diff --git a/builtin/credential/aws/path_role_test.go b/builtin/credential/aws/path_role_test.go index b4312177cc93..ee721fcf89f0 100644 --- a/builtin/credential/aws/path_role_test.go +++ b/builtin/credential/aws/path_role_test.go @@ -8,7 +8,7 @@ import ( "testing" "github.com/go-test/deep" - log "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-hclog" vlttesting "github.com/hashicorp/vault/helper/testhelpers/logical" "github.com/hashicorp/vault/sdk/helper/awsutil" "github.com/hashicorp/vault/sdk/helper/logging" @@ -1011,7 +1011,7 @@ func TestRoleResolutionWithSTSEndpointConfigured(t *testing.T) { } // Ensure aws credentials are available locally for testing. - logger := logging.NewVaultLogger(log.Debug) + logger := logging.NewVaultLogger(hclog.Debug) credsConfig := &awsutil.CredentialsConfig{Logger: logger} credsChain, err := credsConfig.GenerateCredentialChain() if err != nil { diff --git a/go.mod b/go.mod index 1c6c261c6fd6..15d432c0f074 100644 --- a/go.mod +++ b/go.mod @@ -55,7 +55,7 @@ require ( github.com/hashicorp/go-cleanhttp v0.5.1 github.com/hashicorp/go-gcp-common v0.6.0 github.com/hashicorp/go-hclog v0.14.1 - github.com/hashicorp/go-kms-wrapping v0.5.15-0.20200820184447-e735e02841a5 + github.com/hashicorp/go-kms-wrapping v0.5.15 github.com/hashicorp/go-memdb v1.0.2 github.com/hashicorp/go-msgpack v0.5.5 github.com/hashicorp/go-multierror v1.1.0 diff --git a/go.sum b/go.sum index 2df2c4bac1e7..56b618c64110 100644 --- a/go.sum +++ b/go.sum @@ -464,8 +464,8 @@ github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.1.0 h1:vN9wG1D6KG6YHRTWr8512cxGOVgTMEfgEdSj/hr8MPc= github.com/hashicorp/go-immutable-radix v1.1.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= -github.com/hashicorp/go-kms-wrapping v0.5.15-0.20200820184447-e735e02841a5 h1:w82YXLU/JSK4PFUVleXF/TGcfoRAQU8hpmXI24aTcYQ= -github.com/hashicorp/go-kms-wrapping v0.5.15-0.20200820184447-e735e02841a5/go.mod h1:hKJ7tS+eMXOLxwFs7mYJtPRQtT/rGtwqE6awY3JATCw= +github.com/hashicorp/go-kms-wrapping v0.5.15 h1:u/3OsQdtM1VbRCKFPQ2YIgNGP16eYhh2UKut7MdQCEM= +github.com/hashicorp/go-kms-wrapping v0.5.15/go.mod h1:hKJ7tS+eMXOLxwFs7mYJtPRQtT/rGtwqE6awY3JATCw= github.com/hashicorp/go-kms-wrapping/entropy v0.1.0 h1:xuTi5ZwjimfpvpL09jDE71smCBRpnF5xfo871BSX4gs= github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-memdb v1.0.2 h1:AIjzJlwIxz2inhZqRJZfe6D15lPeF0/cZyS1BVlnlHg= diff --git a/sdk/helper/awsutil/generate_credentials.go b/sdk/helper/awsutil/generate_credentials.go index 6209bcbf485c..af1a11da309c 100644 --- a/sdk/helper/awsutil/generate_credentials.go +++ b/sdk/helper/awsutil/generate_credentials.go @@ -43,6 +43,13 @@ type CredentialsConfig struct { Logger hclog.Logger } +// Make sure the logger isn't nil before logging +func (c *CredentialsConfig) log(level hclog.Level, msg string, args ...interface{}) { + if c.Logger != nil { + c.Logger.Log(level, msg, args) + } +} + func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, error) { var providers []credentials.Provider @@ -55,7 +62,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, SecretAccessKey: c.SecretKey, SessionToken: c.SessionToken, }}) - c.Logger.Debug("added static credential provider", "AccessKey", c.AccessKey) + c.log(hclog.Debug, "added static credential provider", "AccessKey", c.AccessKey) case c.AccessKey == "" && c.SecretKey == "": // Attempt to get credentials from the IAM instance role below @@ -71,7 +78,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, if roleARN != "" && tokenPath != "" { // this session is only created to create the WebIdentityRoleProvider, as the env variables are already there // this automatically assumes the role, but the provider needs to be added to the chain - c.Logger.Debug("adding web identity provider", "roleARN", roleARN) + c.log(hclog.Debug, "adding web identity provider", "roleARN", roleARN) sess, err := session.NewSession() if err != nil { return nil, errors.Wrap(err, "error creating a new session to create a WebIdentityRoleProvider") @@ -81,7 +88,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, // Check if the webIdentityProvider can successfully retrieve // credentials (via sts:AssumeRole), and warn if there's a problem. if _, err := webIdentityProvider.Retrieve(); err != nil { - c.Logger.Warn("error assuming role", "roleARN", roleARN, "tokenPath", tokenPath, "sessionName", sessionName, "err", err) + c.log(hclog.Warn, "error assuming role", "roleARN", roleARN, "tokenPath", tokenPath, "sessionName", sessionName, "err", err) } //Add the web identity role credential provider diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/awsutil/generate_credentials.go b/vendor/github.com/hashicorp/vault/sdk/helper/awsutil/generate_credentials.go index 6209bcbf485c..af1a11da309c 100644 --- a/vendor/github.com/hashicorp/vault/sdk/helper/awsutil/generate_credentials.go +++ b/vendor/github.com/hashicorp/vault/sdk/helper/awsutil/generate_credentials.go @@ -43,6 +43,13 @@ type CredentialsConfig struct { Logger hclog.Logger } +// Make sure the logger isn't nil before logging +func (c *CredentialsConfig) log(level hclog.Level, msg string, args ...interface{}) { + if c.Logger != nil { + c.Logger.Log(level, msg, args) + } +} + func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, error) { var providers []credentials.Provider @@ -55,7 +62,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, SecretAccessKey: c.SecretKey, SessionToken: c.SessionToken, }}) - c.Logger.Debug("added static credential provider", "AccessKey", c.AccessKey) + c.log(hclog.Debug, "added static credential provider", "AccessKey", c.AccessKey) case c.AccessKey == "" && c.SecretKey == "": // Attempt to get credentials from the IAM instance role below @@ -71,7 +78,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, if roleARN != "" && tokenPath != "" { // this session is only created to create the WebIdentityRoleProvider, as the env variables are already there // this automatically assumes the role, but the provider needs to be added to the chain - c.Logger.Debug("adding web identity provider", "roleARN", roleARN) + c.log(hclog.Debug, "adding web identity provider", "roleARN", roleARN) sess, err := session.NewSession() if err != nil { return nil, errors.Wrap(err, "error creating a new session to create a WebIdentityRoleProvider") @@ -81,7 +88,7 @@ func (c *CredentialsConfig) GenerateCredentialChain() (*credentials.Credentials, // Check if the webIdentityProvider can successfully retrieve // credentials (via sts:AssumeRole), and warn if there's a problem. if _, err := webIdentityProvider.Retrieve(); err != nil { - c.Logger.Warn("error assuming role", "roleARN", roleARN, "tokenPath", tokenPath, "sessionName", sessionName, "err", err) + c.log(hclog.Warn, "error assuming role", "roleARN", roleARN, "tokenPath", tokenPath, "sessionName", sessionName, "err", err) } //Add the web identity role credential provider diff --git a/vendor/modules.txt b/vendor/modules.txt index ce803e71227d..daa644fe9cd9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -389,7 +389,7 @@ github.com/hashicorp/go-gcp-common/gcputil github.com/hashicorp/go-hclog # github.com/hashicorp/go-immutable-radix v1.1.0 github.com/hashicorp/go-immutable-radix -# github.com/hashicorp/go-kms-wrapping v0.5.15-0.20200820184447-e735e02841a5 +# github.com/hashicorp/go-kms-wrapping v0.5.15 github.com/hashicorp/go-kms-wrapping github.com/hashicorp/go-kms-wrapping/internal/xor github.com/hashicorp/go-kms-wrapping/wrappers/aead