diff --git a/audit/format.go b/audit/format.go
index caa9129134..76f81bf2a4 100644
--- a/audit/format.go
+++ b/audit/format.go
@@ -131,7 +131,6 @@ func (f *AuditFormatter) FormatRequest(ctx context.Context, w io.Writer, config
TokenPolicies: auth.TokenPolicies,
IdentityPolicies: auth.IdentityPolicies,
ExternalNamespacePolicies: auth.ExternalNamespacePolicies,
- NoDefaultPolicy: auth.NoDefaultPolicy,
Metadata: auth.Metadata,
EntityID: auth.EntityID,
RemainingUses: req.ClientTokenRemainingUses,
@@ -304,7 +303,6 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
TokenPolicies: resp.Auth.TokenPolicies,
IdentityPolicies: resp.Auth.IdentityPolicies,
ExternalNamespacePolicies: resp.Auth.ExternalNamespacePolicies,
- NoDefaultPolicy: resp.Auth.NoDefaultPolicy,
Metadata: resp.Auth.Metadata,
NumUses: resp.Auth.NumUses,
EntityID: resp.Auth.EntityID,
@@ -346,7 +344,6 @@ func (f *AuditFormatter) FormatResponse(ctx context.Context, w io.Writer, config
TokenPolicies: auth.TokenPolicies,
IdentityPolicies: auth.IdentityPolicies,
ExternalNamespacePolicies: auth.ExternalNamespacePolicies,
- NoDefaultPolicy: auth.NoDefaultPolicy,
Metadata: auth.Metadata,
RemainingUses: req.ClientTokenRemainingUses,
EntityID: auth.EntityID,
@@ -440,7 +437,6 @@ type AuditAuth struct {
TokenPolicies []string `json:"token_policies,omitempty"`
IdentityPolicies []string `json:"identity_policies,omitempty"`
ExternalNamespacePolicies map[string][]string `json:"external_namespace_policies,omitempty"`
- NoDefaultPolicy bool `json:"no_default_policy,omitempty"`
Metadata map[string]string `json:"metadata"`
NumUses int `json:"num_uses,omitempty"`
RemainingUses int `json:"remaining_uses,omitempty"`
diff --git a/audit/format_json_test.go b/audit/format_json_test.go
index d1aa459886..42f177306d 100644
--- a/audit/format_json_test.go
+++ b/audit/format_json_test.go
@@ -38,12 +38,11 @@ func TestFormatJSON_formatRequest(t *testing.T) {
}{
"auth, request": {
&logical.Auth{
- ClientToken: "foo",
- Accessor: "bar",
- DisplayName: "testtoken",
- NoDefaultPolicy: true,
- Policies: []string{"root"},
- TokenType: logical.TokenTypeService,
+ ClientToken: "foo",
+ Accessor: "bar",
+ DisplayName: "testtoken",
+ Policies: []string{"root"},
+ TokenType: logical.TokenTypeService,
},
&logical.Request{
Operation: logical.UpdateOperation,
@@ -64,12 +63,11 @@ func TestFormatJSON_formatRequest(t *testing.T) {
},
"auth, request with prefix": {
&logical.Auth{
- ClientToken: "foo",
- Accessor: "bar",
- DisplayName: "testtoken",
- NoDefaultPolicy: true,
- Policies: []string{"root"},
- TokenType: logical.TokenTypeService,
+ ClientToken: "foo",
+ Accessor: "bar",
+ DisplayName: "testtoken",
+ Policies: []string{"root"},
+ TokenType: logical.TokenTypeService,
},
&logical.Request{
Operation: logical.UpdateOperation,
@@ -141,5 +139,5 @@ func TestFormatJSON_formatRequest(t *testing.T) {
}
}
-const testFormatJSONReqBasicStrFmt = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"client_token":"%s","accessor":"bar","display_name":"testtoken","policies":["root"],"no_default_policy":true,"metadata":null,"entity_id":"","token_type":"service"},"request":{"operation":"update","path":"/foo","data":null,"wrap_ttl":60,"remote_address":"127.0.0.1","headers":{"foo":["bar"]}},"error":"this is an error"}
+const testFormatJSONReqBasicStrFmt = `{"time":"2015-08-05T13:45:46Z","type":"request","auth":{"client_token":"%s","accessor":"bar","display_name":"testtoken","policies":["root"],"metadata":null,"entity_id":"","token_type":"service"},"request":{"operation":"update","path":"/foo","data":null,"wrap_ttl":60,"remote_address":"127.0.0.1","headers":{"foo":["bar"]}},"error":"this is an error"}
`
diff --git a/audit/format_jsonx_test.go b/audit/format_jsonx_test.go
index 70a850f877..1fc37e904c 100644
--- a/audit/format_jsonx_test.go
+++ b/audit/format_jsonx_test.go
@@ -37,12 +37,11 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
}{
"auth, request": {
&logical.Auth{
- ClientToken: "foo",
- Accessor: "bar",
- DisplayName: "testtoken",
- Policies: []string{"root"},
- NoDefaultPolicy: true,
- TokenType: logical.TokenTypeService,
+ ClientToken: "foo",
+ Accessor: "bar",
+ DisplayName: "testtoken",
+ Policies: []string{"root"},
+ TokenType: logical.TokenTypeService,
},
&logical.Request{
Operation: logical.UpdateOperation,
@@ -60,17 +59,16 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
errors.New("this is an error"),
"",
"",
- fmt.Sprintf(`bar%stesttokentruerootservicethis is an errorbarrootupdate/foofalse127.0.0.160request`,
+ fmt.Sprintf(`bar%stesttokenrootservicethis is an errorbarrootupdate/foofalse127.0.0.160request`,
fooSalted),
},
"auth, request with prefix": {
&logical.Auth{
- ClientToken: "foo",
- Accessor: "bar",
- DisplayName: "testtoken",
- NoDefaultPolicy: true,
- Policies: []string{"root"},
- TokenType: logical.TokenTypeService,
+ ClientToken: "foo",
+ Accessor: "bar",
+ DisplayName: "testtoken",
+ Policies: []string{"root"},
+ TokenType: logical.TokenTypeService,
},
&logical.Request{
Operation: logical.UpdateOperation,
@@ -88,7 +86,7 @@ func TestFormatJSONx_formatRequest(t *testing.T) {
errors.New("this is an error"),
"",
"@cee: ",
- fmt.Sprintf(`bar%stesttokentruerootservicethis is an errorbarrootupdate/foofalse127.0.0.160request`,
+ fmt.Sprintf(`bar%stesttokenrootservicethis is an errorbarrootupdate/foofalse127.0.0.160request`,
fooSalted),
},
}
diff --git a/builtin/credential/app-id/path_login.go b/builtin/credential/app-id/path_login.go
index a9e447cda9..ec744b2832 100644
--- a/builtin/credential/app-id/path_login.go
+++ b/builtin/credential/app-id/path_login.go
@@ -116,6 +116,9 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
DisplayName: displayName,
Policies: policies,
Metadata: metadata,
+ LeaseOptions: logical.LeaseOptions{
+ Renewable: true,
+ },
Alias: &logical.Alias{
Name: appId,
},
diff --git a/builtin/credential/approle/path_login.go b/builtin/credential/approle/path_login.go
index 4e44d1b63c..e8c9ad7e9a 100644
--- a/builtin/credential/approle/path_login.go
+++ b/builtin/credential/approle/path_login.go
@@ -294,8 +294,9 @@ func (b *backend) pathLoginUpdate(ctx context.Context, req *logical.Request, dat
Metadata: metadata,
Policies: role.Policies,
LeaseOptions: logical.LeaseOptions{
- TTL: role.TokenTTL,
- MaxTTL: role.TokenMaxTTL,
+ Renewable: true,
+ TTL: role.TokenTTL,
+ MaxTTL: role.TokenMaxTTL,
},
Alias: &logical.Alias{
Name: role.RoleID,
diff --git a/builtin/credential/aws/path_login.go b/builtin/credential/aws/path_login.go
index 0d92d5a7c8..f08357b9ff 100644
--- a/builtin/credential/aws/path_login.go
+++ b/builtin/credential/aws/path_login.go
@@ -825,8 +825,9 @@ func (b *backend) pathLoginUpdateEc2(ctx context.Context, req *logical.Request,
"ami_id": identityDocParsed.AmiID,
},
LeaseOptions: logical.LeaseOptions{
- TTL: roleEntry.TTL,
- MaxTTL: shortestMaxTTL,
+ Renewable: true,
+ TTL: roleEntry.TTL,
+ MaxTTL: shortestMaxTTL,
},
Alias: &logical.Alias{
Name: identityAlias,
@@ -1337,8 +1338,9 @@ func (b *backend) pathLoginUpdateIam(ctx context.Context, req *logical.Request,
},
DisplayName: entity.FriendlyName,
LeaseOptions: logical.LeaseOptions{
- TTL: roleEntry.TTL,
- MaxTTL: roleEntry.MaxTTL,
+ Renewable: true,
+ TTL: roleEntry.TTL,
+ MaxTTL: roleEntry.MaxTTL,
},
Alias: &logical.Alias{
Name: identityAlias,
diff --git a/builtin/credential/cert/backend_test.go b/builtin/credential/cert/backend_test.go
index 3c48714526..a6f3693be6 100644
--- a/builtin/credential/cert/backend_test.go
+++ b/builtin/credential/cert/backend_test.go
@@ -21,17 +21,14 @@ import (
"testing"
"time"
- "github.com/go-test/deep"
cleanhttp "github.com/hashicorp/go-cleanhttp"
log "github.com/hashicorp/go-hclog"
- sockaddr "github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/vault/api"
vaulthttp "github.com/hashicorp/vault/http"
rootcerts "github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/vault/builtin/logical/pki"
"github.com/hashicorp/vault/helper/certutil"
- "github.com/hashicorp/vault/helper/tokenhelper"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
logicaltest "github.com/hashicorp/vault/logical/testing"
@@ -1791,68 +1788,3 @@ func Test_Renew(t *testing.T) {
t.Fatal("expected error")
}
}
-
-func TestBackend_CertUpgrade(t *testing.T) {
- s := &logical.InmemStorage{}
-
- config := logical.TestBackendConfig()
- config.StorageView = s
-
- ctx := context.Background()
-
- b := Backend()
- if b == nil {
- t.Fatalf("failed to create backend")
- }
- if err := b.Setup(ctx, config); err != nil {
- t.Fatal(err)
- }
-
- type B struct {
- Policies []string
- TTL time.Duration
- MaxTTL time.Duration
- Period time.Duration
- BoundCIDRs []*sockaddr.SockAddrMarshaler
- }
-
- foo := &B{
- Policies: []string{"foo"},
- TTL: time.Second,
- MaxTTL: time.Second,
- Period: time.Second,
- BoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
- }
-
- entry, err := logical.StorageEntryJSON("cert/foo", foo)
- if err != nil {
- t.Fatal(err)
- }
- err = s.Put(ctx, entry)
- if err != nil {
- t.Fatal(err)
- }
-
- certEntry, err := b.Cert(ctx, s, "foo")
- if err != nil {
- t.Fatal(err)
- }
-
- exp := &CertEntry{
- TokenParams: tokenhelper.TokenParams{
- Policies: []string{"foo"},
- TTL: time.Second,
- MaxTTL: time.Second,
- Period: time.Second,
- BoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
- },
- OldPolicies: nil,
- OldTTL: 0,
- OldMaxTTL: 0,
- OldPeriod: 0,
- OldBoundCIDRs: nil,
- }
- if diff := deep.Equal(certEntry, exp); diff != nil {
- t.Fatal(diff)
- }
-}
diff --git a/builtin/credential/cert/path_certs.go b/builtin/credential/cert/path_certs.go
index 0bdad4ee60..292b3cedb6 100644
--- a/builtin/credential/cert/path_certs.go
+++ b/builtin/credential/cert/path_certs.go
@@ -4,11 +4,12 @@ import (
"context"
"crypto/x509"
"fmt"
+ "strings"
"time"
sockaddr "github.com/hashicorp/go-sockaddr"
- "github.com/hashicorp/vault/helper/consts"
- "github.com/hashicorp/vault/helper/tokenhelper"
+ "github.com/hashicorp/vault/helper/parseutil"
+ "github.com/hashicorp/vault/helper/policyutil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@@ -27,11 +28,11 @@ func pathListCerts(b *backend) *framework.Path {
}
func pathCerts(b *backend) *framework.Path {
- path := &framework.Path{
+ return &framework.Path{
Pattern: "certs/" + framework.GenericNameRegex("name"),
Fields: map[string]*framework.FieldSchema{
"name": &framework.FieldSchema{
- Type: framework.TypeLowerCaseString,
+ Type: framework.TypeString,
Description: "The name of the certificate",
},
@@ -92,11 +93,42 @@ All values much match. Supports globbing on "value".`,
certificate.`,
},
+ "policies": &framework.FieldSchema{
+ Type: framework.TypeCommaStringSlice,
+ Description: "Comma-separated list of policies.",
+ },
+
"lease": &framework.FieldSchema{
Type: framework.TypeInt,
Description: `Deprecated: use "ttl" instead. TTL time in
seconds. Defaults to system/backend default TTL.`,
},
+
+ "ttl": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Description: `TTL for tokens issued by this backend.
+Defaults to system/backend default TTL time.`,
+ },
+
+ "max_ttl": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Description: `Duration in either an integer number of seconds (3600) or
+an integer time unit (60m) after which the
+issued token can no longer be renewed.`,
+ },
+
+ "period": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Description: `If set, indicates that the token generated using this role
+should never expire. The token should be renewed within the
+duration specified by this value. At each renewal, the token's
+TTL will be set to the value of this parameter.`,
+ },
+ "bound_cidrs": &framework.FieldSchema{
+ Type: framework.TypeCommaStringSlice,
+ Description: `Comma separated string or list of CIDR blocks. If set, specifies the blocks of
+IP addresses which can perform the login operation.`,
+ },
},
Callbacks: map[logical.Operation]framework.OperationFunc{
@@ -108,13 +140,10 @@ seconds. Defaults to system/backend default TTL.`,
HelpSynopsis: pathCertHelpSyn,
HelpDescription: pathCertHelpDesc,
}
- tokenhelper.AddTokenFields(path.Fields)
-
- return path
}
func (b *backend) Cert(ctx context.Context, s logical.Storage, n string) (*CertEntry, error) {
- entry, err := s.Get(ctx, "cert/"+n)
+ entry, err := s.Get(ctx, "cert/"+strings.ToLower(n))
if err != nil {
return nil, err
}
@@ -126,48 +155,11 @@ func (b *backend) Cert(ctx context.Context, s logical.Storage, n string) (*CertE
if err := entry.DecodeJSON(&result); err != nil {
return nil, err
}
-
- var needsUpgrade bool
- if result.OldTTL != 0 {
- needsUpgrade = true
- result.TTL = result.OldTTL
- result.OldTTL = 0
- }
- if result.OldMaxTTL != 0 {
- needsUpgrade = true
- result.MaxTTL = result.OldMaxTTL
- result.OldMaxTTL = 0
- }
- if result.OldPeriod != 0 {
- needsUpgrade = true
- result.Period = result.OldPeriod
- result.OldPeriod = 0
- }
- if len(result.OldPolicies) > 0 {
- needsUpgrade = true
- result.Policies = result.OldPolicies
- result.OldPolicies = nil
- }
- if len(result.OldBoundCIDRs) > 0 {
- needsUpgrade = true
- result.BoundCIDRs = result.OldBoundCIDRs
- result.OldBoundCIDRs = nil
- }
- if needsUpgrade && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby)) {
- entry, err := logical.StorageEntryJSON("cert/"+n, result)
- if err != nil {
- return nil, err
- }
- if err := s.Put(ctx, entry); err != nil {
- return nil, err
- }
- }
-
return &result, nil
}
func (b *backend) pathCertDelete(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
- err := req.Storage.Delete(ctx, "cert/"+d.Get("name").(string))
+ err := req.Storage.Delete(ctx, "cert/"+strings.ToLower(d.Get("name").(string)))
if err != nil {
return nil, err
}
@@ -183,7 +175,7 @@ func (b *backend) pathCertList(ctx context.Context, req *logical.Request, d *fra
}
func (b *backend) pathCertRead(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
- cert, err := b.Cert(ctx, req.Storage, d.Get("name").(string))
+ cert, err := b.Cert(ctx, req.Storage, strings.ToLower(d.Get("name").(string)))
if err != nil {
return nil, err
}
@@ -191,27 +183,30 @@ func (b *backend) pathCertRead(ctx context.Context, req *logical.Request, d *fra
return nil, nil
}
- data := map[string]interface{}{
- "certificate": cert.Certificate,
- "display_name": cert.DisplayName,
- "allowed_names": cert.AllowedNames,
- "allowed_common_names": cert.AllowedCommonNames,
- "allowed_dns_sans": cert.AllowedDNSSANs,
- "allowed_email_sans": cert.AllowedEmailSANs,
- "allowed_uri_sans": cert.AllowedURISANs,
- "allowed_organizational_units": cert.AllowedOrganizationalUnits,
- "required_extensions": cert.RequiredExtensions,
- }
- cert.PopulateTokenData(data)
return &logical.Response{
- Data: data,
+ Data: map[string]interface{}{
+ "certificate": cert.Certificate,
+ "display_name": cert.DisplayName,
+ "policies": cert.Policies,
+ "ttl": cert.TTL / time.Second,
+ "max_ttl": cert.MaxTTL / time.Second,
+ "period": cert.Period / time.Second,
+ "allowed_names": cert.AllowedNames,
+ "allowed_common_names": cert.AllowedCommonNames,
+ "allowed_dns_sans": cert.AllowedDNSSANs,
+ "allowed_email_sans": cert.AllowedEmailSANs,
+ "allowed_uri_sans": cert.AllowedURISANs,
+ "allowed_organizational_units": cert.AllowedOrganizationalUnits,
+ "required_extensions": cert.RequiredExtensions,
+ },
}, nil
}
func (b *backend) pathCertWrite(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
- name := d.Get("name").(string)
+ name := strings.ToLower(d.Get("name").(string))
certificate := d.Get("certificate").(string)
displayName := d.Get("display_name").(string)
+ policies := policyutil.ParsePolicies(d.Get("policies"))
allowedNames := d.Get("allowed_names").([]string)
allowedCommonNames := d.Get("allowed_common_names").([]string)
allowedDNSSANs := d.Get("allowed_dns_sans").([]string)
@@ -220,32 +215,45 @@ func (b *backend) pathCertWrite(ctx context.Context, req *logical.Request, d *fr
allowedOrganizationalUnits := d.Get("allowed_organizational_units").([]string)
requiredExtensions := d.Get("required_extensions").([]string)
- certEntry := &CertEntry{}
var resp logical.Response
- if err := certEntry.ParseTokenFields(req, d); err != nil {
- return logical.ErrorResponse(err.Error()), nil
- }
-
// Parse the ttl (or lease duration)
systemDefaultTTL := b.System().DefaultLeaseTTL()
- if certEntry.TTL > systemDefaultTTL {
- resp.AddWarning(fmt.Sprintf("Given ttl of %d seconds is greater than current mount/system default of %d seconds", certEntry.TTL/time.Second, systemDefaultTTL/time.Second))
+ ttl := time.Duration(d.Get("ttl").(int)) * time.Second
+ if ttl == 0 {
+ ttl = time.Duration(d.Get("lease").(int)) * time.Second
+ }
+ if ttl > systemDefaultTTL {
+ resp.AddWarning(fmt.Sprintf("Given ttl of %d seconds is greater than current mount/system default of %d seconds", ttl/time.Second, systemDefaultTTL/time.Second))
+ }
+
+ if ttl < time.Duration(0) {
+ return logical.ErrorResponse("ttl cannot be negative"), nil
}
// Parse max_ttl
systemMaxTTL := b.System().MaxLeaseTTL()
- if certEntry.MaxTTL > systemMaxTTL {
- resp.AddWarning(fmt.Sprintf("Given max_ttl of %d seconds is greater than current mount/system default of %d seconds", certEntry.MaxTTL/time.Second, systemMaxTTL/time.Second))
+ maxTTL := time.Duration(d.Get("max_ttl").(int)) * time.Second
+ if maxTTL > systemMaxTTL {
+ resp.AddWarning(fmt.Sprintf("Given max_ttl of %d seconds is greater than current mount/system default of %d seconds", maxTTL/time.Second, systemMaxTTL/time.Second))
}
- if certEntry.MaxTTL != 0 && certEntry.TTL > certEntry.MaxTTL {
+ if maxTTL < time.Duration(0) {
+ return logical.ErrorResponse("max_ttl cannot be negative"), nil
+ }
+
+ if maxTTL != 0 && ttl > maxTTL {
return logical.ErrorResponse("ttl should be shorter than max_ttl"), nil
}
// Parse period
- if certEntry.Period > systemMaxTTL {
- resp.AddWarning(fmt.Sprintf("Given period of %d seconds is greater than the backend's maximum TTL of %d seconds", certEntry.Period/time.Second, systemMaxTTL/time.Second))
+ period := time.Duration(d.Get("period").(int)) * time.Second
+ if period > systemMaxTTL {
+ resp.AddWarning(fmt.Sprintf("Given period of %d seconds is greater than the backend's maximum TTL of %d seconds", period/time.Second, systemMaxTTL/time.Second))
+ }
+
+ if period < time.Duration(0) {
+ return logical.ErrorResponse("period cannot be negative"), nil
}
// Default the display name to the certificate name if not given
@@ -272,16 +280,28 @@ func (b *backend) pathCertWrite(ctx context.Context, req *logical.Request, d *fr
}
}
- certEntry.Name = name
- certEntry.Certificate = certificate
- certEntry.DisplayName = displayName
- certEntry.AllowedNames = allowedNames
- certEntry.AllowedCommonNames = allowedCommonNames
- certEntry.AllowedDNSSANs = allowedDNSSANs
- certEntry.AllowedEmailSANs = allowedEmailSANs
- certEntry.AllowedURISANs = allowedURISANs
- certEntry.AllowedOrganizationalUnits = allowedOrganizationalUnits
- certEntry.RequiredExtensions = requiredExtensions
+ parsedCIDRs, err := parseutil.ParseAddrs(d.Get("bound_cidrs"))
+ if err != nil {
+ return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
+ }
+
+ certEntry := &CertEntry{
+ Name: name,
+ Certificate: certificate,
+ DisplayName: displayName,
+ Policies: policies,
+ AllowedNames: allowedNames,
+ AllowedCommonNames: allowedCommonNames,
+ AllowedDNSSANs: allowedDNSSANs,
+ AllowedEmailSANs: allowedEmailSANs,
+ AllowedURISANs: allowedURISANs,
+ AllowedOrganizationalUnits: allowedOrganizationalUnits,
+ RequiredExtensions: requiredExtensions,
+ TTL: ttl,
+ MaxTTL: maxTTL,
+ Period: period,
+ BoundCIDRs: parsedCIDRs,
+ }
// Store it
entry, err := logical.StorageEntryJSON("cert/"+name, certEntry)
@@ -300,11 +320,13 @@ func (b *backend) pathCertWrite(ctx context.Context, req *logical.Request, d *fr
}
type CertEntry struct {
- tokenhelper.TokenParams
-
Name string
Certificate string
DisplayName string
+ Policies []string
+ TTL time.Duration
+ MaxTTL time.Duration
+ Period time.Duration
AllowedNames []string
AllowedCommonNames []string
AllowedDNSSANs []string
@@ -312,13 +334,7 @@ type CertEntry struct {
AllowedURISANs []string
AllowedOrganizationalUnits []string
RequiredExtensions []string
-
- // These token-related fields have been moved to the embedded tokenhelper.TokenParams struct
- OldPolicies []string `json:"Policies"`
- OldTTL time.Duration `json:"TTL"`
- OldMaxTTL time.Duration `json:"MaxTTL"`
- OldPeriod time.Duration `json:"Period"`
- OldBoundCIDRs []*sockaddr.SockAddrMarshaler `json:"BoundCIDRs"`
+ BoundCIDRs []*sockaddr.SockAddrMarshaler
}
const pathCertHelpSyn = `
diff --git a/builtin/credential/cert/path_login.go b/builtin/credential/cert/path_login.go
index 32b86e8958..4ef6cefe1c 100644
--- a/builtin/credential/cert/path_login.go
+++ b/builtin/credential/cert/path_login.go
@@ -83,27 +83,32 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
skid := base64.StdEncoding.EncodeToString(clientCerts[0].SubjectKeyId)
akid := base64.StdEncoding.EncodeToString(clientCerts[0].AuthorityKeyId)
- auth := &logical.Auth{
- InternalData: map[string]interface{}{
- "subject_key_id": skid,
- "authority_key_id": akid,
- },
- DisplayName: matched.Entry.DisplayName,
- Metadata: map[string]string{
- "cert_name": matched.Entry.Name,
- "common_name": clientCerts[0].Subject.CommonName,
- "serial_number": clientCerts[0].SerialNumber.String(),
- "subject_key_id": certutil.GetHexFormatted(clientCerts[0].SubjectKeyId, ":"),
- "authority_key_id": certutil.GetHexFormatted(clientCerts[0].AuthorityKeyId, ":"),
- },
- Alias: &logical.Alias{
- Name: clientCerts[0].Subject.CommonName,
- },
- }
- matched.Entry.PopulateTokenAuth(auth)
-
resp := &logical.Response{
- Auth: auth,
+ Auth: &logical.Auth{
+ Period: matched.Entry.Period,
+ InternalData: map[string]interface{}{
+ "subject_key_id": skid,
+ "authority_key_id": akid,
+ },
+ Policies: matched.Entry.Policies,
+ DisplayName: matched.Entry.DisplayName,
+ Metadata: map[string]string{
+ "cert_name": matched.Entry.Name,
+ "common_name": clientCerts[0].Subject.CommonName,
+ "serial_number": clientCerts[0].SerialNumber.String(),
+ "subject_key_id": certutil.GetHexFormatted(clientCerts[0].SubjectKeyId, ":"),
+ "authority_key_id": certutil.GetHexFormatted(clientCerts[0].AuthorityKeyId, ":"),
+ },
+ LeaseOptions: logical.LeaseOptions{
+ Renewable: true,
+ TTL: matched.Entry.TTL,
+ MaxTTL: matched.Entry.MaxTTL,
+ },
+ Alias: &logical.Alias{
+ Name: clientCerts[0].Subject.CommonName,
+ },
+ BoundCIDRs: matched.Entry.BoundCIDRs,
+ },
}
// Generate a response
diff --git a/builtin/credential/github/path_config.go b/builtin/credential/github/path_config.go
index 93c8ef7c8c..f42b156db7 100644
--- a/builtin/credential/github/path_config.go
+++ b/builtin/credential/github/path_config.go
@@ -4,15 +4,15 @@ import (
"context"
"fmt"
"net/url"
+ "time"
"github.com/hashicorp/errwrap"
- "github.com/hashicorp/vault/helper/tokenhelper"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
func pathConfig(b *backend) *framework.Path {
- ret := &framework.Path{
+ return &framework.Path{
Pattern: "config",
Fields: map[string]*framework.FieldSchema{
"organization": &framework.FieldSchema{
@@ -26,6 +26,14 @@ func pathConfig(b *backend) *framework.Path {
are running GitHub Enterprise or an
API-compatible authentication server.`,
},
+ "ttl": &framework.FieldSchema{
+ Type: framework.TypeString,
+ Description: `Duration after which authentication will be expired`,
+ },
+ "max_ttl": &framework.FieldSchema{
+ Type: framework.TypeString,
+ Description: `Maximum duration after which authentication will be expired`,
+ },
},
Callbacks: map[logical.Operation]framework.OperationFunc{
@@ -33,9 +41,6 @@ API-compatible authentication server.`,
logical.ReadOperation: b.pathConfigRead,
},
}
- tokenhelper.AddTokenFields(ret.Fields)
-
- return ret
}
func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, data *framework.FieldData) (*logical.Response, error) {
@@ -48,16 +53,35 @@ func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, dat
}
}
- cfg := &config{
+ var ttl time.Duration
+ var err error
+ ttlRaw, ok := data.GetOk("ttl")
+ if !ok || len(ttlRaw.(string)) == 0 {
+ ttl = 0
+ } else {
+ ttl, err = time.ParseDuration(ttlRaw.(string))
+ if err != nil {
+ return logical.ErrorResponse(fmt.Sprintf("Invalid 'ttl':%s", err)), nil
+ }
+ }
+
+ var maxTTL time.Duration
+ maxTTLRaw, ok := data.GetOk("max_ttl")
+ if !ok || len(maxTTLRaw.(string)) == 0 {
+ maxTTL = 0
+ } else {
+ maxTTL, err = time.ParseDuration(maxTTLRaw.(string))
+ if err != nil {
+ return logical.ErrorResponse(fmt.Sprintf("Invalid 'max_ttl':%s", err)), nil
+ }
+ }
+
+ entry, err := logical.StorageEntryJSON("config", config{
Organization: organization,
BaseURL: baseURL,
- }
-
- if err := cfg.ParseTokenFields(req, data); err != nil {
- return logical.ErrorResponse(err.Error()), nil
- }
-
- entry, err := logical.StorageEntryJSON("config", cfg)
+ TTL: ttl,
+ MaxTTL: maxTTL,
+ })
if err != nil {
return nil, err
@@ -80,15 +104,18 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, data
return nil, fmt.Errorf("configuration object not found")
}
- respData := map[string]interface{}{
- "organization": config.Organization,
- "base_url": config.BaseURL,
- }
- config.PopulateTokenData(respData)
+ config.TTL /= time.Second
+ config.MaxTTL /= time.Second
- return &logical.Response{
- Data: respData,
- }, nil
+ resp := &logical.Response{
+ Data: map[string]interface{}{
+ "organization": config.Organization,
+ "base_url": config.BaseURL,
+ "ttl": config.TTL,
+ "max_ttl": config.MaxTTL,
+ },
+ }
+ return resp, nil
}
// Config returns the configuration for this backend.
@@ -109,8 +136,8 @@ func (b *backend) Config(ctx context.Context, s logical.Storage) (*config, error
}
type config struct {
- tokenhelper.TokenParams
-
- Organization string `json:"organization" structs:"organization" mapstructure:"organization"`
- BaseURL string `json:"base_url" structs:"base_url" mapstructure:"base_url"`
+ Organization string `json:"organization" structs:"organization" mapstructure:"organization"`
+ BaseURL string `json:"base_url" structs:"base_url" mapstructure:"base_url"`
+ TTL time.Duration `json:"ttl" structs:"ttl" mapstructure:"ttl"`
+ MaxTTL time.Duration `json:"max_ttl" structs:"max_ttl" mapstructure:"max_ttl"`
}
diff --git a/builtin/credential/github/path_login.go b/builtin/credential/github/path_login.go
index 61617150e1..b6e59cfd0d 100644
--- a/builtin/credential/github/path_login.go
+++ b/builtin/credential/github/path_login.go
@@ -9,7 +9,6 @@ import (
"github.com/google/go-github/github"
"github.com/hashicorp/errwrap"
"github.com/hashicorp/vault/helper/policyutil"
- "github.com/hashicorp/vault/helper/strutil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@@ -69,35 +68,38 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
return nil, err
}
- auth := &logical.Auth{
- InternalData: map[string]interface{}{
- "token": token,
- },
- Metadata: map[string]string{
- "username": *verifyResp.User.Login,
- "org": *verifyResp.Org.Login,
- },
- DisplayName: *verifyResp.User.Login,
- Alias: &logical.Alias{
- Name: *verifyResp.User.Login,
+ resp := &logical.Response{
+ Auth: &logical.Auth{
+ InternalData: map[string]interface{}{
+ "token": token,
+ },
+ Policies: verifyResp.Policies,
+ Metadata: map[string]string{
+ "username": *verifyResp.User.Login,
+ "org": *verifyResp.Org.Login,
+ },
+ DisplayName: *verifyResp.User.Login,
+ LeaseOptions: logical.LeaseOptions{
+ TTL: config.TTL,
+ MaxTTL: config.MaxTTL,
+ Renewable: true,
+ },
+ Alias: &logical.Alias{
+ Name: *verifyResp.User.Login,
+ },
},
}
- config.PopulateTokenAuth(auth)
- auth.Policies = append(auth.Policies, verifyResp.Policies...)
- auth.Policies = strutil.RemoveDuplicates(auth.Policies, false)
for _, teamName := range verifyResp.TeamNames {
if teamName == "" {
continue
}
- auth.GroupAliases = append(auth.GroupAliases, &logical.Alias{
+ resp.Auth.GroupAliases = append(resp.Auth.GroupAliases, &logical.Alias{
Name: teamName,
})
}
- return &logical.Response{
- Auth: auth,
- }, nil
+ return resp, nil
}
func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
diff --git a/builtin/credential/ldap/path_config.go b/builtin/credential/ldap/path_config.go
index dfc5bad619..81237930b6 100644
--- a/builtin/credential/ldap/path_config.go
+++ b/builtin/credential/ldap/path_config.go
@@ -12,7 +12,7 @@ import (
func pathConfig(b *backend) *framework.Path {
return &framework.Path{
Pattern: `config`,
- Fields: ldaputil.ConfigFields(true),
+ Fields: ldaputil.ConfigFields(),
Callbacks: map[logical.Operation]framework.OperationFunc{
logical.ReadOperation: b.pathConfigRead,
@@ -89,11 +89,8 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *f
return nil, nil
}
- data := cfg.PasswordlessMap()
- cfg.PopulateTokenData(data)
-
resp := &logical.Response{
- Data: data,
+ Data: cfg.PasswordlessMap(),
}
return resp, nil
}
@@ -112,10 +109,6 @@ func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, d *
*cfg.CaseSensitiveNames = false
}
- if err := cfg.ParseTokenFields(req, d); err != nil {
- return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
- }
-
entry, err := logical.StorageEntryJSON("config", cfg)
if err != nil {
return nil, err
diff --git a/builtin/credential/ldap/path_login.go b/builtin/credential/ldap/path_login.go
index b5fb98ac85..114f20a908 100644
--- a/builtin/credential/ldap/path_login.go
+++ b/builtin/credential/ldap/path_login.go
@@ -3,9 +3,9 @@ package ldap
import (
"context"
"fmt"
+ "sort"
"github.com/hashicorp/vault/helper/policyutil"
- "github.com/hashicorp/vault/helper/strutil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@@ -54,14 +54,6 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
username := d.Get("username").(string)
password := d.Get("password").(string)
- cfg, err := b.Config(ctx, req)
- if err != nil {
- return nil, err
- }
- if cfg == nil {
- return logical.ErrorResponse("ldap backend not configured"), nil
- }
-
policies, resp, groupNames, err := b.Login(ctx, req, username, password)
// Handle an internal error
if err != nil {
@@ -76,7 +68,10 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
resp = &logical.Response{}
}
- auth := &logical.Auth{
+ sort.Strings(policies)
+
+ resp.Auth = &logical.Auth{
+ Policies: policies,
Metadata: map[string]string{
"username": username,
},
@@ -84,24 +79,22 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
"password": password,
},
DisplayName: username,
+ LeaseOptions: logical.LeaseOptions{
+ Renewable: true,
+ },
Alias: &logical.Alias{
Name: username,
},
}
- cfg.PopulateTokenAuth(auth)
- auth.Policies = append(auth.Policies, policies...)
- auth.Policies = strutil.RemoveDuplicates(auth.Policies, false)
for _, groupName := range groupNames {
if groupName == "" {
continue
}
- auth.GroupAliases = append(auth.GroupAliases, &logical.Alias{
+ resp.Auth.GroupAliases = append(resp.Auth.GroupAliases, &logical.Alias{
Name: groupName,
})
}
-
- resp.Auth = auth
return resp, nil
}
diff --git a/builtin/credential/okta/path_config.go b/builtin/credential/okta/path_config.go
index 4e4b6a7d91..284a8dcc55 100644
--- a/builtin/credential/okta/path_config.go
+++ b/builtin/credential/okta/path_config.go
@@ -5,9 +5,10 @@ import (
"fmt"
"net/url"
+ "time"
+
"github.com/chrismalek/oktasdk-go/okta"
cleanhttp "github.com/hashicorp/go-cleanhttp"
- "github.com/hashicorp/vault/helper/tokenhelper"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@@ -18,7 +19,7 @@ const (
)
func pathConfig(b *backend) *framework.Path {
- ret := &framework.Path{
+ return &framework.Path{
Pattern: `config`,
Fields: map[string]*framework.FieldSchema{
"organization": &framework.FieldSchema{
@@ -45,6 +46,14 @@ func pathConfig(b *backend) *framework.Path {
Type: framework.TypeBool,
Description: `(DEPRECATED) Use base_url.`,
},
+ "ttl": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Description: `Duration after which authentication will be expired`,
+ },
+ "max_ttl": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Description: `Maximum duration after which authentication will be expired`,
+ },
"bypass_okta_mfa": &framework.FieldSchema{
Type: framework.TypeBool,
Description: `When set true, requests by Okta for a MFA check will be bypassed. This also disallows certain status checks on the account, such as whether the password is expired.`,
@@ -61,9 +70,6 @@ func pathConfig(b *backend) *framework.Path {
HelpSynopsis: pathConfigHelp,
}
- tokenhelper.AddTokenFields(ret.Fields)
-
- return ret
}
// Config returns the configuration for this backend.
@@ -95,17 +101,15 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *f
return nil, nil
}
- data := map[string]interface{}{
- "organization": cfg.Org,
- "org_name": cfg.Org,
- "bypass_okta_mfa": cfg.BypassOktaMFA,
- }
- cfg.PopulateTokenData(data)
-
resp := &logical.Response{
- Data: data,
+ Data: map[string]interface{}{
+ "organization": cfg.Org,
+ "org_name": cfg.Org,
+ "ttl": cfg.TTL.Seconds(),
+ "max_ttl": cfg.MaxTTL.Seconds(),
+ "bypass_okta_mfa": cfg.BypassOktaMFA,
+ },
}
-
if cfg.BaseURL != "" {
resp.Data["base_url"] = cfg.BaseURL
}
@@ -181,8 +185,18 @@ func (b *backend) pathConfigWrite(ctx context.Context, req *logical.Request, d *
cfg.BypassOktaMFA = bypass.(bool)
}
- if err := cfg.ParseTokenFields(req, d); err != nil {
- return logical.ErrorResponse(err.Error()), nil
+ ttl, ok := d.GetOk("ttl")
+ if ok {
+ cfg.TTL = time.Duration(ttl.(int)) * time.Second
+ } else if req.Operation == logical.CreateOperation {
+ cfg.TTL = time.Duration(d.Get("ttl").(int)) * time.Second
+ }
+
+ maxTTL, ok := d.GetOk("max_ttl")
+ if ok {
+ cfg.MaxTTL = time.Duration(maxTTL.(int)) * time.Second
+ } else if req.Operation == logical.CreateOperation {
+ cfg.MaxTTL = time.Duration(d.Get("max_ttl").(int)) * time.Second
}
jsonCfg, err := logical.StorageEntryJSON("config", cfg)
@@ -230,13 +244,13 @@ func (c *ConfigEntry) OktaClient() *okta.Client {
// ConfigEntry for Okta
type ConfigEntry struct {
- tokenhelper.TokenParams
-
- Org string `json:"organization"`
- Token string `json:"token"`
- BaseURL string `json:"base_url"`
- Production *bool `json:"is_production,omitempty"`
- BypassOktaMFA bool `json:"bypass_okta_mfa"`
+ Org string `json:"organization"`
+ Token string `json:"token"`
+ BaseURL string `json:"base_url"`
+ Production *bool `json:"is_production,omitempty"`
+ TTL time.Duration `json:"ttl"`
+ MaxTTL time.Duration `json:"max_ttl"`
+ BypassOktaMFA bool `json:"bypass_okta_mfa"`
}
const pathConfigHelp = `
diff --git a/builtin/credential/okta/path_login.go b/builtin/credential/okta/path_login.go
index e9eaf44d59..af784e015d 100644
--- a/builtin/credential/okta/path_login.go
+++ b/builtin/credential/okta/path_login.go
@@ -8,7 +8,6 @@ import (
"github.com/go-errors/errors"
"github.com/hashicorp/vault/helper/policyutil"
- "github.com/hashicorp/vault/helper/strutil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@@ -78,7 +77,8 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
return nil, err
}
- auth := &logical.Auth{
+ resp.Auth = &logical.Auth{
+ Policies: policies,
Metadata: map[string]string{
"username": username,
"policies": strings.Join(policies, ","),
@@ -87,15 +87,15 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
"password": password,
},
DisplayName: username,
+ LeaseOptions: logical.LeaseOptions{
+ TTL: cfg.TTL,
+ MaxTTL: cfg.MaxTTL,
+ Renewable: true,
+ },
Alias: &logical.Alias{
Name: username,
},
}
- cfg.PopulateTokenAuth(auth)
- auth.Policies = append(auth.Policies, policies...)
- auth.Policies = strutil.RemoveDuplicates(auth.Policies, false)
-
- resp.Auth = auth
for _, groupName := range groupNames {
if groupName == "" {
diff --git a/builtin/credential/radius/path_config.go b/builtin/credential/radius/path_config.go
index c99fb9508a..85d60a3d68 100644
--- a/builtin/credential/radius/path_config.go
+++ b/builtin/credential/radius/path_config.go
@@ -4,13 +4,12 @@ import (
"context"
"strings"
- "github.com/hashicorp/vault/helper/tokenhelper"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
func pathConfig(b *backend) *framework.Path {
- ret := &framework.Path{
+ return &framework.Path{
Pattern: "config",
Fields: map[string]*framework.FieldSchema{
"host": &framework.FieldSchema{
@@ -65,9 +64,6 @@ func pathConfig(b *backend) *framework.Path {
HelpSynopsis: pathConfigHelpSyn,
HelpDescription: pathConfigHelpDesc,
}
- tokenhelper.AddTokenFields(ret.Fields)
-
- return ret
}
// Establishes dichotomy of request operation between CreateOperation and UpdateOperation.
@@ -111,20 +107,18 @@ func (b *backend) pathConfigRead(ctx context.Context, req *logical.Request, d *f
return nil, nil
}
- data := map[string]interface{}{
- "host": cfg.Host,
- "port": cfg.Port,
- "unregistered_user_policies": cfg.UnregisteredUserPolicies,
- "dial_timeout": cfg.DialTimeout,
- "read_timeout": cfg.ReadTimeout,
- "nas_port": cfg.NasPort,
- "nas_identifier": cfg.NasIdentifier,
+ resp := &logical.Response{
+ Data: map[string]interface{}{
+ "host": cfg.Host,
+ "port": cfg.Port,
+ "unregistered_user_policies": cfg.UnregisteredUserPolicies,
+ "dial_timeout": cfg.DialTimeout,
+ "read_timeout": cfg.ReadTimeout,
+ "nas_port": cfg.NasPort,
+ "nas_identifier": cfg.NasIdentifier,
+ },
}
- cfg.PopulateTokenData(data)
-
- return &logical.Response{
- Data: data,
- }, nil
+ return resp, nil
}
func (b *backend) pathConfigCreateUpdate(ctx context.Context, req *logical.Request, d *framework.FieldData) (*logical.Response, error) {
@@ -209,10 +203,6 @@ func (b *backend) pathConfigCreateUpdate(ctx context.Context, req *logical.Reque
cfg.NasIdentifier = d.Get("nas_identifier").(string)
}
- if err := cfg.ParseTokenFields(req, d); err != nil {
- return logical.ErrorResponse(err.Error()), nil
- }
-
entry, err := logical.StorageEntryJSON("config", cfg)
if err != nil {
return nil, err
@@ -225,8 +215,6 @@ func (b *backend) pathConfigCreateUpdate(ctx context.Context, req *logical.Reque
}
type ConfigEntry struct {
- tokenhelper.TokenParams
-
Host string `json:"host" structs:"host" mapstructure:"host"`
Port int `json:"port" structs:"port" mapstructure:"port"`
Secret string `json:"secret" structs:"secret" mapstructure:"secret"`
diff --git a/builtin/credential/radius/path_login.go b/builtin/credential/radius/path_login.go
index 6db75ab0da..2cf2fa2f61 100644
--- a/builtin/credential/radius/path_login.go
+++ b/builtin/credential/radius/path_login.go
@@ -12,7 +12,6 @@ import (
. "layeh.com/radius/rfc2865"
"github.com/hashicorp/vault/helper/policyutil"
- "github.com/hashicorp/vault/helper/strutil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@@ -77,14 +76,6 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
return logical.ErrorResponse("password cannot be empty"), nil
}
- cfg, err := b.Config(ctx, req)
- if err != nil {
- return nil, err
- }
- if cfg == nil {
- return logical.ErrorResponse("radius backend not configured"), nil
- }
-
policies, resp, err := b.RadiusLogin(ctx, req, username, password)
// Handle an internal error
if err != nil {
@@ -97,7 +88,8 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
}
}
- auth := &logical.Auth{
+ resp.Auth = &logical.Auth{
+ Policies: policies,
Metadata: map[string]string{
"username": username,
"policies": strings.Join(policies, ","),
@@ -106,16 +98,13 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
"password": password,
},
DisplayName: username,
+ LeaseOptions: logical.LeaseOptions{
+ Renewable: true,
+ },
Alias: &logical.Alias{
Name: username,
},
}
- cfg.PopulateTokenAuth(auth)
- auth.Policies = append(auth.Policies, policies...)
- auth.Policies = strutil.RemoveDuplicates(auth.Policies, false)
-
- resp.Auth = auth
-
return resp, nil
}
diff --git a/builtin/credential/userpass/backend_test.go b/builtin/credential/userpass/backend_test.go
index 03618b006f..fcca9273b4 100644
--- a/builtin/credential/userpass/backend_test.go
+++ b/builtin/credential/userpass/backend_test.go
@@ -9,10 +9,7 @@ import (
"crypto/tls"
- "github.com/go-test/deep"
- sockaddr "github.com/hashicorp/go-sockaddr"
"github.com/hashicorp/vault/helper/policyutil"
- "github.com/hashicorp/vault/helper/tokenhelper"
"github.com/hashicorp/vault/logical"
logicaltest "github.com/hashicorp/vault/logical/testing"
"github.com/mitchellh/mapstructure"
@@ -23,63 +20,6 @@ const (
testSysMaxTTL = time.Hour * 20
)
-func TestBackend_UserUpgrade(t *testing.T) {
- s := &logical.InmemStorage{}
-
- config := logical.TestBackendConfig()
- config.StorageView = s
-
- ctx := context.Background()
-
- b := Backend()
- if b == nil {
- t.Fatalf("failed to create backend")
- }
- if err := b.Setup(ctx, config); err != nil {
- t.Fatal(err)
- }
-
- type B struct {
- Policies []string
- TTL time.Duration
- MaxTTL time.Duration
- BoundCIDRs []*sockaddr.SockAddrMarshaler
- }
-
- foo := &B{
- Policies: []string{"foo"},
- TTL: time.Second,
- MaxTTL: time.Second,
- BoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
- }
-
- entry, err := logical.StorageEntryJSON("user/foo", foo)
- if err != nil {
- t.Fatal(err)
- }
- err = s.Put(ctx, entry)
- if err != nil {
- t.Fatal(err)
- }
-
- userEntry, err := b.user(ctx, s, "foo")
- if err != nil {
- t.Fatal(err)
- }
-
- exp := &UserEntry{
- TokenParams: tokenhelper.TokenParams{
- Policies: []string{"foo"},
- TTL: time.Second,
- MaxTTL: time.Second,
- BoundCIDRs: []*sockaddr.SockAddrMarshaler{&sockaddr.SockAddrMarshaler{SockAddr: sockaddr.MustIPAddr("127.0.0.1")}},
- },
- }
- if diff := deep.Equal(userEntry, exp); diff != nil {
- t.Fatal(diff)
- }
-}
-
func TestBackend_TTL(t *testing.T) {
var resp *logical.Response
var err error
diff --git a/builtin/credential/userpass/path_login.go b/builtin/credential/userpass/path_login.go
index d4c2d52618..8c8b92e032 100644
--- a/builtin/credential/userpass/path_login.go
+++ b/builtin/credential/userpass/path_login.go
@@ -108,19 +108,23 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
return logical.ErrorResponse("login request originated from invalid CIDR"), nil
}
- auth := &logical.Auth{
- Metadata: map[string]string{
- "username": username,
- },
- DisplayName: username,
- Alias: &logical.Alias{
- Name: username,
- },
- }
- user.PopulateTokenAuth(auth)
-
return &logical.Response{
- Auth: auth,
+ Auth: &logical.Auth{
+ Policies: user.Policies,
+ Metadata: map[string]string{
+ "username": username,
+ },
+ DisplayName: username,
+ LeaseOptions: logical.LeaseOptions{
+ TTL: user.TTL,
+ MaxTTL: user.MaxTTL,
+ Renewable: true,
+ },
+ Alias: &logical.Alias{
+ Name: username,
+ },
+ BoundCIDRs: user.BoundCIDRs,
+ },
}, nil
}
diff --git a/builtin/credential/userpass/path_users.go b/builtin/credential/userpass/path_users.go
index 19065b98c7..b9603ee7a6 100644
--- a/builtin/credential/userpass/path_users.go
+++ b/builtin/credential/userpass/path_users.go
@@ -7,8 +7,8 @@ import (
"time"
sockaddr "github.com/hashicorp/go-sockaddr"
- "github.com/hashicorp/vault/helper/consts"
- "github.com/hashicorp/vault/helper/tokenhelper"
+ "github.com/hashicorp/vault/helper/parseutil"
+ "github.com/hashicorp/vault/helper/policyutil"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
)
@@ -27,7 +27,7 @@ func pathUsersList(b *backend) *framework.Path {
}
func pathUsers(b *backend) *framework.Path {
- p := &framework.Path{
+ return &framework.Path{
Pattern: "users/" + framework.GenericNameRegex("username"),
Fields: map[string]*framework.FieldSchema{
"username": &framework.FieldSchema{
@@ -39,6 +39,27 @@ func pathUsers(b *backend) *framework.Path {
Type: framework.TypeString,
Description: "Password for this user.",
},
+
+ "policies": &framework.FieldSchema{
+ Type: framework.TypeCommaStringSlice,
+ Description: "Comma-separated list of policies",
+ },
+
+ "ttl": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Description: "Duration after which authentication will be expired",
+ },
+
+ "max_ttl": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Description: "Maximum duration after which authentication will be expired",
+ },
+
+ "bound_cidrs": &framework.FieldSchema{
+ Type: framework.TypeCommaStringSlice,
+ Description: `Comma separated string or list of CIDR blocks. If set, specifies the blocks of
+IP addresses which can perform the login operation.`,
+ },
},
Callbacks: map[logical.Operation]framework.OperationFunc{
@@ -53,10 +74,6 @@ func pathUsers(b *backend) *framework.Path {
HelpSynopsis: pathUserHelpSyn,
HelpDescription: pathUserHelpDesc,
}
-
- tokenhelper.AddTokenFields(p.Fields)
-
- return p
}
func (b *backend) userExistenceCheck(ctx context.Context, req *logical.Request, data *framework.FieldData) (bool, error) {
@@ -86,33 +103,6 @@ func (b *backend) user(ctx context.Context, s logical.Storage, username string)
return nil, err
}
- var needsUpgrade bool
- if result.OldTTL != 0 {
- needsUpgrade = true
- result.TTL = result.OldTTL
- result.OldTTL = 0
- }
- if result.OldMaxTTL != 0 {
- needsUpgrade = true
- result.MaxTTL = result.OldMaxTTL
- result.OldMaxTTL = 0
- }
- if len(result.OldPolicies) != 0 {
- needsUpgrade = true
- result.Policies = result.OldPolicies
- result.OldPolicies = nil
- }
- if result.OldBoundCIDRs != nil {
- needsUpgrade = true
- result.BoundCIDRs = result.OldBoundCIDRs
- result.OldBoundCIDRs = nil
- }
- if needsUpgrade && (b.System().LocalMount() || !b.System().ReplicationState().HasState(consts.ReplicationPerformanceSecondary|consts.ReplicationPerformanceStandby)) {
- if err := b.setUser(ctx, s, strings.ToLower(username), &result); err != nil {
- return nil, err
- }
- }
-
return &result, nil
}
@@ -151,10 +141,13 @@ func (b *backend) pathUserRead(ctx context.Context, req *logical.Request, d *fra
return nil, nil
}
- data := map[string]interface{}{}
- user.PopulateTokenData(data)
return &logical.Response{
- Data: data,
+ Data: map[string]interface{}{
+ "policies": user.Policies,
+ "ttl": user.TTL.Seconds(),
+ "max_ttl": user.MaxTTL.Seconds(),
+ "bound_cidrs": user.BoundCIDRs,
+ },
}, nil
}
@@ -179,9 +172,25 @@ func (b *backend) userCreateUpdate(ctx context.Context, req *logical.Request, d
}
}
- if err := userEntry.ParseTokenFields(req, d); err != nil {
+ if policiesRaw, ok := d.GetOk("policies"); ok {
+ userEntry.Policies = policyutil.ParsePolicies(policiesRaw)
+ }
+
+ ttl, ok := d.GetOk("ttl")
+ if ok {
+ userEntry.TTL = time.Duration(ttl.(int)) * time.Second
+ }
+
+ maxTTL, ok := d.GetOk("max_ttl")
+ if ok {
+ userEntry.MaxTTL = time.Duration(maxTTL.(int)) * time.Second
+ }
+
+ boundCIDRs, err := parseutil.ParseAddrs(d.Get("bound_cidrs"))
+ if err != nil {
return logical.ErrorResponse(err.Error()), logical.ErrInvalidRequest
}
+ userEntry.BoundCIDRs = boundCIDRs
return nil, b.setUser(ctx, req.Storage, username, userEntry)
}
@@ -195,8 +204,6 @@ func (b *backend) pathUserWrite(ctx context.Context, req *logical.Request, d *fr
}
type UserEntry struct {
- tokenhelper.TokenParams
-
// Password is deprecated in Vault 0.2 in favor of
// PasswordHash, but is retained for backwards compatibility.
Password string
@@ -205,16 +212,15 @@ type UserEntry struct {
// used instead of the actual password in Vault 0.2+.
PasswordHash []byte
- // These token-related fields have been moved to the embedded tokenhelper.TokenParams struct
- OldPolicies []string `json:"Policies"`
+ Policies []string
// Duration after which the user will be revoked unless renewed
- OldTTL time.Duration `json:"TTL"`
+ TTL time.Duration
// Maximum duration for which user can be valid
- OldMaxTTL time.Duration `json:"MaxTTL"`
+ MaxTTL time.Duration
- OldBoundCIDRs []*sockaddr.SockAddrMarshaler `json:"BoundCIDRs"`
+ BoundCIDRs []*sockaddr.SockAddrMarshaler
}
const pathUserHelpSyn = `
diff --git a/builtin/logical/database/dbplugin/database.pb.go b/builtin/logical/database/dbplugin/database.pb.go
index 60d619e66b..8e452430fb 100644
--- a/builtin/logical/database/dbplugin/database.pb.go
+++ b/builtin/logical/database/dbplugin/database.pb.go
@@ -5,11 +5,15 @@ package dbplugin
import (
fmt "fmt"
+ math "math"
+
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
+)
+
+import (
context "golang.org/x/net/context"
grpc "google.golang.org/grpc"
- math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
@@ -675,60 +679,6 @@ func init() {
proto.RegisterType((*Empty)(nil), "dbplugin.Empty")
}
-func init() {
- proto.RegisterFile("builtin/logical/database/dbplugin/database.proto", fileDescriptor_7bf7b4c7fef2f66e)
-}
-
-var fileDescriptor_7bf7b4c7fef2f66e = []byte{
- // 724 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xd1, 0x4e, 0xdb, 0x4a,
- 0x10, 0x95, 0x93, 0x00, 0xc9, 0x80, 0x80, 0xec, 0x05, 0x64, 0xf9, 0x72, 0x6f, 0x91, 0x1f, 0x28,
- 0x55, 0xd5, 0xb8, 0x82, 0x56, 0x54, 0xa8, 0xa2, 0x2a, 0xa1, 0xaa, 0x2a, 0x55, 0x3c, 0x2c, 0xf0,
- 0x52, 0x55, 0x42, 0x1b, 0x67, 0x49, 0x56, 0x38, 0x5e, 0xd7, 0xbb, 0x0e, 0x4d, 0x7f, 0xa0, 0xfd,
- 0x8c, 0x7e, 0x4e, 0x1f, 0xfb, 0x49, 0x95, 0x37, 0x59, 0xef, 0x26, 0x86, 0xf2, 0x40, 0xfb, 0xe6,
- 0xd9, 0x99, 0x33, 0x73, 0xe6, 0x78, 0x76, 0x16, 0x9e, 0x76, 0x32, 0x16, 0x49, 0x16, 0x07, 0x11,
- 0xef, 0xb1, 0x90, 0x44, 0x41, 0x97, 0x48, 0xd2, 0x21, 0x82, 0x06, 0xdd, 0x4e, 0x12, 0x65, 0x3d,
- 0x16, 0x17, 0x27, 0xad, 0x24, 0xe5, 0x92, 0xa3, 0xba, 0x76, 0x78, 0x0f, 0x7a, 0x9c, 0xf7, 0x22,
- 0x1a, 0xa8, 0xf3, 0x4e, 0x76, 0x19, 0x48, 0x36, 0xa0, 0x42, 0x92, 0x41, 0x32, 0x0e, 0xf5, 0x3f,
- 0x42, 0xf3, 0x5d, 0xcc, 0x24, 0x23, 0x11, 0xfb, 0x42, 0x31, 0xfd, 0x94, 0x51, 0x21, 0xd1, 0x06,
- 0xcc, 0x87, 0x3c, 0xbe, 0x64, 0x3d, 0xd7, 0xd9, 0x72, 0x76, 0x96, 0xf0, 0xc4, 0x42, 0x8f, 0xa1,
- 0x39, 0xa4, 0x29, 0xbb, 0x1c, 0x5d, 0x84, 0x3c, 0x8e, 0x69, 0x28, 0x19, 0x8f, 0xdd, 0xca, 0x96,
- 0xb3, 0x53, 0xc7, 0xab, 0x63, 0x47, 0xbb, 0x38, 0x3f, 0xa8, 0xb8, 0x8e, 0x8f, 0x61, 0x31, 0xcf,
- 0xfe, 0x27, 0xf3, 0xfa, 0x3f, 0x1c, 0x68, 0xb6, 0x53, 0x4a, 0x24, 0x3d, 0x17, 0x34, 0xd5, 0xa9,
- 0x9f, 0x01, 0x08, 0x49, 0x24, 0x1d, 0xd0, 0x58, 0x0a, 0x95, 0x7e, 0x71, 0x77, 0xad, 0xa5, 0x75,
- 0x68, 0x9d, 0x16, 0x3e, 0x6c, 0xc5, 0xa1, 0xd7, 0xb0, 0x92, 0x09, 0x9a, 0xc6, 0x64, 0x40, 0x2f,
- 0x26, 0xcc, 0x2a, 0x0a, 0xea, 0x1a, 0xe8, 0xf9, 0x24, 0xa0, 0xad, 0xfc, 0x78, 0x39, 0x9b, 0xb2,
- 0xd1, 0x01, 0x00, 0xfd, 0x9c, 0xb0, 0x94, 0x28, 0xd2, 0x55, 0x85, 0xf6, 0x5a, 0x63, 0xd9, 0x5b,
- 0x5a, 0xf6, 0xd6, 0x99, 0x96, 0x1d, 0x5b, 0xd1, 0xfe, 0x77, 0x07, 0x56, 0x31, 0x8d, 0xe9, 0xf5,
- 0xfd, 0x3b, 0xf1, 0xa0, 0xae, 0x89, 0xa9, 0x16, 0x1a, 0xb8, 0xb0, 0xef, 0x45, 0x91, 0x42, 0x13,
- 0xd3, 0x21, 0xbf, 0xa2, 0x7f, 0x95, 0xa2, 0x7f, 0x08, 0x9b, 0x98, 0xe7, 0xa1, 0x98, 0x73, 0xd9,
- 0x4e, 0x69, 0x97, 0xc6, 0xf9, 0x4c, 0x0a, 0x5d, 0xf1, 0xff, 0x99, 0x8a, 0xd5, 0x9d, 0x86, 0x9d,
- 0xdb, 0xff, 0x59, 0x01, 0x30, 0x65, 0xd1, 0x1e, 0xfc, 0x13, 0xe6, 0x23, 0xc2, 0x78, 0x7c, 0x31,
- 0xc3, 0xb4, 0x71, 0x54, 0x71, 0x1d, 0x8c, 0xb4, 0xdb, 0x02, 0xed, 0xc3, 0x7a, 0x4a, 0x87, 0x3c,
- 0x2c, 0xc1, 0x2a, 0x05, 0x6c, 0xcd, 0x04, 0x4c, 0x57, 0x4b, 0x79, 0x14, 0x75, 0x48, 0x78, 0x65,
- 0xc3, 0xaa, 0xa6, 0x9a, 0x76, 0x5b, 0xa0, 0x27, 0xb0, 0x9a, 0xe6, 0xbf, 0xde, 0x46, 0xd4, 0x0a,
- 0xc4, 0x8a, 0xf2, 0x9d, 0x4e, 0x89, 0xa7, 0x29, 0xbb, 0x73, 0xaa, 0xfd, 0xc2, 0xce, 0xc5, 0x31,
- 0xbc, 0xdc, 0xf9, 0xb1, 0x38, 0xe6, 0x24, 0xc7, 0x6a, 0x02, 0xee, 0xc2, 0x18, 0xab, 0x6d, 0xe4,
- 0xc2, 0x82, 0x2a, 0x45, 0x22, 0xb7, 0xae, 0x5c, 0xda, 0xf4, 0x4f, 0x60, 0x79, 0x7a, 0xf4, 0xd1,
- 0x16, 0x2c, 0x1e, 0x33, 0x91, 0x44, 0x64, 0x74, 0x92, 0xff, 0x43, 0xa5, 0x26, 0xb6, 0x8f, 0xf2,
- 0x4a, 0x98, 0x47, 0xf4, 0xc4, 0xfa, 0xc5, 0xda, 0xf6, 0xb7, 0x61, 0x69, 0xbc, 0x0b, 0x44, 0xc2,
- 0x63, 0x41, 0x6f, 0x5b, 0x06, 0xfe, 0x7b, 0x40, 0xf6, 0xf5, 0x9e, 0x44, 0xdb, 0xc3, 0xe3, 0xcc,
- 0xcc, 0xb7, 0x07, 0xf5, 0x84, 0x08, 0x71, 0xcd, 0xd3, 0xae, 0xae, 0xaa, 0x6d, 0xdf, 0x87, 0xa5,
- 0xb3, 0x51, 0x42, 0x8b, 0x3c, 0x08, 0x6a, 0x72, 0x94, 0xe8, 0x1c, 0xea, 0xdb, 0xdf, 0x87, 0xff,
- 0x6e, 0x19, 0xbe, 0x3b, 0xa8, 0x2e, 0xc0, 0xdc, 0x9b, 0x41, 0x22, 0x47, 0xbb, 0x5f, 0x6b, 0x50,
- 0x3f, 0x9e, 0xec, 0x60, 0x14, 0x40, 0x2d, 0x2f, 0x89, 0x56, 0xcc, 0x8d, 0x50, 0x51, 0xde, 0x86,
- 0x39, 0x98, 0xe2, 0xf4, 0x16, 0xc0, 0x74, 0x8c, 0xfe, 0x35, 0x51, 0xa5, 0x35, 0xe7, 0x6d, 0xde,
- 0xec, 0x9c, 0x24, 0x7a, 0x01, 0x8d, 0x62, 0x9d, 0x20, 0xcf, 0x84, 0xce, 0xee, 0x18, 0x6f, 0x96,
- 0x5a, 0xbe, 0x22, 0xcc, 0x35, 0xb7, 0x29, 0x94, 0x2e, 0x7f, 0x19, 0xdb, 0x87, 0xf5, 0x1b, 0xe5,
- 0x43, 0xdb, 0x56, 0x9a, 0xdf, 0x5c, 0x6e, 0xef, 0xe1, 0x9d, 0x71, 0x93, 0xfe, 0x9e, 0x43, 0x2d,
- 0x1f, 0x21, 0xb4, 0x6e, 0x00, 0xd6, 0xf3, 0x62, 0xeb, 0x3b, 0x35, 0x69, 0x8f, 0x60, 0xae, 0x1d,
- 0x71, 0x71, 0xc3, 0x1f, 0x29, 0xf5, 0xf2, 0x0a, 0xc0, 0x3c, 0x87, 0xb6, 0x0e, 0xa5, 0x47, 0xb2,
- 0x84, 0xf5, 0xab, 0xdf, 0x2a, 0xce, 0xd1, 0xe1, 0x87, 0x97, 0x3d, 0x26, 0xfb, 0x59, 0xa7, 0x15,
- 0xf2, 0x41, 0xd0, 0x27, 0xa2, 0xcf, 0x42, 0x9e, 0x26, 0xc1, 0x90, 0x64, 0x91, 0x0c, 0xee, 0x7c,
- 0xc9, 0x3b, 0xf3, 0x6a, 0x1f, 0xef, 0xfd, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x9c, 0x49, 0x0b, 0x5b,
- 0xf5, 0x07, 0x00, 0x00,
-}
-
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
@@ -1032,3 +982,57 @@ var _Database_serviceDesc = grpc.ServiceDesc{
Streams: []grpc.StreamDesc{},
Metadata: "builtin/logical/database/dbplugin/database.proto",
}
+
+func init() {
+ proto.RegisterFile("builtin/logical/database/dbplugin/database.proto", fileDescriptor_7bf7b4c7fef2f66e)
+}
+
+var fileDescriptor_7bf7b4c7fef2f66e = []byte{
+ // 724 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x55, 0xd1, 0x4e, 0xdb, 0x4a,
+ 0x10, 0x95, 0x93, 0x00, 0xc9, 0x80, 0x80, 0xec, 0x05, 0x64, 0xf9, 0x72, 0x6f, 0x91, 0x1f, 0x28,
+ 0x55, 0xd5, 0xb8, 0x82, 0x56, 0x54, 0xa8, 0xa2, 0x2a, 0xa1, 0xaa, 0x2a, 0x55, 0x3c, 0x2c, 0xf0,
+ 0x52, 0x55, 0x42, 0x1b, 0x67, 0x49, 0x56, 0x38, 0x5e, 0xd7, 0xbb, 0x0e, 0x4d, 0x7f, 0xa0, 0xfd,
+ 0x8c, 0x7e, 0x4e, 0x1f, 0xfb, 0x49, 0x95, 0x37, 0x59, 0xef, 0x26, 0x86, 0xf2, 0x40, 0xfb, 0xe6,
+ 0xd9, 0x99, 0x33, 0x73, 0xe6, 0x78, 0x76, 0x16, 0x9e, 0x76, 0x32, 0x16, 0x49, 0x16, 0x07, 0x11,
+ 0xef, 0xb1, 0x90, 0x44, 0x41, 0x97, 0x48, 0xd2, 0x21, 0x82, 0x06, 0xdd, 0x4e, 0x12, 0x65, 0x3d,
+ 0x16, 0x17, 0x27, 0xad, 0x24, 0xe5, 0x92, 0xa3, 0xba, 0x76, 0x78, 0x0f, 0x7a, 0x9c, 0xf7, 0x22,
+ 0x1a, 0xa8, 0xf3, 0x4e, 0x76, 0x19, 0x48, 0x36, 0xa0, 0x42, 0x92, 0x41, 0x32, 0x0e, 0xf5, 0x3f,
+ 0x42, 0xf3, 0x5d, 0xcc, 0x24, 0x23, 0x11, 0xfb, 0x42, 0x31, 0xfd, 0x94, 0x51, 0x21, 0xd1, 0x06,
+ 0xcc, 0x87, 0x3c, 0xbe, 0x64, 0x3d, 0xd7, 0xd9, 0x72, 0x76, 0x96, 0xf0, 0xc4, 0x42, 0x8f, 0xa1,
+ 0x39, 0xa4, 0x29, 0xbb, 0x1c, 0x5d, 0x84, 0x3c, 0x8e, 0x69, 0x28, 0x19, 0x8f, 0xdd, 0xca, 0x96,
+ 0xb3, 0x53, 0xc7, 0xab, 0x63, 0x47, 0xbb, 0x38, 0x3f, 0xa8, 0xb8, 0x8e, 0x8f, 0x61, 0x31, 0xcf,
+ 0xfe, 0x27, 0xf3, 0xfa, 0x3f, 0x1c, 0x68, 0xb6, 0x53, 0x4a, 0x24, 0x3d, 0x17, 0x34, 0xd5, 0xa9,
+ 0x9f, 0x01, 0x08, 0x49, 0x24, 0x1d, 0xd0, 0x58, 0x0a, 0x95, 0x7e, 0x71, 0x77, 0xad, 0xa5, 0x75,
+ 0x68, 0x9d, 0x16, 0x3e, 0x6c, 0xc5, 0xa1, 0xd7, 0xb0, 0x92, 0x09, 0x9a, 0xc6, 0x64, 0x40, 0x2f,
+ 0x26, 0xcc, 0x2a, 0x0a, 0xea, 0x1a, 0xe8, 0xf9, 0x24, 0xa0, 0xad, 0xfc, 0x78, 0x39, 0x9b, 0xb2,
+ 0xd1, 0x01, 0x00, 0xfd, 0x9c, 0xb0, 0x94, 0x28, 0xd2, 0x55, 0x85, 0xf6, 0x5a, 0x63, 0xd9, 0x5b,
+ 0x5a, 0xf6, 0xd6, 0x99, 0x96, 0x1d, 0x5b, 0xd1, 0xfe, 0x77, 0x07, 0x56, 0x31, 0x8d, 0xe9, 0xf5,
+ 0xfd, 0x3b, 0xf1, 0xa0, 0xae, 0x89, 0xa9, 0x16, 0x1a, 0xb8, 0xb0, 0xef, 0x45, 0x91, 0x42, 0x13,
+ 0xd3, 0x21, 0xbf, 0xa2, 0x7f, 0x95, 0xa2, 0x7f, 0x08, 0x9b, 0x98, 0xe7, 0xa1, 0x98, 0x73, 0xd9,
+ 0x4e, 0x69, 0x97, 0xc6, 0xf9, 0x4c, 0x0a, 0x5d, 0xf1, 0xff, 0x99, 0x8a, 0xd5, 0x9d, 0x86, 0x9d,
+ 0xdb, 0xff, 0x59, 0x01, 0x30, 0x65, 0xd1, 0x1e, 0xfc, 0x13, 0xe6, 0x23, 0xc2, 0x78, 0x7c, 0x31,
+ 0xc3, 0xb4, 0x71, 0x54, 0x71, 0x1d, 0x8c, 0xb4, 0xdb, 0x02, 0xed, 0xc3, 0x7a, 0x4a, 0x87, 0x3c,
+ 0x2c, 0xc1, 0x2a, 0x05, 0x6c, 0xcd, 0x04, 0x4c, 0x57, 0x4b, 0x79, 0x14, 0x75, 0x48, 0x78, 0x65,
+ 0xc3, 0xaa, 0xa6, 0x9a, 0x76, 0x5b, 0xa0, 0x27, 0xb0, 0x9a, 0xe6, 0xbf, 0xde, 0x46, 0xd4, 0x0a,
+ 0xc4, 0x8a, 0xf2, 0x9d, 0x4e, 0x89, 0xa7, 0x29, 0xbb, 0x73, 0xaa, 0xfd, 0xc2, 0xce, 0xc5, 0x31,
+ 0xbc, 0xdc, 0xf9, 0xb1, 0x38, 0xe6, 0x24, 0xc7, 0x6a, 0x02, 0xee, 0xc2, 0x18, 0xab, 0x6d, 0xe4,
+ 0xc2, 0x82, 0x2a, 0x45, 0x22, 0xb7, 0xae, 0x5c, 0xda, 0xf4, 0x4f, 0x60, 0x79, 0x7a, 0xf4, 0xd1,
+ 0x16, 0x2c, 0x1e, 0x33, 0x91, 0x44, 0x64, 0x74, 0x92, 0xff, 0x43, 0xa5, 0x26, 0xb6, 0x8f, 0xf2,
+ 0x4a, 0x98, 0x47, 0xf4, 0xc4, 0xfa, 0xc5, 0xda, 0xf6, 0xb7, 0x61, 0x69, 0xbc, 0x0b, 0x44, 0xc2,
+ 0x63, 0x41, 0x6f, 0x5b, 0x06, 0xfe, 0x7b, 0x40, 0xf6, 0xf5, 0x9e, 0x44, 0xdb, 0xc3, 0xe3, 0xcc,
+ 0xcc, 0xb7, 0x07, 0xf5, 0x84, 0x08, 0x71, 0xcd, 0xd3, 0xae, 0xae, 0xaa, 0x6d, 0xdf, 0x87, 0xa5,
+ 0xb3, 0x51, 0x42, 0x8b, 0x3c, 0x08, 0x6a, 0x72, 0x94, 0xe8, 0x1c, 0xea, 0xdb, 0xdf, 0x87, 0xff,
+ 0x6e, 0x19, 0xbe, 0x3b, 0xa8, 0x2e, 0xc0, 0xdc, 0x9b, 0x41, 0x22, 0x47, 0xbb, 0x5f, 0x6b, 0x50,
+ 0x3f, 0x9e, 0xec, 0x60, 0x14, 0x40, 0x2d, 0x2f, 0x89, 0x56, 0xcc, 0x8d, 0x50, 0x51, 0xde, 0x86,
+ 0x39, 0x98, 0xe2, 0xf4, 0x16, 0xc0, 0x74, 0x8c, 0xfe, 0x35, 0x51, 0xa5, 0x35, 0xe7, 0x6d, 0xde,
+ 0xec, 0x9c, 0x24, 0x7a, 0x01, 0x8d, 0x62, 0x9d, 0x20, 0xcf, 0x84, 0xce, 0xee, 0x18, 0x6f, 0x96,
+ 0x5a, 0xbe, 0x22, 0xcc, 0x35, 0xb7, 0x29, 0x94, 0x2e, 0x7f, 0x19, 0xdb, 0x87, 0xf5, 0x1b, 0xe5,
+ 0x43, 0xdb, 0x56, 0x9a, 0xdf, 0x5c, 0x6e, 0xef, 0xe1, 0x9d, 0x71, 0x93, 0xfe, 0x9e, 0x43, 0x2d,
+ 0x1f, 0x21, 0xb4, 0x6e, 0x00, 0xd6, 0xf3, 0x62, 0xeb, 0x3b, 0x35, 0x69, 0x8f, 0x60, 0xae, 0x1d,
+ 0x71, 0x71, 0xc3, 0x1f, 0x29, 0xf5, 0xf2, 0x0a, 0xc0, 0x3c, 0x87, 0xb6, 0x0e, 0xa5, 0x47, 0xb2,
+ 0x84, 0xf5, 0xab, 0xdf, 0x2a, 0xce, 0xd1, 0xe1, 0x87, 0x97, 0x3d, 0x26, 0xfb, 0x59, 0xa7, 0x15,
+ 0xf2, 0x41, 0xd0, 0x27, 0xa2, 0xcf, 0x42, 0x9e, 0x26, 0xc1, 0x90, 0x64, 0x91, 0x0c, 0xee, 0x7c,
+ 0xc9, 0x3b, 0xf3, 0x6a, 0x1f, 0xef, 0xfd, 0x0a, 0x00, 0x00, 0xff, 0xff, 0x9c, 0x49, 0x0b, 0x5b,
+ 0xf5, 0x07, 0x00, 0x00,
+}
diff --git a/helper/forwarding/types.pb.go b/helper/forwarding/types.pb.go
index e7b104c6a7..44342b2095 100644
--- a/helper/forwarding/types.pb.go
+++ b/helper/forwarding/types.pb.go
@@ -5,8 +5,9 @@ package forwarding
import (
fmt "fmt"
- proto "github.com/golang/protobuf/proto"
math "math"
+
+ proto "github.com/golang/protobuf/proto"
)
// Reference imports to suppress errors if they are not otherwise used.
diff --git a/helper/identity/mfa/types.pb.go b/helper/identity/mfa/types.pb.go
index 5c1855e7fb..9fcc7ab7f7 100644
--- a/helper/identity/mfa/types.pb.go
+++ b/helper/identity/mfa/types.pb.go
@@ -6,8 +6,9 @@ package mfa
import (
fmt "fmt"
- proto "github.com/golang/protobuf/proto"
math "math"
+
+ proto "github.com/golang/protobuf/proto"
)
// Reference imports to suppress errors if they are not otherwise used.
diff --git a/helper/identity/types.pb.go b/helper/identity/types.pb.go
index 28263c8964..8b417e8d46 100644
--- a/helper/identity/types.pb.go
+++ b/helper/identity/types.pb.go
@@ -5,10 +5,11 @@ package identity
import (
fmt "fmt"
+ math "math"
+
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
mfa "github.com/hashicorp/vault/helper/identity/mfa"
- math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
diff --git a/helper/ldaputil/config.go b/helper/ldaputil/config.go
index d253ea4c70..9da1ffd71a 100644
--- a/helper/ldaputil/config.go
+++ b/helper/ldaputil/config.go
@@ -9,7 +9,6 @@ import (
"text/template"
"github.com/hashicorp/vault/helper/tlsutil"
- "github.com/hashicorp/vault/helper/tokenhelper"
"github.com/hashicorp/vault/logical/framework"
"github.com/hashicorp/errwrap"
@@ -17,8 +16,8 @@ import (
// ConfigFields returns all the config fields that can potentially be used by the LDAP client.
// Not all fields will be used by every integration.
-func ConfigFields(tokenFields bool) map[string]*framework.FieldSchema {
- ret := map[string]*framework.FieldSchema{
+func ConfigFields() map[string]*framework.FieldSchema {
+ return map[string]*framework.FieldSchema{
"url": {
Type: framework.TypeString,
Default: "ldap://127.0.0.1",
@@ -123,12 +122,6 @@ Default: cn`,
Description: "If true, use the Active Directory tokenGroups constructed attribute of the user to find the group memberships. This will find all security groups including nested ones.",
},
}
-
- if tokenFields {
- tokenhelper.AddTokenFields(ret)
- }
-
- return ret
}
/*
@@ -253,8 +246,6 @@ func NewConfigEntry(d *framework.FieldData) (*ConfigEntry, error) {
}
type ConfigEntry struct {
- tokenhelper.TokenParams
-
Url string `json:"url"`
UserDN string `json:"userdn"`
GroupDN string `json:"groupdn"`
diff --git a/helper/storagepacker/types.pb.go b/helper/storagepacker/types.pb.go
index 6319feef6c..9887c72b84 100644
--- a/helper/storagepacker/types.pb.go
+++ b/helper/storagepacker/types.pb.go
@@ -5,9 +5,10 @@ package storagepacker
import (
fmt "fmt"
+ math "math"
+
proto "github.com/golang/protobuf/proto"
any "github.com/golang/protobuf/ptypes/any"
- math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
diff --git a/helper/strutil/strutil.go b/helper/strutil/strutil.go
index f741b6fabb..2304ebd9dc 100644
--- a/helper/strutil/strutil.go
+++ b/helper/strutil/strutil.go
@@ -14,9 +14,6 @@ import (
// StrListContainsGlob looks for a string in a list of strings and allows
// globs.
func StrListContainsGlob(haystack []string, needle string) bool {
- if len(haystack) == 0 {
- return false
- }
for _, item := range haystack {
if glob.Glob(item, needle) {
return true
@@ -27,9 +24,6 @@ func StrListContainsGlob(haystack []string, needle string) bool {
// StrListContains looks for a string in a list of strings.
func StrListContains(haystack []string, needle string) bool {
- if len(haystack) == 0 {
- return false
- }
for _, item := range haystack {
if item == needle {
return true
diff --git a/helper/tokenhelper/tokenhelper.go b/helper/tokenhelper/tokenhelper.go
deleted file mode 100644
index 5e8a24aac1..0000000000
--- a/helper/tokenhelper/tokenhelper.go
+++ /dev/null
@@ -1,210 +0,0 @@
-package tokenhelper
-
-import (
- "errors"
- "fmt"
- "time"
-
- sockaddr "github.com/hashicorp/go-sockaddr"
- "github.com/hashicorp/vault/helper/parseutil"
- "github.com/hashicorp/vault/helper/strutil"
- "github.com/hashicorp/vault/logical"
- "github.com/hashicorp/vault/logical/framework"
-)
-
-type TokenParams struct {
- // The set of CIDRs that tokens generated using this role will be bound to
- BoundCIDRs []*sockaddr.SockAddrMarshaler `json:"bound_cidrs"`
-
- // If set, the token entry will have an explicit maximum TTL set, rather
- // than deferring to role/mount values
- ExplicitMaxTTL time.Duration `json:"explicit_max_ttl" mapstructure:"explicit_max_ttl"`
-
- // The max TTL to use for the token
- MaxTTL time.Duration `json:"max_ttl" mapstructure:"max_ttl"`
-
- // If set, core will not automatically add default to the policy list
- NoDefaultPolicy bool `json:"no_default_policy" mapstructure:"no_default_policy"`
-
- // If non-zero, tokens created using this role will be able to be renewed
- // forever, but will have a fixed renewal period of this value
- Period time.Duration `json:"period" mapstructure:"period"`
-
- // The policies to set
- Policies []string `json:"policies" mapstructure:"policies"`
-
- // The type of token this role should issue
- TokenType logical.TokenType `json:"token_type" mapstructure:"token_type"`
-
- // The TTL to user for the token
- TTL time.Duration `json:"ttl" mapstructure:"ttl"`
-}
-
-// AddTokenFields adds fields to an existing role. It panics if it would
-// overwrite an existing field.
-func AddTokenFields(m map[string]*framework.FieldSchema) {
- AddTokenFieldsWithAllowList(m, nil)
-}
-
-func AddTokenFieldsWithAllowList(m map[string]*framework.FieldSchema, allowed []string) {
- r := TokenFields()
- for k, v := range r {
- if len(allowed) > 0 && !strutil.StrListContains(allowed, k) {
- continue
- }
- if _, has := m[k]; has {
- panic(fmt.Sprintf("adding role field %s would overwrite existing field", k))
- }
- m[k] = v
- }
-}
-
-func TokenFields() map[string]*framework.FieldSchema {
- return map[string]*framework.FieldSchema{
- "bound_cidrs": &framework.FieldSchema{
- Type: framework.TypeCommaStringSlice,
- Description: `Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.`,
- },
-
- "explicit_max_ttl": &framework.FieldSchema{
- Type: framework.TypeDurationSecond,
- Description: tokenExplicitMaxTTLHelp,
- },
-
- "max_ttl": &framework.FieldSchema{
- Type: framework.TypeDurationSecond,
- Description: "The maximum lifetime of the generated token",
- },
-
- "no_default_policy": &framework.FieldSchema{
- Type: framework.TypeBool,
- Description: "If true, the 'default' policy will not automatically be added to generated tokens",
- },
-
- "period": &framework.FieldSchema{
- Type: framework.TypeDurationSecond,
- Description: tokenPeriodHelp,
- },
-
- "policies": &framework.FieldSchema{
- Type: framework.TypeCommaStringSlice,
- Description: "Comma-separated list of policies",
- },
-
- "token_type": &framework.FieldSchema{
- Type: framework.TypeString,
- Description: "The type of token to generate, service or batch",
- },
-
- "ttl": &framework.FieldSchema{
- Type: framework.TypeDurationSecond,
- Description: "The initial ttl of the token to generate",
- },
- }
-}
-
-func (t *TokenParams) ParseTokenFields(req *logical.Request, d *framework.FieldData) error {
- if boundCIDRsRaw, ok := d.GetOk("bound_cidrs"); ok {
- boundCIDRs, err := parseutil.ParseAddrs(boundCIDRsRaw.([]string))
- if err != nil {
- return err
- }
- t.BoundCIDRs = boundCIDRs
- }
-
- if explicitMaxTTLRaw, ok := d.GetOk("explicit_max_ttl"); ok {
- t.ExplicitMaxTTL = time.Duration(explicitMaxTTLRaw.(int)) * time.Second
- }
-
- if maxTTLRaw, ok := d.GetOk("max_ttl"); ok {
- t.MaxTTL = time.Duration(maxTTLRaw.(int)) * time.Second
- } else if maxTTLRaw, ok := d.GetOk("lease_max"); ok {
- t.MaxTTL = time.Duration(maxTTLRaw.(int)) * time.Second
- }
- if t.MaxTTL < 0 {
- return errors.New("'max_ttl' cannot be negative")
- }
-
- if noDefaultRaw, ok := d.GetOk("no_default_policy"); ok {
- t.NoDefaultPolicy = noDefaultRaw.(bool)
- }
-
- if periodRaw, ok := d.GetOk("period"); ok {
- t.Period = time.Duration(periodRaw.(int)) * time.Second
- }
- if t.Period < 0 {
- return errors.New("'period' cannot be negative")
- }
-
- if policiesRaw, ok := d.GetOk("policies"); ok {
- t.Policies = policiesRaw.([]string)
- }
-
- if tokenTypeRaw, ok := d.GetOk("token_type"); ok {
- var tokenType logical.TokenType
- tokenTypeStr := tokenTypeRaw.(string)
- switch tokenTypeStr {
- case "service":
- tokenType = logical.TokenTypeService
- case "batch":
- tokenType = logical.TokenTypeBatch
- case "default-service":
- tokenType = logical.TokenTypeDefaultService
- case "default-batch":
- tokenType = logical.TokenTypeDefaultBatch
- default:
- return fmt.Errorf("invalid 'token_type' value %q", tokenTypeStr)
- }
- t.TokenType = tokenType
- }
-
- if ttlRaw, ok := d.GetOk("ttl"); ok {
- t.TTL = time.Duration(ttlRaw.(int)) * time.Second
- } else if ttlRaw, ok := d.GetOk("lease"); ok {
- t.TTL = time.Duration(ttlRaw.(int)) * time.Second
- }
- if t.TTL < 0 {
- return errors.New("'ttl' cannot be negative")
- }
- if t.TTL > 0 && t.MaxTTL > 0 && t.TTL > t.MaxTTL {
- return errors.New("'ttl' cannot be greater than 'max_ttl'")
- }
-
- return nil
-}
-
-func (t *TokenParams) PopulateTokenData(m map[string]interface{}) {
- m["bound_cidrs"] = t.BoundCIDRs
- m["explicit_max_ttl"] = t.ExplicitMaxTTL.Seconds()
- m["max_ttl"] = t.MaxTTL.Seconds()
- m["no_default_policy"] = t.NoDefaultPolicy
- m["period"] = t.Period.Seconds()
- m["policies"] = t.Policies
- m["token_type"] = t.TokenType.String()
- m["ttl"] = t.TTL.Seconds()
-}
-
-func (t *TokenParams) PopulateTokenAuth(auth *logical.Auth) {
- auth.BoundCIDRs = t.BoundCIDRs
- auth.ExplicitMaxTTL = t.ExplicitMaxTTL
- auth.MaxTTL = t.MaxTTL
- auth.NoDefaultPolicy = t.NoDefaultPolicy
- auth.Period = t.Period
- auth.Policies = t.Policies
- auth.TokenType = t.TokenType
- auth.TTL = t.TTL
-}
-
-const (
- tokenPeriodHelp = `If set, tokens created via this role
-will have no max lifetime; instead, their
-renewal period will be fixed to this value.
-This takes an integer number of seconds,
-or a string duration (e.g. "24h").`
- tokenExplicitMaxTTLHelp = `If set, tokens created via this role
-carry an explicit maximum TTL. During renewal,
-the current maximum TTL values of the role
-and the mount are not checked for changes,
-and any updates to these values will have
-no effect on the token being renewed.`
-)
diff --git a/logical/auth.go b/logical/auth.go
index a6f6b11ae2..e458ed8686 100644
--- a/logical/auth.go
+++ b/logical/auth.go
@@ -38,11 +38,6 @@ type Auth struct {
// different namespaces indexed by respective namespace identifiers
ExternalNamespacePolicies map[string][]string `json:"external_namespace_policies" mapstructure:"external_namespace_policies" structs:"external_namespace_policies"`
- // Indicates that the default policy should not be added by core when
- // creating a token. The default policy will still be added if it's
- // explicitly defined.
- NoDefaultPolicy bool `json:"no_default_policy" mapstructure:"no_default_policy" structs:"no_default_policy"`
-
// Metadata is used to attach arbitrary string-type metadata to
// an authenticated user. This metadata will be outputted into the
// audit log.
diff --git a/logical/identity.pb.go b/logical/identity.pb.go
index cd19652215..5b3342d488 100644
--- a/logical/identity.pb.go
+++ b/logical/identity.pb.go
@@ -5,8 +5,9 @@ package logical
import (
fmt "fmt"
- proto "github.com/golang/protobuf/proto"
math "math"
+
+ proto "github.com/golang/protobuf/proto"
)
// Reference imports to suppress errors if they are not otherwise used.
diff --git a/logical/plugin.pb.go b/logical/plugin.pb.go
index b66bea544b..e8a4f096eb 100644
--- a/logical/plugin.pb.go
+++ b/logical/plugin.pb.go
@@ -5,8 +5,9 @@ package logical
import (
fmt "fmt"
- proto "github.com/golang/protobuf/proto"
math "math"
+
+ proto "github.com/golang/protobuf/proto"
)
// Reference imports to suppress errors if they are not otherwise used.
diff --git a/logical/plugin/pb/backend.pb.go b/logical/plugin/pb/backend.pb.go
index 11510787de..55f304024a 100644
--- a/logical/plugin/pb/backend.pb.go
+++ b/logical/plugin/pb/backend.pb.go
@@ -5,12 +5,16 @@ package pb
import (
fmt "fmt"
+ math "math"
+
proto "github.com/golang/protobuf/proto"
timestamp "github.com/golang/protobuf/ptypes/timestamp"
logical "github.com/hashicorp/vault/logical"
+)
+
+import (
context "golang.org/x/net/context"
grpc "google.golang.org/grpc"
- math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
@@ -526,9 +530,7 @@ type Auth struct {
// TTL is a hard limit and cannot be exceeded, also counts for periodic tokens.
ExplicitMaxTTL int64 `sentinel:"" protobuf:"varint,16,opt,name=explicit_max_ttl,json=explicitMaxTtl,proto3" json:"explicit_max_ttl,omitempty"`
// TokenType is the type of token being requested
- TokenType uint32 `sentinel:"" protobuf:"varint,17,opt,name=token_type,json=tokenType,proto3" json:"token_type,omitempty"`
- // Whether the default policy should be added automatically by core
- NoDefaultPolicy bool `sentinel:"" protobuf:"varint,18,opt,name=no_default_policy,json=noDefaultPolicy,proto3" json:"no_default_policy,omitempty"`
+ TokenType uint32 `sentinel:"" protobuf:"varint,17,opt,name=token_type,json=tokenType,proto3" json:"token_type,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@@ -678,13 +680,6 @@ func (m *Auth) GetTokenType() uint32 {
return 0
}
-func (m *Auth) GetNoDefaultPolicy() bool {
- if m != nil {
- return m.NoDefaultPolicy
- }
- return false
-}
-
type TokenEntry struct {
ID string `sentinel:"" protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
Accessor string `sentinel:"" protobuf:"bytes,2,opt,name=accessor,proto3" json:"accessor,omitempty"`
@@ -2707,169 +2702,6 @@ func init() {
proto.RegisterType((*Connection)(nil), "pb.Connection")
}
-func init() { proto.RegisterFile("logical/plugin/pb/backend.proto", fileDescriptor_25821d34acc7c5ef) }
-
-var fileDescriptor_25821d34acc7c5ef = []byte{
- // 2503 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x59, 0xdd, 0x72, 0xdb, 0xc6,
- 0x15, 0x1e, 0x92, 0xe2, 0xdf, 0xe1, 0x9f, 0xb8, 0x56, 0x54, 0x98, 0x71, 0x6a, 0x06, 0xa9, 0x6d,
- 0xc5, 0xb5, 0x29, 0x5b, 0x69, 0x1a, 0xa7, 0x9d, 0xa4, 0xa3, 0xc8, 0x8a, 0xa3, 0x46, 0x4a, 0x34,
- 0x10, 0xdd, 0xf4, 0x6f, 0x06, 0x59, 0x02, 0x2b, 0x0a, 0x23, 0x10, 0x40, 0x17, 0x0b, 0x59, 0xbc,
- 0xea, 0x5b, 0xf4, 0x35, 0x7a, 0xdb, 0xbb, 0xde, 0x75, 0x3a, 0xed, 0x75, 0x5f, 0xa1, 0x97, 0x7d,
- 0x86, 0xce, 0x9e, 0x5d, 0x80, 0x00, 0x49, 0xc5, 0xce, 0x4c, 0x7b, 0xb7, 0x7b, 0xce, 0xd9, 0xbf,
- 0xb3, 0xdf, 0xf9, 0xce, 0x59, 0x00, 0xee, 0xfa, 0xe1, 0xd4, 0x73, 0xa8, 0xbf, 0x1b, 0xf9, 0xc9,
- 0xd4, 0x0b, 0x76, 0xa3, 0xc9, 0xee, 0x84, 0x3a, 0x97, 0x2c, 0x70, 0x47, 0x11, 0x0f, 0x45, 0x48,
- 0xca, 0xd1, 0x64, 0x70, 0x77, 0x1a, 0x86, 0x53, 0x9f, 0xed, 0xa2, 0x64, 0x92, 0x9c, 0xef, 0x0a,
- 0x6f, 0xc6, 0x62, 0x41, 0x67, 0x91, 0x32, 0x1a, 0x6c, 0xa7, 0xb3, 0x78, 0x2e, 0x0b, 0x84, 0x27,
- 0xe6, 0x5a, 0xbe, 0x55, 0x9c, 0x5d, 0x49, 0xcd, 0x3a, 0x54, 0x0f, 0x67, 0x91, 0x98, 0x9b, 0x43,
- 0xa8, 0x7d, 0xc1, 0xa8, 0xcb, 0x38, 0xd9, 0x86, 0xda, 0x05, 0xb6, 0x8c, 0xd2, 0xb0, 0xb2, 0xd3,
- 0xb4, 0x74, 0xcf, 0xfc, 0x1d, 0xc0, 0xa9, 0x1c, 0x73, 0xc8, 0x79, 0xc8, 0xc9, 0x6d, 0x68, 0x30,
- 0xce, 0x6d, 0x31, 0x8f, 0x98, 0x51, 0x1a, 0x96, 0x76, 0x3a, 0x56, 0x9d, 0x71, 0x3e, 0x9e, 0x47,
- 0x8c, 0xfc, 0x00, 0x64, 0xd3, 0x9e, 0xc5, 0x53, 0xa3, 0x3c, 0x2c, 0xc9, 0x19, 0x18, 0xe7, 0x27,
- 0xf1, 0x34, 0x1d, 0xe3, 0x84, 0x2e, 0x33, 0x2a, 0xc3, 0xd2, 0x4e, 0x05, 0xc7, 0x1c, 0x84, 0x2e,
- 0x33, 0xff, 0x54, 0x82, 0xea, 0x29, 0x15, 0x17, 0x31, 0x21, 0xb0, 0xc1, 0xc3, 0x50, 0xe8, 0xc5,
- 0xb1, 0x4d, 0x76, 0xa0, 0x97, 0x04, 0x34, 0x11, 0x17, 0xf2, 0x44, 0x0e, 0x15, 0xcc, 0x35, 0xca,
- 0xa8, 0x5e, 0x16, 0x93, 0xf7, 0xa0, 0xe3, 0x87, 0x0e, 0xf5, 0xed, 0x58, 0x84, 0x9c, 0x4e, 0xe5,
- 0x3a, 0xd2, 0xae, 0x8d, 0xc2, 0x33, 0x25, 0x23, 0x0f, 0xa1, 0x1f, 0x33, 0xea, 0xdb, 0xaf, 0x38,
- 0x8d, 0x32, 0xc3, 0x0d, 0x35, 0xa1, 0x54, 0x7c, 0xc3, 0x69, 0xa4, 0x6d, 0xcd, 0xbf, 0xd6, 0xa0,
- 0x6e, 0xb1, 0x3f, 0x24, 0x2c, 0x16, 0xa4, 0x0b, 0x65, 0xcf, 0xc5, 0xd3, 0x36, 0xad, 0xb2, 0xe7,
- 0x92, 0x11, 0x10, 0x8b, 0x45, 0xbe, 0x5c, 0xda, 0x0b, 0x83, 0x03, 0x3f, 0x89, 0x05, 0xe3, 0xfa,
- 0xcc, 0x6b, 0x34, 0xe4, 0x0e, 0x34, 0xc3, 0x88, 0x71, 0x94, 0xa1, 0x03, 0x9a, 0xd6, 0x42, 0x20,
- 0x0f, 0x1e, 0x51, 0x71, 0x61, 0x6c, 0xa0, 0x02, 0xdb, 0x52, 0xe6, 0x52, 0x41, 0x8d, 0xaa, 0x92,
- 0xc9, 0x36, 0x31, 0xa1, 0x16, 0x33, 0x87, 0x33, 0x61, 0xd4, 0x86, 0xa5, 0x9d, 0xd6, 0x1e, 0x8c,
- 0xa2, 0xc9, 0xe8, 0x0c, 0x25, 0x96, 0xd6, 0x90, 0x3b, 0xb0, 0x21, 0xfd, 0x62, 0xd4, 0xd1, 0xa2,
- 0x21, 0x2d, 0xf6, 0x13, 0x71, 0x61, 0xa1, 0x94, 0xec, 0x41, 0x5d, 0xdd, 0x69, 0x6c, 0x34, 0x86,
- 0x95, 0x9d, 0xd6, 0x9e, 0x21, 0x0d, 0xf4, 0x29, 0x47, 0x0a, 0x06, 0xf1, 0x61, 0x20, 0xf8, 0xdc,
- 0x4a, 0x0d, 0xc9, 0xbb, 0xd0, 0x76, 0x7c, 0x8f, 0x05, 0xc2, 0x16, 0xe1, 0x25, 0x0b, 0x8c, 0x26,
- 0xee, 0xa8, 0xa5, 0x64, 0x63, 0x29, 0x22, 0x7b, 0xf0, 0x56, 0xde, 0xc4, 0xa6, 0x8e, 0xc3, 0xe2,
- 0x38, 0xe4, 0x06, 0xa0, 0xed, 0xad, 0x9c, 0xed, 0xbe, 0x56, 0xc9, 0x69, 0x5d, 0x2f, 0x8e, 0x7c,
- 0x3a, 0xb7, 0x03, 0x3a, 0x63, 0x46, 0x4b, 0x4d, 0xab, 0x65, 0x5f, 0xd1, 0x19, 0x23, 0x77, 0xa1,
- 0x35, 0x0b, 0x93, 0x40, 0xd8, 0x51, 0xe8, 0x05, 0xc2, 0x68, 0xa3, 0x05, 0xa0, 0xe8, 0x54, 0x4a,
- 0xc8, 0x3b, 0xa0, 0x7a, 0x0a, 0x8c, 0x1d, 0xe5, 0x57, 0x94, 0x20, 0x1c, 0xef, 0x41, 0x57, 0xa9,
- 0xb3, 0xfd, 0x74, 0xd1, 0xa4, 0x83, 0xd2, 0x6c, 0x27, 0x4f, 0xa0, 0x89, 0x78, 0xf0, 0x82, 0xf3,
- 0xd0, 0xe8, 0xa1, 0xdf, 0x6e, 0xe5, 0xdc, 0x22, 0x31, 0x71, 0x14, 0x9c, 0x87, 0x56, 0xe3, 0x95,
- 0x6e, 0x91, 0x4f, 0xe0, 0xed, 0xc2, 0x79, 0x39, 0x9b, 0x51, 0x2f, 0xf0, 0x82, 0xa9, 0x9d, 0xc4,
- 0x2c, 0x36, 0x36, 0x11, 0xe1, 0x46, 0xee, 0xd4, 0x56, 0x6a, 0xf0, 0x32, 0x66, 0x31, 0x79, 0x1b,
- 0x9a, 0x2a, 0x40, 0x6d, 0xcf, 0x35, 0xfa, 0xb8, 0xa5, 0x86, 0x12, 0x1c, 0xb9, 0xe4, 0x01, 0xf4,
- 0xa2, 0xd0, 0xf7, 0x9c, 0xb9, 0x1d, 0x5e, 0x31, 0xce, 0x3d, 0x97, 0x19, 0x64, 0x58, 0xda, 0x69,
- 0x58, 0x5d, 0x25, 0xfe, 0x5a, 0x4b, 0xd7, 0x85, 0xc6, 0x2d, 0x34, 0x5c, 0x09, 0x8d, 0x11, 0x80,
- 0x13, 0x06, 0x01, 0x73, 0x10, 0x7e, 0x5b, 0x78, 0xc2, 0xae, 0x3c, 0xe1, 0x41, 0x26, 0xb5, 0x72,
- 0x16, 0x83, 0xcf, 0xa1, 0x9d, 0x87, 0x02, 0xd9, 0x84, 0xca, 0x25, 0x9b, 0x6b, 0xf8, 0xcb, 0x26,
- 0x19, 0x42, 0xf5, 0x8a, 0xfa, 0x09, 0x43, 0xc8, 0x6b, 0x20, 0xaa, 0x21, 0x96, 0x52, 0xfc, 0xac,
- 0xfc, 0xac, 0x64, 0xfe, 0xbb, 0x0a, 0x1b, 0x12, 0x7c, 0xe4, 0x43, 0xe8, 0xf8, 0x8c, 0xc6, 0xcc,
- 0x0e, 0x23, 0xb9, 0x40, 0x8c, 0x53, 0xb5, 0xf6, 0x36, 0xe5, 0xb0, 0x63, 0xa9, 0xf8, 0x5a, 0xc9,
- 0xad, 0xb6, 0x9f, 0xeb, 0xc9, 0x90, 0xf6, 0x02, 0xc1, 0x78, 0x40, 0x7d, 0x1b, 0x83, 0x41, 0x05,
- 0x58, 0x3b, 0x15, 0x3e, 0x97, 0x41, 0xb1, 0x8c, 0xa3, 0xca, 0x2a, 0x8e, 0x06, 0xd0, 0x40, 0xdf,
- 0x79, 0x2c, 0xd6, 0xc1, 0x9e, 0xf5, 0xc9, 0x1e, 0x34, 0x66, 0x4c, 0x50, 0x1d, 0x6b, 0x32, 0x24,
- 0xb6, 0xd3, 0x98, 0x19, 0x9d, 0x68, 0x85, 0x0a, 0x88, 0xcc, 0x6e, 0x25, 0x22, 0x6a, 0xab, 0x11,
- 0x31, 0x80, 0x46, 0x06, 0xba, 0xba, 0xba, 0xe1, 0xb4, 0x2f, 0x69, 0x36, 0x62, 0xdc, 0x0b, 0x5d,
- 0xa3, 0x81, 0x40, 0xd1, 0x3d, 0x49, 0x92, 0x41, 0x32, 0x53, 0x10, 0x6a, 0x2a, 0x92, 0x0c, 0x92,
- 0xd9, 0x2a, 0x62, 0x60, 0x09, 0x31, 0x3f, 0x82, 0x2a, 0xf5, 0x3d, 0x1a, 0x63, 0x08, 0xc9, 0x9b,
- 0xd5, 0x7c, 0x3f, 0xda, 0x97, 0x52, 0x4b, 0x29, 0xc9, 0x07, 0xd0, 0x99, 0xf2, 0x30, 0x89, 0x6c,
- 0xec, 0xb2, 0xd8, 0x68, 0xe3, 0x69, 0x97, 0xad, 0xdb, 0x68, 0xb4, 0xaf, 0x6c, 0x64, 0x04, 0x4e,
- 0xc2, 0x24, 0x70, 0x6d, 0xc7, 0x73, 0x79, 0x6c, 0x74, 0xd0, 0x79, 0x80, 0xa2, 0x03, 0x29, 0x91,
- 0x21, 0xa6, 0x42, 0x20, 0x73, 0x70, 0x17, 0x6d, 0x3a, 0x28, 0x3d, 0x4d, 0xbd, 0xfc, 0x63, 0xe8,
- 0xa7, 0x49, 0x69, 0x61, 0xd9, 0x43, 0xcb, 0xcd, 0x54, 0x91, 0x19, 0xef, 0xc0, 0x26, 0xbb, 0x96,
- 0x14, 0xea, 0x09, 0x7b, 0x46, 0xaf, 0x6d, 0x21, 0x7c, 0x1d, 0x52, 0xdd, 0x54, 0x7e, 0x42, 0xaf,
- 0xc7, 0xc2, 0x97, 0xf1, 0xaf, 0x56, 0xc7, 0xf8, 0xef, 0x63, 0x32, 0x6a, 0xa2, 0x04, 0xe3, 0xff,
- 0x21, 0xf4, 0x83, 0xd0, 0x76, 0xd9, 0x39, 0x4d, 0x7c, 0xa1, 0xd6, 0x9d, 0xeb, 0x60, 0xea, 0x05,
- 0xe1, 0x73, 0x25, 0xc7, 0x65, 0xe7, 0x83, 0x9f, 0x43, 0xa7, 0x70, 0xdd, 0x6b, 0x40, 0xbf, 0x95,
- 0x07, 0x7d, 0x33, 0x0f, 0xf4, 0x7f, 0x6c, 0x00, 0xe0, 0xbd, 0xab, 0xa1, 0xcb, 0xd9, 0x22, 0x0f,
- 0x86, 0xf2, 0x1a, 0x30, 0x50, 0xce, 0x02, 0xa1, 0x81, 0xab, 0x7b, 0xdf, 0x89, 0xd9, 0x34, 0x5f,
- 0x54, 0x73, 0xf9, 0xe2, 0x11, 0x6c, 0x48, 0x7c, 0x1a, 0xb5, 0x05, 0xad, 0x2f, 0x76, 0x84, 0x48,
- 0x56, 0x28, 0x46, 0xab, 0x95, 0xa0, 0xa9, 0xaf, 0x06, 0x4d, 0x1e, 0x8d, 0x8d, 0x22, 0x1a, 0xdf,
- 0x83, 0x8e, 0xc3, 0x19, 0xe6, 0x2e, 0x5b, 0x16, 0x21, 0x1a, 0xad, 0xed, 0x54, 0x38, 0xf6, 0x66,
- 0x4c, 0xfa, 0x4f, 0x5e, 0x1c, 0xa0, 0x4a, 0x36, 0xd7, 0xde, 0x6b, 0x6b, 0xed, 0xbd, 0x62, 0x25,
- 0xe0, 0x33, 0xcd, 0xf8, 0xd8, 0xce, 0x45, 0x4d, 0xa7, 0x10, 0x35, 0x85, 0xd0, 0xe8, 0x2e, 0x85,
- 0xc6, 0x12, 0x7e, 0x7b, 0x2b, 0xf8, 0x7d, 0x17, 0xda, 0xd2, 0x01, 0x71, 0x44, 0x1d, 0x26, 0x27,
- 0xd8, 0x54, 0x8e, 0xc8, 0x64, 0x47, 0x2e, 0x46, 0x7b, 0x32, 0x99, 0xcc, 0x2f, 0x42, 0x9f, 0x2d,
- 0x08, 0xbb, 0x95, 0xc9, 0x8e, 0x5c, 0xb9, 0x5f, 0x44, 0x20, 0x41, 0x04, 0x62, 0x7b, 0xf0, 0x11,
- 0x34, 0x33, 0xaf, 0x7f, 0x2f, 0x30, 0xfd, 0xb9, 0x04, 0xed, 0x3c, 0x29, 0xca, 0xc1, 0xe3, 0xf1,
- 0x31, 0x0e, 0xae, 0x58, 0xb2, 0x29, 0xcb, 0x09, 0xce, 0x02, 0xf6, 0x8a, 0x4e, 0x7c, 0x35, 0x41,
- 0xc3, 0x5a, 0x08, 0xa4, 0xd6, 0x0b, 0x1c, 0xce, 0x66, 0x29, 0xaa, 0x2a, 0xd6, 0x42, 0x40, 0x3e,
- 0x06, 0xf0, 0xe2, 0x38, 0x61, 0xea, 0xe6, 0x36, 0x90, 0x32, 0x06, 0x23, 0x55, 0x5b, 0x8e, 0xd2,
- 0xda, 0x72, 0x34, 0x4e, 0x6b, 0x4b, 0xab, 0x89, 0xd6, 0x78, 0xa5, 0xdb, 0x50, 0x93, 0x17, 0x34,
- 0x3e, 0x46, 0xe4, 0x55, 0x2c, 0xdd, 0x33, 0xff, 0x08, 0x35, 0x55, 0x85, 0xfc, 0x5f, 0x89, 0xfe,
- 0x36, 0x34, 0xd4, 0xdc, 0x9e, 0xab, 0x63, 0xa5, 0x8e, 0xfd, 0x23, 0xd7, 0xfc, 0x67, 0x09, 0x1a,
- 0x16, 0x8b, 0xa3, 0x30, 0x88, 0x59, 0xae, 0x4a, 0x2a, 0xbd, 0xb6, 0x4a, 0x2a, 0xaf, 0xad, 0x92,
- 0xd2, 0xda, 0xab, 0x92, 0xab, 0xbd, 0x06, 0xd0, 0xe0, 0xcc, 0xf5, 0x38, 0x73, 0x84, 0xae, 0xd3,
- 0xb2, 0xbe, 0xd4, 0xbd, 0xa2, 0x5c, 0xa6, 0xf7, 0x18, 0x73, 0x48, 0xd3, 0xca, 0xfa, 0xe4, 0x69,
- 0xbe, 0xb8, 0x50, 0x65, 0xdb, 0x96, 0x2a, 0x2e, 0xd4, 0x76, 0x57, 0xab, 0x0b, 0xf3, 0xef, 0x65,
- 0xd8, 0x5c, 0x56, 0xaf, 0x01, 0xc1, 0x16, 0x54, 0x55, 0xfa, 0xd1, 0x08, 0x12, 0x2b, 0x89, 0xa7,
- 0xb2, 0xc4, 0x35, 0xbf, 0x58, 0x8e, 0xdb, 0xd7, 0xdf, 0x7e, 0x31, 0xa6, 0xdf, 0x87, 0x4d, 0xb9,
- 0xcb, 0x88, 0xb9, 0x8b, 0x92, 0x4a, 0x91, 0x50, 0x4f, 0xcb, 0xb3, 0xa2, 0xea, 0x21, 0xf4, 0x53,
- 0xd3, 0x45, 0x78, 0xd6, 0x0a, 0xb6, 0x87, 0x69, 0x94, 0x6e, 0x43, 0xed, 0x3c, 0xe4, 0x33, 0x2a,
- 0x34, 0x0f, 0xe9, 0x5e, 0x81, 0x67, 0x90, 0xf0, 0x1a, 0x0a, 0x16, 0xa9, 0x50, 0x3e, 0x1b, 0x64,
- 0xfc, 0x67, 0x25, 0x3d, 0x12, 0x51, 0xc3, 0x6a, 0xa4, 0xa5, 0xbc, 0xf9, 0x6b, 0xe8, 0x2d, 0x55,
- 0x71, 0x6b, 0x1c, 0xb9, 0x58, 0xbe, 0x5c, 0x58, 0xbe, 0x30, 0x73, 0x65, 0x69, 0xe6, 0xdf, 0x40,
- 0xff, 0x0b, 0x1a, 0xb8, 0x3e, 0xd3, 0xf3, 0xef, 0xf3, 0x69, 0x2c, 0xf3, 0x91, 0x7e, 0x54, 0xd8,
- 0x3a, 0x01, 0x74, 0xac, 0xa6, 0x96, 0x1c, 0xb9, 0xe4, 0x1e, 0xd4, 0xb9, 0xb2, 0xd6, 0xc0, 0x6b,
- 0xe5, 0xca, 0x4c, 0x2b, 0xd5, 0x99, 0xdf, 0x02, 0x29, 0x4c, 0x2d, 0xdf, 0x13, 0x73, 0xb2, 0x23,
- 0x01, 0xa8, 0x40, 0xa1, 0x81, 0xdd, 0xce, 0xe3, 0xc8, 0xca, 0xb4, 0x64, 0x08, 0x15, 0xc6, 0xb9,
- 0x5e, 0x02, 0xeb, 0xbc, 0xc5, 0xeb, 0xcd, 0x92, 0x2a, 0xf3, 0x27, 0xd0, 0x3f, 0x8b, 0x98, 0xe3,
- 0x51, 0x1f, 0x5f, 0x5e, 0x6a, 0x81, 0xbb, 0x50, 0x95, 0x4e, 0x4e, 0x63, 0xb6, 0x89, 0x03, 0x51,
- 0xad, 0xe4, 0xe6, 0xb7, 0x60, 0xa8, 0x7d, 0x1d, 0x5e, 0x7b, 0xb1, 0x60, 0x81, 0xc3, 0x0e, 0x2e,
- 0x98, 0x73, 0xf9, 0x3f, 0x3c, 0xf9, 0x15, 0xdc, 0x5e, 0xb7, 0x42, 0xba, 0xbf, 0x96, 0x23, 0x7b,
- 0xf6, 0xb9, 0xa4, 0x6f, 0x5c, 0xa3, 0x61, 0x01, 0x8a, 0x3e, 0x97, 0x12, 0x79, 0x8f, 0x4c, 0x8e,
- 0x8b, 0x35, 0x25, 0xea, 0x5e, 0xea, 0x8f, 0xca, 0xcd, 0xfe, 0xf8, 0x4b, 0x09, 0x9a, 0x67, 0x4c,
- 0x24, 0x11, 0x9e, 0xe5, 0x6d, 0x68, 0x4e, 0x78, 0x78, 0xc9, 0xf8, 0xe2, 0x28, 0x0d, 0x25, 0x38,
- 0x72, 0xc9, 0x53, 0xa8, 0x1d, 0x84, 0xc1, 0xb9, 0x37, 0xc5, 0x77, 0x68, 0x6b, 0xef, 0xb6, 0x62,
- 0x17, 0x3d, 0x76, 0xa4, 0x74, 0x2a, 0xd5, 0x6a, 0x43, 0x32, 0x84, 0x96, 0x7e, 0xcd, 0xbf, 0x7c,
- 0x79, 0xf4, 0x3c, 0x2d, 0x50, 0x73, 0xa2, 0xc1, 0xc7, 0xd0, 0xca, 0x0d, 0xfc, 0x5e, 0xd9, 0xe2,
- 0x87, 0x00, 0xb8, 0xba, 0xf2, 0xd1, 0xa6, 0x3a, 0xaa, 0x1e, 0x29, 0x8f, 0x76, 0x17, 0x9a, 0xb2,
- 0x16, 0x52, 0xea, 0x34, 0x4f, 0x95, 0x16, 0x79, 0xca, 0xbc, 0x07, 0xfd, 0xa3, 0xe0, 0x8a, 0xfa,
- 0x9e, 0x4b, 0x05, 0xfb, 0x92, 0xcd, 0xd1, 0x05, 0x2b, 0x3b, 0x30, 0xcf, 0xa0, 0xad, 0x1f, 0xc6,
- 0x6f, 0xb4, 0xc7, 0xb6, 0xde, 0xe3, 0x77, 0x07, 0xd1, 0xfb, 0xd0, 0xd3, 0x93, 0x1e, 0x7b, 0x3a,
- 0x84, 0x64, 0x9a, 0xe7, 0xec, 0xdc, 0xbb, 0xd6, 0x53, 0xeb, 0x9e, 0xf9, 0x0c, 0x36, 0x73, 0xa6,
- 0xd9, 0x71, 0x2e, 0xd9, 0x3c, 0x4e, 0x3f, 0x18, 0xc8, 0x76, 0xea, 0x81, 0xf2, 0xc2, 0x03, 0x26,
- 0x74, 0xf5, 0xc8, 0x17, 0x4c, 0xdc, 0x70, 0xba, 0x2f, 0xb3, 0x8d, 0xbc, 0x60, 0x7a, 0xf2, 0xfb,
- 0x50, 0x65, 0xf2, 0xa4, 0xf9, 0x14, 0x96, 0xf7, 0x80, 0xa5, 0xd4, 0x6b, 0x16, 0x7c, 0x96, 0x2d,
- 0x78, 0x9a, 0xa8, 0x05, 0xdf, 0x70, 0x2e, 0xf3, 0xbd, 0x6c, 0x1b, 0xa7, 0x89, 0xb8, 0xe9, 0x46,
- 0xef, 0x41, 0x5f, 0x1b, 0x3d, 0x67, 0x3e, 0x13, 0xec, 0x86, 0x23, 0xdd, 0x07, 0x52, 0x30, 0xbb,
- 0x69, 0xba, 0x3b, 0xd0, 0x18, 0x8f, 0x8f, 0x33, 0x6d, 0x91, 0x1b, 0xcd, 0x4f, 0xa0, 0x7f, 0x96,
- 0xb8, 0xe1, 0x29, 0xf7, 0xae, 0x3c, 0x9f, 0x4d, 0xd5, 0x62, 0x69, 0xfd, 0x59, 0xca, 0xd5, 0x9f,
- 0x6b, 0xb3, 0x91, 0xb9, 0x03, 0xa4, 0x30, 0x3c, 0xbb, 0xb7, 0x38, 0x71, 0x43, 0x1d, 0xc2, 0xd8,
- 0x36, 0x77, 0xa0, 0x3d, 0xa6, 0x32, 0xdf, 0xbb, 0xca, 0xc6, 0x80, 0xba, 0x50, 0x7d, 0x6d, 0x96,
- 0x76, 0xcd, 0x3d, 0xd8, 0x3a, 0xa0, 0xce, 0x85, 0x17, 0x4c, 0x9f, 0x7b, 0xb1, 0x2c, 0x78, 0xf4,
- 0x88, 0x01, 0x34, 0x5c, 0x2d, 0xd0, 0x43, 0xb2, 0xbe, 0xf9, 0x18, 0xde, 0xca, 0x7d, 0x95, 0x39,
- 0x13, 0x34, 0xf5, 0xc7, 0x16, 0x54, 0x63, 0xd9, 0xc3, 0x11, 0x55, 0x4b, 0x75, 0xcc, 0xaf, 0x60,
- 0x2b, 0x9f, 0x80, 0x65, 0xf9, 0x91, 0x1e, 0x1c, 0x0b, 0x83, 0x52, 0xae, 0x30, 0xd0, 0x3e, 0x2b,
- 0x2f, 0xf2, 0xc9, 0x26, 0x54, 0x7e, 0xf9, 0xcd, 0x58, 0x83, 0x5d, 0x36, 0xcd, 0xdf, 0xcb, 0xe5,
- 0x8b, 0xf3, 0xa9, 0xe5, 0x0b, 0xd5, 0x41, 0xe9, 0x4d, 0xaa, 0x83, 0x35, 0x78, 0x7b, 0x0c, 0xfd,
- 0x13, 0x3f, 0x74, 0x2e, 0x0f, 0x83, 0x9c, 0x37, 0x0c, 0xa8, 0xb3, 0x20, 0xef, 0x8c, 0xb4, 0x6b,
- 0x3e, 0x80, 0xde, 0x71, 0xe8, 0x50, 0xff, 0x24, 0x4c, 0x02, 0x91, 0x79, 0x01, 0x3f, 0x93, 0x69,
- 0x53, 0xd5, 0x31, 0x1f, 0x43, 0x57, 0xa7, 0xe8, 0xe0, 0x3c, 0x4c, 0x99, 0x71, 0x91, 0xcc, 0x4b,
- 0xc5, 0x5a, 0xdb, 0x3c, 0x86, 0xde, 0xc2, 0x5c, 0xcd, 0xfb, 0x00, 0x6a, 0x4a, 0xad, 0xcf, 0xd6,
- 0xcb, 0x1e, 0x9b, 0xca, 0xd2, 0xd2, 0xea, 0x35, 0x87, 0x9a, 0x41, 0xf7, 0x14, 0x3f, 0x57, 0x1e,
- 0x06, 0x57, 0x6a, 0xb2, 0x23, 0x20, 0xea, 0x03, 0xa6, 0xcd, 0x82, 0x2b, 0x8f, 0x87, 0x01, 0xd6,
- 0xb7, 0x25, 0x5d, 0xc2, 0xa4, 0x13, 0x67, 0x83, 0x52, 0x0b, 0xab, 0x1f, 0x2d, 0x8b, 0xd6, 0xfa,
- 0x10, 0x16, 0x1f, 0x43, 0x64, 0xaa, 0xe1, 0x6c, 0x16, 0x0a, 0x66, 0x53, 0xd7, 0x4d, 0xa3, 0x05,
- 0x94, 0x68, 0xdf, 0x75, 0xf9, 0xde, 0x7f, 0xca, 0x50, 0xff, 0x4c, 0x11, 0x38, 0xf9, 0x14, 0x3a,
- 0x85, 0x74, 0x4d, 0xde, 0xc2, 0xaf, 0x21, 0xcb, 0xc5, 0xc1, 0x60, 0x7b, 0x45, 0xac, 0xce, 0xf5,
- 0x04, 0xda, 0xf9, 0x64, 0x4c, 0x30, 0xf1, 0xe2, 0xa7, 0xd9, 0x01, 0xce, 0xb4, 0x9a, 0xa9, 0xcf,
- 0x60, 0x6b, 0x5d, 0x9a, 0x24, 0x77, 0x16, 0x2b, 0xac, 0xa6, 0xe8, 0xc1, 0x3b, 0x37, 0x69, 0xd3,
- 0xf4, 0x5a, 0x3f, 0xf0, 0x19, 0x0d, 0x92, 0x28, 0xbf, 0x83, 0x45, 0x93, 0x3c, 0x85, 0x4e, 0x21,
- 0x51, 0xa8, 0x73, 0xae, 0xe4, 0x8e, 0xfc, 0x90, 0xfb, 0x50, 0xc5, 0xe4, 0x44, 0x3a, 0x85, 0x2c,
- 0x39, 0xe8, 0x66, 0x5d, 0xb5, 0xf6, 0x10, 0x36, 0xf0, 0xc1, 0x9e, 0x5b, 0x18, 0x47, 0x64, 0x99,
- 0x6b, 0xef, 0x5f, 0x25, 0xa8, 0xa7, 0x1f, 0x71, 0x9f, 0xc2, 0x86, 0xcc, 0x01, 0xe4, 0x56, 0x8e,
- 0x46, 0xd3, 0xfc, 0x31, 0xd8, 0x5a, 0x12, 0xaa, 0x05, 0x46, 0x50, 0x79, 0xc1, 0x04, 0x21, 0x39,
- 0xa5, 0x4e, 0x06, 0x83, 0x5b, 0x45, 0x59, 0x66, 0x7f, 0x9a, 0x14, 0xed, 0x35, 0x97, 0x17, 0xec,
- 0x33, 0x96, 0xfe, 0x08, 0x6a, 0x8a, 0x65, 0x95, 0x53, 0x56, 0xf8, 0x59, 0x5d, 0xfe, 0x2a, 0x1f,
- 0xef, 0xfd, 0x6d, 0x03, 0xe0, 0x6c, 0x1e, 0x0b, 0x36, 0xfb, 0x95, 0xc7, 0x5e, 0x91, 0x87, 0xd0,
- 0xd3, 0x9f, 0x25, 0xf0, 0xb5, 0x24, 0xd9, 0x24, 0xe7, 0x13, 0x2c, 0xf8, 0x32, 0xb2, 0xbe, 0x0f,
- 0xad, 0x13, 0x7a, 0xfd, 0x7a, 0xbb, 0x4f, 0xa1, 0x53, 0xe0, 0x60, 0xbd, 0xc5, 0x65, 0x56, 0xd7,
- 0x5b, 0x5c, 0x65, 0xeb, 0xfb, 0x50, 0xd7, 0xcc, 0x9c, 0x5f, 0x03, 0x73, 0x58, 0x81, 0xb1, 0x7f,
- 0x0a, 0xbd, 0x25, 0x5e, 0xce, 0xdb, 0xe3, 0x17, 0x89, 0xb5, 0xbc, 0xfd, 0x4c, 0xbe, 0x76, 0x8a,
- 0xdc, 0x9c, 0x1f, 0x78, 0x5b, 0xf1, 0xe1, 0x3a, 0xf2, 0x7e, 0x51, 0x7c, 0x27, 0xe1, 0x2b, 0xd1,
- 0x58, 0xa6, 0xcf, 0x94, 0xbc, 0xd3, 0x89, 0xd6, 0xd1, 0xf0, 0x13, 0x68, 0xe7, 0x19, 0x74, 0x25,
- 0x04, 0x57, 0xe9, 0xf5, 0x11, 0xc0, 0x82, 0x44, 0xf3, 0xf6, 0x08, 0x8f, 0x65, 0x7e, 0xfd, 0x10,
- 0x60, 0x41, 0x8d, 0x0a, 0x55, 0x45, 0x66, 0x55, 0xc3, 0x96, 0xe9, 0xf3, 0x21, 0x34, 0x33, 0x3a,
- 0xcb, 0xaf, 0x81, 0x13, 0x14, 0xd9, 0xf1, 0xb3, 0xd1, 0x6f, 0x1f, 0x4d, 0x3d, 0x71, 0x91, 0x4c,
- 0x46, 0x4e, 0x38, 0xdb, 0xbd, 0xa0, 0xf1, 0x85, 0xe7, 0x84, 0x3c, 0xda, 0xbd, 0x92, 0x60, 0xda,
- 0x5d, 0xf9, 0xbf, 0x34, 0xa9, 0xe1, 0x63, 0xef, 0x83, 0xff, 0x06, 0x00, 0x00, 0xff, 0xff, 0x87,
- 0x96, 0xca, 0x22, 0x7b, 0x1a, 0x00, 0x00,
-}
-
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
@@ -3796,3 +3628,165 @@ var _SystemView_serviceDesc = grpc.ServiceDesc{
Streams: []grpc.StreamDesc{},
Metadata: "logical/plugin/pb/backend.proto",
}
+
+func init() { proto.RegisterFile("logical/plugin/pb/backend.proto", fileDescriptor_25821d34acc7c5ef) }
+
+var fileDescriptor_25821d34acc7c5ef = []byte{
+ // 2483 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x59, 0xcd, 0x72, 0x1b, 0xc7,
+ 0x11, 0x2e, 0x00, 0xc4, 0x5f, 0xe3, 0x8f, 0x18, 0xd1, 0xcc, 0x0a, 0x96, 0x23, 0x78, 0x1d, 0x49,
+ 0xb4, 0x22, 0x81, 0x12, 0x1d, 0xc7, 0x72, 0x52, 0x76, 0x8a, 0xa6, 0x68, 0x99, 0x31, 0x69, 0xb3,
+ 0x96, 0x50, 0x9c, 0xbf, 0x2a, 0x78, 0xb0, 0x3b, 0x04, 0xb7, 0xb8, 0xd8, 0xdd, 0xcc, 0xce, 0x52,
+ 0xc4, 0x29, 0x6f, 0x91, 0xd7, 0xc8, 0x35, 0x95, 0x4b, 0x6e, 0xa9, 0x54, 0x72, 0xce, 0x6b, 0xe4,
+ 0x19, 0x52, 0xd3, 0x33, 0xfb, 0x07, 0x80, 0x96, 0x5c, 0x95, 0xdc, 0x66, 0xba, 0x7b, 0x7a, 0x66,
+ 0x7a, 0xbe, 0xfe, 0xba, 0x17, 0x80, 0xbb, 0x5e, 0x30, 0x73, 0x6d, 0xea, 0xed, 0x86, 0x5e, 0x3c,
+ 0x73, 0xfd, 0xdd, 0x70, 0xba, 0x3b, 0xa5, 0xf6, 0x25, 0xf3, 0x9d, 0x51, 0xc8, 0x03, 0x11, 0x90,
+ 0x72, 0x38, 0x1d, 0xdc, 0x9d, 0x05, 0xc1, 0xcc, 0x63, 0xbb, 0x28, 0x99, 0xc6, 0xe7, 0xbb, 0xc2,
+ 0x9d, 0xb3, 0x48, 0xd0, 0x79, 0xa8, 0x8c, 0x06, 0xdb, 0x89, 0x17, 0xd7, 0x61, 0xbe, 0x70, 0xc5,
+ 0x42, 0xcb, 0xb7, 0x8a, 0xde, 0x95, 0xd4, 0xac, 0x43, 0xf5, 0x70, 0x1e, 0x8a, 0x85, 0x39, 0x84,
+ 0xda, 0x17, 0x8c, 0x3a, 0x8c, 0x93, 0x6d, 0xa8, 0x5d, 0xe0, 0xc8, 0x28, 0x0d, 0x2b, 0x3b, 0x4d,
+ 0x4b, 0xcf, 0xcc, 0xdf, 0x01, 0x9c, 0xca, 0x35, 0x87, 0x9c, 0x07, 0x9c, 0xdc, 0x86, 0x06, 0xe3,
+ 0x7c, 0x22, 0x16, 0x21, 0x33, 0x4a, 0xc3, 0xd2, 0x4e, 0xc7, 0xaa, 0x33, 0xce, 0xc7, 0x8b, 0x90,
+ 0x91, 0x1f, 0x80, 0x1c, 0x4e, 0xe6, 0xd1, 0xcc, 0x28, 0x0f, 0x4b, 0xd2, 0x03, 0xe3, 0xfc, 0x24,
+ 0x9a, 0x25, 0x6b, 0xec, 0xc0, 0x61, 0x46, 0x65, 0x58, 0xda, 0xa9, 0xe0, 0x9a, 0x83, 0xc0, 0x61,
+ 0xe6, 0x9f, 0x4a, 0x50, 0x3d, 0xa5, 0xe2, 0x22, 0x22, 0x04, 0x36, 0x78, 0x10, 0x08, 0xbd, 0x39,
+ 0x8e, 0xc9, 0x0e, 0xf4, 0x62, 0x9f, 0xc6, 0xe2, 0x42, 0xde, 0xc8, 0xa6, 0x82, 0x39, 0x46, 0x19,
+ 0xd5, 0xcb, 0x62, 0xf2, 0x1e, 0x74, 0xbc, 0xc0, 0xa6, 0xde, 0x24, 0x12, 0x01, 0xa7, 0x33, 0xb9,
+ 0x8f, 0xb4, 0x6b, 0xa3, 0xf0, 0x4c, 0xc9, 0xc8, 0x43, 0xe8, 0x47, 0x8c, 0x7a, 0x93, 0x57, 0x9c,
+ 0x86, 0xa9, 0xe1, 0x86, 0x72, 0x28, 0x15, 0xdf, 0x70, 0x1a, 0x6a, 0x5b, 0xf3, 0x6f, 0x35, 0xa8,
+ 0x5b, 0xec, 0x0f, 0x31, 0x8b, 0x04, 0xe9, 0x42, 0xd9, 0x75, 0xf0, 0xb6, 0x4d, 0xab, 0xec, 0x3a,
+ 0x64, 0x04, 0xc4, 0x62, 0xa1, 0x27, 0xb7, 0x76, 0x03, 0xff, 0xc0, 0x8b, 0x23, 0xc1, 0xb8, 0xbe,
+ 0xf3, 0x1a, 0x0d, 0xb9, 0x03, 0xcd, 0x20, 0x64, 0x1c, 0x65, 0x18, 0x80, 0xa6, 0x95, 0x09, 0xe4,
+ 0xc5, 0x43, 0x2a, 0x2e, 0x8c, 0x0d, 0x54, 0xe0, 0x58, 0xca, 0x1c, 0x2a, 0xa8, 0x51, 0x55, 0x32,
+ 0x39, 0x26, 0x26, 0xd4, 0x22, 0x66, 0x73, 0x26, 0x8c, 0xda, 0xb0, 0xb4, 0xd3, 0xda, 0x83, 0x51,
+ 0x38, 0x1d, 0x9d, 0xa1, 0xc4, 0xd2, 0x1a, 0x72, 0x07, 0x36, 0x64, 0x5c, 0x8c, 0x3a, 0x5a, 0x34,
+ 0xa4, 0xc5, 0x7e, 0x2c, 0x2e, 0x2c, 0x94, 0x92, 0x3d, 0xa8, 0xab, 0x37, 0x8d, 0x8c, 0xc6, 0xb0,
+ 0xb2, 0xd3, 0xda, 0x33, 0xa4, 0x81, 0xbe, 0xe5, 0x48, 0xc1, 0x20, 0x3a, 0xf4, 0x05, 0x5f, 0x58,
+ 0x89, 0x21, 0x79, 0x17, 0xda, 0xb6, 0xe7, 0x32, 0x5f, 0x4c, 0x44, 0x70, 0xc9, 0x7c, 0xa3, 0x89,
+ 0x27, 0x6a, 0x29, 0xd9, 0x58, 0x8a, 0xc8, 0x1e, 0xbc, 0x95, 0x37, 0x99, 0x50, 0xdb, 0x66, 0x51,
+ 0x14, 0x70, 0x03, 0xd0, 0xf6, 0x56, 0xce, 0x76, 0x5f, 0xab, 0xa4, 0x5b, 0xc7, 0x8d, 0x42, 0x8f,
+ 0x2e, 0x26, 0x3e, 0x9d, 0x33, 0xa3, 0xa5, 0xdc, 0x6a, 0xd9, 0x57, 0x74, 0xce, 0xc8, 0x5d, 0x68,
+ 0xcd, 0x83, 0xd8, 0x17, 0x93, 0x30, 0x70, 0x7d, 0x61, 0xb4, 0xd1, 0x02, 0x50, 0x74, 0x2a, 0x25,
+ 0xe4, 0x1d, 0x50, 0x33, 0x05, 0xc6, 0x8e, 0x8a, 0x2b, 0x4a, 0x10, 0x8e, 0xf7, 0xa0, 0xab, 0xd4,
+ 0xe9, 0x79, 0xba, 0x68, 0xd2, 0x41, 0x69, 0x7a, 0x92, 0x27, 0xd0, 0x44, 0x3c, 0xb8, 0xfe, 0x79,
+ 0x60, 0xf4, 0x30, 0x6e, 0xb7, 0x72, 0x61, 0x91, 0x98, 0x38, 0xf2, 0xcf, 0x03, 0xab, 0xf1, 0x4a,
+ 0x8f, 0xc8, 0x27, 0xf0, 0x76, 0xe1, 0xbe, 0x9c, 0xcd, 0xa9, 0xeb, 0xbb, 0xfe, 0x6c, 0x12, 0x47,
+ 0x2c, 0x32, 0x36, 0x11, 0xe1, 0x46, 0xee, 0xd6, 0x56, 0x62, 0xf0, 0x32, 0x62, 0x11, 0x79, 0x1b,
+ 0x9a, 0x2a, 0x41, 0x27, 0xae, 0x63, 0xf4, 0xf1, 0x48, 0x0d, 0x25, 0x38, 0x72, 0xc8, 0x03, 0xe8,
+ 0x85, 0x81, 0xe7, 0xda, 0x8b, 0x49, 0x70, 0xc5, 0x38, 0x77, 0x1d, 0x66, 0x90, 0x61, 0x69, 0xa7,
+ 0x61, 0x75, 0x95, 0xf8, 0x6b, 0x2d, 0x5d, 0x97, 0x1a, 0xb7, 0xd0, 0x70, 0x25, 0x35, 0x46, 0x00,
+ 0x76, 0xe0, 0xfb, 0xcc, 0x46, 0xf8, 0x6d, 0xe1, 0x0d, 0xbb, 0xf2, 0x86, 0x07, 0xa9, 0xd4, 0xca,
+ 0x59, 0x0c, 0x3e, 0x87, 0x76, 0x1e, 0x0a, 0x64, 0x13, 0x2a, 0x97, 0x6c, 0xa1, 0xe1, 0x2f, 0x87,
+ 0x64, 0x08, 0xd5, 0x2b, 0xea, 0xc5, 0x0c, 0x21, 0xaf, 0x81, 0xa8, 0x96, 0x58, 0x4a, 0xf1, 0xb3,
+ 0xf2, 0xb3, 0x92, 0xf9, 0xd7, 0x2a, 0x6c, 0x48, 0xf0, 0x91, 0x0f, 0xa1, 0xe3, 0x31, 0x1a, 0xb1,
+ 0x49, 0x10, 0xca, 0x0d, 0x22, 0x74, 0xd5, 0xda, 0xdb, 0x94, 0xcb, 0x8e, 0xa5, 0xe2, 0x6b, 0x25,
+ 0xb7, 0xda, 0x5e, 0x6e, 0x26, 0x53, 0xda, 0xf5, 0x05, 0xe3, 0x3e, 0xf5, 0x26, 0x98, 0x0c, 0x2a,
+ 0xc1, 0xda, 0x89, 0xf0, 0xb9, 0x4c, 0x8a, 0x65, 0x1c, 0x55, 0x56, 0x71, 0x34, 0x80, 0x06, 0xc6,
+ 0xce, 0x65, 0x91, 0x4e, 0xf6, 0x74, 0x4e, 0xf6, 0xa0, 0x31, 0x67, 0x82, 0xea, 0x5c, 0x93, 0x29,
+ 0xb1, 0x9d, 0xe4, 0xcc, 0xe8, 0x44, 0x2b, 0x54, 0x42, 0xa4, 0x76, 0x2b, 0x19, 0x51, 0x5b, 0xcd,
+ 0x88, 0x01, 0x34, 0x52, 0xd0, 0xd5, 0xd5, 0x0b, 0x27, 0x73, 0x49, 0xb3, 0x21, 0xe3, 0x6e, 0xe0,
+ 0x18, 0x0d, 0x04, 0x8a, 0x9e, 0x49, 0x92, 0xf4, 0xe3, 0xb9, 0x82, 0x50, 0x53, 0x91, 0xa4, 0x1f,
+ 0xcf, 0x57, 0x11, 0x03, 0x4b, 0x88, 0xf9, 0x11, 0x54, 0xa9, 0xe7, 0xd2, 0x08, 0x53, 0x48, 0xbe,
+ 0xac, 0xe6, 0xfb, 0xd1, 0xbe, 0x94, 0x5a, 0x4a, 0x49, 0x3e, 0x80, 0xce, 0x8c, 0x07, 0x71, 0x38,
+ 0xc1, 0x29, 0x8b, 0x8c, 0x36, 0xde, 0x76, 0xd9, 0xba, 0x8d, 0x46, 0xfb, 0xca, 0x46, 0x66, 0xe0,
+ 0x34, 0x88, 0x7d, 0x67, 0x62, 0xbb, 0x0e, 0x8f, 0x8c, 0x0e, 0x06, 0x0f, 0x50, 0x74, 0x20, 0x25,
+ 0x32, 0xc5, 0x54, 0x0a, 0xa4, 0x01, 0xee, 0xa2, 0x4d, 0x07, 0xa5, 0xa7, 0x49, 0x94, 0x7f, 0x0c,
+ 0xfd, 0xa4, 0x28, 0x65, 0x96, 0x3d, 0xb4, 0xdc, 0x4c, 0x14, 0xa9, 0xf1, 0x0e, 0x6c, 0xb2, 0x6b,
+ 0x49, 0xa1, 0xae, 0x98, 0xcc, 0xe9, 0xf5, 0x44, 0x08, 0x4f, 0xa7, 0x54, 0x37, 0x91, 0x9f, 0xd0,
+ 0xeb, 0xb1, 0xf0, 0x64, 0xfe, 0xab, 0xdd, 0x31, 0xff, 0xfb, 0x58, 0x8c, 0x9a, 0x28, 0x91, 0xf9,
+ 0x3f, 0xf8, 0x39, 0x74, 0x0a, 0x4f, 0xb8, 0x06, 0xc8, 0x5b, 0x79, 0x20, 0x37, 0xf3, 0xe0, 0xfd,
+ 0xe7, 0x06, 0x00, 0xbe, 0xa5, 0x5a, 0xba, 0x5c, 0x01, 0xf2, 0x0f, 0x5c, 0x5e, 0xf3, 0xc0, 0x94,
+ 0x33, 0x5f, 0x68, 0x30, 0xea, 0xd9, 0x77, 0xe2, 0x30, 0xa9, 0x01, 0xd5, 0x5c, 0x0d, 0x78, 0x04,
+ 0x1b, 0x12, 0x73, 0x46, 0x2d, 0xa3, 0xea, 0xec, 0x44, 0x88, 0x4e, 0x85, 0x4c, 0xb4, 0x5a, 0x49,
+ 0x84, 0xfa, 0x6a, 0x22, 0xe4, 0x11, 0xd6, 0x28, 0x22, 0xec, 0x3d, 0xe8, 0xd8, 0x9c, 0x61, 0x3d,
+ 0x9a, 0xc8, 0xc6, 0x42, 0x23, 0xb0, 0x9d, 0x08, 0xc7, 0xee, 0x9c, 0xc9, 0xf8, 0xc9, 0xc7, 0x00,
+ 0x54, 0xc9, 0xe1, 0xda, 0xb7, 0x6a, 0xad, 0x7d, 0x2b, 0xac, 0xee, 0x1e, 0xd3, 0x2c, 0x8e, 0xe3,
+ 0x5c, 0x26, 0x74, 0x0a, 0x99, 0x50, 0x80, 0x7b, 0x77, 0x09, 0xee, 0x4b, 0x98, 0xec, 0xad, 0x60,
+ 0xf2, 0x5d, 0x68, 0xcb, 0x00, 0x44, 0x21, 0xb5, 0x99, 0x74, 0xb0, 0xa9, 0x02, 0x91, 0xca, 0x8e,
+ 0x1c, 0xcc, 0xe0, 0x78, 0x3a, 0x5d, 0x5c, 0x04, 0x1e, 0xcb, 0x48, 0xb8, 0x95, 0xca, 0x8e, 0x1c,
+ 0x79, 0x5e, 0x44, 0x15, 0x41, 0x54, 0xe1, 0x78, 0xf0, 0x11, 0x34, 0xd3, 0xa8, 0x7f, 0x2f, 0x30,
+ 0xfd, 0xb9, 0x04, 0xed, 0x3c, 0xd1, 0xc9, 0xc5, 0xe3, 0xf1, 0x31, 0x2e, 0xae, 0x58, 0x72, 0x28,
+ 0x5b, 0x04, 0xce, 0x7c, 0xf6, 0x8a, 0x4e, 0x3d, 0xe5, 0xa0, 0x61, 0x65, 0x02, 0xa9, 0x75, 0x7d,
+ 0x9b, 0xb3, 0x79, 0x82, 0xaa, 0x8a, 0x95, 0x09, 0xc8, 0xc7, 0x00, 0x6e, 0x14, 0xc5, 0x4c, 0xbd,
+ 0xdc, 0x06, 0xd2, 0xc0, 0x60, 0xa4, 0xfa, 0xc5, 0x51, 0xd2, 0x2f, 0x8e, 0xc6, 0x49, 0xbf, 0x68,
+ 0x35, 0xd1, 0x1a, 0x9f, 0x74, 0x1b, 0x6a, 0xf2, 0x81, 0xc6, 0xc7, 0x88, 0xbc, 0x8a, 0xa5, 0x67,
+ 0xe6, 0x1f, 0xa1, 0xa6, 0x3a, 0x8b, 0xff, 0x2b, 0x79, 0xdf, 0x86, 0x86, 0xf2, 0xed, 0x3a, 0x3a,
+ 0x57, 0xea, 0x38, 0x3f, 0x72, 0xcc, 0x7f, 0x95, 0xa0, 0x61, 0xb1, 0x28, 0x0c, 0xfc, 0x88, 0xe5,
+ 0x3a, 0x9f, 0xd2, 0x6b, 0x3b, 0x9f, 0xf2, 0xda, 0xce, 0x27, 0xe9, 0xa7, 0x2a, 0xb9, 0x7e, 0x6a,
+ 0x00, 0x0d, 0xce, 0x1c, 0x97, 0x33, 0x5b, 0xe8, 0xde, 0x2b, 0x9d, 0x4b, 0xdd, 0x2b, 0xca, 0x65,
+ 0xc9, 0x8e, 0xb0, 0x2e, 0x34, 0xad, 0x74, 0x4e, 0x9e, 0xe6, 0x1b, 0x06, 0xd5, 0x8a, 0x6d, 0xa9,
+ 0x86, 0x41, 0x1d, 0x77, 0xb5, 0x63, 0x30, 0xff, 0x51, 0x86, 0xcd, 0x65, 0xf5, 0x1a, 0x10, 0x6c,
+ 0x41, 0x55, 0x95, 0x14, 0x8d, 0x20, 0xb1, 0x52, 0x4c, 0x2a, 0x4b, 0x5c, 0xf3, 0x8b, 0xe5, 0xbc,
+ 0x7d, 0xfd, 0xeb, 0x17, 0x73, 0xfa, 0x7d, 0xd8, 0x94, 0xa7, 0x0c, 0x99, 0x93, 0xb5, 0x49, 0x8a,
+ 0x84, 0x7a, 0x5a, 0x9e, 0x36, 0x4a, 0x0f, 0xa1, 0x9f, 0x98, 0x66, 0xe9, 0x59, 0x2b, 0xd8, 0x1e,
+ 0x26, 0x59, 0xba, 0x0d, 0xb5, 0xf3, 0x80, 0xcf, 0xa9, 0xd0, 0x3c, 0xa4, 0x67, 0x05, 0x9e, 0x41,
+ 0xc2, 0x6b, 0x28, 0x58, 0x24, 0x42, 0xf9, 0x29, 0x20, 0xf3, 0x3f, 0x6d, 0xd3, 0x91, 0x88, 0x1a,
+ 0x56, 0x23, 0x69, 0xcf, 0xcd, 0x5f, 0x43, 0x6f, 0xa9, 0x33, 0x5b, 0x13, 0xc8, 0x6c, 0xfb, 0x72,
+ 0x61, 0xfb, 0x82, 0xe7, 0xca, 0x92, 0xe7, 0xdf, 0x40, 0xff, 0x0b, 0xea, 0x3b, 0x1e, 0xd3, 0xfe,
+ 0xf7, 0xf9, 0x2c, 0x92, 0x35, 0x46, 0x7f, 0x28, 0x4c, 0x74, 0x01, 0xe8, 0x58, 0x4d, 0x2d, 0x39,
+ 0x72, 0xc8, 0x3d, 0xa8, 0x73, 0x65, 0xad, 0x81, 0xd7, 0xca, 0xb5, 0x8e, 0x56, 0xa2, 0x33, 0xbf,
+ 0x05, 0x52, 0x70, 0x2d, 0xbf, 0x11, 0x16, 0x64, 0x47, 0x02, 0x50, 0x81, 0x42, 0x03, 0xbb, 0x9d,
+ 0xc7, 0x91, 0x95, 0x6a, 0xc9, 0x10, 0x2a, 0x8c, 0x73, 0xbd, 0x05, 0xf6, 0x6e, 0xd9, 0x17, 0x99,
+ 0x25, 0x55, 0xe6, 0x4f, 0xa0, 0x7f, 0x16, 0x32, 0xdb, 0xa5, 0x1e, 0x7e, 0x4d, 0xa9, 0x0d, 0xee,
+ 0x42, 0x55, 0x06, 0x39, 0xc9, 0xd9, 0x26, 0x2e, 0x44, 0xb5, 0x92, 0x9b, 0xdf, 0x82, 0xa1, 0xce,
+ 0x75, 0x78, 0xed, 0x46, 0x82, 0xf9, 0x36, 0x3b, 0xb8, 0x60, 0xf6, 0xe5, 0xff, 0xf0, 0xe6, 0x57,
+ 0x70, 0x7b, 0xdd, 0x0e, 0xc9, 0xf9, 0x5a, 0xb6, 0x9c, 0x4d, 0xce, 0x25, 0x7d, 0xe3, 0x1e, 0x0d,
+ 0x0b, 0x50, 0xf4, 0xb9, 0x94, 0xc8, 0x77, 0x64, 0x72, 0x5d, 0xa4, 0x29, 0x51, 0xcf, 0x92, 0x78,
+ 0x54, 0x6e, 0x8e, 0xc7, 0x5f, 0x4a, 0xd0, 0x3c, 0x63, 0x22, 0x0e, 0xf1, 0x2e, 0x6f, 0x43, 0x73,
+ 0xca, 0x83, 0x4b, 0xc6, 0xb3, 0xab, 0x34, 0x94, 0xe0, 0xc8, 0x21, 0x4f, 0xa1, 0x76, 0x10, 0xf8,
+ 0xe7, 0xee, 0x0c, 0xbf, 0x2d, 0x5b, 0x7b, 0xb7, 0x15, 0xbb, 0xe8, 0xb5, 0x23, 0xa5, 0x53, 0xa5,
+ 0x56, 0x1b, 0x92, 0x21, 0xb4, 0xf4, 0x17, 0xfa, 0xcb, 0x97, 0x47, 0xcf, 0x93, 0xa6, 0x33, 0x27,
+ 0x1a, 0x7c, 0x0c, 0xad, 0xdc, 0xc2, 0xef, 0x55, 0x2d, 0x7e, 0x08, 0x80, 0xbb, 0xab, 0x18, 0x6d,
+ 0xaa, 0xab, 0xea, 0x95, 0xf2, 0x6a, 0x77, 0xa1, 0x29, 0xfb, 0x1b, 0xa5, 0x4e, 0xea, 0x54, 0x29,
+ 0xab, 0x53, 0xe6, 0x3d, 0xe8, 0x1f, 0xf9, 0x57, 0xd4, 0x73, 0x1d, 0x2a, 0xd8, 0x97, 0x6c, 0x81,
+ 0x21, 0x58, 0x39, 0x81, 0x79, 0x06, 0x6d, 0xfd, 0xb1, 0xfb, 0x46, 0x67, 0x6c, 0xeb, 0x33, 0x7e,
+ 0x77, 0x12, 0xbd, 0x0f, 0x3d, 0xed, 0xf4, 0xd8, 0xd5, 0x29, 0x24, 0xcb, 0x3c, 0x67, 0xe7, 0xee,
+ 0xb5, 0x76, 0xad, 0x67, 0xe6, 0x33, 0xd8, 0xcc, 0x99, 0xa6, 0xd7, 0xb9, 0x64, 0x8b, 0x28, 0xf9,
+ 0x11, 0x40, 0x8e, 0x93, 0x08, 0x94, 0xb3, 0x08, 0x98, 0xd0, 0xd5, 0x2b, 0x5f, 0x30, 0x71, 0xc3,
+ 0xed, 0xbe, 0x4c, 0x0f, 0xf2, 0x82, 0x69, 0xe7, 0xf7, 0xa1, 0xca, 0xe4, 0x4d, 0xf3, 0x25, 0x2c,
+ 0x1f, 0x01, 0x4b, 0xa9, 0xd7, 0x6c, 0xf8, 0x2c, 0xdd, 0xf0, 0x34, 0x56, 0x1b, 0xbe, 0xa1, 0x2f,
+ 0xf3, 0xbd, 0xf4, 0x18, 0xa7, 0xb1, 0xb8, 0xe9, 0x45, 0xef, 0x41, 0x5f, 0x1b, 0x3d, 0x67, 0x1e,
+ 0x13, 0xec, 0x86, 0x2b, 0xdd, 0x07, 0x52, 0x30, 0xbb, 0xc9, 0xdd, 0x1d, 0x68, 0x8c, 0xc7, 0xc7,
+ 0xa9, 0xb6, 0xc8, 0x8d, 0xe6, 0x27, 0xd0, 0x3f, 0x8b, 0x9d, 0xe0, 0x94, 0xbb, 0x57, 0xae, 0xc7,
+ 0x66, 0x6a, 0xb3, 0xa4, 0xff, 0x2c, 0xe5, 0xfa, 0xcf, 0xb5, 0xd5, 0xc8, 0xdc, 0x01, 0x52, 0x58,
+ 0x9e, 0xbe, 0x5b, 0x14, 0x3b, 0x81, 0x4e, 0x61, 0x1c, 0x9b, 0x3b, 0xd0, 0x1e, 0x53, 0x59, 0xef,
+ 0x1d, 0x65, 0x63, 0x40, 0x5d, 0xa8, 0xb9, 0x36, 0x4b, 0xa6, 0xe6, 0x1e, 0x6c, 0x1d, 0x50, 0xfb,
+ 0xc2, 0xf5, 0x67, 0xcf, 0xdd, 0x48, 0x36, 0x3c, 0x7a, 0xc5, 0x00, 0x1a, 0x8e, 0x16, 0xe8, 0x25,
+ 0xe9, 0xdc, 0x7c, 0x0c, 0x6f, 0xe5, 0x7e, 0x69, 0x39, 0x13, 0x34, 0x89, 0xc7, 0x16, 0x54, 0x23,
+ 0x39, 0xc3, 0x15, 0x55, 0x4b, 0x4d, 0xcc, 0xaf, 0x60, 0x2b, 0x5f, 0x80, 0x65, 0xfb, 0x91, 0x5c,
+ 0x1c, 0x1b, 0x83, 0x52, 0xae, 0x31, 0xd0, 0x31, 0x2b, 0x67, 0xf5, 0x64, 0x13, 0x2a, 0xbf, 0xfc,
+ 0x66, 0xac, 0xc1, 0x2e, 0x87, 0xe6, 0xef, 0xe5, 0xf6, 0x45, 0x7f, 0x6a, 0xfb, 0x42, 0x77, 0x50,
+ 0x7a, 0x93, 0xee, 0x60, 0x0d, 0xde, 0x1e, 0x43, 0xff, 0xc4, 0x0b, 0xec, 0xcb, 0x43, 0x3f, 0x17,
+ 0x0d, 0x03, 0xea, 0xcc, 0xcf, 0x07, 0x23, 0x99, 0x9a, 0x0f, 0xa0, 0x77, 0x1c, 0xd8, 0xd4, 0x3b,
+ 0x09, 0x62, 0x5f, 0xa4, 0x51, 0xc0, 0x9f, 0xbe, 0xb4, 0xa9, 0x9a, 0x98, 0x8f, 0xa1, 0xab, 0x4b,
+ 0xb4, 0x7f, 0x1e, 0x24, 0xcc, 0x98, 0x15, 0xf3, 0x52, 0xb1, 0xd7, 0x36, 0x8f, 0xa1, 0x97, 0x99,
+ 0x2b, 0xbf, 0x0f, 0xa0, 0xa6, 0xd4, 0xfa, 0x6e, 0xbd, 0xf4, 0x03, 0x52, 0x59, 0x5a, 0x5a, 0xbd,
+ 0xe6, 0x52, 0x73, 0xe8, 0x9e, 0xe2, 0x4f, 0x90, 0x87, 0xfe, 0x95, 0x72, 0x76, 0x04, 0x44, 0xfd,
+ 0x28, 0x39, 0x61, 0xfe, 0x95, 0xcb, 0x03, 0x1f, 0xfb, 0xdb, 0x92, 0x6e, 0x61, 0x12, 0xc7, 0xe9,
+ 0xa2, 0xc4, 0xc2, 0xea, 0x87, 0xcb, 0xa2, 0xb5, 0x31, 0x84, 0xec, 0x07, 0x0e, 0x59, 0x6a, 0x38,
+ 0x9b, 0x07, 0x82, 0x4d, 0xa8, 0xe3, 0x24, 0xd9, 0x02, 0x4a, 0xb4, 0xef, 0x38, 0x7c, 0xef, 0x3f,
+ 0x65, 0xa8, 0x7f, 0xa6, 0x08, 0x9c, 0x7c, 0x0a, 0x9d, 0x42, 0xb9, 0x26, 0x6f, 0xe1, 0x2f, 0x1c,
+ 0xcb, 0xcd, 0xc1, 0x60, 0x7b, 0x45, 0xac, 0xee, 0xf5, 0x04, 0xda, 0xf9, 0x62, 0x4c, 0xb0, 0xf0,
+ 0xe2, 0xcf, 0xad, 0x03, 0xf4, 0xb4, 0x5a, 0xa9, 0xcf, 0x60, 0x6b, 0x5d, 0x99, 0x24, 0x77, 0xb2,
+ 0x1d, 0x56, 0x4b, 0xf4, 0xe0, 0x9d, 0x9b, 0xb4, 0x49, 0x79, 0xad, 0x1f, 0x78, 0x8c, 0xfa, 0x71,
+ 0x98, 0x3f, 0x41, 0x36, 0x24, 0x4f, 0xa1, 0x53, 0x28, 0x14, 0xea, 0x9e, 0x2b, 0xb5, 0x23, 0xbf,
+ 0xe4, 0x3e, 0x54, 0xb1, 0x38, 0x91, 0x4e, 0xa1, 0x4a, 0x0e, 0xba, 0xe9, 0x54, 0xed, 0x3d, 0x84,
+ 0x0d, 0xfc, 0x11, 0x2e, 0xb7, 0x31, 0xae, 0x48, 0x2b, 0xd7, 0xde, 0xbf, 0x4b, 0x50, 0x4f, 0x7e,
+ 0x98, 0x7d, 0x0a, 0x1b, 0xb2, 0x06, 0x90, 0x5b, 0x39, 0x1a, 0x4d, 0xea, 0xc7, 0x60, 0x6b, 0x49,
+ 0xa8, 0x36, 0x18, 0x41, 0xe5, 0x05, 0x13, 0x84, 0xe4, 0x94, 0xba, 0x18, 0x0c, 0x6e, 0x15, 0x65,
+ 0xa9, 0xfd, 0x69, 0x5c, 0xb4, 0xd7, 0x5c, 0x5e, 0xb0, 0x4f, 0x59, 0xfa, 0x23, 0xa8, 0x29, 0x96,
+ 0x55, 0x41, 0x59, 0xe1, 0x67, 0xf5, 0xf8, 0xab, 0x7c, 0xbc, 0xf7, 0xf7, 0x0d, 0x80, 0xb3, 0x45,
+ 0x24, 0xd8, 0xfc, 0x57, 0x2e, 0x7b, 0x45, 0x1e, 0x42, 0xef, 0x39, 0x3b, 0xa7, 0xb1, 0x27, 0xf0,
+ 0x6b, 0x49, 0xb2, 0x49, 0x2e, 0x26, 0xd8, 0xf0, 0xa5, 0x64, 0x7d, 0x1f, 0x5a, 0x27, 0xf4, 0xfa,
+ 0xf5, 0x76, 0x9f, 0x42, 0xa7, 0xc0, 0xc1, 0xfa, 0x88, 0xcb, 0xac, 0xae, 0x8f, 0xb8, 0xca, 0xd6,
+ 0xf7, 0xa1, 0xae, 0x99, 0x39, 0xbf, 0x07, 0xd6, 0xb0, 0x02, 0x63, 0xff, 0x14, 0x7a, 0x4b, 0xbc,
+ 0x9c, 0xb7, 0xc7, 0x5f, 0x24, 0xd6, 0xf2, 0xf6, 0x33, 0xf9, 0xb5, 0x53, 0xe4, 0xe6, 0xfc, 0xc2,
+ 0xdb, 0x8a, 0x0f, 0xd7, 0x91, 0xf7, 0x8b, 0xe2, 0x77, 0x12, 0x7e, 0x25, 0x1a, 0xcb, 0xf4, 0x99,
+ 0x90, 0x77, 0xe2, 0x68, 0x1d, 0x0d, 0x3f, 0x81, 0x76, 0x9e, 0x41, 0x57, 0x52, 0x70, 0x95, 0x5e,
+ 0x1f, 0x01, 0x64, 0x24, 0x9a, 0xb7, 0x47, 0x78, 0x2c, 0xf3, 0xeb, 0x87, 0x00, 0x19, 0x35, 0x2a,
+ 0x54, 0x15, 0x99, 0x55, 0x2d, 0x5b, 0xa6, 0xcf, 0x87, 0xd0, 0x4c, 0xe9, 0x2c, 0xbf, 0x07, 0x3a,
+ 0x28, 0xb2, 0xe3, 0x67, 0xa3, 0xdf, 0x3e, 0x9a, 0xb9, 0xe2, 0x22, 0x9e, 0x8e, 0xec, 0x60, 0xbe,
+ 0x7b, 0x41, 0xa3, 0x0b, 0xd7, 0x0e, 0x78, 0xb8, 0x7b, 0x25, 0xc1, 0xb4, 0xbb, 0xf2, 0x9f, 0xd1,
+ 0xb4, 0x86, 0x1f, 0x7b, 0x1f, 0xfc, 0x37, 0x00, 0x00, 0xff, 0xff, 0x93, 0x15, 0xb9, 0x42, 0x4f,
+ 0x1a, 0x00, 0x00,
+}
diff --git a/logical/plugin/pb/backend.proto b/logical/plugin/pb/backend.proto
index 8bae7aa4e1..e02cc1f9af 100644
--- a/logical/plugin/pb/backend.proto
+++ b/logical/plugin/pb/backend.proto
@@ -210,9 +210,6 @@ message Auth {
// TokenType is the type of token being requested
uint32 token_type = 17;
-
- // Whether the default policy should be added automatically by core
- bool no_default_policy = 18;
}
message TokenEntry {
diff --git a/logical/plugin/pb/translation.go b/logical/plugin/pb/translation.go
index c4581cba26..c777cae505 100644
--- a/logical/plugin/pb/translation.go
+++ b/logical/plugin/pb/translation.go
@@ -492,7 +492,6 @@ func LogicalAuthToProtoAuth(a *logical.Auth) (*Auth, error) {
Policies: a.Policies,
TokenPolicies: a.TokenPolicies,
IdentityPolicies: a.IdentityPolicies,
- NoDefaultPolicy: a.NoDefaultPolicy,
Metadata: a.Metadata,
ClientToken: a.ClientToken,
Accessor: a.Accessor,
@@ -540,7 +539,6 @@ func ProtoAuthToLogicalAuth(a *Auth) (*logical.Auth, error) {
Policies: a.Policies,
TokenPolicies: a.TokenPolicies,
IdentityPolicies: a.IdentityPolicies,
- NoDefaultPolicy: a.NoDefaultPolicy,
Metadata: a.Metadata,
ClientToken: a.ClientToken,
Accessor: a.Accessor,
diff --git a/physical/types.pb.go b/physical/types.pb.go
index 91fbb0e812..e02137c0cf 100644
--- a/physical/types.pb.go
+++ b/physical/types.pb.go
@@ -5,8 +5,9 @@ package physical
import (
fmt "fmt"
- proto "github.com/golang/protobuf/proto"
math "math"
+
+ proto "github.com/golang/protobuf/proto"
)
// Reference imports to suppress errors if they are not otherwise used.
diff --git a/vault/external_tests/policy/no_default_test.go b/vault/external_tests/policy/no_default_test.go
deleted file mode 100644
index 4ba37f9e65..0000000000
--- a/vault/external_tests/policy/no_default_test.go
+++ /dev/null
@@ -1,85 +0,0 @@
-package policy
-
-import (
- "testing"
-
- "github.com/go-test/deep"
- log "github.com/hashicorp/go-hclog"
- "github.com/hashicorp/vault/api"
- "github.com/hashicorp/vault/builtin/credential/ldap"
- vaulthttp "github.com/hashicorp/vault/http"
- "github.com/hashicorp/vault/logical"
- "github.com/hashicorp/vault/vault"
-)
-
-func TestNoDefaultPolicy(t *testing.T) {
- var err error
- coreConfig := &vault.CoreConfig{
- DisableMlock: true,
- DisableCache: true,
- Logger: log.NewNullLogger(),
- CredentialBackends: map[string]logical.Factory{
- "ldap": ldap.Factory,
- },
- }
-
- cluster := vault.NewTestCluster(t, coreConfig, &vault.TestClusterOptions{
- HandlerFunc: vaulthttp.Handler,
- })
-
- cluster.Start()
- defer cluster.Cleanup()
-
- cores := cluster.Cores
-
- vault.TestWaitActive(t, cores[0].Core)
-
- client := cores[0].Client
-
- err = client.Sys().EnableAuthWithOptions("ldap", &api.EnableAuthOptions{
- Type: "ldap",
- })
- if err != nil {
- t.Fatal(err)
- }
-
- // Configure LDAP auth backend
- secret, err := client.Logical().Write("auth/ldap/config", map[string]interface{}{
- "url": "ldap://ldap.forumsys.com",
- "userattr": "uid",
- "userdn": "dc=example,dc=com",
- "groupdn": "dc=example,dc=com",
- "binddn": "cn=read-only-admin,dc=example,dc=com",
- "no_default_policy": true,
- })
- if err != nil {
- t.Fatal(err)
- }
-
- // Create a local user in LDAP
- secret, err = client.Logical().Write("auth/ldap/users/tesla", map[string]interface{}{
- "policies": "foo",
- })
- if err != nil {
- t.Fatal(err)
- }
-
- // Login with LDAP and create a token
- secret, err = client.Logical().Write("auth/ldap/login/tesla", map[string]interface{}{
- "password": "password",
- })
- if err != nil {
- t.Fatal(err)
- }
- token := secret.Auth.ClientToken
-
- // Lookup the token to get the entity ID
- secret, err = client.Auth().Token().Lookup(token)
- if err != nil {
- t.Fatal(err)
- }
-
- if diff := deep.Equal(secret.Data["policies"], []interface{}{"foo"}); diff != nil {
- t.Fatal(diff)
- }
-}
diff --git a/vault/request_forwarding_service.pb.go b/vault/request_forwarding_service.pb.go
index 805d6da962..cfc53b0c41 100644
--- a/vault/request_forwarding_service.pb.go
+++ b/vault/request_forwarding_service.pb.go
@@ -5,11 +5,15 @@ package vault
import (
fmt "fmt"
+ math "math"
+
proto "github.com/golang/protobuf/proto"
forwarding "github.com/hashicorp/vault/helper/forwarding"
+)
+
+import (
context "golang.org/x/net/context"
grpc "google.golang.org/grpc"
- math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
@@ -318,45 +322,6 @@ func init() {
proto.RegisterType((*PerfStandbyElectionResponse)(nil), "vault.PerfStandbyElectionResponse")
}
-func init() {
- proto.RegisterFile("vault/request_forwarding_service.proto", fileDescriptor_f5f7512e4ab7b58a)
-}
-
-var fileDescriptor_f5f7512e4ab7b58a = []byte{
- // 493 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x53, 0x41, 0x6f, 0x1a, 0x3d,
- 0x10, 0x8d, 0x81, 0x10, 0x31, 0x90, 0x88, 0xf8, 0x8b, 0xf4, 0xad, 0xa8, 0xa2, 0x90, 0xad, 0x54,
- 0x21, 0x55, 0xda, 0x8d, 0xd2, 0x73, 0x0f, 0x2d, 0x4a, 0x25, 0xd4, 0x4b, 0xb5, 0xb9, 0xf5, 0xb2,
- 0x32, 0xf6, 0x04, 0xac, 0x2e, 0x6b, 0xd7, 0x36, 0x49, 0xf6, 0x27, 0xf7, 0xd6, 0x9f, 0x50, 0xad,
- 0xd7, 0x04, 0x10, 0x4d, 0x2f, 0x68, 0xe7, 0xcd, 0x63, 0xde, 0xf8, 0xf9, 0x19, 0xde, 0x3d, 0xb2,
- 0x75, 0xe1, 0x52, 0x83, 0x3f, 0xd7, 0x68, 0x5d, 0xfe, 0xa0, 0xcc, 0x13, 0x33, 0x42, 0x96, 0x8b,
- 0xdc, 0xa2, 0x79, 0x94, 0x1c, 0x13, 0x6d, 0x94, 0x53, 0xf4, 0xd8, 0xf3, 0x46, 0x97, 0x4b, 0x2c,
- 0x34, 0x9a, 0x74, 0xcb, 0x4b, 0x5d, 0xa5, 0xd1, 0x36, 0xac, 0x58, 0x41, 0xff, 0x8e, 0x2f, 0x55,
- 0xd6, 0x4c, 0xa3, 0x11, 0x9c, 0xac, 0xd0, 0x5a, 0xb6, 0xc0, 0x88, 0x8c, 0xc9, 0xa4, 0x97, 0x6d,
- 0x4a, 0x7a, 0x0d, 0x03, 0x5e, 0xac, 0xad, 0x43, 0x93, 0x33, 0x21, 0x4c, 0xd4, 0xf2, 0xed, 0x7e,
- 0xc0, 0x3e, 0x09, 0x61, 0xe8, 0x5b, 0x38, 0xdd, 0xa5, 0xd8, 0xa8, 0x3d, 0x6e, 0x4f, 0x7a, 0xd9,
- 0x60, 0x87, 0x63, 0xe3, 0x27, 0xe8, 0x35, 0x82, 0xba, 0xa8, 0xfe, 0x21, 0x77, 0x30, 0xab, 0x75,
- 0x38, 0x8b, 0xbe, 0x87, 0x73, 0x83, 0xba, 0x90, 0x9c, 0x39, 0xa9, 0xca, 0xdc, 0x3a, 0xe6, 0x30,
- 0x6a, 0x8f, 0xc9, 0xe4, 0x34, 0x1b, 0xee, 0x34, 0xee, 0x6b, 0x3c, 0x9e, 0x41, 0x6f, 0x5a, 0x48,
- 0x2c, 0xdd, 0x57, 0xac, 0x28, 0x85, 0x4e, 0xed, 0x42, 0x50, 0xf5, 0xdf, 0x74, 0x00, 0xe4, 0xd9,
- 0x1f, 0x6b, 0x90, 0x91, 0xe7, 0xba, 0xaa, 0xfc, 0xac, 0x41, 0x46, 0xaa, 0xba, 0x12, 0x51, 0xa7,
- 0xa9, 0x44, 0x3c, 0x82, 0xe8, 0x1b, 0x9a, 0x87, 0x7b, 0xc7, 0x4a, 0x31, 0xaf, 0xee, 0x0a, 0xe4,
- 0xb5, 0xcc, 0xac, 0xd4, 0x6b, 0x17, 0xff, 0x22, 0xf0, 0xe6, 0x2f, 0xcd, 0x0c, 0xad, 0x56, 0xa5,
- 0x45, 0x7a, 0x06, 0x2d, 0x29, 0x82, 0x6e, 0x4b, 0x0a, 0x7a, 0x09, 0xb0, 0x39, 0xa8, 0x14, 0xc1,
- 0xd5, 0x5e, 0x40, 0x66, 0x82, 0xde, 0xc0, 0x85, 0x36, 0x72, 0xc5, 0x4c, 0x95, 0xef, 0xd9, 0xdf,
- 0xf6, 0x44, 0x1a, 0x7a, 0xd3, 0x9d, 0x5b, 0xf8, 0x1f, 0x4e, 0x38, 0xcb, 0x39, 0x1a, 0x17, 0x16,
- 0xee, 0x72, 0x36, 0x45, 0xe3, 0xe8, 0x15, 0xf4, 0xb9, 0x37, 0xa0, 0x69, 0x1e, 0xfb, 0x26, 0x34,
- 0x90, 0x27, 0xa4, 0x10, 0xaa, 0xfc, 0x07, 0x56, 0x51, 0x77, 0x4c, 0x26, 0xfd, 0xdb, 0x61, 0xe2,
- 0x63, 0x94, 0xbc, 0x58, 0x57, 0x2f, 0x17, 0x3e, 0x6f, 0x7f, 0x13, 0x38, 0x0f, 0xc9, 0xf9, 0xf2,
- 0x12, 0x2f, 0xfa, 0x11, 0xce, 0x42, 0xb5, 0x49, 0xd5, 0x7f, 0xc9, 0x36, 0x7d, 0x49, 0x00, 0x47,
- 0x17, 0xfb, 0x60, 0x63, 0x4f, 0x7c, 0x44, 0x13, 0xe8, 0xd4, 0x01, 0xa1, 0x34, 0x28, 0xef, 0xc4,
- 0x73, 0x34, 0xdc, 0xc3, 0x74, 0x51, 0xc5, 0x47, 0xb4, 0x80, 0xeb, 0xda, 0x6f, 0x65, 0x56, 0xac,
- 0xe4, 0x78, 0x60, 0x7b, 0xb3, 0xc1, 0x55, 0xf8, 0xe3, 0x6b, 0xd7, 0x36, 0x8a, 0x5f, 0x27, 0x6c,
- 0x77, 0xbb, 0x21, 0x9f, 0xe3, 0xef, 0xe3, 0x85, 0x74, 0xcb, 0xf5, 0x3c, 0xe1, 0x6a, 0x95, 0x2e,
- 0x99, 0x5d, 0x4a, 0xae, 0x8c, 0x4e, 0x9b, 0x47, 0xe9, 0x7f, 0xe7, 0x5d, 0xff, 0xb4, 0x3e, 0xfc,
- 0x09, 0x00, 0x00, 0xff, 0xff, 0x03, 0x94, 0x0a, 0x17, 0xaa, 0x03, 0x00, 0x00,
-}
-
// Reference imports to suppress errors if they are not otherwise used.
var _ context.Context
var _ grpc.ClientConn
@@ -522,3 +487,42 @@ var _RequestForwarding_serviceDesc = grpc.ServiceDesc{
},
Metadata: "vault/request_forwarding_service.proto",
}
+
+func init() {
+ proto.RegisterFile("vault/request_forwarding_service.proto", fileDescriptor_f5f7512e4ab7b58a)
+}
+
+var fileDescriptor_f5f7512e4ab7b58a = []byte{
+ // 493 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x53, 0x41, 0x6f, 0x1a, 0x3d,
+ 0x10, 0x8d, 0x81, 0x10, 0x31, 0x90, 0x88, 0xf8, 0x8b, 0xf4, 0xad, 0xa8, 0xa2, 0x90, 0xad, 0x54,
+ 0x21, 0x55, 0xda, 0x8d, 0xd2, 0x73, 0x0f, 0x2d, 0x4a, 0x25, 0xd4, 0x4b, 0xb5, 0xb9, 0xf5, 0xb2,
+ 0x32, 0xf6, 0x04, 0xac, 0x2e, 0x6b, 0xd7, 0x36, 0x49, 0xf6, 0x27, 0xf7, 0xd6, 0x9f, 0x50, 0xad,
+ 0xd7, 0x04, 0x10, 0x4d, 0x2f, 0x68, 0xe7, 0xcd, 0x63, 0xde, 0xf8, 0xf9, 0x19, 0xde, 0x3d, 0xb2,
+ 0x75, 0xe1, 0x52, 0x83, 0x3f, 0xd7, 0x68, 0x5d, 0xfe, 0xa0, 0xcc, 0x13, 0x33, 0x42, 0x96, 0x8b,
+ 0xdc, 0xa2, 0x79, 0x94, 0x1c, 0x13, 0x6d, 0x94, 0x53, 0xf4, 0xd8, 0xf3, 0x46, 0x97, 0x4b, 0x2c,
+ 0x34, 0x9a, 0x74, 0xcb, 0x4b, 0x5d, 0xa5, 0xd1, 0x36, 0xac, 0x58, 0x41, 0xff, 0x8e, 0x2f, 0x55,
+ 0xd6, 0x4c, 0xa3, 0x11, 0x9c, 0xac, 0xd0, 0x5a, 0xb6, 0xc0, 0x88, 0x8c, 0xc9, 0xa4, 0x97, 0x6d,
+ 0x4a, 0x7a, 0x0d, 0x03, 0x5e, 0xac, 0xad, 0x43, 0x93, 0x33, 0x21, 0x4c, 0xd4, 0xf2, 0xed, 0x7e,
+ 0xc0, 0x3e, 0x09, 0x61, 0xe8, 0x5b, 0x38, 0xdd, 0xa5, 0xd8, 0xa8, 0x3d, 0x6e, 0x4f, 0x7a, 0xd9,
+ 0x60, 0x87, 0x63, 0xe3, 0x27, 0xe8, 0x35, 0x82, 0xba, 0xa8, 0xfe, 0x21, 0x77, 0x30, 0xab, 0x75,
+ 0x38, 0x8b, 0xbe, 0x87, 0x73, 0x83, 0xba, 0x90, 0x9c, 0x39, 0xa9, 0xca, 0xdc, 0x3a, 0xe6, 0x30,
+ 0x6a, 0x8f, 0xc9, 0xe4, 0x34, 0x1b, 0xee, 0x34, 0xee, 0x6b, 0x3c, 0x9e, 0x41, 0x6f, 0x5a, 0x48,
+ 0x2c, 0xdd, 0x57, 0xac, 0x28, 0x85, 0x4e, 0xed, 0x42, 0x50, 0xf5, 0xdf, 0x74, 0x00, 0xe4, 0xd9,
+ 0x1f, 0x6b, 0x90, 0x91, 0xe7, 0xba, 0xaa, 0xfc, 0xac, 0x41, 0x46, 0xaa, 0xba, 0x12, 0x51, 0xa7,
+ 0xa9, 0x44, 0x3c, 0x82, 0xe8, 0x1b, 0x9a, 0x87, 0x7b, 0xc7, 0x4a, 0x31, 0xaf, 0xee, 0x0a, 0xe4,
+ 0xb5, 0xcc, 0xac, 0xd4, 0x6b, 0x17, 0xff, 0x22, 0xf0, 0xe6, 0x2f, 0xcd, 0x0c, 0xad, 0x56, 0xa5,
+ 0x45, 0x7a, 0x06, 0x2d, 0x29, 0x82, 0x6e, 0x4b, 0x0a, 0x7a, 0x09, 0xb0, 0x39, 0xa8, 0x14, 0xc1,
+ 0xd5, 0x5e, 0x40, 0x66, 0x82, 0xde, 0xc0, 0x85, 0x36, 0x72, 0xc5, 0x4c, 0x95, 0xef, 0xd9, 0xdf,
+ 0xf6, 0x44, 0x1a, 0x7a, 0xd3, 0x9d, 0x5b, 0xf8, 0x1f, 0x4e, 0x38, 0xcb, 0x39, 0x1a, 0x17, 0x16,
+ 0xee, 0x72, 0x36, 0x45, 0xe3, 0xe8, 0x15, 0xf4, 0xb9, 0x37, 0xa0, 0x69, 0x1e, 0xfb, 0x26, 0x34,
+ 0x90, 0x27, 0xa4, 0x10, 0xaa, 0xfc, 0x07, 0x56, 0x51, 0x77, 0x4c, 0x26, 0xfd, 0xdb, 0x61, 0xe2,
+ 0x63, 0x94, 0xbc, 0x58, 0x57, 0x2f, 0x17, 0x3e, 0x6f, 0x7f, 0x13, 0x38, 0x0f, 0xc9, 0xf9, 0xf2,
+ 0x12, 0x2f, 0xfa, 0x11, 0xce, 0x42, 0xb5, 0x49, 0xd5, 0x7f, 0xc9, 0x36, 0x7d, 0x49, 0x00, 0x47,
+ 0x17, 0xfb, 0x60, 0x63, 0x4f, 0x7c, 0x44, 0x13, 0xe8, 0xd4, 0x01, 0xa1, 0x34, 0x28, 0xef, 0xc4,
+ 0x73, 0x34, 0xdc, 0xc3, 0x74, 0x51, 0xc5, 0x47, 0xb4, 0x80, 0xeb, 0xda, 0x6f, 0x65, 0x56, 0xac,
+ 0xe4, 0x78, 0x60, 0x7b, 0xb3, 0xc1, 0x55, 0xf8, 0xe3, 0x6b, 0xd7, 0x36, 0x8a, 0x5f, 0x27, 0x6c,
+ 0x77, 0xbb, 0x21, 0x9f, 0xe3, 0xef, 0xe3, 0x85, 0x74, 0xcb, 0xf5, 0x3c, 0xe1, 0x6a, 0x95, 0x2e,
+ 0x99, 0x5d, 0x4a, 0xae, 0x8c, 0x4e, 0x9b, 0x47, 0xe9, 0x7f, 0xe7, 0x5d, 0xff, 0xb4, 0x3e, 0xfc,
+ 0x09, 0x00, 0x00, 0xff, 0xff, 0x03, 0x94, 0x0a, 0x17, 0xaa, 0x03, 0x00, 0x00,
+}
diff --git a/vault/request_handling.go b/vault/request_handling.go
index 2ec8c50dd7..a46921a082 100644
--- a/vault/request_handling.go
+++ b/vault/request_handling.go
@@ -982,10 +982,6 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
var entity *identity.Entity
auth = resp.Auth
- // Only the token store can toggle this off, and that's via a
- // different path since it's not a login request; it's explicitly
- // disallowed above
- auth.Renewable = true
mEntry := c.router.MatchingMountEntry(ctx, req.Path)
@@ -1062,7 +1058,7 @@ func (c *Core) handleLoginRequest(ctx context.Context, req *logical.Request) (re
return nil, nil, ErrInternalError
}
- auth.TokenPolicies = policyutil.SanitizePolicies(auth.Policies, !auth.NoDefaultPolicy)
+ auth.TokenPolicies = policyutil.SanitizePolicies(auth.Policies, policyutil.AddDefaultPolicy)
allPolicies := policyutil.SanitizePolicies(append(auth.TokenPolicies, identityPolicies[ns.ID]...), policyutil.DoNotAddDefaultPolicy)
// Prevent internal policies from being assigned to tokens. We check
diff --git a/vault/token_store.go b/vault/token_store.go
index d53294e455..6381f630c0 100644
--- a/vault/token_store.go
+++ b/vault/token_store.go
@@ -14,13 +14,13 @@ import (
"strings"
"time"
- metrics "github.com/armon/go-metrics"
proto "github.com/golang/protobuf/proto"
"github.com/hashicorp/errwrap"
log "github.com/hashicorp/go-hclog"
- multierror "github.com/hashicorp/go-multierror"
sockaddr "github.com/hashicorp/go-sockaddr"
+ metrics "github.com/armon/go-metrics"
+ multierror "github.com/hashicorp/go-multierror"
"github.com/hashicorp/vault/helper/base62"
"github.com/hashicorp/vault/helper/consts"
"github.com/hashicorp/vault/helper/identity"
@@ -31,7 +31,6 @@ import (
"github.com/hashicorp/vault/helper/policyutil"
"github.com/hashicorp/vault/helper/salt"
"github.com/hashicorp/vault/helper/strutil"
- "github.com/hashicorp/vault/helper/tokenhelper"
"github.com/hashicorp/vault/logical"
"github.com/hashicorp/vault/logical/framework"
"github.com/hashicorp/vault/logical/plugin/pb"
@@ -104,7 +103,7 @@ var (
)
func (ts *TokenStore) paths() []*framework.Path {
- p := []*framework.Path{
+ return []*framework.Path{
{
Pattern: "roles/?$",
@@ -127,6 +126,76 @@ func (ts *TokenStore) paths() []*framework.Path {
HelpDescription: tokenListAccessorsHelp,
},
+ {
+ Pattern: "roles/" + framework.GenericNameRegex("role_name"),
+ Fields: map[string]*framework.FieldSchema{
+ "role_name": &framework.FieldSchema{
+ Type: framework.TypeString,
+ Description: "Name of the role",
+ },
+
+ "allowed_policies": &framework.FieldSchema{
+ Type: framework.TypeCommaStringSlice,
+ Description: tokenAllowedPoliciesHelp,
+ },
+
+ "disallowed_policies": &framework.FieldSchema{
+ Type: framework.TypeCommaStringSlice,
+ Description: tokenDisallowedPoliciesHelp,
+ },
+
+ "orphan": &framework.FieldSchema{
+ Type: framework.TypeBool,
+ Default: false,
+ Description: tokenOrphanHelp,
+ },
+
+ "period": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Default: 0,
+ Description: tokenPeriodHelp,
+ },
+
+ "path_suffix": &framework.FieldSchema{
+ Type: framework.TypeString,
+ Default: "",
+ Description: tokenPathSuffixHelp + pathSuffixSanitize.String(),
+ },
+
+ "explicit_max_ttl": &framework.FieldSchema{
+ Type: framework.TypeDurationSecond,
+ Default: 0,
+ Description: tokenExplicitMaxTTLHelp,
+ },
+
+ "renewable": &framework.FieldSchema{
+ Type: framework.TypeBool,
+ Default: true,
+ Description: tokenRenewableHelp,
+ },
+
+ "bound_cidrs": &framework.FieldSchema{
+ Type: framework.TypeCommaStringSlice,
+ Description: `Comma separated string or JSON list of CIDR blocks. If set, specifies the blocks of IP addresses which are allowed to use the generated token.`,
+ },
+
+ "token_type": &framework.FieldSchema{
+ Type: framework.TypeString,
+ Default: "service",
+ Description: "The type of token to generate, service or batch",
+ },
+ },
+
+ Callbacks: map[logical.Operation]framework.OperationFunc{
+ logical.ReadOperation: ts.tokenStoreRoleRead,
+ logical.CreateOperation: ts.tokenStoreRoleCreateUpdate,
+ logical.UpdateOperation: ts.tokenStoreRoleCreateUpdate,
+ logical.DeleteOperation: ts.tokenStoreRoleDelete,
+ },
+
+ ExistenceCheck: ts.tokenStoreRoleExistenceCheck,
+ },
+
{
Pattern: "create-orphan$",
@@ -345,61 +414,6 @@ func (ts *TokenStore) paths() []*framework.Path {
HelpDescription: strings.TrimSpace(tokenTidyDesc),
},
}
-
- rolesPath := &framework.Path{
- Pattern: "roles/" + framework.GenericNameRegex("role_name"),
- Fields: map[string]*framework.FieldSchema{
- "role_name": &framework.FieldSchema{
- Type: framework.TypeString,
- Description: "Name of the role",
- },
-
- "allowed_policies": &framework.FieldSchema{
- Type: framework.TypeCommaStringSlice,
- Description: tokenAllowedPoliciesHelp,
- },
-
- "disallowed_policies": &framework.FieldSchema{
- Type: framework.TypeCommaStringSlice,
- Description: tokenDisallowedPoliciesHelp,
- },
-
- "orphan": &framework.FieldSchema{
- Type: framework.TypeBool,
- Default: false,
- Description: tokenOrphanHelp,
- },
-
- "path_suffix": &framework.FieldSchema{
- Type: framework.TypeString,
- Default: "",
- Description: tokenPathSuffixHelp + pathSuffixSanitize.String(),
- },
-
- "renewable": &framework.FieldSchema{
- Type: framework.TypeBool,
- Default: true,
- Description: tokenRenewableHelp,
- },
- },
-
- Callbacks: map[logical.Operation]framework.OperationFunc{
- logical.ReadOperation: ts.tokenStoreRoleRead,
- logical.CreateOperation: ts.tokenStoreRoleCreateUpdate,
- logical.UpdateOperation: ts.tokenStoreRoleCreateUpdate,
- logical.DeleteOperation: ts.tokenStoreRoleDelete,
- },
-
- ExistenceCheck: ts.tokenStoreRoleExistenceCheck,
- }
- // Roles in token store handle policies and TTLs differently
- tokenhelper.AddTokenFieldsWithAllowList(rolesPath.Fields,
- []string{"bound_cidrs", "explicit_max_ttl", "period", "token_type"})
- // For this backend default to service
- rolesPath.Fields["token_type"].Default = "service"
- p = append(p, rolesPath)
-
- return p
}
// LookupToken returns the properties of the token from the token store. This
@@ -567,8 +581,6 @@ func (ts *TokenStore) Salt(ctx context.Context) (*salt.Salt, error) {
// tsRoleEntry contains token store role information
type tsRoleEntry struct {
- tokenhelper.TokenParams
-
// The name of the role. Embedded so it can be used for pathing
Name string `json:"name" mapstructure:"name" structs:"name"`
@@ -582,12 +594,26 @@ type tsRoleEntry struct {
// If true, tokens created using this role will be orphans
Orphan bool `json:"orphan" mapstructure:"orphan" structs:"orphan"`
+ // If non-zero, tokens created using this role will be able to be renewed
+ // forever, but will have a fixed renewal period of this value
+ Period time.Duration `json:"period" mapstructure:"period" structs:"period"`
+
// If set, a suffix will be set on the token path, making it easier to
// revoke using 'revoke-prefix'
PathSuffix string `json:"path_suffix" mapstructure:"path_suffix" structs:"path_suffix"`
// If set, controls whether created tokens are marked as being renewable
Renewable bool `json:"renewable" mapstructure:"renewable" structs:"renewable"`
+
+ // If set, the token entry will have an explicit maximum TTL set, rather
+ // than deferring to role/mount values
+ ExplicitMaxTTL time.Duration `json:"explicit_max_ttl" mapstructure:"explicit_max_ttl" structs:"explicit_max_ttl"`
+
+ // The set of CIDRs that tokens generated using this role will be bound to
+ BoundCIDRs []*sockaddr.SockAddrMarshaler `json:"bound_cidrs"`
+
+ // The type of token this role should issue
+ TokenType logical.TokenType `json:"token_type" mapstructure:"token_type"`
}
type accessorEntry struct {
diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-ad/plugin/path_config.go b/vendor/github.com/hashicorp/vault-plugin-secrets-ad/plugin/path_config.go
index 3dc27bd355..3f8e7f8f38 100644
--- a/vendor/github.com/hashicorp/vault-plugin-secrets-ad/plugin/path_config.go
+++ b/vendor/github.com/hashicorp/vault-plugin-secrets-ad/plugin/path_config.go
@@ -54,7 +54,7 @@ func (b *backend) pathConfig() *framework.Path {
}
func (b *backend) configFields() map[string]*framework.FieldSchema {
- fields := ldaputil.ConfigFields(false)
+ fields := ldaputil.ConfigFields()
fields["ttl"] = &framework.FieldSchema{
Type: framework.TypeDurationSecond,
Description: "In seconds, the default password time-to-live.",