From 861454e0ed1390d67ddaf1a53c1798e5e291728c Mon Sep 17 00:00:00 2001 From: Jeff Mitchell Date: Thu, 15 Jul 2021 20:17:31 -0400 Subject: [PATCH] Migrate to sdk/internalshared libs in go-secure-stdlib (#12090) * Swap sdk/helper libs to go-secure-stdlib * Migrate to go-secure-stdlib reloadutil * Migrate to go-secure-stdlib kv-builder * Migrate to go-secure-stdlib gatedwriter --- api/client.go | 2 +- api/go.mod | 1 + api/secret.go | 2 +- api/sys_raft.go | 2 +- audit/hashstructure.go | 2 +- builtin/audit/socket/backend.go | 2 +- builtin/credential/approle/path_login.go | 2 +- builtin/credential/approle/path_role.go | 4 +- builtin/credential/aws/path_config_client.go | 2 +- .../credential/aws/path_config_identity.go | 2 +- builtin/credential/aws/path_login.go | 2 +- builtin/credential/aws/path_role_tag.go | 2 +- builtin/credential/aws/path_role_test.go | 2 +- builtin/credential/github/cli.go | 2 +- builtin/credential/ldap/backend.go | 2 +- builtin/credential/ldap/cli.go | 2 +- builtin/credential/ldap/path_users.go | 2 +- builtin/credential/okta/cli.go | 2 +- builtin/credential/token/cli.go | 2 +- builtin/credential/userpass/cli.go | 2 +- builtin/logical/aws/path_roles.go | 2 +- builtin/logical/aws/path_user.go | 2 +- .../cassandra/path_config_connection.go | 2 +- .../logical/cassandra/path_creds_create.go | 2 +- builtin/logical/cassandra/util.go | 2 +- builtin/logical/database/backend.go | 2 +- builtin/logical/database/path_creds_create.go | 2 +- builtin/logical/database/path_roles.go | 2 +- builtin/logical/database/rotation.go | 2 +- builtin/logical/mssql/path_creds_create.go | 2 +- builtin/logical/mssql/path_roles.go | 2 +- builtin/logical/mysql/path_role_create.go | 2 +- builtin/logical/mysql/path_roles.go | 2 +- builtin/logical/mysql/secret_creds.go | 2 +- builtin/logical/pki/backend_test.go | 2 +- builtin/logical/pki/cert_util.go | 2 +- builtin/logical/pki/path_roles.go | 2 +- builtin/logical/pki/path_roles_test.go | 2 +- .../logical/postgresql/path_role_create.go | 2 +- builtin/logical/postgresql/path_roles.go | 2 +- builtin/logical/postgresql/secret_creds.go | 2 +- builtin/logical/rabbitmq/backend_test.go | 2 +- builtin/logical/rabbitmq/passwords.go | 2 +- .../logical/ssh/path_config_zeroaddress.go | 2 +- builtin/logical/ssh/path_roles.go | 2 +- builtin/logical/ssh/path_sign.go | 4 +- builtin/logical/ssh/util.go | 2 +- command/agent.go | 2 +- command/agent/auth/approle/approle.go | 2 +- command/agent/auth/gcp/gcp.go | 2 +- command/agent/auth/kerberos/kerberos.go | 2 +- command/agent/cache/api_proxy.go | 2 +- command/agent/cache/lease_cache.go | 2 +- command/agent/config/config.go | 2 +- command/base_helpers.go | 2 +- command/base_predict_test.go | 2 +- command/debug.go | 4 +- command/kv_helpers.go | 2 +- command/monitor.go | 2 +- command/operator_diagnose.go | 6 +- command/operator_generate_root.go | 4 +- command/operator_migrate_test.go | 2 +- command/operator_rekey.go | 2 +- command/operator_unseal.go | 2 +- command/server.go | 7 +- command/server/config.go | 2 +- command/server/listener.go | 2 +- command/server/listener_tcp.go | 2 +- go.mod | 9 ++ go.sum | 6 + helper/proxyutil/proxyutil.go | 2 +- http/cors.go | 2 +- http/handler.go | 2 +- http/sys_generate_root.go | 2 +- http/sys_health.go | 2 +- http/sys_raft.go | 2 +- internalshared/configutil/config.go | 2 +- internalshared/configutil/kms.go | 2 +- internalshared/configutil/lint.go | 3 +- internalshared/configutil/listener.go | 6 +- internalshared/configutil/telemetry.go | 3 +- internalshared/gatedwriter/writer.go | 43 ------ internalshared/gatedwriter/writer_test.go | 34 ----- internalshared/kv-builder/builder.go | 131 ----------------- internalshared/kv-builder/builder_test.go | 139 ------------------ internalshared/listenerutil/listener.go | 4 +- internalshared/reloadutil/reload.go | 83 ----------- internalshared/reloadutil/reload_test.go | 74 ---------- physical/aerospike/aerospike.go | 2 +- physical/azure/azure.go | 2 +- physical/cockroachdb/cockroachdb.go | 2 +- physical/consul/consul.go | 4 +- physical/etcd/etcd3.go | 4 +- physical/mssql/mssql.go | 2 +- physical/mysql/mysql.go | 2 +- physical/oci/oci.go | 2 +- physical/raft/fsm.go | 2 +- physical/raft/raft.go | 2 +- physical/raft/raft_autopilot.go | 4 +- physical/s3/s3.go | 2 +- physical/spanner/spanner.go | 2 +- physical/swift/swift.go | 2 +- physical/zookeeper/zookeeper.go | 4 +- plugins/database/cassandra/cassandra.go | 2 +- .../database/cassandra/connection_producer.go | 4 +- plugins/database/hana/hana.go | 2 +- .../database/influxdb/connection_producer.go | 4 +- plugins/database/influxdb/influxdb.go | 2 +- plugins/database/mongodb/mongodb.go | 2 +- plugins/database/mssql/mssql.go | 2 +- plugins/database/mysql/connection_producer.go | 2 +- plugins/database/mysql/mysql.go | 2 +- plugins/database/mysql/mysql_test.go | 2 +- plugins/database/postgresql/postgresql.go | 2 +- plugins/database/redshift/redshift.go | 2 +- sdk/database/helper/connutil/sql.go | 2 +- sdk/database/helper/credsutil/credsutil.go | 2 +- sdk/framework/backend.go | 2 +- sdk/framework/field_data.go | 4 +- sdk/helper/authmetadata/auth_metadata.go | 2 +- sdk/helper/cidrutil/cidr.go | 2 +- .../keysutil/encrypted_key_storage_test.go | 2 +- sdk/helper/ldaputil/client.go | 2 +- sdk/helper/ldaputil/config.go | 2 +- sdk/helper/pluginutil/env.go | 2 +- sdk/helper/policyutil/policyutil.go | 2 +- sdk/helper/template/template.go | 2 +- sdk/helper/tokenutil/tokenutil.go | 4 +- sdk/plugin/pb/translation.go | 2 +- .../consul/consul_service_registration.go | 6 +- vault/acl.go | 2 +- vault/auth.go | 2 +- vault/barrier_aes_gcm.go | 2 +- vault/cluster/inmem_layer.go | 2 +- vault/core.go | 8 +- vault/cors.go | 2 +- vault/diagnose/helpers.go | 16 +- vault/diagnose/tls_verification.go | 12 +- vault/expiration.go | 3 +- .../external_tests/identity/entities_test.go | 2 +- .../external_tests/identity/identity_test.go | 2 +- vault/external_tests/policy/policy_test.go | 2 +- .../raft/raft_autopilot_test.go | 2 +- vault/generate_root_recovery.go | 2 +- vault/generate_root_test.go | 2 +- vault/identity_store.go | 2 +- vault/identity_store_entities.go | 2 +- vault/identity_store_groups.go | 2 +- vault/identity_store_oidc.go | 4 +- vault/identity_store_util.go | 2 +- vault/logical_passthrough.go | 2 +- vault/logical_passthrough_test.go | 2 +- vault/logical_system.go | 4 +- vault/mount.go | 2 +- vault/plugin_reload.go | 2 +- vault/policy.go | 2 +- vault/policy_store.go | 2 +- vault/raft.go | 2 +- vault/request_handling.go | 2 +- vault/router.go | 2 +- vault/testing.go | 2 +- vault/token_store.go | 6 +- vault/token_store_test.go | 2 +- 163 files changed, 207 insertions(+), 705 deletions(-) delete mode 100644 internalshared/gatedwriter/writer.go delete mode 100644 internalshared/gatedwriter/writer_test.go delete mode 100644 internalshared/kv-builder/builder.go delete mode 100644 internalshared/kv-builder/builder_test.go delete mode 100644 internalshared/reloadutil/reload.go delete mode 100644 internalshared/reloadutil/reload_test.go diff --git a/api/client.go b/api/client.go index 1c890e01d422..b7282dbaf9b0 100644 --- a/api/client.go +++ b/api/client.go @@ -19,8 +19,8 @@ import ( cleanhttp "github.com/hashicorp/go-cleanhttp" retryablehttp "github.com/hashicorp/go-retryablehttp" rootcerts "github.com/hashicorp/go-rootcerts" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" "golang.org/x/net/http2" "golang.org/x/time/rate" ) diff --git a/api/go.mod b/api/go.mod index 76830b187df7..e59a7f6370c4 100644 --- a/api/go.mod +++ b/api/go.mod @@ -14,6 +14,7 @@ require ( github.com/hashicorp/go-multierror v1.1.0 github.com/hashicorp/go-retryablehttp v0.6.6 github.com/hashicorp/go-rootcerts v1.0.2 + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 github.com/hashicorp/hcl v1.0.0 github.com/hashicorp/vault/sdk v0.2.1 github.com/mitchellh/mapstructure v1.4.1 diff --git a/api/secret.go b/api/secret.go index d5b9ce9729eb..64865d0ba1dc 100644 --- a/api/secret.go +++ b/api/secret.go @@ -7,8 +7,8 @@ import ( "time" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) // Secret is the structure returned for every secret within Vault. diff --git a/api/sys_raft.go b/api/sys_raft.go index c66ae629e495..5677cf454a92 100644 --- a/api/sys_raft.go +++ b/api/sys_raft.go @@ -9,7 +9,7 @@ import ( "net/http" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/mitchellh/mapstructure" diff --git a/audit/hashstructure.go b/audit/hashstructure.go index 663056479a79..11c6214ff7b3 100644 --- a/audit/hashstructure.go +++ b/audit/hashstructure.go @@ -6,8 +6,8 @@ import ( "reflect" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/salt" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/copystructure" diff --git a/builtin/audit/socket/backend.go b/builtin/audit/socket/backend.go index 2aef3a539d1f..f7892b548473 100644 --- a/builtin/audit/socket/backend.go +++ b/builtin/audit/socket/backend.go @@ -10,8 +10,8 @@ import ( "time" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/audit" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/salt" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/approle/path_login.go b/builtin/credential/approle/path_login.go index 104b9015b92d..a392966fa8ca 100644 --- a/builtin/credential/approle/path_login.go +++ b/builtin/credential/approle/path_login.go @@ -6,9 +6,9 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/approle/path_role.go b/builtin/credential/approle/path_role.go index d6e30e2092b8..b4c62185c815 100644 --- a/builtin/credential/approle/path_role.go +++ b/builtin/credential/approle/path_role.go @@ -7,14 +7,14 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_config_client.go b/builtin/credential/aws/path_config_client.go index 0c66f5124a5d..c609e1acd608 100644 --- a/builtin/credential/aws/path_config_client.go +++ b/builtin/credential/aws/path_config_client.go @@ -8,8 +8,8 @@ import ( "strings" "github.com/aws/aws-sdk-go/aws" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_config_identity.go b/builtin/credential/aws/path_config_identity.go index 76e0b302ba6d..282d277fab54 100644 --- a/builtin/credential/aws/path_config_identity.go +++ b/builtin/credential/aws/path_config_identity.go @@ -4,9 +4,9 @@ import ( "context" "fmt" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/authmetadata" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go index 03c63f2e6a26..41bf044cfb9e 100644 --- a/builtin/credential/aws/path_login.go +++ b/builtin/credential/aws/path_login.go @@ -24,12 +24,12 @@ import ( "github.com/hashicorp/errwrap" cleanhttp "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-retryablehttp" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/awsutil" "github.com/hashicorp/vault/sdk/helper/cidrutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_role_tag.go b/builtin/credential/aws/path_role_tag.go index f201c3ef7120..15927a82a2bb 100644 --- a/builtin/credential/aws/path_role_tag.go +++ b/builtin/credential/aws/path_role_tag.go @@ -11,10 +11,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/aws/path_role_test.go b/builtin/credential/aws/path_role_test.go index 5d7a0e313880..790a7ce16405 100644 --- a/builtin/credential/aws/path_role_test.go +++ b/builtin/credential/aws/path_role_test.go @@ -9,11 +9,11 @@ import ( "github.com/go-test/deep" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" vlttesting "github.com/hashicorp/vault/helper/testhelpers/logical" "github.com/hashicorp/vault/sdk/helper/awsutil" "github.com/hashicorp/vault/sdk/helper/logging" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/github/cli.go b/builtin/credential/github/cli.go index cfdb4cc11f9e..bccc6fa516e2 100644 --- a/builtin/credential/github/cli.go +++ b/builtin/credential/github/cli.go @@ -6,8 +6,8 @@ import ( "os" "strings" + "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/password" ) type CLIHandler struct { diff --git a/builtin/credential/ldap/backend.go b/builtin/credential/ldap/backend.go index 12ce5d4c533d..9872aaed581c 100644 --- a/builtin/credential/ldap/backend.go +++ b/builtin/credential/ldap/backend.go @@ -5,10 +5,10 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/mfa" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/ldaputil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/ldap/cli.go b/builtin/credential/ldap/cli.go index 528bec6cb0f9..21302a7c5064 100644 --- a/builtin/credential/ldap/cli.go +++ b/builtin/credential/ldap/cli.go @@ -5,8 +5,8 @@ import ( "os" "strings" + pwd "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - pwd "github.com/hashicorp/vault/sdk/helper/password" ) type CLIHandler struct{} diff --git a/builtin/credential/ldap/path_users.go b/builtin/credential/ldap/path_users.go index 2cfd34d267a1..a4e18d30eb6d 100644 --- a/builtin/credential/ldap/path_users.go +++ b/builtin/credential/ldap/path_users.go @@ -4,9 +4,9 @@ import ( "context" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/credential/okta/cli.go b/builtin/credential/okta/cli.go index 4dbd3e30974f..cc526f638ae5 100644 --- a/builtin/credential/okta/cli.go +++ b/builtin/credential/okta/cli.go @@ -5,8 +5,8 @@ import ( "os" "strings" + pwd "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - pwd "github.com/hashicorp/vault/sdk/helper/password" ) // CLIHandler struct diff --git a/builtin/credential/token/cli.go b/builtin/credential/token/cli.go index feadba2e942b..64a88169cbe7 100644 --- a/builtin/credential/token/cli.go +++ b/builtin/credential/token/cli.go @@ -7,8 +7,8 @@ import ( "strconv" "strings" + "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/password" ) type CLIHandler struct { diff --git a/builtin/credential/userpass/cli.go b/builtin/credential/userpass/cli.go index 61ddfdc79610..34c3c31916f3 100644 --- a/builtin/credential/userpass/cli.go +++ b/builtin/credential/userpass/cli.go @@ -5,8 +5,8 @@ import ( "os" "strings" + pwd "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - pwd "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/mapstructure" ) diff --git a/builtin/logical/aws/path_roles.go b/builtin/logical/aws/path_roles.go index 3ef32f2d1d59..ca241b5472b6 100644 --- a/builtin/logical/aws/path_roles.go +++ b/builtin/logical/aws/path_roles.go @@ -12,9 +12,9 @@ import ( "github.com/aws/aws-sdk-go/aws/arn" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/aws/path_user.go b/builtin/logical/aws/path_user.go index 05c8730c353a..2be885a0092e 100644 --- a/builtin/logical/aws/path_user.go +++ b/builtin/logical/aws/path_user.go @@ -9,8 +9,8 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/iam" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/mapstructure" ) diff --git a/builtin/logical/cassandra/path_config_connection.go b/builtin/logical/cassandra/path_config_connection.go index db551be989c7..afa1816880d8 100644 --- a/builtin/logical/cassandra/path_config_connection.go +++ b/builtin/logical/cassandra/path_config_connection.go @@ -4,9 +4,9 @@ import ( "context" "fmt" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/cassandra/path_creds_create.go b/builtin/logical/cassandra/path_creds_create.go index f6505cfb6907..a66c4e574e38 100644 --- a/builtin/logical/cassandra/path_creds_create.go +++ b/builtin/logical/cassandra/path_creds_create.go @@ -7,9 +7,9 @@ import ( "time" "github.com/gocql/gocql" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/cassandra/util.go b/builtin/logical/cassandra/util.go index 39da3f23a417..c0347bc49f5d 100644 --- a/builtin/logical/cassandra/util.go +++ b/builtin/logical/cassandra/util.go @@ -7,8 +7,8 @@ import ( "time" "github.com/gocql/gocql" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/database/backend.go b/builtin/logical/database/backend.go index f3ad3fc86f31..8572b0947eea 100644 --- a/builtin/logical/database/backend.go +++ b/builtin/logical/database/backend.go @@ -9,13 +9,13 @@ import ( "time" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-uuid" v4 "github.com/hashicorp/vault/sdk/database/dbplugin" v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/queue" ) diff --git a/builtin/logical/database/path_creds_create.go b/builtin/logical/database/path_creds_create.go index 020afc4c038c..9a5bcb91bc6b 100644 --- a/builtin/logical/database/path_creds_create.go +++ b/builtin/logical/database/path_creds_create.go @@ -5,9 +5,9 @@ import ( "fmt" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/database/path_roles.go b/builtin/logical/database/path_roles.go index 3aefe822670c..fd272dd1e42d 100644 --- a/builtin/logical/database/path_roles.go +++ b/builtin/logical/database/path_roles.go @@ -6,10 +6,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" v4 "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/queue" ) diff --git a/builtin/logical/database/rotation.go b/builtin/logical/database/rotation.go index 79ba9dee2524..25652e8b545f 100644 --- a/builtin/logical/database/rotation.go +++ b/builtin/logical/database/rotation.go @@ -8,12 +8,12 @@ import ( "time" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" v4 "github.com/hashicorp/vault/sdk/database/dbplugin" v5 "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/queue" ) diff --git a/builtin/logical/mssql/path_creds_create.go b/builtin/logical/mssql/path_creds_create.go index 1f8eea6f4cbb..7982e630bc5e 100644 --- a/builtin/logical/mssql/path_creds_create.go +++ b/builtin/logical/mssql/path_creds_create.go @@ -5,10 +5,10 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mssql/path_roles.go b/builtin/logical/mssql/path_roles.go index 3332db7b5c36..e378422d3cf7 100644 --- a/builtin/logical/mssql/path_roles.go +++ b/builtin/logical/mssql/path_roles.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mysql/path_role_create.go b/builtin/logical/mysql/path_role_create.go index ac237423bc38..a553fc0c22dd 100644 --- a/builtin/logical/mysql/path_role_create.go +++ b/builtin/logical/mysql/path_role_create.go @@ -5,10 +5,10 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" _ "github.com/lib/pq" ) diff --git a/builtin/logical/mysql/path_roles.go b/builtin/logical/mysql/path_roles.go index 583a7d3203bd..eecf48732fe2 100644 --- a/builtin/logical/mysql/path_roles.go +++ b/builtin/logical/mysql/path_roles.go @@ -6,8 +6,8 @@ import ( "strings" _ "github.com/go-sql-driver/mysql" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/mysql/secret_creds.go b/builtin/logical/mysql/secret_creds.go index 8a1043db9063..5de5f3c1783a 100644 --- a/builtin/logical/mysql/secret_creds.go +++ b/builtin/logical/mysql/secret_creds.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/pki/backend_test.go b/builtin/logical/pki/backend_test.go index a3c85764e87c..3f23068f98a2 100644 --- a/builtin/logical/pki/backend_test.go +++ b/builtin/logical/pki/backend_test.go @@ -30,12 +30,12 @@ import ( "github.com/fatih/structs" "github.com/go-test/deep" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/builtin/credential/userpass" logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical" vaulthttp "github.com/hashicorp/vault/http" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" "github.com/mitchellh/mapstructure" diff --git a/builtin/logical/pki/cert_util.go b/builtin/logical/pki/cert_util.go index 9a944dc1aa79..ea6f86af64d0 100644 --- a/builtin/logical/pki/cert_util.go +++ b/builtin/logical/pki/cert_util.go @@ -18,10 +18,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/errutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/ryanuber/go-glob" "golang.org/x/crypto/cryptobyte" diff --git a/builtin/logical/pki/path_roles.go b/builtin/logical/pki/path_roles.go index 000d95e5c84b..6ca724acd12a 100644 --- a/builtin/logical/pki/path_roles.go +++ b/builtin/logical/pki/path_roles.go @@ -7,10 +7,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/pki/path_roles_test.go b/builtin/logical/pki/path_roles_test.go index 791cc584a232..64b8057b7110 100644 --- a/builtin/logical/pki/path_roles_test.go +++ b/builtin/logical/pki/path_roles_test.go @@ -5,7 +5,7 @@ import ( "testing" "time" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/mapstructure" ) diff --git a/builtin/logical/postgresql/path_role_create.go b/builtin/logical/postgresql/path_role_create.go index 168456a5f327..2a0cde0b71e9 100644 --- a/builtin/logical/postgresql/path_role_create.go +++ b/builtin/logical/postgresql/path_role_create.go @@ -6,10 +6,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" _ "github.com/lib/pq" ) diff --git a/builtin/logical/postgresql/path_roles.go b/builtin/logical/postgresql/path_roles.go index 3e4c1bdb1f29..b1af8328f928 100644 --- a/builtin/logical/postgresql/path_roles.go +++ b/builtin/logical/postgresql/path_roles.go @@ -5,8 +5,8 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/builtin/logical/postgresql/secret_creds.go b/builtin/logical/postgresql/secret_creds.go index 4dbcf350ee68..02c49a073276 100644 --- a/builtin/logical/postgresql/secret_creds.go +++ b/builtin/logical/postgresql/secret_creds.go @@ -7,9 +7,9 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/lib/pq" ) diff --git a/builtin/logical/rabbitmq/backend_test.go b/builtin/logical/rabbitmq/backend_test.go index 8b5b21b0a9a3..8eaa408127f7 100644 --- a/builtin/logical/rabbitmq/backend_test.go +++ b/builtin/logical/rabbitmq/backend_test.go @@ -7,9 +7,9 @@ import ( "os" "testing" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/helper/testhelpers/docker" logicaltest "github.com/hashicorp/vault/helper/testhelpers/logical" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/logical" rabbithole "github.com/michaelklishin/rabbit-hole" diff --git a/builtin/logical/rabbitmq/passwords.go b/builtin/logical/rabbitmq/passwords.go index cb660bc5c29b..01bfd41f0db2 100644 --- a/builtin/logical/rabbitmq/passwords.go +++ b/builtin/logical/rabbitmq/passwords.go @@ -3,7 +3,7 @@ package rabbitmq import ( "context" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" ) func (b *backend) generatePassword(ctx context.Context, policyName string) (password string, err error) { diff --git a/builtin/logical/ssh/path_config_zeroaddress.go b/builtin/logical/ssh/path_config_zeroaddress.go index 31a0e852a795..d1e31e234df1 100644 --- a/builtin/logical/ssh/path_config_zeroaddress.go +++ b/builtin/logical/ssh/path_config_zeroaddress.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/logical" diff --git a/builtin/logical/ssh/path_roles.go b/builtin/logical/ssh/path_roles.go index 0b1ef84ec6af..ac20d06b2040 100644 --- a/builtin/logical/ssh/path_roles.go +++ b/builtin/logical/ssh/path_roles.go @@ -6,9 +6,9 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/cidrutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" "golang.org/x/crypto/ssh" ) diff --git a/builtin/logical/ssh/path_sign.go b/builtin/logical/ssh/path_sign.go index acd7d2118bb3..166beac769e0 100644 --- a/builtin/logical/ssh/path_sign.go +++ b/builtin/logical/ssh/path_sign.go @@ -15,10 +15,10 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "golang.org/x/crypto/ed25519" "golang.org/x/crypto/ssh" diff --git a/builtin/logical/ssh/util.go b/builtin/logical/ssh/util.go index 2f1b7727615b..52d1deca71e2 100644 --- a/builtin/logical/ssh/util.go +++ b/builtin/logical/ssh/util.go @@ -13,7 +13,7 @@ import ( "strings" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/logical" log "github.com/hashicorp/go-hclog" diff --git a/command/agent.go b/command/agent.go index dbe7d81c82de..cbbcba5757b4 100644 --- a/command/agent.go +++ b/command/agent.go @@ -18,6 +18,7 @@ import ( "time" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/gatedwriter" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/auth" "github.com/hashicorp/vault/command/agent/auth/alicloud" @@ -40,7 +41,6 @@ import ( "github.com/hashicorp/vault/command/agent/sink/inmem" "github.com/hashicorp/vault/command/agent/template" "github.com/hashicorp/vault/command/agent/winsvc" - "github.com/hashicorp/vault/internalshared/gatedwriter" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/logging" "github.com/hashicorp/vault/sdk/logical" diff --git a/command/agent/auth/approle/approle.go b/command/agent/auth/approle/approle.go index a76ba0b77499..8a1a9b3a60d3 100644 --- a/command/agent/auth/approle/approle.go +++ b/command/agent/auth/approle/approle.go @@ -10,9 +10,9 @@ import ( "strings" hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/auth" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) type approleMethod struct { diff --git a/command/agent/auth/gcp/gcp.go b/command/agent/auth/gcp/gcp.go index 3c8053f1b27f..45d9b74f9497 100644 --- a/command/agent/auth/gcp/gcp.go +++ b/command/agent/auth/gcp/gcp.go @@ -12,9 +12,9 @@ import ( cleanhttp "github.com/hashicorp/go-cleanhttp" "github.com/hashicorp/go-gcp-common/gcputil" hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/auth" - "github.com/hashicorp/vault/sdk/helper/parseutil" "golang.org/x/oauth2" "google.golang.org/api/iamcredentials/v1" ) diff --git a/command/agent/auth/kerberos/kerberos.go b/command/agent/auth/kerberos/kerberos.go index 2ba4288ef9e3..894c177d5c8a 100644 --- a/command/agent/auth/kerberos/kerberos.go +++ b/command/agent/auth/kerberos/kerberos.go @@ -7,10 +7,10 @@ import ( "net/http" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" kerberos "github.com/hashicorp/vault-plugin-auth-kerberos" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/auth" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/jcmturner/gokrb5/v8/spnego" ) diff --git a/command/agent/cache/api_proxy.go b/command/agent/cache/api_proxy.go index a4793239ca14..18222012900e 100644 --- a/command/agent/cache/api_proxy.go +++ b/command/agent/cache/api_proxy.go @@ -7,9 +7,9 @@ import ( hclog "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-retryablehttp" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/vault" ) diff --git a/command/agent/cache/lease_cache.go b/command/agent/cache/lease_cache.go index 572341864882..a8b2d4bd88ce 100644 --- a/command/agent/cache/lease_cache.go +++ b/command/agent/cache/lease_cache.go @@ -17,13 +17,13 @@ import ( "time" hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/command/agent/cache/cacheboltdb" cachememdb "github.com/hashicorp/vault/command/agent/cache/cachememdb" "github.com/hashicorp/vault/helper/namespace" nshelper "github.com/hashicorp/vault/helper/namespace" vaulthttp "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/cryptoutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" diff --git a/command/agent/config/config.go b/command/agent/config/config.go index 7f9a20111de1..9438bd327444 100644 --- a/command/agent/config/config.go +++ b/command/agent/config/config.go @@ -10,11 +10,11 @@ import ( ctconfig "github.com/hashicorp/consul-template/config" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/mitchellh/mapstructure" ) diff --git a/command/base_helpers.go b/command/base_helpers.go index 5a6339d0969a..1a4420cf979b 100644 --- a/command/base_helpers.go +++ b/command/base_helpers.go @@ -8,8 +8,8 @@ import ( "strings" "time" + kvbuilder "github.com/hashicorp/go-secure-stdlib/kv-builder" "github.com/hashicorp/vault/api" - kvbuilder "github.com/hashicorp/vault/internalshared/kv-builder" "github.com/kr/text" homedir "github.com/mitchellh/go-homedir" "github.com/mitchellh/mapstructure" diff --git a/command/base_predict_test.go b/command/base_predict_test.go index 20a3b44595d4..12f364106f7a 100644 --- a/command/base_predict_test.go +++ b/command/base_predict_test.go @@ -4,8 +4,8 @@ import ( "reflect" "testing" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/posener/complete" ) diff --git a/command/debug.go b/command/debug.go index 14b8cbd00f4f..f09214adf692 100644 --- a/command/debug.go +++ b/command/debug.go @@ -14,10 +14,10 @@ import ( "time" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/gatedwriter" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/internalshared/gatedwriter" "github.com/hashicorp/vault/sdk/helper/logging" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/version" "github.com/mholt/archiver" "github.com/mitchellh/cli" diff --git a/command/kv_helpers.go b/command/kv_helpers.go index d9246f7a084c..a1b331fc61ed 100644 --- a/command/kv_helpers.go +++ b/command/kv_helpers.go @@ -7,8 +7,8 @@ import ( "path" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/strutil" ) func kvReadRequest(client *api.Client, path string, params map[string]string) (*api.Secret, error) { diff --git a/command/monitor.go b/command/monitor.go index ec84666de6a1..3a87d5af3a6c 100644 --- a/command/monitor.go +++ b/command/monitor.go @@ -5,7 +5,7 @@ import ( "fmt" "strings" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/mitchellh/cli" "github.com/posener/complete" ) diff --git a/command/operator_diagnose.go b/command/operator_diagnose.go index bfba8afd49c2..479422f713a3 100644 --- a/command/operator_diagnose.go +++ b/command/operator_diagnose.go @@ -18,12 +18,12 @@ import ( "github.com/docker/docker/pkg/ioutils" "github.com/hashicorp/consul/api" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/reloadutil" uuid "github.com/hashicorp/go-uuid" cserver "github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/internalshared/configutil" "github.com/hashicorp/vault/internalshared/listenerutil" - "github.com/hashicorp/vault/internalshared/reloadutil" physconsul "github.com/hashicorp/vault/physical/consul" "github.com/hashicorp/vault/physical/raft" "github.com/hashicorp/vault/sdk/physical" @@ -152,7 +152,6 @@ func (c *OperatorDiagnoseCommand) Run(args []string) int { } func (c *OperatorDiagnoseCommand) RunWithParsedFlags() int { - if len(c.flagConfigs) == 0 { c.UI.Error("Must specify a configuration file using -config.") return 3 @@ -255,7 +254,6 @@ func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error var backend *physical.Backend diagnose.Test(ctx, "Check Storage", func(ctx context.Context) error { - // Ensure that there is a storage stanza if config.Storage == nil { diagnose.Advise(ctx, "To learn how to specify a storage backend, see the Vault server configuration documentation.") @@ -400,7 +398,6 @@ func (c *OperatorDiagnoseCommand) offlineDiagnostics(ctx context.Context) error var sealConfigError error barrierSeal, barrierWrapper, unwrapSeal, seals, sealConfigError, err := setSeal(server, config, make([]string, 0), make(map[string]string)) - // Check error here if err != nil { diagnose.Advise(ctx, "For assistance with the seal stanza, see the Vault configuration documentation.") @@ -657,7 +654,6 @@ SEALFAIL: plaintext, err := barrierWrapper.Decrypt(ctx, ciphertext, nil) if err != nil { return fmt.Errorf("Error decrypting with seal barrier: %w", err) - } if string(plaintext) != barrierEncValue { return fmt.Errorf("Barrier returned incorrect decrypted value for mock data.") diff --git a/command/operator_generate_root.go b/command/operator_generate_root.go index eb44fece68ba..2bbcb11b4404 100644 --- a/command/operator_generate_root.go +++ b/command/operator_generate_root.go @@ -9,12 +9,12 @@ import ( "os" "strings" + "github.com/hashicorp/go-secure-stdlib/base62" + "github.com/hashicorp/go-secure-stdlib/password" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/hashicorp/vault/helper/xor" - "github.com/hashicorp/vault/sdk/helper/base62" - "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/cli" "github.com/posener/complete" ) diff --git a/command/operator_migrate_test.go b/command/operator_migrate_test.go index 0d8a4454add3..5db53ebbfcb9 100644 --- a/command/operator_migrate_test.go +++ b/command/operator_migrate_test.go @@ -16,9 +16,9 @@ import ( "github.com/go-test/deep" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/helper/testhelpers" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/vault" ) diff --git a/command/operator_rekey.go b/command/operator_rekey.go index 630219bb5dc9..bd1548ac19b6 100644 --- a/command/operator_rekey.go +++ b/command/operator_rekey.go @@ -8,9 +8,9 @@ import ( "strings" "github.com/fatih/structs" + "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/pgpkeys" - "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/cli" "github.com/posener/complete" ) diff --git a/command/operator_unseal.go b/command/operator_unseal.go index 50052a690a27..da8641ba51de 100644 --- a/command/operator_unseal.go +++ b/command/operator_unseal.go @@ -6,8 +6,8 @@ import ( "os" "strings" + "github.com/hashicorp/go-secure-stdlib/password" "github.com/hashicorp/vault/api" - "github.com/hashicorp/vault/sdk/helper/password" "github.com/mitchellh/cli" "github.com/posener/complete" ) diff --git a/command/server.go b/command/server.go index 050e3f80798c..dedd009de676 100644 --- a/command/server.go +++ b/command/server.go @@ -28,6 +28,9 @@ import ( wrapping "github.com/hashicorp/go-kms-wrapping" aeadwrapper "github.com/hashicorp/go-kms-wrapping/wrappers/aead" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/gatedwriter" + "github.com/hashicorp/go-secure-stdlib/mlock" + "github.com/hashicorp/go-secure-stdlib/reloadutil" "github.com/hashicorp/vault/audit" "github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/helper/builtinplugins" @@ -35,12 +38,9 @@ import ( "github.com/hashicorp/vault/helper/namespace" vaulthttp "github.com/hashicorp/vault/http" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/internalshared/gatedwriter" "github.com/hashicorp/vault/internalshared/listenerutil" - "github.com/hashicorp/vault/internalshared/reloadutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/logging" - "github.com/hashicorp/vault/sdk/helper/mlock" "github.com/hashicorp/vault/sdk/helper/useragent" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" @@ -1213,7 +1213,6 @@ func (c *ServerCommand) Run(args []string) int { info["log level"] = logLevelString infoKeys = append(infoKeys, "log level") barrierSeal, barrierWrapper, unwrapSeal, seals, sealConfigError, err := setSeal(c, config, infoKeys, info) - // Check error here if err != nil { c.UI.Error(err.Error()) diff --git a/command/server/config.go b/command/server/config.go index 7e4e81b511a9..433d590bb1c5 100644 --- a/command/server/config.go +++ b/command/server/config.go @@ -13,10 +13,10 @@ import ( "time" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) var entConfigValidate = func(_ *Config, _ string) []configutil.ConfigError { diff --git a/command/server/listener.go b/command/server/listener.go index 248df52957d5..4d36a41ebba0 100644 --- a/command/server/listener.go +++ b/command/server/listener.go @@ -9,9 +9,9 @@ import ( // We must import sha512 so that it registers with the runtime so that // certificates that use it can be parsed. + "github.com/hashicorp/go-secure-stdlib/reloadutil" "github.com/hashicorp/vault/helper/proxyutil" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/internalshared/reloadutil" "github.com/mitchellh/cli" ) diff --git a/command/server/listener_tcp.go b/command/server/listener_tcp.go index 08234017ee05..dbba4b40e88c 100644 --- a/command/server/listener_tcp.go +++ b/command/server/listener_tcp.go @@ -9,9 +9,9 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/reloadutil" "github.com/hashicorp/vault/internalshared/configutil" "github.com/hashicorp/vault/internalshared/listenerutil" - "github.com/hashicorp/vault/internalshared/reloadutil" "github.com/mitchellh/cli" ) diff --git a/go.mod b/go.mod index 64b43459246c..e70cdff011c9 100644 --- a/go.mod +++ b/go.mod @@ -71,6 +71,15 @@ require ( github.com/hashicorp/go-raftchunking v0.6.3-0.20191002164813-7e9e8525653a github.com/hashicorp/go-retryablehttp v0.6.7 github.com/hashicorp/go-rootcerts v1.0.2 + github.com/hashicorp/go-secure-stdlib/base62 v0.1.1 + github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1 + github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1 + github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 + github.com/hashicorp/go-secure-stdlib/password v0.1.1 + github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 + github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 + github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-syslog v1.0.0 github.com/hashicorp/go-uuid v1.0.2 diff --git a/go.sum b/go.sum index f6a3909d0a87..175e045c39b5 100644 --- a/go.sum +++ b/go.sum @@ -624,12 +624,18 @@ github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5O github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/base62 v0.1.1 h1:6KMBnfEv0/kLAz0O76sliN5mXbCDcLfs2kP7ssP7+DQ= github.com/hashicorp/go-secure-stdlib/base62 v0.1.1/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= +github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1 h1:9um9R8i0+HbRHS9d64kdvWR0/LJvo12sIonvR9zr1+U= +github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1/go.mod h1:6RoRTSMDK2H/rKh3P/JIsk1tK8aatKTt3JyvIopi3GQ= +github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1 h1:IJgULbAXuvWxzKFfu+Au1FUmHIJulS6N4F7Hkn+Kck0= +github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1/go.mod h1:rf5JPE13wi+NwjgsmGkbg4b2CgHq8v7Htn/F0nDe/hg= github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 h1:cCRo8gK7oq6A2L6LICkUZ+/a5rLiRXFMf1Qd4xSwxTc= github.com/hashicorp/go-secure-stdlib/mlock v0.1.1/go.mod h1:zq93CJChV6L9QTfGKtfBxKqD7BqqXx5O04A/ns2p5+I= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 h1:78ki3QBevHwYrVxnyVeaEz+7WtifHhauYF23es/0KlI= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/password v0.1.1 h1:6JzmBqXprakgFEHwBgdchsjaA9x3GyjdI568bXKxa60= github.com/hashicorp/go-secure-stdlib/password v0.1.1/go.mod h1:9hH302QllNwu1o2TGYtSk8I8kTAN0ca1EHpwhm5Mmzo= +github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 h1:SMGUnbpAcat8rIKHkBPjfv81yC46a8eCNZ2hsR2l1EI= +github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1/go.mod h1:Ch/bf00Qnx77MZd49JRgHYqHQjtEmTgGU2faufpVZb0= github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 h1:nd0HIW15E6FG1MsnArYaHfuw9C2zgzM8LxkG5Ty/788= github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 h1:Yc026VyMyIpq1UWRnakHRG01U8fJm+nEfEmjoAb00n8= diff --git a/helper/proxyutil/proxyutil.go b/helper/proxyutil/proxyutil.go index b2d0974dccaf..a25a6234f44a 100644 --- a/helper/proxyutil/proxyutil.go +++ b/helper/proxyutil/proxyutil.go @@ -7,8 +7,8 @@ import ( "time" proxyproto "github.com/armon/go-proxyproto" + "github.com/hashicorp/go-secure-stdlib/parseutil" sockaddr "github.com/hashicorp/go-sockaddr" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) // ProxyProtoConfig contains configuration for the PROXY protocol diff --git a/http/cors.go b/http/cors.go index de24c8caaca9..74cfeeaef072 100644 --- a/http/cors.go +++ b/http/cors.go @@ -5,7 +5,7 @@ import ( "net/http" "strings" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/vault" ) diff --git a/http/handler.go b/http/handler.go index 01a8fdcec08d..831c0651b12d 100644 --- a/http/handler.go +++ b/http/handler.go @@ -22,12 +22,12 @@ import ( assetfs "github.com/elazarl/go-bindata-assetfs" "github.com/hashicorp/errwrap" "github.com/hashicorp/go-cleanhttp" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/internalshared/configutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/pathmanager" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" diff --git a/http/sys_generate_root.go b/http/sys_generate_root.go index 12d829d78fd5..4ac301507744 100644 --- a/http/sys_generate_root.go +++ b/http/sys_generate_root.go @@ -8,7 +8,7 @@ import ( "io" "net/http" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/vault" ) diff --git a/http/sys_health.go b/http/sys_health.go index 8ab7359e231f..fcaf4e159099 100644 --- a/http/sys_health.go +++ b/http/sys_health.go @@ -8,8 +8,8 @@ import ( "strconv" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/version" "github.com/hashicorp/vault/vault" ) diff --git a/http/sys_raft.go b/http/sys_raft.go index 3411cbf030f9..5db1a80fb78f 100644 --- a/http/sys_raft.go +++ b/http/sys_raft.go @@ -8,8 +8,8 @@ import ( "io" "net/http" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/physical/raft" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/vault" ) diff --git a/internalshared/configutil/config.go b/internalshared/configutil/config.go index 0f448aba6933..3fcbeb6b593a 100644 --- a/internalshared/configutil/config.go +++ b/internalshared/configutil/config.go @@ -5,10 +5,10 @@ import ( "io/ioutil" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" "github.com/hashicorp/hcl/hcl/token" - "github.com/hashicorp/vault/sdk/helper/parseutil" ) // SharedConfig contains some shared values diff --git a/internalshared/configutil/kms.go b/internalshared/configutil/kms.go index 67cc479ad6ea..9f6d74899a9d 100644 --- a/internalshared/configutil/kms.go +++ b/internalshared/configutil/kms.go @@ -17,9 +17,9 @@ import ( "github.com/hashicorp/go-kms-wrapping/wrappers/ocikms" "github.com/hashicorp/go-kms-wrapping/wrappers/transit" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/internalshared/configutil/lint.go b/internalshared/configutil/lint.go index 1e773312e914..2b5b634156b3 100644 --- a/internalshared/configutil/lint.go +++ b/internalshared/configutil/lint.go @@ -2,9 +2,10 @@ package configutil import ( "fmt" + "github.com/asaskevich/govalidator" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/hcl/hcl/token" - "github.com/hashicorp/vault/sdk/helper/strutil" ) type UnusedKeyMap map[string][]token.Pos diff --git a/internalshared/configutil/listener.go b/internalshared/configutil/listener.go index 21c351e20e64..98199082895a 100644 --- a/internalshared/configutil/listener.go +++ b/internalshared/configutil/listener.go @@ -8,12 +8,12 @@ import ( "time" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" ) type ListenerTelemetry struct { diff --git a/internalshared/configutil/telemetry.go b/internalshared/configutil/telemetry.go index fe00cc87ba0b..77620770db3e 100644 --- a/internalshared/configutil/telemetry.go +++ b/internalshared/configutil/telemetry.go @@ -6,7 +6,7 @@ import ( "fmt" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" monitoring "cloud.google.com/go/monitoring/apiv3" "github.com/armon/go-metrics" @@ -402,7 +402,6 @@ func SetupTelemetry(opts *SetupTelemetryOpts) (*metrics.InmemSink, *metricsutil. // Parse the metric filters telemetryAllowedPrefixes, telemetryBlockedPrefixes, err := parsePrefixFilter(opts.Config.PrefixFilter) - if err != nil { return nil, nil, false, err } diff --git a/internalshared/gatedwriter/writer.go b/internalshared/gatedwriter/writer.go deleted file mode 100644 index 9c4596e389c7..000000000000 --- a/internalshared/gatedwriter/writer.go +++ /dev/null @@ -1,43 +0,0 @@ -package gatedwriter - -import ( - "bytes" - "io" - "sync" -) - -// Writer is an io.Writer implementation that buffers all of its -// data into an internal buffer until it is told to let data through. -type Writer struct { - writer io.Writer - - buf bytes.Buffer - flush bool - lock sync.Mutex -} - -func NewWriter(underlying io.Writer) *Writer { - return &Writer{writer: underlying} -} - -// Flush tells the Writer to flush any buffered data and to stop -// buffering. -func (w *Writer) Flush() error { - w.lock.Lock() - defer w.lock.Unlock() - - w.flush = true - _, err := w.buf.WriteTo(w.writer) - return err -} - -func (w *Writer) Write(p []byte) (n int, err error) { - w.lock.Lock() - defer w.lock.Unlock() - - if w.flush { - return w.writer.Write(p) - } - - return w.buf.Write(p) -} diff --git a/internalshared/gatedwriter/writer_test.go b/internalshared/gatedwriter/writer_test.go deleted file mode 100644 index 31659a8adda6..000000000000 --- a/internalshared/gatedwriter/writer_test.go +++ /dev/null @@ -1,34 +0,0 @@ -package gatedwriter - -import ( - "bytes" - "io" - "testing" -) - -func TestWriter_impl(t *testing.T) { - var _ io.Writer = new(Writer) -} - -func TestWriter(t *testing.T) { - buf := new(bytes.Buffer) - w := NewWriter(buf) - w.Write([]byte("foo\n")) - w.Write([]byte("bar\n")) - - if buf.String() != "" { - t.Fatalf("bad: %s", buf.String()) - } - - w.Flush() - - if buf.String() != "foo\nbar\n" { - t.Fatalf("bad: %s", buf.String()) - } - - w.Write([]byte("baz\n")) - - if buf.String() != "foo\nbar\nbaz\n" { - t.Fatalf("bad: %s", buf.String()) - } -} diff --git a/internalshared/kv-builder/builder.go b/internalshared/kv-builder/builder.go deleted file mode 100644 index e3f33b16a0d3..000000000000 --- a/internalshared/kv-builder/builder.go +++ /dev/null @@ -1,131 +0,0 @@ -package kvbuilder - -import ( - "bytes" - "fmt" - "io" - "io/ioutil" - "os" - "strings" - - "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/mitchellh/mapstructure" -) - -// Builder is a struct to build a key/value mapping based on a list -// of "k=v" pairs, where the value might come from stdin, a file, etc. -type Builder struct { - Stdin io.Reader - - result map[string]interface{} - stdin bool -} - -// Map returns the built map. -func (b *Builder) Map() map[string]interface{} { - return b.result -} - -// Add adds to the mapping with the given args. -func (b *Builder) Add(args ...string) error { - for _, a := range args { - if err := b.add(a); err != nil { - return fmt.Errorf("invalid key/value pair %q: %w", a, err) - } - } - - return nil -} - -func (b *Builder) add(raw string) error { - // Regardless of validity, make sure we make our result - if b.result == nil { - b.result = make(map[string]interface{}) - } - - // Empty strings are fine, just ignored - if raw == "" { - return nil - } - - // Split into key/value - parts := strings.SplitN(raw, "=", 2) - - // If the arg is exactly "-", then we need to read from stdin - // and merge the results into the resulting structure. - if len(parts) == 1 { - if raw == "-" { - if b.Stdin == nil { - return fmt.Errorf("stdin is not supported") - } - if b.stdin { - return fmt.Errorf("stdin already consumed") - } - - b.stdin = true - return b.addReader(b.Stdin) - } - - // If the arg begins with "@" then we need to read a file directly - if raw[0] == '@' { - f, err := os.Open(raw[1:]) - if err != nil { - return err - } - defer f.Close() - - return b.addReader(f) - } - } - - if len(parts) != 2 { - return fmt.Errorf("format must be key=value") - } - key, value := parts[0], parts[1] - - if len(value) > 0 { - if value[0] == '@' { - contents, err := ioutil.ReadFile(value[1:]) - if err != nil { - return fmt.Errorf("error reading file: %w", err) - } - - value = string(contents) - } else if value[0] == '\\' && value[1] == '@' { - value = value[1:] - } else if value == "-" { - if b.Stdin == nil { - return fmt.Errorf("stdin is not supported") - } - if b.stdin { - return fmt.Errorf("stdin already consumed") - } - b.stdin = true - - var buf bytes.Buffer - if _, err := io.Copy(&buf, b.Stdin); err != nil { - return err - } - - value = buf.String() - } - } - - // Repeated keys will be converted into a slice - if existingValue, ok := b.result[key]; ok { - var sliceValue []interface{} - if err := mapstructure.WeakDecode(existingValue, &sliceValue); err != nil { - return err - } - sliceValue = append(sliceValue, value) - b.result[key] = sliceValue - return nil - } - - b.result[key] = value - return nil -} - -func (b *Builder) addReader(r io.Reader) error { - return jsonutil.DecodeJSONFromReader(r, &b.result) -} diff --git a/internalshared/kv-builder/builder_test.go b/internalshared/kv-builder/builder_test.go deleted file mode 100644 index 46b4d05b057d..000000000000 --- a/internalshared/kv-builder/builder_test.go +++ /dev/null @@ -1,139 +0,0 @@ -package kvbuilder - -import ( - "bytes" - "reflect" - "testing" -) - -func TestBuilder_basic(t *testing.T) { - var b Builder - err := b.Add("foo=bar", "bar=baz", "baz=") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": "bar", - "bar": "baz", - "baz": "", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_escapedAt(t *testing.T) { - var b Builder - err := b.Add("foo=bar", "bar=\\@baz") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": "bar", - "bar": "@baz", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_stdin(t *testing.T) { - var b Builder - b.Stdin = bytes.NewBufferString("baz") - err := b.Add("foo=bar", "bar=-") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": "bar", - "bar": "baz", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_stdinMap(t *testing.T) { - var b Builder - b.Stdin = bytes.NewBufferString(`{"foo": "bar"}`) - err := b.Add("-", "bar=baz") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": "bar", - "bar": "baz", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_stdinTwice(t *testing.T) { - var b Builder - b.Stdin = bytes.NewBufferString(`{"foo": "bar"}`) - err := b.Add("-", "-") - if err == nil { - t.Fatal("should error") - } -} - -func TestBuilder_sameKeyTwice(t *testing.T) { - var b Builder - err := b.Add("foo=bar", "foo=baz") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": []interface{}{"bar", "baz"}, - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_sameKeyMultipleTimes(t *testing.T) { - var b Builder - err := b.Add("foo=bar", "foo=baz", "foo=bay", "foo=bax", "bar=baz") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "foo": []interface{}{"bar", "baz", "bay", "bax"}, - "bar": "baz", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} - -func TestBuilder_specialCharactersInKey(t *testing.T) { - var b Builder - b.Stdin = bytes.NewBufferString("{\"foo\": \"bay\"}") - err := b.Add("@foo=bar", "-foo=baz", "-") - if err != nil { - t.Fatalf("err: %s", err) - } - - expected := map[string]interface{}{ - "@foo": "bar", - "-foo": "baz", - "foo": "bay", - } - actual := b.Map() - if !reflect.DeepEqual(actual, expected) { - t.Fatalf("bad: %#v", actual) - } -} diff --git a/internalshared/listenerutil/listener.go b/internalshared/listenerutil/listener.go index 683fbd1c0b6f..c6801aa402b9 100644 --- a/internalshared/listenerutil/listener.go +++ b/internalshared/listenerutil/listener.go @@ -11,9 +11,9 @@ import ( "strconv" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/reloadutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/internalshared/reloadutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/jefferai/isbadcipher" "github.com/mitchellh/cli" ) diff --git a/internalshared/reloadutil/reload.go b/internalshared/reloadutil/reload.go deleted file mode 100644 index 41f718b3f5f7..000000000000 --- a/internalshared/reloadutil/reload.go +++ /dev/null @@ -1,83 +0,0 @@ -package reloadutil - -import ( - "crypto/tls" - "crypto/x509" - "encoding/pem" - "errors" - "fmt" - "io/ioutil" - "sync" -) - -// ReloadFunc are functions that are called when a reload is requested -type ReloadFunc func() error - -// CertificateGetter satisfies ReloadFunc and its GetCertificate method -// satisfies the tls.GetCertificate function signature. Currently it does not -// allow changing paths after the fact. -type CertificateGetter struct { - sync.RWMutex - - cert *tls.Certificate - - certFile string - keyFile string - passphrase string -} - -func NewCertificateGetter(certFile, keyFile, passphrase string) *CertificateGetter { - return &CertificateGetter{ - certFile: certFile, - keyFile: keyFile, - passphrase: passphrase, - } -} - -func (cg *CertificateGetter) Reload() error { - certPEMBlock, err := ioutil.ReadFile(cg.certFile) - if err != nil { - return err - } - keyPEMBlock, err := ioutil.ReadFile(cg.keyFile) - if err != nil { - return err - } - - // Check for encrypted pem block - keyBlock, _ := pem.Decode(keyPEMBlock) - if keyBlock == nil { - return errors.New("decoded PEM is blank") - } - - if x509.IsEncryptedPEMBlock(keyBlock) { - keyBlock.Bytes, err = x509.DecryptPEMBlock(keyBlock, []byte(cg.passphrase)) - if err != nil { - return fmt.Errorf("Decrypting PEM block failed %w", err) - } - keyPEMBlock = pem.EncodeToMemory(keyBlock) - } - - cert, err := tls.X509KeyPair(certPEMBlock, keyPEMBlock) - if err != nil { - return err - } - - cg.Lock() - defer cg.Unlock() - - cg.cert = &cert - - return nil -} - -func (cg *CertificateGetter) GetCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) { - cg.RLock() - defer cg.RUnlock() - - if cg.cert == nil { - return nil, fmt.Errorf("nil certificate") - } - - return cg.cert, nil -} diff --git a/internalshared/reloadutil/reload_test.go b/internalshared/reloadutil/reload_test.go deleted file mode 100644 index 910ee296ec54..000000000000 --- a/internalshared/reloadutil/reload_test.go +++ /dev/null @@ -1,74 +0,0 @@ -package reloadutil - -import ( - "crypto/x509" - "io/ioutil" - "testing" - - "github.com/hashicorp/errwrap" -) - -func TestReload_KeyWithPassphrase(t *testing.T) { - password := "password" - cert := []byte(`-----BEGIN CERTIFICATE----- -MIICLzCCAZgCCQCq27CeP4WhlDANBgkqhkiG9w0BAQUFADBcMQswCQYDVQQGEwJV -UzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoM -CUhhc2hpQ29ycDEUMBIGA1UEAwwLbXl2YXVsdC5jb20wHhcNMTcxMjEzMjEzNTM3 -WhcNMTgxMjEzMjEzNTM3WjBcMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAU -BgNVBAcMDVNhbiBGcmFuY2lzY28xEjAQBgNVBAoMCUhhc2hpQ29ycDEUMBIGA1UE -AwwLbXl2YXVsdC5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMvsz/9l -EJIlRG6DOw4fXdB/aJgJk2rR8cU0D8+vECIzb+MdDK0cBHtLiVpZC/RnZMdMzjGn -Z++Fp3dEnT6CD0IjKdJcD+qSyZSjHIuYpHjnjrVlM/Le0xST7egoG+fXkSt4myzG -ec2WK1jcZefRRGPycvMqx1yUWU76jDdFZSL5AgMBAAEwDQYJKoZIhvcNAQEFBQAD -gYEAQfYE26FLZ9SPPU8bHNDxoxDmGrn8yJ78C490Qpix/w6gdLaBtILenrZbhpnB -3L3okraM8mplaN2KdAcpnsr4wPv9hbYkam0coxCQEKs8ltHSBaXT6uKRWb00nkGu -yAXDRpuPdFRqbXW3ZFC5broUrz4ujxTDKfVeIn0zpPZkv24= ------END CERTIFICATE-----`) - key := []byte(`-----BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,64B032D83BD6A6DC - -qVJ+mXEBKMkUPrQ8odHunMpPgChQUny4CX73/dAcm7O9iXIv9eXQSxj2qfgCOloj -vthg7jYNwtRb0ydzCEnEud35zWw38K/l19/pe4ULfNXlOddlsk4XIHarBiz+KUaX -WTbNk0H+DwdcEwhprPgpTk8gp88lZBiHCnTG/s8v/JNt+wkdqjfAp0Xbm9m+OZ7s -hlNxZin1OuBdprBqfKWBltUALZYiIBhspMTmh+jGQSyEKNTAIBejIiRH5+xYWuOy -xKencq8UpQMOMPR2ZiSw42dU9j8HHMgldI7KszU2FDIEFXG7aSjcxNyyybeBT+Uz -YPoxGxSdUYWqaz50UszvHg/QWR8NlPlQc3nFAUVpGKUF9MEQCIAK8HjcpMP+IAVO -ertp4cTa2Rpm9YeoFrY6tabvmXApXlQPw6rBn6o5KpceWG3ceOsDOsT+e3edHu9g -SGO4hjggbRpO+dBOuwfw4rMn9X1BbqXKJcREAmrgVVSf9/s942E4YOQ+IGJPdtmY -WHAFk8hiJepsVCA2NpwVlAD+QbPPaR2RtvYOtq3IKlWRuVQ+6dpxDsz5FlJhs2L+ -HsX6XqtwuQM8kk1hO8Gm3VeV7+b64r9kfbO8jCM18GexCYiCtig51mJW6IO42d1K -bS1axMx/KeDc/sy7LKEbHnjnYanpGz2Wa2EWhnWAeNXD1nUfUNFPp2SsIGbCMnat -mC4O4cO7YRl3+iJg3kHtTPGtgtCjrZcjlyBtxT2VC7SsTcTXZBWovczMIstyr4Ka -opM24uvQT3Bc0UM0WNh3tdRFuboxDeBDh7PX/2RIoiaMuCCiRZ3O0A== ------END RSA PRIVATE KEY-----`) - tempDir, err := ioutil.TempDir("", "vault-test") - if err != nil { - t.Fatalf("Error creating temporary directory: %s", err) - } - keyFile := tempDir + "/server.key" - certFile := tempDir + "/server.crt" - - err = ioutil.WriteFile(certFile, cert, 0o755) - if err != nil { - t.Fatalf("Error writing to temp file: %s", err) - } - err = ioutil.WriteFile(keyFile, key, 0o755) - if err != nil { - t.Fatalf("Error writing to temp file: %s", err) - } - - cg := NewCertificateGetter(certFile, keyFile, "") - err = cg.Reload() - if err == nil { - t.Fatal("error expected") - } - if !errwrap.Contains(err, x509.IncorrectPasswordError.Error()) { - t.Fatalf("expected incorrect password error, got %v", err) - } - - cg = NewCertificateGetter(certFile, keyFile, password) - if err := cg.Reload(); err != nil { - t.Fatalf("err: %v", err) - } -} diff --git a/physical/aerospike/aerospike.go b/physical/aerospike/aerospike.go index 846ca6f1407b..8dc352844530 100644 --- a/physical/aerospike/aerospike.go +++ b/physical/aerospike/aerospike.go @@ -10,7 +10,7 @@ import ( aero "github.com/aerospike/aerospike-client-go" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/azure/azure.go b/physical/azure/azure.go index 9b8e92dff858..c5cad4c02773 100644 --- a/physical/azure/azure.go +++ b/physical/azure/azure.go @@ -17,7 +17,7 @@ import ( "github.com/Azure/go-autorest/autorest/azure" "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/cockroachdb/cockroachdb.go b/physical/cockroachdb/cockroachdb.go index ee91dbfb4033..12439d83c914 100644 --- a/physical/cockroachdb/cockroachdb.go +++ b/physical/cockroachdb/cockroachdb.go @@ -14,7 +14,7 @@ import ( "github.com/cockroachdb/cockroach-go/crdb" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" // CockroachDB uses the Postgres SQL driver diff --git a/physical/consul/consul.go b/physical/consul/consul.go index 0f966c30b880..8271adc3e207 100644 --- a/physical/consul/consul.go +++ b/physical/consul/consul.go @@ -13,9 +13,9 @@ import ( "github.com/hashicorp/consul/api" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/vault/diagnose" "golang.org/x/net/http2" diff --git a/physical/etcd/etcd3.go b/physical/etcd/etcd3.go index 91350d072449..ab4acebaff94 100644 --- a/physical/etcd/etcd3.go +++ b/physical/etcd/etcd3.go @@ -13,8 +13,8 @@ import ( metrics "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" "go.etcd.io/etcd/clientv3" "go.etcd.io/etcd/clientv3/concurrency" diff --git a/physical/mssql/mssql.go b/physical/mssql/mssql.go index fa145bfe1f07..65c85ae3e454 100644 --- a/physical/mssql/mssql.go +++ b/physical/mssql/mssql.go @@ -12,7 +12,7 @@ import ( metrics "github.com/armon/go-metrics" _ "github.com/denisenkom/go-mssqldb" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/mysql/mysql.go b/physical/mysql/mysql.go index 3f7577011fc4..bdf5a7c326a0 100644 --- a/physical/mysql/mysql.go +++ b/physical/mysql/mysql.go @@ -22,7 +22,7 @@ import ( metrics "github.com/armon/go-metrics" mysql "github.com/go-sql-driver/mysql" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/oci/oci.go b/physical/oci/oci.go index cd80f6e9ab14..3665813d0479 100644 --- a/physical/oci/oci.go +++ b/physical/oci/oci.go @@ -14,8 +14,8 @@ import ( "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-uuid" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/physical" "github.com/oracle/oci-go-sdk/common" "github.com/oracle/oci-go-sdk/common/auth" diff --git a/physical/raft/fsm.go b/physical/raft/fsm.go index fb8eea228dba..539926407408 100644 --- a/physical/raft/fsm.go +++ b/physical/raft/fsm.go @@ -19,9 +19,9 @@ import ( log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" "github.com/hashicorp/go-raftchunking" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/raft" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/sdk/plugin/pb" bolt "go.etcd.io/bbolt" diff --git a/physical/raft/raft.go b/physical/raft/raft.go index 24620c3aa35f..b865697bbd43 100644 --- a/physical/raft/raft.go +++ b/physical/raft/raft.go @@ -18,6 +18,7 @@ import ( log "github.com/hashicorp/go-hclog" wrapping "github.com/hashicorp/go-kms-wrapping" "github.com/hashicorp/go-raftchunking" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/go-uuid" "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" @@ -26,7 +27,6 @@ import ( "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" "github.com/hashicorp/vault/vault/cluster" diff --git a/physical/raft/raft_autopilot.go b/physical/raft/raft_autopilot.go index d2a2fd2013f3..28c8f3fa51ba 100644 --- a/physical/raft/raft_autopilot.go +++ b/physical/raft/raft_autopilot.go @@ -11,8 +11,8 @@ import ( "sync" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "go.uber.org/atomic" metrics "github.com/armon/go-metrics" diff --git a/physical/s3/s3.go b/physical/s3/s3.go index 2329580145a0..c345fcda903e 100644 --- a/physical/s3/s3.go +++ b/physical/s3/s3.go @@ -20,9 +20,9 @@ import ( "github.com/aws/aws-sdk-go/service/s3" "github.com/hashicorp/go-cleanhttp" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/awsutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/physical" ) diff --git a/physical/spanner/spanner.go b/physical/spanner/spanner.go index 1202f9c9f151..8447ed9853a9 100644 --- a/physical/spanner/spanner.go +++ b/physical/spanner/spanner.go @@ -11,7 +11,7 @@ import ( metrics "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/useragent" "github.com/hashicorp/vault/sdk/physical" "google.golang.org/api/iterator" diff --git a/physical/swift/swift.go b/physical/swift/swift.go index 20de749b1916..2155d44c8aba 100644 --- a/physical/swift/swift.go +++ b/physical/swift/swift.go @@ -13,7 +13,7 @@ import ( metrics "github.com/armon/go-metrics" cleanhttp "github.com/hashicorp/go-cleanhttp" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/physical" "github.com/ncw/swift" ) diff --git a/physical/zookeeper/zookeeper.go b/physical/zookeeper/zookeeper.go index 870999220ce1..26c09fb165c7 100644 --- a/physical/zookeeper/zookeeper.go +++ b/physical/zookeeper/zookeeper.go @@ -14,11 +14,11 @@ import ( "time" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/physical" metrics "github.com/armon/go-metrics" - "github.com/hashicorp/vault/sdk/helper/tlsutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/samuel/go-zookeeper/zk" ) diff --git a/plugins/database/cassandra/cassandra.go b/plugins/database/cassandra/cassandra.go index c3cdbddd349d..de549261fd60 100644 --- a/plugins/database/cassandra/cassandra.go +++ b/plugins/database/cassandra/cassandra.go @@ -9,9 +9,9 @@ import ( "github.com/gocql/gocql" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" ) const ( diff --git a/plugins/database/cassandra/connection_producer.go b/plugins/database/cassandra/connection_producer.go index dae303d07099..423ca6988863 100644 --- a/plugins/database/cassandra/connection_producer.go +++ b/plugins/database/cassandra/connection_producer.go @@ -9,11 +9,11 @@ import ( "time" "github.com/gocql/gocql" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/mitchellh/mapstructure" ) diff --git a/plugins/database/hana/hana.go b/plugins/database/hana/hana.go index 892c6e9bd3c5..7802192ad72e 100644 --- a/plugins/database/hana/hana.go +++ b/plugins/database/hana/hana.go @@ -7,12 +7,12 @@ import ( "strings" _ "github.com/SAP/go-hdb/driver" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/credsutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" ) const ( diff --git a/plugins/database/influxdb/connection_producer.go b/plugins/database/influxdb/connection_producer.go index ee22964807c1..7f47f723d00e 100644 --- a/plugins/database/influxdb/connection_producer.go +++ b/plugins/database/influxdb/connection_producer.go @@ -7,11 +7,11 @@ import ( "sync" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/helper/certutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" influx "github.com/influxdata/influxdb/client/v2" "github.com/mitchellh/mapstructure" ) diff --git a/plugins/database/influxdb/influxdb.go b/plugins/database/influxdb/influxdb.go index 332617aeff8d..ebbeaf2dd636 100644 --- a/plugins/database/influxdb/influxdb.go +++ b/plugins/database/influxdb/influxdb.go @@ -6,9 +6,9 @@ import ( "strings" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" influx "github.com/influxdata/influxdb/client/v2" ) diff --git a/plugins/database/mongodb/mongodb.go b/plugins/database/mongodb/mongodb.go index a28625b5f55f..13231fdef858 100644 --- a/plugins/database/mongodb/mongodb.go +++ b/plugins/database/mongodb/mongodb.go @@ -8,9 +8,9 @@ import ( "strings" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" "go.mongodb.org/mongo-driver/mongo" "go.mongodb.org/mongo-driver/mongo/readpref" diff --git a/plugins/database/mssql/mssql.go b/plugins/database/mssql/mssql.go index feb4385b0a9c..971d0e8a4397 100644 --- a/plugins/database/mssql/mssql.go +++ b/plugins/database/mssql/mssql.go @@ -9,11 +9,11 @@ import ( _ "github.com/denisenkom/go-mssqldb" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" ) diff --git a/plugins/database/mysql/connection_producer.go b/plugins/database/mysql/connection_producer.go index 480719a0834b..f143e85fbf43 100644 --- a/plugins/database/mysql/connection_producer.go +++ b/plugins/database/mysql/connection_producer.go @@ -11,10 +11,10 @@ import ( "time" "github.com/go-sql-driver/mysql" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/mitchellh/mapstructure" ) diff --git a/plugins/database/mysql/mysql.go b/plugins/database/mysql/mysql.go index 83f5ea8efdab..1a992a30f1a5 100644 --- a/plugins/database/mysql/mysql.go +++ b/plugins/database/mysql/mysql.go @@ -8,9 +8,9 @@ import ( "strings" stdmysql "github.com/go-sql-driver/mysql" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" ) diff --git a/plugins/database/mysql/mysql_test.go b/plugins/database/mysql/mysql_test.go index 5b7afaa26c2e..3c7eab5af357 100644 --- a/plugins/database/mysql/mysql_test.go +++ b/plugins/database/mysql/mysql_test.go @@ -9,12 +9,12 @@ import ( "time" stdmysql "github.com/go-sql-driver/mysql" + "github.com/hashicorp/go-secure-stdlib/strutil" mysqlhelper "github.com/hashicorp/vault/helper/testhelpers/mysql" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" dbtesting "github.com/hashicorp/vault/sdk/database/dbplugin/v5/testing" "github.com/hashicorp/vault/sdk/database/helper/credsutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/stretchr/testify/require" ) diff --git a/plugins/database/postgresql/postgresql.go b/plugins/database/postgresql/postgresql.go index ac0219b948bb..dba0bf74595d 100644 --- a/plugins/database/postgresql/postgresql.go +++ b/plugins/database/postgresql/postgresql.go @@ -8,11 +8,11 @@ import ( "strings" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" "github.com/lib/pq" ) diff --git a/plugins/database/redshift/redshift.go b/plugins/database/redshift/redshift.go index 59f6b1298f01..86e3fc33e02b 100644 --- a/plugins/database/redshift/redshift.go +++ b/plugins/database/redshift/redshift.go @@ -8,11 +8,11 @@ import ( "strings" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" dbplugin "github.com/hashicorp/vault/sdk/database/dbplugin/v5" "github.com/hashicorp/vault/sdk/database/helper/connutil" "github.com/hashicorp/vault/sdk/database/helper/dbutil" "github.com/hashicorp/vault/sdk/helper/dbtxn" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/template" "github.com/lib/pq" ) diff --git a/sdk/database/helper/connutil/sql.go b/sdk/database/helper/connutil/sql.go index 1dcf4eb29458..bd2693a332d8 100644 --- a/sdk/database/helper/connutil/sql.go +++ b/sdk/database/helper/connutil/sql.go @@ -10,9 +10,9 @@ import ( "time" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/database/dbplugin" "github.com/hashicorp/vault/sdk/database/helper/dbutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/mitchellh/mapstructure" ) diff --git a/sdk/database/helper/credsutil/credsutil.go b/sdk/database/helper/credsutil/credsutil.go index d35d007befa2..064552d1fa9f 100644 --- a/sdk/database/helper/credsutil/credsutil.go +++ b/sdk/database/helper/credsutil/credsutil.go @@ -5,8 +5,8 @@ import ( "fmt" "time" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/sdk/database/dbplugin" - "github.com/hashicorp/vault/sdk/helper/base62" ) // CredentialsProducer can be used as an embedded interface in the Database diff --git a/sdk/framework/backend.go b/sdk/framework/backend.go index a7a7f9adbab4..c2c3f1810008 100644 --- a/sdk/framework/backend.go +++ b/sdk/framework/backend.go @@ -17,11 +17,11 @@ import ( log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-kms-wrapping/entropy" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/errutil" "github.com/hashicorp/vault/sdk/helper/license" "github.com/hashicorp/vault/sdk/helper/logging" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/sdk/framework/field_data.go b/sdk/framework/field_data.go index 2b3c22ffd1b8..eb7ffbbe26f7 100644 --- a/sdk/framework/field_data.go +++ b/sdk/framework/field_data.go @@ -10,9 +10,9 @@ import ( "strings" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/mitchellh/mapstructure" ) diff --git a/sdk/helper/authmetadata/auth_metadata.go b/sdk/helper/authmetadata/auth_metadata.go index c1e4e93d5936..0fd2bd50f830 100644 --- a/sdk/helper/authmetadata/auth_metadata.go +++ b/sdk/helper/authmetadata/auth_metadata.go @@ -20,8 +20,8 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/sdk/helper/cidrutil/cidr.go b/sdk/helper/cidrutil/cidr.go index a1e4d86eb3fa..33c9a1614dee 100644 --- a/sdk/helper/cidrutil/cidr.go +++ b/sdk/helper/cidrutil/cidr.go @@ -6,8 +6,8 @@ import ( "strings" "github.com/hashicorp/errwrap" + "github.com/hashicorp/go-secure-stdlib/strutil" sockaddr "github.com/hashicorp/go-sockaddr" - "github.com/hashicorp/vault/sdk/helper/strutil" ) // RemoteAddrIsOk checks if the given remote address is either: diff --git a/sdk/helper/keysutil/encrypted_key_storage_test.go b/sdk/helper/keysutil/encrypted_key_storage_test.go index 0dc18384269e..2f29d14b7ad7 100644 --- a/sdk/helper/keysutil/encrypted_key_storage_test.go +++ b/sdk/helper/keysutil/encrypted_key_storage_test.go @@ -7,7 +7,7 @@ import ( "reflect" "testing" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/sdk/helper/ldaputil/client.go b/sdk/helper/ldaputil/client.go index b9504814ea19..058ad4b450ad 100644 --- a/sdk/helper/ldaputil/client.go +++ b/sdk/helper/ldaputil/client.go @@ -17,7 +17,7 @@ import ( "github.com/hashicorp/errwrap" hclog "github.com/hashicorp/go-hclog" multierror "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/sdk/helper/tlsutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" ) type Client struct { diff --git a/sdk/helper/ldaputil/config.go b/sdk/helper/ldaputil/config.go index d4b21c8b8224..21f2918c477f 100644 --- a/sdk/helper/ldaputil/config.go +++ b/sdk/helper/ldaputil/config.go @@ -9,8 +9,8 @@ import ( "strings" "text/template" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/errwrap" ) diff --git a/sdk/helper/pluginutil/env.go b/sdk/helper/pluginutil/env.go index e5e2a8e00bdd..fd0cd4fb8308 100644 --- a/sdk/helper/pluginutil/env.go +++ b/sdk/helper/pluginutil/env.go @@ -3,8 +3,8 @@ package pluginutil import ( "os" + "github.com/hashicorp/go-secure-stdlib/mlock" version "github.com/hashicorp/go-version" - "github.com/hashicorp/vault/sdk/helper/mlock" ) var ( diff --git a/sdk/helper/policyutil/policyutil.go b/sdk/helper/policyutil/policyutil.go index 1d6cc1df3974..8e5541b1868f 100644 --- a/sdk/helper/policyutil/policyutil.go +++ b/sdk/helper/policyutil/policyutil.go @@ -4,7 +4,7 @@ import ( "sort" "strings" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" ) const ( diff --git a/sdk/helper/template/template.go b/sdk/helper/template/template.go index 829f02d459cf..4ced1528faae 100644 --- a/sdk/helper/template/template.go +++ b/sdk/helper/template/template.go @@ -6,7 +6,7 @@ import ( "text/template" "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" ) type Opt func(*StringTemplate) error diff --git a/sdk/helper/tokenutil/tokenutil.go b/sdk/helper/tokenutil/tokenutil.go index 19a3f73c5189..776b40501ed4 100644 --- a/sdk/helper/tokenutil/tokenutil.go +++ b/sdk/helper/tokenutil/tokenutil.go @@ -5,11 +5,11 @@ import ( "fmt" "time" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" sockaddr "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/sdk/plugin/pb/translation.go b/sdk/plugin/pb/translation.go index 44f6f3552ec3..de0544bc10a8 100644 --- a/sdk/plugin/pb/translation.go +++ b/sdk/plugin/pb/translation.go @@ -6,8 +6,8 @@ import ( "time" "github.com/golang/protobuf/ptypes" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/helper/errutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/serviceregistration/consul/consul_service_registration.go b/serviceregistration/consul/consul_service_registration.go index cd71515db19d..75236b6429f2 100644 --- a/serviceregistration/consul/consul_service_registration.go +++ b/serviceregistration/consul/consul_service_registration.go @@ -17,10 +17,10 @@ import ( "github.com/hashicorp/consul/api" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" sr "github.com/hashicorp/vault/serviceregistration" "github.com/hashicorp/vault/vault/diagnose" atomicB "go.uber.org/atomic" diff --git a/vault/acl.go b/vault/acl.go index 38fa5efc93e5..3d07c4089c48 100644 --- a/vault/acl.go +++ b/vault/acl.go @@ -9,9 +9,9 @@ import ( "github.com/armon/go-radix" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/copystructure" ) diff --git a/vault/auth.go b/vault/auth.go index 39c4b19bc295..fc92f1300aef 100644 --- a/vault/auth.go +++ b/vault/auth.go @@ -6,12 +6,12 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/builtin/plugin" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/barrier_aes_gcm.go b/vault/barrier_aes_gcm.go index 730680b8f952..d1c82b1cf206 100644 --- a/vault/barrier_aes_gcm.go +++ b/vault/barrier_aes_gcm.go @@ -16,8 +16,8 @@ import ( "time" "github.com/armon/go-metrics" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" "go.uber.org/atomic" diff --git a/vault/cluster/inmem_layer.go b/vault/cluster/inmem_layer.go index e65220f8b2ef..ca4f7cbe87ba 100644 --- a/vault/cluster/inmem_layer.go +++ b/vault/cluster/inmem_layer.go @@ -9,7 +9,7 @@ import ( "time" log "github.com/hashicorp/go-hclog" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" "go.uber.org/atomic" ) diff --git a/vault/core.go b/vault/core.go index 3b6e461fdbdf..3a321b9c8102 100644 --- a/vault/core.go +++ b/vault/core.go @@ -32,21 +32,21 @@ import ( wrapping "github.com/hashicorp/go-kms-wrapping" aeadwrapper "github.com/hashicorp/go-kms-wrapping/wrappers/aead" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/mlock" + "github.com/hashicorp/go-secure-stdlib/reloadutil" + "github.com/hashicorp/go-secure-stdlib/strutil" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/audit" "github.com/hashicorp/vault/command/server" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" - "github.com/hashicorp/vault/internalshared/reloadutil" "github.com/hashicorp/vault/physical/raft" "github.com/hashicorp/vault/sdk/helper/certutil" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/logging" - "github.com/hashicorp/vault/sdk/helper/mlock" - "github.com/hashicorp/vault/sdk/helper/strutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/physical" sr "github.com/hashicorp/vault/serviceregistration" diff --git a/vault/cors.go b/vault/cors.go index 0ee0df2292f8..57c0c3698052 100644 --- a/vault/cors.go +++ b/vault/cors.go @@ -7,8 +7,8 @@ import ( "sync" "sync/atomic" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/diagnose/helpers.go b/vault/diagnose/helpers.go index 3314a3635b19..08f004a2b1e7 100644 --- a/vault/diagnose/helpers.go +++ b/vault/diagnose/helpers.go @@ -7,7 +7,7 @@ import ( "strings" "time" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "go.opentelemetry.io/otel/attribute" "go.opentelemetry.io/otel/codes" sdktrace "go.opentelemetry.io/otel/sdk/trace" @@ -29,13 +29,13 @@ const ( adviceKey = attribute.Key("advice") ) +var MainSection = trace.WithAttributes(attribute.Key("diagnose").String("main-section")) + var ( - MainSection = trace.WithAttributes(attribute.Key("diagnose").String("main-section")) + diagnoseSession = struct{}{} + noopTracer = trace.NewNoopTracerProvider().Tracer("vault-diagnose") ) -var diagnoseSession = struct{}{} -var noopTracer = trace.NewNoopTracerProvider().Tracer("vault-diagnose") - type testFunction func(context.Context) error type Session struct { @@ -50,10 +50,10 @@ type Session struct { // when the outermost span ends. func New(w io.Writer) *Session { tc := NewTelemetryCollector(w) - //so, _ := stdout.NewExporter(stdout.WithPrettyPrint()) + // so, _ := stdout.NewExporter(stdout.WithPrettyPrint()) tp := sdktrace.NewTracerProvider( sdktrace.WithSampler(sdktrace.AlwaysSample()), - //sdktrace.WithSpanProcessor(sdktrace.NewSimpleSpanProcessor(so)), + // sdktrace.WithSpanProcessor(sdktrace.NewSimpleSpanProcessor(so)), sdktrace.WithSpanProcessor(tc), ) tracer := tp.Tracer("vault-diagnose") @@ -80,9 +80,7 @@ func Context(ctx context.Context, sess *Session) context.Context { func CurrentSession(ctx context.Context) *Session { sessionCtxVal := ctx.Value(diagnoseSession) if sessionCtxVal != nil { - return sessionCtxVal.(*Session) - } return nil } diff --git a/vault/diagnose/tls_verification.go b/vault/diagnose/tls_verification.go index 9f815cb593fd..4dd351b845d2 100644 --- a/vault/diagnose/tls_verification.go +++ b/vault/diagnose/tls_verification.go @@ -11,12 +11,14 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/tlsutil" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" ) -const minVersionError = "'tls_min_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]" -const maxVersionError = "'tls_max_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]" +const ( + minVersionError = "'tls_min_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]" + maxVersionError = "'tls_max_version' value %q not supported, please specify one of [tls10,tls11,tls12,tls13]" +) // ListenerChecks diagnoses warnings and the first encountered error for the listener // configuration stanzas. @@ -39,7 +41,6 @@ func ListenerChecks(ctx context.Context, listeners []*configutil.Listener) ([]st } if l.TLSDisableClientCerts { Warn(ctx, fmt.Sprintf("Listener at address %s: TLS for a listener is turned on without requiring client certificates.", listenerID)) - } status, warning := TLSMutualExclusionCertCheck(l) if status == 1 { @@ -279,7 +280,6 @@ func NearExpiration(c *x509.Certificate) (bool, time.Duration) { // TLSMutualExclusionCertCheck returns error if both TLSDisableClientCerts and TLSRequireAndVerifyClientCert are set func TLSMutualExclusionCertCheck(l *configutil.Listener) (int, string) { - if l.TLSDisableClientCerts { if l.TLSRequireAndVerifyClientCert { return 1, "The tls_disable_client_certs and tls_require_and_verify_client_cert fields in the listener stanza of the Vault server configuration are mutually exclusive fields. Please ensure they are not both set to true." @@ -290,7 +290,6 @@ func TLSMutualExclusionCertCheck(l *configutil.Listener) (int, string) { // TLSClientCAFileCheck Checks the validity of a client CA file func TLSClientCAFileCheck(l *configutil.Listener) ([]string, error) { - if l.TLSDisableClientCerts { return nil, nil } else if !l.TLSRequireAndVerifyClientCert { @@ -350,5 +349,4 @@ func TLSCAFileCheck(CAFilePath string) ([]string, error) { } return warningsSlc, err - } diff --git a/vault/expiration.go b/vault/expiration.go index 611129e988c4..349bc30d066f 100644 --- a/vault/expiration.go +++ b/vault/expiration.go @@ -19,11 +19,11 @@ import ( "github.com/hashicorp/errwrap" log "github.com/hashicorp/go-hclog" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/helper/fairshare" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/locksutil" @@ -2023,7 +2023,6 @@ func (m *ExpirationManager) loadEntry(ctx context.Context, leaseID string) (*lea m.deleteLockForLease(leaseID) } return leaseEntry, err - } // loadEntryInternal is used when you need to load an entry but also need to diff --git a/vault/external_tests/identity/entities_test.go b/vault/external_tests/identity/entities_test.go index 0bb7b6990732..3e92ae34eb6a 100644 --- a/vault/external_tests/identity/entities_test.go +++ b/vault/external_tests/identity/entities_test.go @@ -4,10 +4,10 @@ import ( "strings" "testing" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/builtin/credential/approle" vaulthttp "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" ) diff --git a/vault/external_tests/identity/identity_test.go b/vault/external_tests/identity/identity_test.go index 8d8f1a4535ac..72f4c9b9e902 100644 --- a/vault/external_tests/identity/identity_test.go +++ b/vault/external_tests/identity/identity_test.go @@ -4,9 +4,9 @@ import ( "fmt" "testing" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/sdk/helper/ldaputil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/stretchr/testify/require" diff --git a/vault/external_tests/policy/policy_test.go b/vault/external_tests/policy/policy_test.go index 4d80cd0022da..9e9af07fbf20 100644 --- a/vault/external_tests/policy/policy_test.go +++ b/vault/external_tests/policy/policy_test.go @@ -6,12 +6,12 @@ import ( "github.com/go-test/deep" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/builtin/credential/ldap" credUserpass "github.com/hashicorp/vault/builtin/credential/userpass" ldaphelper "github.com/hashicorp/vault/helper/testhelpers/ldap" vaulthttp "github.com/hashicorp/vault/http" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault" ) diff --git a/vault/external_tests/raft/raft_autopilot_test.go b/vault/external_tests/raft/raft_autopilot_test.go index 74a5df484591..8e7f930b7f81 100644 --- a/vault/external_tests/raft/raft_autopilot_test.go +++ b/vault/external_tests/raft/raft_autopilot_test.go @@ -9,13 +9,13 @@ import ( "time" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" autopilot "github.com/hashicorp/raft-autopilot" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/testhelpers" "github.com/hashicorp/vault/helper/testhelpers/teststorage" "github.com/hashicorp/vault/physical/raft" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/vault" "github.com/kr/pretty" testingintf "github.com/mitchellh/go-testing-interface" diff --git a/vault/generate_root_recovery.go b/vault/generate_root_recovery.go index f016af013eef..a457fd71c37f 100644 --- a/vault/generate_root_recovery.go +++ b/vault/generate_root_recovery.go @@ -4,7 +4,7 @@ import ( "context" "fmt" - "github.com/hashicorp/vault/sdk/helper/base62" + "github.com/hashicorp/go-secure-stdlib/base62" "go.uber.org/atomic" ) diff --git a/vault/generate_root_test.go b/vault/generate_root_test.go index f57cfa75db69..f83fd1246274 100644 --- a/vault/generate_root_test.go +++ b/vault/generate_root_test.go @@ -4,10 +4,10 @@ import ( "encoding/base64" "testing" + "github.com/hashicorp/go-secure-stdlib/base62" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/pgpkeys" "github.com/hashicorp/vault/helper/xor" - "github.com/hashicorp/vault/sdk/helper/base62" ) func TestCore_GenerateRoot_Lifecycle(t *testing.T) { diff --git a/vault/identity_store.go b/vault/identity_store.go index 176ba2a00786..99ac2f6a77ae 100644 --- a/vault/identity_store.go +++ b/vault/identity_store.go @@ -10,13 +10,13 @@ import ( "github.com/golang/protobuf/ptypes" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/storagepacker" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/identity_store_entities.go b/vault/identity_store_entities.go index 95949c855928..6ebdea0ebb14 100644 --- a/vault/identity_store_entities.go +++ b/vault/identity_store_entities.go @@ -8,13 +8,13 @@ import ( "github.com/golang/protobuf/ptypes" memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/identity/mfa" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/storagepacker" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/identity_store_groups.go b/vault/identity_store_groups.go index 0be981d9a260..2845e28b8983 100644 --- a/vault/identity_store_groups.go +++ b/vault/identity_store_groups.go @@ -6,10 +6,10 @@ import ( "strings" "github.com/golang/protobuf/ptypes" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/identity_store_oidc.go b/vault/identity_store_oidc.go index dec2695bc3e5..924050a90c1b 100644 --- a/vault/identity_store_oidc.go +++ b/vault/identity_store_oidc.go @@ -15,13 +15,13 @@ import ( "time" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/base62" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/identitytpl" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/patrickmn/go-cache" "golang.org/x/crypto/ed25519" diff --git a/vault/identity_store_util.go b/vault/identity_store_util.go index f6535b615f53..a6d6cc7b77f8 100644 --- a/vault/identity_store_util.go +++ b/vault/identity_store_util.go @@ -12,13 +12,13 @@ import ( "github.com/golang/protobuf/ptypes" "github.com/hashicorp/errwrap" memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/identity/mfa" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/helper/storagepacker" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/logical_passthrough.go b/vault/logical_passthrough.go index c04bcd4ab01f..0dececa9b68f 100644 --- a/vault/logical_passthrough.go +++ b/vault/logical_passthrough.go @@ -6,9 +6,9 @@ import ( "fmt" "strings" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/logical_passthrough_test.go b/vault/logical_passthrough_test.go index 59fd78a777b6..fa06c372bbd8 100644 --- a/vault/logical_passthrough_test.go +++ b/vault/logical_passthrough_test.go @@ -7,7 +7,7 @@ import ( "testing" "time" - "github.com/hashicorp/vault/sdk/helper/parseutil" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/logical_system.go b/vault/logical_system.go index 47773697e834..5c8278464473 100644 --- a/vault/logical_system.go +++ b/vault/logical_system.go @@ -24,6 +24,8 @@ import ( log "github.com/hashicorp/go-hclog" memdb "github.com/hashicorp/go-memdb" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/hostutil" "github.com/hashicorp/vault/helper/identity" @@ -34,8 +36,6 @@ import ( "github.com/hashicorp/vault/sdk/framework" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/version" diff --git a/vault/mount.go b/vault/mount.go index ee024b806056..9dad783099d2 100644 --- a/vault/mount.go +++ b/vault/mount.go @@ -11,13 +11,13 @@ import ( "time" "github.com/armon/go-metrics" + "github.com/hashicorp/go-secure-stdlib/strutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/builtin/plugin" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/copystructure" ) diff --git a/vault/plugin_reload.go b/vault/plugin_reload.go index bfc455586613..732d60bfaa82 100644 --- a/vault/plugin_reload.go +++ b/vault/plugin_reload.go @@ -8,7 +8,7 @@ import ( "github.com/hashicorp/vault/helper/namespace" multierror "github.com/hashicorp/go-multierror" - "github.com/hashicorp/vault/sdk/helper/strutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/policy.go b/vault/policy.go index a99399d3ce52..a4686b1d81c7 100644 --- a/vault/policy.go +++ b/vault/policy.go @@ -7,13 +7,13 @@ import ( "time" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/hcl" "github.com/hashicorp/hcl/hcl/ast" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/hclutil" "github.com/hashicorp/vault/sdk/helper/identitytpl" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/mitchellh/copystructure" ) diff --git a/vault/policy_store.go b/vault/policy_store.go index 9798d186f967..20a17f1e73d3 100644 --- a/vault/policy_store.go +++ b/vault/policy_store.go @@ -10,11 +10,11 @@ import ( metrics "github.com/armon/go-metrics" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" lru "github.com/hashicorp/golang-lru" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/consts" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/raft.go b/vault/raft.go index 5cee435bbab3..8a0cd58dff41 100644 --- a/vault/raft.go +++ b/vault/raft.go @@ -18,11 +18,11 @@ import ( discoverk8s "github.com/hashicorp/go-discover/provider/k8s" "github.com/hashicorp/go-hclog" wrapping "github.com/hashicorp/go-kms-wrapping" + "github.com/hashicorp/go-secure-stdlib/tlsutil" uuid "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/physical/raft" "github.com/hashicorp/vault/sdk/helper/jsonutil" - "github.com/hashicorp/vault/sdk/helper/tlsutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault/seal" "github.com/mitchellh/mapstructure" diff --git a/vault/request_handling.go b/vault/request_handling.go index fc624764ede4..581d479d2ccc 100644 --- a/vault/request_handling.go +++ b/vault/request_handling.go @@ -11,6 +11,7 @@ import ( metrics "github.com/armon/go-metrics" "github.com/hashicorp/errwrap" multierror "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/strutil" sockaddr "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/metricsutil" @@ -21,7 +22,6 @@ import ( "github.com/hashicorp/vault/sdk/helper/errutil" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/policyutil" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/wrapping" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/vault/quotas" diff --git a/vault/router.go b/vault/router.go index be067f78a28e..dad8a8dd1418 100644 --- a/vault/router.go +++ b/vault/router.go @@ -11,10 +11,10 @@ import ( metrics "github.com/armon/go-metrics" radix "github.com/armon/go-radix" hclog "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/salt" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/logical" ) diff --git a/vault/testing.go b/vault/testing.go index dbe896c958c0..cf7c2f76e453 100644 --- a/vault/testing.go +++ b/vault/testing.go @@ -29,6 +29,7 @@ import ( "github.com/armon/go-metrics" "github.com/hashicorp/go-cleanhttp" log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/reloadutil" raftlib "github.com/hashicorp/raft" "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/audit" @@ -36,7 +37,6 @@ import ( "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/internalshared/configutil" - "github.com/hashicorp/vault/internalshared/reloadutil" dbMysql "github.com/hashicorp/vault/plugins/database/mysql" dbPostgres "github.com/hashicorp/vault/plugins/database/postgresql" "github.com/hashicorp/vault/sdk/framework" diff --git a/vault/token_store.go b/vault/token_store.go index 9370ece7a3be..3707b0776656 100644 --- a/vault/token_store.go +++ b/vault/token_store.go @@ -18,19 +18,19 @@ import ( "github.com/golang/protobuf/proto" log "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-multierror" + "github.com/hashicorp/go-secure-stdlib/base62" + "github.com/hashicorp/go-secure-stdlib/parseutil" + "github.com/hashicorp/go-secure-stdlib/strutil" "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/framework" - "github.com/hashicorp/vault/sdk/helper/base62" "github.com/hashicorp/vault/sdk/helper/consts" "github.com/hashicorp/vault/sdk/helper/jsonutil" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/policyutil" "github.com/hashicorp/vault/sdk/helper/salt" - "github.com/hashicorp/vault/sdk/helper/strutil" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" "github.com/hashicorp/vault/sdk/plugin/pb" diff --git a/vault/token_store_test.go b/vault/token_store_test.go index a9b946882a11..6a5504e165bf 100644 --- a/vault/token_store_test.go +++ b/vault/token_store_test.go @@ -16,13 +16,13 @@ import ( "github.com/go-test/deep" "github.com/hashicorp/errwrap" "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-secure-stdlib/parseutil" "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/go-uuid" "github.com/hashicorp/vault/helper/identity" "github.com/hashicorp/vault/helper/metricsutil" "github.com/hashicorp/vault/helper/namespace" "github.com/hashicorp/vault/sdk/helper/locksutil" - "github.com/hashicorp/vault/sdk/helper/parseutil" "github.com/hashicorp/vault/sdk/helper/tokenutil" "github.com/hashicorp/vault/sdk/logical" "github.com/mitchellh/mapstructure"