From 3a7aac83ef75c3e92f8a77620464e4fd4e31fae6 Mon Sep 17 00:00:00 2001 From: Jim Kalafut Date: Fri, 3 Apr 2020 17:46:16 -0700 Subject: [PATCH] Update MongoDB Atlas secrets plugin (#8682) --- go.mod | 2 +- go.sum | 2 + .../vault-plugin-secrets-mongodbatlas/go.mod | 12 +- .../vault-plugin-secrets-mongodbatlas/go.sum | 34 +++++- .../path_credentials.go | 16 +-- .../secret_programmatic_api_keys.go | 115 ++++++++++++++---- .../test_env.go | 56 +++++++++ vendor/modules.txt | 2 +- 8 files changed, 198 insertions(+), 41 deletions(-) diff --git a/go.mod b/go.mod index eaed88d3346e2..5176321221abe 100644 --- a/go.mod +++ b/go.mod @@ -87,7 +87,7 @@ require ( github.com/hashicorp/vault-plugin-secrets-gcp v0.6.0 github.com/hashicorp/vault-plugin-secrets-gcpkms v0.5.4 github.com/hashicorp/vault-plugin-secrets-kv v0.5.4 - github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.0 + github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.1 github.com/hashicorp/vault-plugin-secrets-openldap v0.1.1 github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02 github.com/hashicorp/vault/sdk v0.1.14-0.20200317185738-82f498082f02 diff --git a/go.sum b/go.sum index 610d2114173d1..ac7ab28b86b91 100644 --- a/go.sum +++ b/go.sum @@ -428,6 +428,8 @@ github.com/hashicorp/vault-plugin-secrets-kv v0.5.4 h1:rmP+NFz32aDvfinoa8977x2y0 github.com/hashicorp/vault-plugin-secrets-kv v0.5.4/go.mod h1:oNyUoMMQq6uNTwyYPnkldiedaknYbPfQIdKoyKQdy2g= github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.0 h1:qChA5Q1kQNXkWRvKYYy4t68s7I9rSJnZV3wFp8n197Y= github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.0/go.mod h1:K55+frX6W+CxqTLC2JSAxvWad5JRHgYE+LPvqhsJDmM= +github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.1 h1:hrDehrV7zZ5/v5O58C4mdk80hR13h4ngMLfJYDuVNMs= +github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.1/go.mod h1:YRW9zn9NZNitRlPYNAWRp/YEdKCF/X8aOg8IYSxFT5Y= github.com/hashicorp/vault-plugin-secrets-openldap v0.1.1 h1:rdGO8Ix8R8pzNJQ1H8TVlU6guv7NMPFt5tVwADNyAfk= github.com/hashicorp/vault-plugin-secrets-openldap v0.1.1/go.mod h1:9Cy4Jp779BjuIOhYLjEfH3M3QCUxZgPnvJ3tAOOmof4= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M= diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/go.mod b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/go.mod index 9e1a472a6a5b9..e474a844a1864 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/go.mod +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/go.mod @@ -5,16 +5,20 @@ go 1.12 require ( github.com/Sectorbob/mlab-ns2 v0.0.0-20171030222938-d3aa0c295a8a github.com/armon/go-radix v1.0.0 // indirect + github.com/frankban/quicktest v1.4.1 // indirect github.com/go-test/deep v1.0.2 + github.com/google/go-cmp v0.3.1 // indirect github.com/hashicorp/errwrap v1.0.0 github.com/hashicorp/go-hclog v0.12.0 + github.com/hashicorp/go-immutable-radix v1.1.0 // indirect github.com/hashicorp/go-version v1.2.0 // indirect - github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02 - github.com/hashicorp/vault/sdk v0.1.14-0.20200317185738-82f498082f02 - github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d // indirect + github.com/hashicorp/golang-lru v0.5.3 // indirect + github.com/hashicorp/vault/api v1.0.5-0.20200215224050-f6547fa8e820 + github.com/hashicorp/vault/sdk v0.1.14-0.20200305172021-03a3749f220d github.com/mitchellh/mapstructure v1.1.2 github.com/mongodb/go-client-mongodb-atlas v0.1.2 - golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f // indirect + github.com/pierrec/lz4 v2.2.6+incompatible // indirect + golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 // indirect golang.org/x/text v0.3.2 // indirect google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64 // indirect ) diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/go.sum b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/go.sum index 6b7f317e0b05a..8e319703be3f8 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/go.sum +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/go.sum @@ -21,6 +21,8 @@ github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= +github.com/frankban/quicktest v1.4.1 h1:Wv2VwvNn73pAdFIVUQRXYDFp31lXKbqblIXo/Q5GPSg= +github.com/frankban/quicktest v1.4.1/go.mod h1:36zfPVQyHxymz4cH7wlDmVwDrJuljRB60qkgn7rorfQ= github.com/go-asn1-ber/asn1-ber v1.3.1/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-ldap/ldap/v3 v3.1.3/go.mod h1:3rbOH3jRS2u6jg2rJnKAMLE/xQyCKIveG2Sa/Cohzb8= github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -32,11 +34,15 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekf github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= @@ -45,12 +51,15 @@ github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= +github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v0.12.0 h1:d4QkX8FRTYaKaCZBoXYY8zJX2BXjWxurN/GA2tkrmZM= github.com/hashicorp/go-hclog v0.12.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0 h1:AKDB1HM5PWEA7i4nhcpwOrO2byshxBjXVn/J/3+z5/0= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-immutable-radix v1.1.0 h1:vN9wG1D6KG6YHRTWr8512cxGOVgTMEfgEdSj/hr8MPc= +github.com/hashicorp/go-immutable-radix v1.1.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-kms-wrapping/entropy v0.1.0 h1:xuTi5ZwjimfpvpL09jDE71smCBRpnF5xfo871BSX4gs= github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g= github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o= @@ -65,6 +74,7 @@ github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR3 github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.2-0.20191001231223-f32f5fe8d6a8/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.1.0 h1:bPIoEKD27tNdebFGGxxYwcL4nepeY4j1QP23PFRGzg0= @@ -74,17 +84,24 @@ github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/hashicorp/golang-lru v0.5.3 h1:YPkqC67at8FYaadspW/6uE0COsBxS2656RLEr8Bppgk= +github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02 h1:OGEV0U0+lb8SP5aZA1m456Sr3MYxFel2awVr55QRri0= -github.com/hashicorp/vault/api v1.0.5-0.20200317185738-82f498082f02/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o= +github.com/hashicorp/vault/api v1.0.5-0.20200215224050-f6547fa8e820 h1:biZidYDDEWnuOI9mXnJre8lwHKhb5ym85aSXk3oz/dc= +github.com/hashicorp/vault/api v1.0.5-0.20200215224050-f6547fa8e820/go.mod h1:3f12BMfgDGjTsTtIUj+ZKZwSobQpZtYGFIEehOv5z1o= github.com/hashicorp/vault/sdk v0.1.14-0.20200215195600-2ca765f0a500/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= -github.com/hashicorp/vault/sdk v0.1.14-0.20200317185738-82f498082f02 h1:vVrOAVfunVvkTkE9iF3Fe1+PGPLwGIp3nP4qgHGrHFs= -github.com/hashicorp/vault/sdk v0.1.14-0.20200317185738-82f498082f02/go.mod h1:WX57W2PwkrOPQ6rVQk+dy5/htHIaB4aBM70EwKThu10= +github.com/hashicorp/vault/sdk v0.1.14-0.20200305172021-03a3749f220d h1:Uyra+poga+ulm5m+XNBUUm/eUZ0e6RBVT5jxBcb7fVY= +github.com/hashicorp/vault/sdk v0.1.14-0.20200305172021-03a3749f220d/go.mod h1:PcekaFGiPJyHnFy+NZhP6ll650zEw51Ag7g/YEa+EOU= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= +github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= +github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= +github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -114,6 +131,8 @@ github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0Mw github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I= github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= +github.com/pierrec/lz4 v2.2.6+incompatible h1:6aCX4/YZ9v8q69hTyiR7dNLnTA3fgtKHVVW5BCd5Znw= +github.com/pierrec/lz4 v2.2.6+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -133,8 +152,8 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqri golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE= -golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f h1:R423Cnkcp5JABoeemiGEPlt9tHXFfw5kvc0yqlxRPWo= -golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49NNxhdi2PrY7gxVSq1JjLDc= +golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -152,6 +171,7 @@ golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAG golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -164,6 +184,7 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20191008105621-543471e840be h1:QAcqgptGM8IQBC9K/RC4o+O9YmqEm0diQn9QmZw/0mU= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.1-0.20181227161524-e6919f6577db/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= @@ -176,6 +197,7 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= +google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64 h1:iKtrH9Y8mcbADOP0YFaEMth7OfuHY9xHOwNj4znpM1A= google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/path_credentials.go b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/path_credentials.go index dd15cb2fac9e8..86b14cb132de4 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/path_credentials.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/path_credentials.go @@ -36,9 +36,9 @@ func (b *Backend) pathCredentials() *framework.Path { } func (b *Backend) pathCredentialsRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { - userName := d.Get("name").(string) + role := d.Get("name").(string) - cred, err := b.credentialRead(ctx, req.Storage, userName) + cred, err := b.credentialRead(ctx, req.Storage, role) if err != nil { return nil, errwrap.Wrapf("error retrieving credential: {{err}}", err) } @@ -47,18 +47,18 @@ func (b *Backend) pathCredentialsRead(ctx context.Context, req *logical.Request, return nil, errors.New("error retrieving credential: credential is nil") } - return b.programmaticAPIKeyCreate(ctx, req.Storage, userName, cred) + return b.programmaticAPIKeyCreate(ctx, req.Storage, role, cred) } type walEntry struct { - UserName string - ProjectID string - OrganizationID string - ProgrammaticAPIKeyID string + Role string + ProjectID string `mapstructure:"project_id"` + OrganizationID string `mapstructure:"organization_id"` + ProgrammaticAPIKeyID string `mapstructure:"programmatic_api_key_id"` } -func genUsername(displayName string) (string, error) { +func genAPIKeyDescription(displayName string) (string, error) { midString := displayNameRegex.ReplaceAllString(displayName, "_") diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/secret_programmatic_api_keys.go b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/secret_programmatic_api_keys.go index 9c399f76a4692..c0ae207172ddb 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/secret_programmatic_api_keys.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/secret_programmatic_api_keys.go @@ -33,9 +33,9 @@ func (b *Backend) programmaticAPIKeys() *framework.Secret { } } -func (b *Backend) programmaticAPIKeyCreate(ctx context.Context, s logical.Storage, displayName string, cred *atlasCredentialEntry) (*logical.Response, error) { +func (b *Backend) programmaticAPIKeyCreate(ctx context.Context, s logical.Storage, role string, cred *atlasCredentialEntry) (*logical.Response, error) { - apiKeyDescription, err := genUsername(displayName) + apiKeyDescription, err := genAPIKeyDescription(role) if err != nil { return nil, errwrap.Wrapf("error generating username: {{err}}", err) } @@ -44,7 +44,7 @@ func (b *Backend) programmaticAPIKeyCreate(ctx context.Context, s logical.Storag return logical.ErrorResponse(err.Error()), nil } walID, err := framework.PutWAL(ctx, s, programmaticAPIKey, &walEntry{ - UserName: apiKeyDescription, + Role: apiKeyDescription, }) if err != nil { return nil, errwrap.Wrapf("error writing WAL entry: {{err}}", err) @@ -85,6 +85,7 @@ func (b *Backend) programmaticAPIKeyCreate(ctx context.Context, s logical.Storag "programmatic_api_key_id": key.ID, "project_id": cred.ProjectID, "organization_id": cred.OrganizationID, + "role": role, }) defaultLease, maxLease := b.getDefaultAndMaxLease() @@ -127,6 +128,32 @@ func createProjectAPIKey(ctx context.Context, client *mongodbatlas.Client, apiKe Desc: apiKeyDescription, Roles: credentialEntry.Roles, }) + if err != nil { + return nil, err + } + + orgIDs := map[string]interface{}{} + + // this is the only way to get the orgID needed for this request + for _, r := range key.Roles { + if _, ok := orgIDs[r.OrgID]; !ok { + if len(r.OrgID) > 0 { + orgIDs[r.OrgID] = 1 + } + } + } + + // if we have whitelist entries and no orgIds then return an error + if (len(credentialEntry.IPAddresses)+len(credentialEntry.CIDRBlocks)) > 0 && len(orgIDs) == 0 { + return nil, fmt.Errorf("No organization ID was found on programmatic key roles") + } + + for orgID := range orgIDs { + if err := addWhitelistEntry(ctx, client, orgID, key.ID, credentialEntry); err != nil { + return nil, err + } + } + return key, err } @@ -215,7 +242,6 @@ func (b *Backend) programmaticAPIKeyRevoke(ctx context.Context, req *logical.Req } func (b *Backend) pathProgrammaticAPIKeyRollback(ctx context.Context, req *logical.Request, _kind string, data interface{}) error { - var entry walEntry if err := mapstructure.Decode(data, &entry); err != nil { return err @@ -227,8 +253,7 @@ func (b *Backend) pathProgrammaticAPIKeyRollback(ctx context.Context, req *logic return nil } - switch { - case isOrgKey(entry.OrganizationID, entry.ProjectID): + if isOrgKey(entry.OrganizationID, entry.ProjectID) || isAssignedToProject(entry.OrganizationID, entry.ProjectID) { // check if the user exists or not _, res, err := client.APIKeys.Get(ctx, entry.OrganizationID, entry.ProgrammaticAPIKeyID) // if the user is gone, move along @@ -247,48 +272,96 @@ func (b *Backend) pathProgrammaticAPIKeyRollback(ctx context.Context, req *logic } return err } - case isProjectKey(entry.OrganizationID, entry.ProjectID): - // now, delete the user - res, err := client.ProjectAPIKeys.Unassign(ctx, entry.ProjectID, entry.ProgrammaticAPIKeyID) + return nil + } + + if isProjectKey(entry.OrganizationID, entry.ProjectID) { + + // we need the orgID to delete the Key + foundKey := mongodbatlas.APIKey{} + keys, _, err := client.ProjectAPIKeys.List(ctx, entry.ProjectID, nil) if err != nil { - if res != nil && res.StatusCode == http.StatusNotFound { - return nil - } return err } - case isAssignedToProject(entry.OrganizationID, entry.ProjectID): - // check if the user exists or not - _, res, err := client.APIKeys.Get(ctx, entry.OrganizationID, entry.ProgrammaticAPIKeyID) - // if the user is gone, move along + for _, key := range keys { + if key.ID == entry.ProgrammaticAPIKeyID { + foundKey = key + break + } + } + + if len(foundKey.Roles) == 0 { + return fmt.Errorf("missing roles on programmatic key %s", foundKey.ID) + } + + // find the first orgID + orgID := "" + for _, r := range foundKey.Roles { + if len(r.OrgID) > 0 { + orgID = r.OrgID + break + } + } + + // if orgID it's not found, return an error + if len(orgID) == 0 { + return fmt.Errorf("missing orgID on programmatic key %s", foundKey.ID) + } + + // now, delete the user + res, err := client.ProjectAPIKeys.Unassign(ctx, entry.ProjectID, entry.ProgrammaticAPIKeyID) if err != nil { if res != nil && res.StatusCode == http.StatusNotFound { return nil } return err } - // now, delete the api key - res, err = client.APIKeys.Delete(ctx, entry.OrganizationID, entry.ProgrammaticAPIKeyID) + res, err = client.APIKeys.Delete(ctx, orgID, entry.ProgrammaticAPIKeyID) if err != nil { if res != nil && res.StatusCode == http.StatusNotFound { return nil } return err } - + return nil } - return nil + return fmt.Errorf("Programmatic API key %s type not found, not deleting", entry.ProgrammaticAPIKeyID) } func (b *Backend) programmaticAPIKeysRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) { - // Get the lease (if any) + //check if the role is on the secret + roleRaw, ok := req.Secret.InternalData["role"] + if !ok { + return nil, errors.New("internal data 'role' not found") + } + + //get the credential entry + role := roleRaw.(string) + cred, err := b.credentialRead(ctx, req.Storage, role) + if err != nil { + return nil, errwrap.Wrapf("error retrieving credential: {{err}}", err) + } + + if cred == nil { + return nil, errors.New("error retrieving credential: credential is nil") + } + // Get the lease (if any) defaultLease, maxLease := b.getDefaultAndMaxLease() + if cred.TTL > 0 { + defaultLease = cred.MaxTTL + } + if cred.MaxTTL > 0 { + maxLease = cred.MaxTTL + } resp := &logical.Response{Secret: req.Secret} + resp.Secret.TTL = defaultLease resp.Secret.MaxTTL = maxLease + return resp, nil } diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/test_env.go b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/test_env.go index 22ca490513e07..519c9a8007079 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/test_env.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-mongodbatlas/test_env.go @@ -79,6 +79,7 @@ func (e *testEnv) AddProgrammaticAPIKeyRole(t *testing.T) { func (e *testEnv) AddProgrammaticAPIKeyRoleWithProjectIDAndOrgID(t *testing.T) { roles := []string{"ORG_MEMBER"} projectRoles := []string{"GROUP_READ_ONLY"} + ips := []string{"192.168.1.1", "192.168.1.2"} req := &logical.Request{ Operation: logical.UpdateOperation, Path: "roles/test-programmatic-key", @@ -88,6 +89,7 @@ func (e *testEnv) AddProgrammaticAPIKeyRoleWithProjectIDAndOrgID(t *testing.T) { "project_id": e.ProjectID, "roles": roles, "project_roles": projectRoles, + "ip_addresses": ips, }, } resp, err := e.Backend.HandleRequest(e.Context, req) @@ -210,6 +212,25 @@ func (e *testEnv) AddProgrammaticAPIKeyRoleWithProjectID(t *testing.T) { } } +func (e *testEnv) AddProgrammaticAPIKeyRoleWithProjectIDWithTTL(t *testing.T) { + roles := []string{"ORG_MEMBER"} + req := &logical.Request{ + Operation: logical.UpdateOperation, + Path: "roles/test-programmatic-key", + Storage: e.Storage, + Data: map[string]interface{}{ + "roles": roles, + "project_id": e.ProjectID, + "ttl": "20s", + "max_ttl": "60s", + }, + } + resp, err := e.Backend.HandleRequest(e.Context, req) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("bad: resp: %#v\nerr:%v", resp, err) + } +} + func (e *testEnv) ReadProgrammaticAPIKeyRule(t *testing.T) { req := &logical.Request{ Operation: logical.ReadOperation, @@ -247,6 +268,19 @@ func (e *testEnv) CheckLease(t *testing.T) { } } +func (e *testEnv) CheckExtendedLease(t *testing.T) { + ttl := int(e.MostRecentSecret.TTL.Seconds()) + maxTTL := int(e.MostRecentSecret.MaxTTL.Seconds()) + wantedMaxTTL := 60 + + if ttl != wantedMaxTTL { + t.Fatal(fmt.Sprintf("ttl=%d, wanted=%d", ttl, wantedMaxTTL)) + } + if maxTTL != wantedMaxTTL { + t.Fatal(fmt.Sprintf("maxTTL=%d, wanted=%d", ttl, wantedMaxTTL)) + } +} + func (e *testEnv) RenewProgrammaticAPIKeys(t *testing.T) { req := &logical.Request{ Operation: logical.RenewOperation, @@ -268,6 +302,28 @@ func (e *testEnv) RenewProgrammaticAPIKeys(t *testing.T) { } } +func (e *testEnv) RenewProgrammaticAPIKeysWithExtendedLease(t *testing.T) { + req := &logical.Request{ + Operation: logical.RenewOperation, + Storage: e.Storage, + Secret: e.MostRecentSecret, + Data: map[string]interface{}{ + "lease_id": "foo", + "increment": "180s", + }, + } + resp, err := e.Backend.HandleRequest(e.Context, req) + if err != nil || (resp != nil && resp.IsError()) { + t.Fatalf("bad: resp: %#v\nerr:%v", resp, err) + } + if resp == nil { + t.Fatal("expected a response") + } + if resp.Secret != e.MostRecentSecret { + t.Fatalf("expected %+v but got %+v", e.MostRecentSecret, resp.Secret) + } +} + func (e *testEnv) RevokeProgrammaticAPIKeys(t *testing.T) { req := &logical.Request{ Operation: logical.RevokeOperation, diff --git a/vendor/modules.txt b/vendor/modules.txt index 82badf7b0c848..b5e95ec82a73d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -424,7 +424,7 @@ github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util github.com/hashicorp/vault-plugin-secrets-gcpkms # github.com/hashicorp/vault-plugin-secrets-kv v0.5.4 github.com/hashicorp/vault-plugin-secrets-kv -# github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.0 +# github.com/hashicorp/vault-plugin-secrets-mongodbatlas v0.1.1 github.com/hashicorp/vault-plugin-secrets-mongodbatlas # github.com/hashicorp/vault-plugin-secrets-openldap v0.1.1 github.com/hashicorp/vault-plugin-secrets-openldap