Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit efac45f

Browse files
committedMar 25, 2022
adding third party licenses
1 parent 5f68ce3 commit efac45f

File tree

8 files changed

+195
-22
lines changed

8 files changed

+195
-22
lines changed
 

‎third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/client.go

+82-9
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,8 @@ const (
5151
EnvRateLimit = "VAULT_RATE_LIMIT"
5252
EnvHTTPProxy = "VAULT_HTTP_PROXY"
5353
HeaderIndex = "X-Vault-Index"
54+
HeaderForward = "X-Vault-Forward"
55+
HeaderInconsistent = "X-Vault-Inconsistent"
5456
)
5557

5658
// Deprecated values
@@ -132,13 +134,22 @@ type Config struct {
132134
// with the same client. Cloning a client will not clone this value.
133135
OutputCurlString bool
134136

137+
// curlCACert, curlCAPath, curlClientCert and curlClientKey are used to keep
138+
// track of the name of the TLS certs and keys when OutputCurlString is set.
139+
// Cloning a client will also not clone those values.
140+
curlCACert, curlCAPath string
141+
curlClientCert, curlClientKey string
142+
135143
// SRVLookup enables the client to lookup the host through DNS SRV lookup
136144
SRVLookup bool
137145

138146
// CloneHeaders ensures that the source client's headers are copied to
139147
// its clone.
140148
CloneHeaders bool
141149

150+
// CloneToken from parent.
151+
CloneToken bool
152+
142153
// ReadYourWrites ensures isolated read-after-write semantics by
143154
// providing discovered cluster replication states in each request.
144155
// The shared state is automatically propagated to all Client clones.
@@ -180,7 +191,7 @@ type TLSConfig struct {
180191
// The default Address is https://127.0.0.1:8200, but this can be overridden by
181192
// setting the `VAULT_ADDR` environment variable.
182193
//
183-
// If an error is encountered, this will return nil.
194+
// If an error is encountered, the Error field on the returned *Config will be populated with the specific error.
184195
func DefaultConfig() *Config {
185196
config := &Config{
186197
Address: "https://127.0.0.1:8200",
@@ -222,9 +233,9 @@ func DefaultConfig() *Config {
222233
return config
223234
}
224235

225-
// ConfigureTLS takes a set of TLS configurations and applies those to the
226-
// HTTP client.
227-
func (c *Config) ConfigureTLS(t *TLSConfig) error {
236+
// configureTLS is a lock free version of ConfigureTLS that can be used in
237+
// ReadEnvironment where the lock is already hold
238+
func (c *Config) configureTLS(t *TLSConfig) error {
228239
if c.HttpClient == nil {
229240
c.HttpClient = DefaultConfig().HttpClient
230241
}
@@ -241,11 +252,15 @@ func (c *Config) ConfigureTLS(t *TLSConfig) error {
241252
return err
242253
}
243254
foundClientCert = true
255+
c.curlClientCert = t.ClientCert
256+
c.curlClientKey = t.ClientKey
244257
case t.ClientCert != "" || t.ClientKey != "":
245258
return fmt.Errorf("both client cert and client key must be provided")
246259
}
247260

248261
if t.CACert != "" || t.CAPath != "" {
262+
c.curlCACert = t.CACert
263+
c.curlCAPath = t.CAPath
249264
rootConfig := &rootcerts.Config{
250265
CAFile: t.CACert,
251266
CAPath: t.CAPath,
@@ -275,6 +290,15 @@ func (c *Config) ConfigureTLS(t *TLSConfig) error {
275290
return nil
276291
}
277292

293+
// ConfigureTLS takes a set of TLS configurations and applies those to the
294+
// HTTP client.
295+
func (c *Config) ConfigureTLS(t *TLSConfig) error {
296+
c.modifyLock.Lock()
297+
defer c.modifyLock.Unlock()
298+
299+
return c.configureTLS(t)
300+
}
301+
278302
// ReadEnvironment reads configuration information from the environment. If
279303
// there is an error, no configuration value is updated.
280304
func (c *Config) ReadEnvironment() error {
@@ -379,7 +403,7 @@ func (c *Config) ReadEnvironment() error {
379403
c.SRVLookup = envSRVLookup
380404
c.Limiter = limit
381405

382-
if err := c.ConfigureTLS(t); err != nil {
406+
if err := c.configureTLS(t); err != nil {
383407
return err
384408
}
385409

@@ -547,6 +571,7 @@ func (c *Client) CloneConfig() *Config {
547571
newConfig.OutputCurlString = c.config.OutputCurlString
548572
newConfig.SRVLookup = c.config.SRVLookup
549573
newConfig.CloneHeaders = c.config.CloneHeaders
574+
newConfig.CloneToken = c.config.CloneToken
550575
newConfig.ReadYourWrites = c.config.ReadYourWrites
551576

552577
// we specifically want a _copy_ of the client here, not a pointer to the original one
@@ -775,6 +800,12 @@ func (c *Client) setNamespace(namespace string) {
775800
c.headers.Set(consts.NamespaceHeaderName, namespace)
776801
}
777802

803+
func (c *Client) ClearNamespace() {
804+
c.modifyLock.Lock()
805+
defer c.modifyLock.Unlock()
806+
c.headers.Del(consts.NamespaceHeaderName)
807+
}
808+
778809
// Token returns the access token being used by this client. It will
779810
// return the empty string if there is no token set.
780811
func (c *Client) Token() string {
@@ -873,6 +904,26 @@ func (c *Client) CloneHeaders() bool {
873904
return c.config.CloneHeaders
874905
}
875906

907+
// SetCloneToken from parent
908+
func (c *Client) SetCloneToken(cloneToken bool) {
909+
c.modifyLock.Lock()
910+
defer c.modifyLock.Unlock()
911+
c.config.modifyLock.Lock()
912+
defer c.config.modifyLock.Unlock()
913+
914+
c.config.CloneToken = cloneToken
915+
}
916+
917+
// CloneToken gets the configured CloneToken value.
918+
func (c *Client) CloneToken() bool {
919+
c.modifyLock.RLock()
920+
defer c.modifyLock.RUnlock()
921+
c.config.modifyLock.RLock()
922+
defer c.config.modifyLock.RUnlock()
923+
924+
return c.config.CloneToken
925+
}
926+
876927
// SetReadYourWrites to prevent reading stale cluster replication state.
877928
func (c *Client) SetReadYourWrites(preventStaleReads bool) {
878929
c.modifyLock.Lock()
@@ -904,12 +955,25 @@ func (c *Client) ReadYourWrites() bool {
904955
// Clone creates a new client with the same configuration. Note that the same
905956
// underlying http.Client is used; modifying the client from more than one
906957
// goroutine at once may not be safe, so modify the client as needed and then
907-
// clone.
958+
// clone. The headers are cloned based on the CloneHeaders property of the
959+
// source config
908960
//
909961
// Also, only the client's config is currently copied; this means items not in
910962
// the api.Config struct, such as policy override and wrapping function
911963
// behavior, must currently then be set as desired on the new client.
912964
func (c *Client) Clone() (*Client, error) {
965+
return c.clone(c.config.CloneHeaders)
966+
}
967+
968+
// CloneWithHeaders creates a new client similar to Clone, with the difference
969+
// being that the headers are always cloned
970+
func (c *Client) CloneWithHeaders() (*Client, error) {
971+
return c.clone(true)
972+
}
973+
974+
// clone creates a new client, with the headers being cloned based on the
975+
// passed in cloneheaders boolean
976+
func (c *Client) clone(cloneHeaders bool) (*Client, error) {
913977
c.modifyLock.RLock()
914978
defer c.modifyLock.RUnlock()
915979

@@ -932,17 +996,22 @@ func (c *Client) Clone() (*Client, error) {
932996
AgentAddress: config.AgentAddress,
933997
SRVLookup: config.SRVLookup,
934998
CloneHeaders: config.CloneHeaders,
999+
CloneToken: config.CloneToken,
9351000
ReadYourWrites: config.ReadYourWrites,
9361001
}
9371002
client, err := NewClient(newConfig)
9381003
if err != nil {
9391004
return nil, err
9401005
}
9411006

942-
if config.CloneHeaders {
1007+
if cloneHeaders {
9431008
client.SetHeaders(c.Headers().Clone())
9441009
}
9451010

1011+
if config.CloneToken {
1012+
client.SetToken(c.token)
1013+
}
1014+
9461015
client.replicationStateStore = c.replicationStateStore
9471016

9481017
return client, nil
@@ -1080,6 +1149,10 @@ START:
10801149
LastOutputStringError = &OutputStringError{
10811150
Request: req,
10821151
TLSSkipVerify: c.config.HttpClient.Transport.(*http.Transport).TLSClientConfig.InsecureSkipVerify,
1152+
ClientCert: c.config.curlClientCert,
1153+
ClientKey: c.config.curlClientKey,
1154+
ClientCACert: c.config.curlCACert,
1155+
ClientCAPath: c.config.curlCAPath,
10831156
}
10841157
return nil, LastOutputStringError
10851158
}
@@ -1330,7 +1403,7 @@ func ParseReplicationState(raw string, hmacKey []byte) (*logical.WALState, error
13301403
// conjunction with RequireState.
13311404
func ForwardInconsistent() RequestCallback {
13321405
return func(req *Request) {
1333-
req.Headers.Set("X-Vault-Inconsistent", "forward-active-node")
1406+
req.Headers.Set(HeaderInconsistent, "forward-active-node")
13341407
}
13351408
}
13361409

@@ -1339,7 +1412,7 @@ func ForwardInconsistent() RequestCallback {
13391412
// This feature must be enabled in Vault's configuration.
13401413
func ForwardAlways() RequestCallback {
13411414
return func(req *Request) {
1342-
req.Headers.Set("X-Vault-Forward", "active-node")
1415+
req.Headers.Set(HeaderForward, "active-node")
13431416
}
13441417
}
13451418

‎third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/lifetime_watcher.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -225,7 +225,7 @@ func (r *LifetimeWatcher) Start() {
225225
r.doneCh <- r.doRenew()
226226
}
227227

228-
// Renew is for comnpatibility with the legacy api.Renewer. Calling Renew
228+
// Renew is for compatibility with the legacy api.Renewer. Calling Renew
229229
// simply chains to Start.
230230
func (r *LifetimeWatcher) Renew() {
231231
r.Start()

‎third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/logical.go

+1-4
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@ import (
55
"context"
66
"fmt"
77
"io"
8-
"net/http"
98
"net/url"
109
"os"
1110
"strings"
@@ -145,9 +144,7 @@ func (c *Logical) Write(path string, data map[string]interface{}) (*Secret, erro
145144

146145
func (c *Logical) JSONMergePatch(ctx context.Context, path string, data map[string]interface{}) (*Secret, error) {
147146
r := c.c.NewRequest("PATCH", "/v1/"+path)
148-
r.Headers = http.Header{
149-
"Content-Type": []string{"application/merge-patch+json"},
150-
}
147+
r.Headers.Set("Content-Type", "application/merge-patch+json")
151148
if err := r.SetJSONBody(data); err != nil {
152149
return nil, err
153150
}

‎third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/output_string.go

+21-3
Original file line numberDiff line numberDiff line change
@@ -15,9 +15,11 @@ var LastOutputStringError *OutputStringError
1515

1616
type OutputStringError struct {
1717
*retryablehttp.Request
18-
TLSSkipVerify bool
19-
parsingError error
20-
parsedCurlString string
18+
TLSSkipVerify bool
19+
ClientCACert, ClientCAPath string
20+
ClientCert, ClientKey string
21+
parsingError error
22+
parsedCurlString string
2123
}
2224

2325
func (d *OutputStringError) Error() string {
@@ -46,6 +48,22 @@ func (d *OutputStringError) parseRequest() {
4648
if d.Request.Method != "GET" {
4749
d.parsedCurlString = fmt.Sprintf("%s-X %s ", d.parsedCurlString, d.Request.Method)
4850
}
51+
if d.ClientCACert != "" {
52+
clientCACert := strings.Replace(d.ClientCACert, "'", "'\"'\"'", -1)
53+
d.parsedCurlString = fmt.Sprintf("%s--cacert '%s' ", d.parsedCurlString, clientCACert)
54+
}
55+
if d.ClientCAPath != "" {
56+
clientCAPath := strings.Replace(d.ClientCAPath, "'", "'\"'\"'", -1)
57+
d.parsedCurlString = fmt.Sprintf("%s--capath '%s' ", d.parsedCurlString, clientCAPath)
58+
}
59+
if d.ClientCert != "" {
60+
clientCert := strings.Replace(d.ClientCert, "'", "'\"'\"'", -1)
61+
d.parsedCurlString = fmt.Sprintf("%s--cert '%s' ", d.parsedCurlString, clientCert)
62+
}
63+
if d.ClientKey != "" {
64+
clientKey := strings.Replace(d.ClientKey, "'", "'\"'\"'", -1)
65+
d.parsedCurlString = fmt.Sprintf("%s--key '%s' ", d.parsedCurlString, clientKey)
66+
}
4967
for k, v := range d.Request.Header {
5068
for _, h := range v {
5169
if strings.ToLower(k) == "x-vault-token" {

‎third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/plugin_helpers.go

-1
Original file line numberDiff line numberDiff line change
@@ -182,7 +182,6 @@ func VaultPluginTLSProvider(apiTLSConfig *TLSConfig) func() (*tls.Config, error)
182182
Certificates: []tls.Certificate{cert},
183183
ServerName: serverCert.Subject.CommonName,
184184
}
185-
tlsConfig.BuildNameToCertificate()
186185

187186
return tlsConfig, nil
188187
}

‎third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/secret.go

+3
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@ import (
99
"github.com/hashicorp/errwrap"
1010
"github.com/hashicorp/go-secure-stdlib/parseutil"
1111
"github.com/hashicorp/vault/sdk/helper/jsonutil"
12+
"github.com/hashicorp/vault/sdk/logical"
1213
)
1314

1415
// Secret is the structure returned for every secret within Vault.
@@ -297,6 +298,8 @@ type SecretAuth struct {
297298

298299
LeaseDuration int `json:"lease_duration"`
299300
Renewable bool `json:"renewable"`
301+
302+
MFARequirement *logical.MFARequirement `json:"mfa_requirement"`
300303
}
301304

302305
// ParseSecret is used to parse a secret value from JSON from an io.Reader.

0 commit comments

Comments
 (0)
Please sign in to comment.