docs/plugins/plugin-architecture#plugin-catalog):
+
+```sh
+$ SHA256=$(openssl dgst -sha256 $GOPATH/vault-plugin-secrets-myplugin | cut -d ' ' -f2)
+$ vault plugin register \
+        -sha256=$SHA256 \
+        -command="vault-plugin-secrets-myplugin" \
+        secrets myplugin
+...
+Success! Data written to: sys/plugins/catalog/myplugin
+```
+
+Enable the secrets engine to use this plugin:
+
+```sh
+$ vault secrets enable myplugin
+...
+
+Successfully enabled 'plugin' at 'myplugin'!
+```
+
+### Tests
+
+To run the tests, invoke `make test`:
+
+```sh
+$ make test
+```
+
+You can also specify a `TESTARGS` variable to filter tests like so:
+
+```sh
+$ make test TESTARGS='-run=TestConfig'
+```
+
+[//]: <> (Specify any other test instructions such as acceptance/integration tests)

cmd/vault-plugin-scaffolding/main.go

@@ -0,0 +1,32 @@
+package main
+
+import (
+	"os"
+
+	"github.com/hashicorp/go-hclog"
+	"github.com/hashicorp/vault/api"
+	"github.com/hashicorp/vault/sdk/plugin"
+)
+
+func main() {
+	apiClientMeta := &api.PluginAPIClientMeta{}
+	flags := apiClientMeta.FlagSet()
+	flags.Parse(os.Args[1:])
+
+	tlsConfig := apiClientMeta.GetTLSConfig()
+	tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
+
+	err := plugin.ServeMultiplex(&plugin.ServeOpts{
+		// set the TLSProviderFunc so that the plugin maintains backwards
+		// compatibility with Vault versions that don’t support plugin AutoMTLS
+		TLSProviderFunc: tlsProviderFunc,
+		// TODO: Add the plugin's Factory function here, e.g.:
+		// BackendFactoryFunc: vault-plugin-scaffolding.Factory,
+	})
+	if err != nil {
+		logger := hclog.New(&hclog.LoggerOptions{})
+
+		logger.Error("plugin shutting down", "error", err)
+		os.Exit(1)
+	}
+}

go.mod

@@ -0,0 +1,56 @@
+module github.com/hashicorp/vault-hcp-lib
+
+go 1.20
+
+require (
+	github.com/hashicorp/go-hclog v1.5.0
+	github.com/hashicorp/vault/api v1.9.2
+	github.com/hashicorp/vault/sdk v0.9.1
+)
+
+require (
+	github.com/armon/go-metrics v0.4.1 // indirect
+	github.com/armon/go-radix v1.0.0 // indirect
+	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
+	github.com/fatih/color v1.13.0 // indirect
+	github.com/frankban/quicktest v1.14.2 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/hashicorp/errwrap v1.1.0 // indirect
+	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
+	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-kms-wrapping/v2 v2.0.8 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-plugin v1.4.8 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
+	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/oklog/run v1.1.0 // indirect
+	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
+	github.com/ryanuber/go-glob v1.0.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	golang.org/x/crypto v0.6.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
+	google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4 // indirect
+	google.golang.org/grpc v1.53.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
+)