From d5e86f35d9c8fcc880acb27ea7c949c9504f5518 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Sat, 29 Jun 2019 14:51:16 -0400
Subject: [PATCH] Bump sdk

---
 go.mod                                        |  2 +-
 .../vault/sdk/helper/tlsutil/tlsutil.go       | 25 +++++++++++--------
 .../vault/sdk/helper/tokenutil/tokenutil.go   |  9 +++++++
 vendor/modules.txt                            |  4 +--
 4 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/go.mod b/go.mod
index 7a4b918449..4457dfdc1c 100644
--- a/go.mod
+++ b/go.mod
@@ -83,7 +83,7 @@ require (
 	github.com/hashicorp/vault-plugin-secrets-gcpkms v0.5.2-0.20190516000311-88f9a4f11829
 	github.com/hashicorp/vault-plugin-secrets-kv v0.5.2-0.20190626201950-a6e92ff82578
 	github.com/hashicorp/vault/api v1.0.3-0.20190627213952-21b5ec5dc34c
-	github.com/hashicorp/vault/sdk v0.1.12-0.20190627213952-21b5ec5dc34c
+	github.com/hashicorp/vault/sdk v0.1.12-0.20190629185034-b43299fe641c
 	github.com/influxdata/influxdb v0.0.0-20190411212539-d24b7ba8c4c4
 	github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 // indirect
 	github.com/jackc/pgx v3.3.0+incompatible // indirect
diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/tlsutil/tlsutil.go b/vendor/github.com/hashicorp/vault/sdk/helper/tlsutil/tlsutil.go
index 9929702777..236d32ec67 100644
--- a/vendor/github.com/hashicorp/vault/sdk/helper/tlsutil/tlsutil.go
+++ b/vendor/github.com/hashicorp/vault/sdk/helper/tlsutil/tlsutil.go
@@ -9,7 +9,7 @@ import (
 	"github.com/hashicorp/vault/sdk/helper/strutil"
 )
 
-var ErrInvalidCertParams = errors.New("ca cert, client key and client cert must all be set, or none should be set")
+var ErrInvalidCertParams = errors.New("invalid certificate parameters")
 
 // TLSLookup maps the tls_min_version configuration to the internal value
 var TLSLookup = map[string]uint16{
@@ -75,6 +75,8 @@ func ClientTLSConfig(caCert []byte, clientCert []byte, clientKey []byte) (*tls.C
 	var pool *x509.CertPool
 
 	switch {
+	case len(caCert) != 0:
+		// Valid
 	case len(clientCert) != 0 && len(clientKey) != 0:
 		// Valid
 	default:
@@ -86,18 +88,21 @@ func ClientTLSConfig(caCert []byte, clientCert []byte, clientKey []byte) (*tls.C
 		pool.AppendCertsFromPEM(caCert)
 	}
 
-	cert, err := tls.X509KeyPair(clientCert, clientKey)
-	if err != nil {
-		return nil, err
-	}
-
 	tlsConfig = &tls.Config{
-		Certificates: []tls.Certificate{cert},
-		RootCAs:      pool,
-		ClientAuth:   tls.RequireAndVerifyClientCert,
-		MinVersion:   tls.VersionTLS12,
+		RootCAs:    pool,
+		ClientAuth: tls.RequireAndVerifyClientCert,
+		MinVersion: tls.VersionTLS12,
 	}
 
+	var cert tls.Certificate
+	var err error
+	if len(clientCert) != 0 && len(clientKey) != 0 {
+		cert, err = tls.X509KeyPair(clientCert, clientKey)
+		if err != nil {
+			return nil, err
+		}
+		tlsConfig.Certificates = []tls.Certificate{cert}
+	}
 	tlsConfig.BuildNameToCertificate()
 
 	return tlsConfig, nil
diff --git a/vendor/github.com/hashicorp/vault/sdk/helper/tokenutil/tokenutil.go b/vendor/github.com/hashicorp/vault/sdk/helper/tokenutil/tokenutil.go
index 5dec894e6c..ac0dcce15e 100644
--- a/vendor/github.com/hashicorp/vault/sdk/helper/tokenutil/tokenutil.go
+++ b/vendor/github.com/hashicorp/vault/sdk/helper/tokenutil/tokenutil.go
@@ -172,6 +172,15 @@ func (t *TokenParams) ParseTokenFields(req *logical.Request, d *framework.FieldD
 		t.TokenType = tokenType
 	}
 
+	if t.TokenType == logical.TokenTypeBatch || t.TokenType == logical.TokenTypeDefaultBatch {
+		if t.TokenPeriod != 0 {
+			return errors.New("'token_type' cannot be 'batch' or 'default_batch' when set to generate periodic tokens")
+		}
+		if t.TokenNumUses != 0 {
+			return errors.New("'token_type' cannot be 'batch' or 'default_batch' when set to generate tokens with limited use count")
+		}
+	}
+
 	if ttlRaw, ok := d.GetOk("token_ttl"); ok {
 		t.TokenTTL = time.Duration(ttlRaw.(int)) * time.Second
 	}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index fcd879561c..259c3464b7 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -364,7 +364,7 @@ github.com/hashicorp/vault-plugin-secrets-gcpkms
 github.com/hashicorp/vault-plugin-secrets-kv
 # github.com/hashicorp/vault/api v1.0.3-0.20190627213952-21b5ec5dc34c => ./api
 github.com/hashicorp/vault/api
-# github.com/hashicorp/vault/sdk v0.1.12-0.20190627213952-21b5ec5dc34c => ./sdk
+# github.com/hashicorp/vault/sdk v0.1.12-0.20190629185034-b43299fe641c => ./sdk
 github.com/hashicorp/vault/sdk/helper/salt
 github.com/hashicorp/vault/sdk/helper/strutil
 github.com/hashicorp/vault/sdk/helper/wrapping
@@ -376,6 +376,7 @@ github.com/hashicorp/vault/sdk/plugin
 github.com/hashicorp/vault/sdk/helper/cidrutil
 github.com/hashicorp/vault/sdk/helper/consts
 github.com/hashicorp/vault/sdk/helper/locksutil
+github.com/hashicorp/vault/sdk/helper/tokenutil
 github.com/hashicorp/vault/sdk/helper/jsonutil
 github.com/hashicorp/vault/sdk/helper/certutil
 github.com/hashicorp/vault/sdk/helper/password
@@ -404,7 +405,6 @@ github.com/hashicorp/vault/sdk/plugin/pb
 github.com/hashicorp/vault/sdk/database/helper/connutil
 github.com/hashicorp/vault/sdk/helper/license
 github.com/hashicorp/vault/sdk/helper/pluginutil
-github.com/hashicorp/vault/sdk/helper/tokenutil
 github.com/hashicorp/vault/sdk/helper/kdf
 github.com/hashicorp/vault/sdk/plugin/mock
 # github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d