diff --git a/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/chain.go b/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/chain.go new file mode 100644 index 0000000000..53a100b2c4 --- /dev/null +++ b/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/chain.go @@ -0,0 +1,34 @@ +package providers + +import ( + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth" +) + +type Provider interface { + Retrieve() (auth.Credential, error) +} + +// NewChainProvider will attempt to use its given providers in the order +// in which they're provided. It will return credentials for the first +// provider that doesn't return an error. +func NewChainProvider(providers []Provider) Provider { + return &ChainProvider{ + Providers: providers, + } +} + +type ChainProvider struct { + Providers []Provider +} + +func (p *ChainProvider) Retrieve() (auth.Credential, error) { + var lastErr error + for _, provider := range p.Providers { + creds, err := provider.Retrieve() + if err == nil { + return creds, nil + } + lastErr = err + } + return nil, lastErr +} diff --git a/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/configuration.go b/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/configuration.go new file mode 100644 index 0000000000..a205c286e3 --- /dev/null +++ b/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/configuration.go @@ -0,0 +1,62 @@ +package providers + +import ( + "errors" + + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth" + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials" +) + +var ( + ErrNoValidCredentialsFound = errors.New("no valid credentials were found") +) + +type Configuration struct { + AccessKeyID string + AccessKeySecret string + AccessKeyStsToken string + RoleArn string + RoleSessionName string + RoleSessionExpiration *int + PrivateKey string + PublicKeyID string + SessionExpiration *int + RoleName string +} + +func NewConfigurationCredentialProvider(configuration *Configuration) Provider { + return &ConfigurationProvider{ + Configuration: configuration, + } +} + +type ConfigurationProvider struct { + Configuration *Configuration +} + +// Retrieve walks through all currently supported credential types and attempts to build them +// using the given configuration. +func (p *ConfigurationProvider) Retrieve() (auth.Credential, error) { + + if p.Configuration.AccessKeyID != "" && p.Configuration.AccessKeySecret != "" { + + if p.Configuration.RoleArn != "" && p.Configuration.RoleSessionName != "" && p.Configuration.RoleSessionExpiration != nil { + return credentials.NewRamRoleArnCredential(p.Configuration.AccessKeyID, p.Configuration.AccessKeySecret, p.Configuration.RoleArn, p.Configuration.RoleSessionName, *p.Configuration.RoleSessionExpiration), nil + } + + if p.Configuration.AccessKeyStsToken != "" { + return credentials.NewStsTokenCredential(p.Configuration.AccessKeyID, p.Configuration.AccessKeySecret, p.Configuration.AccessKeyStsToken), nil + } + + return credentials.NewAccessKeyCredential(p.Configuration.AccessKeyID, p.Configuration.AccessKeySecret), nil + } + + if p.Configuration.RoleName != "" { + return credentials.NewEcsRamRoleCredential(p.Configuration.RoleName), nil + } + + if p.Configuration.PrivateKey != "" && p.Configuration.PublicKeyID != "" && p.Configuration.SessionExpiration != nil { + return credentials.NewRsaKeyPairCredential(p.Configuration.PrivateKey, p.Configuration.PublicKeyID, *p.Configuration.SessionExpiration), nil + } + return nil, ErrNoValidCredentialsFound +} diff --git a/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/env.go b/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/env.go new file mode 100644 index 0000000000..8f42c3df50 --- /dev/null +++ b/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/env.go @@ -0,0 +1,65 @@ +package providers + +import ( + "fmt" + "os" + "strconv" + + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth" +) + +const ( + EnvVarAccessKeyID = "ALICLOUD_ACCESS_KEY" + EnvVarAccessKeySecret = "ALICLOUD_SECRET_KEY" + EnvVarAccessKeyStsToken = "ALICLOUD_ACCESS_KEY_STS_TOKEN" + EnvVarRoleArn = "ALICLOUD_ROLE_ARN" + EnvVarRoleSessionName = "ALICLOUD_ROLE_SESSION_NAME" + EnvVarRoleSessionExpiration = "ALICLOUD_ROLE_SESSION_EXPIRATION" + EnvVarPrivateKey = "ALICLOUD_PRIVATE_KEY" + EnvVarPublicKeyID = "ALICLOUD_PUBLIC_KEY_ID" + EnvVarSessionExpiration = "ALICLOUD_SESSION_EXPIRATION" + EnvVarRoleName = "ALICLOUD_ROLE_NAME" +) + +func NewEnvCredentialProvider() Provider { + return &EnvProvider{} +} + +type EnvProvider struct{} + +func (p *EnvProvider) Retrieve() (auth.Credential, error) { + roleSessionExpiration, err := envVarToInt(EnvVarRoleSessionExpiration) + if err != nil { + return nil, err + } + sessionExpiration, err := envVarToInt(EnvVarSessionExpiration) + if err != nil { + return nil, err + } + c := &Configuration{ + AccessKeyID: os.Getenv(EnvVarAccessKeyID), + AccessKeySecret: os.Getenv(EnvVarAccessKeySecret), + AccessKeyStsToken: os.Getenv(EnvVarAccessKeyStsToken), + RoleArn: os.Getenv(EnvVarRoleArn), + RoleSessionName: os.Getenv(EnvVarRoleSessionName), + RoleSessionExpiration: &roleSessionExpiration, + PrivateKey: os.Getenv(EnvVarPrivateKey), + PublicKeyID: os.Getenv(EnvVarPublicKeyID), + SessionExpiration: &sessionExpiration, + RoleName: os.Getenv(EnvVarRoleName), + } + return NewConfigurationCredentialProvider(c).Retrieve() +} + +func envVarToInt(envVar string) (int, error) { + asInt := 0 + asStr := os.Getenv(envVar) + if asStr != "" { + if i, err := strconv.Atoi(asStr); err != nil { + return 0, fmt.Errorf("error parsing %s: %s", envVar, err) + } else { + asInt = i + } + } + return asInt, nil +} diff --git a/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/instance_metadata.go b/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/instance_metadata.go new file mode 100644 index 0000000000..446d003f6d --- /dev/null +++ b/vendor/github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers/instance_metadata.go @@ -0,0 +1,86 @@ +package providers + +import ( + "encoding/json" + "errors" + "fmt" + "io/ioutil" + "net/http" + + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth" + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials" +) + +var securityCredURL = "http://100.100.100.200/latest/meta-data/ram/security-credentials/" + +func NewInstanceMetadataProvider() Provider { + return &InstanceMetadataProvider{} +} + +type InstanceMetadataProvider struct { + RoleName string +} + +func (p *InstanceMetadataProvider) Retrieve() (auth.Credential, error) { + if p.RoleName == "" { + // Instances can have only one role name that never changes, + // so attempt to populate it. + // If this call is executed in an environment that doesn't support instance metadata, + // it will time out after 30 seconds and return an err. + resp, err := http.Get(securityCredURL) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + bodyBytes, _ := ioutil.ReadAll(resp.Body) + if resp.StatusCode != 200 { + return nil, fmt.Errorf("received %d getting role name: %s", resp.StatusCode, bodyBytes) + } + roleName := string(bodyBytes) + if roleName == "" { + return nil, errors.New("unable to retrieve role name, it may be unset") + } + p.RoleName = roleName + } + + resp, err := http.Get(securityCredURL + p.RoleName) + if err != nil { + return nil, err + } + defer resp.Body.Close() + + if resp.StatusCode != 200 { + return nil, fmt.Errorf("received %d getting security credentials for %s", resp.StatusCode, p.RoleName) + } + body := make(map[string]interface{}) + if err := json.NewDecoder(resp.Body).Decode(&body); err != nil { + return nil, err + } + + accessKeyID, err := extractString(body, "AccessKeyId") + if err != nil { + return nil, err + } + accessKeySecret, err := extractString(body, "AccessKeySecret") + if err != nil { + return nil, err + } + securityToken, err := extractString(body, "SecurityToken") + if err != nil { + return nil, err + } + return credentials.NewStsTokenCredential(accessKeyID, accessKeySecret, securityToken), nil +} + +func extractString(m map[string]interface{}, key string) (string, error) { + raw, ok := m[key] + if !ok { + return "", fmt.Errorf("%s not in %+v", key, m) + } + str, ok := raw.(string) + if !ok { + return "", fmt.Errorf("%s is not a string in %+v", key, m) + } + return str, nil +} diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/Gopkg.lock b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/Gopkg.lock index 9daae19a17..78c5a5f688 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/Gopkg.lock +++ b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/Gopkg.lock @@ -15,12 +15,13 @@ version = "1.1" [[projects]] - digest = "1:73d72ad4ed3ffc0ae85442ff1ce0884423efa6c666566c13d90d75242a038f85" + digest = "1:cde027e8bb29425770dd8ddc87789e0139f2dc53a80e248c8d6a0698c7e3f0bc" name = "github.com/aliyun/alibaba-cloud-sdk-go" packages = [ "sdk", "sdk/auth", "sdk/auth/credentials", + "sdk/auth/credentials/providers", "sdk/auth/signers", "sdk/endpoints", "sdk/errors", @@ -30,8 +31,8 @@ "services/sts", ] pruneopts = "UT" - revision = "0e5371c0881225da7ef9f41ca50402a025eddd93" - version = "1.25.5" + revision = "ef9535c490beb6b59620d93f6c7ba88e9b3b1ad0" + version = "1.26.2" [[projects]] branch = "master" @@ -406,7 +407,8 @@ analyzer-version = 1 input-imports = [ "github.com/aliyun/alibaba-cloud-sdk-go/sdk", - "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials", + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth", + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers", "github.com/aliyun/alibaba-cloud-sdk-go/sdk/endpoints", "github.com/aliyun/alibaba-cloud-sdk-go/services/sts", "github.com/hashicorp/errwrap", diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/README.md b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/README.md index 91be81f541..49df877c46 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/README.md +++ b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/README.md @@ -1,4 +1,4 @@ -# Vault Plugin: AliCloud Auth Backend +# Vault Plugin: AliCloud Auth Backend [![Build Status](https://travis-ci.org/hashicorp/vault-plugin-auth-alicloud.svg?branch=master)](https://travis-ci.org/hashicorp/vault-plugin-auth-alicloud) This is a standalone backend plugin for use with [Hashicorp Vault](https://www.github.com/hashicorp/vault). This plugin allows authentication to Vault using Resource Access Management (RAM). @@ -124,4 +124,4 @@ You can also specify a `TESTARGS` variable to filter tests like so: ```sh $ make test TESTARGS='--run=TestConfig' -``` \ No newline at end of file +``` diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/cli.go b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/cli.go index 4b9d8c35c0..a52630ea28 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/cli.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/cli.go @@ -5,6 +5,7 @@ import ( "fmt" "strings" + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers" "github.com/hashicorp/vault-plugin-auth-alicloud/tools" "github.com/hashicorp/vault/api" ) @@ -18,12 +19,25 @@ func (h *CLIHandler) Auth(c *api.Client, m map[string]string) (*api.Secret, erro } role := m["role"] - loginData, err := tools.GenerateLoginData(m["access_key"], m["secret_key"], m["security_token"], m["region"]) + credentialChain := []providers.Provider{ + providers.NewConfigurationCredentialProvider(&providers.Configuration{ + AccessKeyID: m["access_key"], + AccessKeySecret: m["secret_key"], + AccessKeyStsToken: m["security_token"], + }), + providers.NewEnvCredentialProvider(), + providers.NewInstanceMetadataProvider(), + } + creds, err := providers.NewChainProvider(credentialChain).Retrieve() + if err != nil { + return nil, err + } + + loginData, err := tools.GenerateLoginData(role, creds, m["region"]) if err != nil { return nil, err } - loginData["role"] = role path := fmt.Sprintf("auth/%s/login", mount) secret, err := c.Logical().Write(path, loginData) diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/tools/tools.go b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/tools/tools.go index 552932ad42..72b9a5d4c4 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/tools/tools.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-alicloud/tools/tools.go @@ -8,14 +8,15 @@ import ( "net/url" "github.com/aliyun/alibaba-cloud-sdk-go/sdk" - "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials" + "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth" "github.com/aliyun/alibaba-cloud-sdk-go/services/sts" ) -// Generates the necessary data to send to the Vault server for generating a token -// This is useful for other API clients to use -func GenerateLoginData(accessKeyID, accessKeySecret, securityToken, region string) (map[string]interface{}, error) { - creds := credentials.NewStsTokenCredential(accessKeyID, accessKeySecret, securityToken) +// Generates the necessary data to send to the Vault server for generating a token. +// This is useful for other API clients to use. +// If "" is passed in for accessKeyID, accessKeySecret, and securityToken, +// attempts to use credentials set as env vars or available through instance metadata. +func GenerateLoginData(role string, creds auth.Credential, region string) (map[string]interface{}, error) { config := sdk.NewConfig() @@ -51,6 +52,7 @@ func GenerateLoginData(accessKeyID, accessKeySecret, securityToken, region strin } headers := base64.StdEncoding.EncodeToString(b) return map[string]interface{}{ + "role": role, "identity_request_url": u, "identity_request_headers": headers, }, nil diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go index 353cc7cf0e..5561dcc3ba 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-gcp/plugin/path_login.go @@ -9,6 +9,7 @@ import ( "time" "github.com/SermoDigital/jose/jws" + "github.com/hashicorp/errwrap" "github.com/hashicorp/go-gcp-common/gcputil" "github.com/hashicorp/vault/helper/policyutil" "github.com/hashicorp/vault/helper/strutil" @@ -217,7 +218,9 @@ func (b *GcpAuthBackend) getSigningKey(ctx context.Context, token *jwt.JSONWebTo // Attempt to get a normal Google Oauth cert in case of GCE inferrence. key, err := b.getGoogleOauthCert(ctx, keyId, s) if err != nil { - return nil, errors.New("could not find service account key or Google Oauth cert with given 'kid' id") + return nil, errwrap.Wrapf( + fmt.Sprintf("could not find service account key or Google Oauth cert with given 'kid' id %s: {{err}}", keyId), + err) } return key, nil } diff --git a/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go b/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go index 15c291bc69..595de420c5 100644 --- a/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go +++ b/vendor/github.com/hashicorp/vault-plugin-auth-jwt/path_login.go @@ -114,6 +114,10 @@ func (b *jwtAuthBackend) pathLogin(ctx context.Context, req *logical.Request, d } } + if len(claims.Audience) > 0 && len(role.BoundAudiences) == 0 { + return logical.ErrorResponse("audience claim found in JWT but no audiences bound to the role"), nil + } + expected := jwt.Expected{ Issuer: config.BoundIssuer, Subject: role.BoundSubject, diff --git a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources_generated.go b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources_generated.go index 54dc458581..9e6c1d1a78 100644 --- a/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources_generated.go +++ b/vendor/github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil/iam_resources_generated.go @@ -191,12 +191,12 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ GetMethod: RestMethod{ HttpMethod: "POST", BaseURL: "https://cloudresourcemanager.googleapis.com/", - Path: "v2beta1/{+resource}:getIamPolicy", + Path: "v2/{+resource}:getIamPolicy", }, SetMethod: RestMethod{ HttpMethod: "POST", BaseURL: "https://cloudresourcemanager.googleapis.com/", - Path: "v2beta1/{+resource}:setIamPolicy", + Path: "v2/{+resource}:setIamPolicy", RequestFormat: `{"policy": %s}`, }, }, @@ -289,6 +289,27 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ }, }, }, + "iap": { + "v1beta1": IamRestResource{ + Name: "iap_web", + TypeKey: "projects", + Service: "iap", + IsPreferredVersion: true, + Parameters: []string{"resource"}, + CollectionReplacementKeys: map[string]string{}, + GetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://iap.googleapis.com/", + Path: "v1beta1/{+resource}:getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://iap.googleapis.com/", + Path: "v1beta1/{+resource}:setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, + }, }, "projects/backendBuckets": { "compute": { @@ -360,7 +381,7 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ HttpMethod: "POST", BaseURL: "https://www.googleapis.com/deploymentmanager/alpha/projects/", Path: "{project}/global/deployments/{resource}/setIamPolicy", - RequestFormat: `%s`, + RequestFormat: `{"policy": %s}`, }, }, "v2": IamRestResource{ @@ -382,7 +403,7 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ HttpMethod: "POST", BaseURL: "https://www.googleapis.com/deploymentmanager/v2/projects/", Path: "{project}/global/deployments/{resource}/setIamPolicy", - RequestFormat: `%s`, + RequestFormat: `{"policy": %s}`, }, }, "v2beta": IamRestResource{ @@ -404,7 +425,7 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ HttpMethod: "POST", BaseURL: "https://www.googleapis.com/deploymentmanager/v2beta/projects/", Path: "{project}/global/deployments/{resource}/setIamPolicy", - RequestFormat: `%s`, + RequestFormat: `{"policy": %s}`, }, }, }, @@ -433,6 +454,76 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ RequestFormat: `{"policy": %s}`, }, }, + "beta": IamRestResource{ + Name: "images", + TypeKey: "projects/images", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "resource"}, + CollectionReplacementKeys: map[string]string{ + "images": "resource", + "projects": "project", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/global/images/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/global/images/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, + }, + }, + "projects/instanceTemplates": { + "compute": { + "alpha": IamRestResource{ + Name: "instanceTemplates", + TypeKey: "projects/instanceTemplates", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "resource"}, + CollectionReplacementKeys: map[string]string{ + "instanceTemplates": "resource", + "projects": "project", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/alpha/projects/", + Path: "{project}/global/instanceTemplates/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/alpha/projects/", + Path: "{project}/global/instanceTemplates/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, + "beta": IamRestResource{ + Name: "instanceTemplates", + TypeKey: "projects/instanceTemplates", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "resource"}, + CollectionReplacementKeys: map[string]string{ + "instanceTemplates": "resource", + "projects": "project", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/global/instanceTemplates/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/global/instanceTemplates/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, }, }, "projects/instances": { @@ -651,6 +742,29 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ }, }, }, + "projects/locations/registries/groups": { + "cloudiot": { + "v1": IamRestResource{ + Name: "groups", + TypeKey: "projects/locations/registries/groups", + Service: "cloudiot", + IsPreferredVersion: true, + Parameters: []string{"resource"}, + CollectionReplacementKeys: map[string]string{}, + GetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://cloudiot.googleapis.com/", + Path: "v1/{+resource}:getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://cloudiot.googleapis.com/", + Path: "v1/{+resource}:setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, + }, + }, "projects/locations/workflowTemplates": { "dataproc": { "v1beta2": IamRestResource{ @@ -772,6 +886,29 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ RequestFormat: `{"policy": %s}`, }, }, + "beta": IamRestResource{ + Name: "nodeTemplates", + TypeKey: "projects/regions/nodeTemplates", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "region", "resource"}, + CollectionReplacementKeys: map[string]string{ + "nodeTemplates": "resource", + "projects": "project", + "regions": "region", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/regions/{region}/nodeTemplates/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/regions/{region}/nodeTemplates/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, }, }, "projects/regions/operations": { @@ -797,6 +934,33 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ }, }, }, + "projects/regions/resourcePolicies": { + "compute": { + "alpha": IamRestResource{ + Name: "resourcePolicies", + TypeKey: "projects/regions/resourcePolicies", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "region", "resource"}, + CollectionReplacementKeys: map[string]string{ + "projects": "project", + "regions": "region", + "resourcePolicies": "resource", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/alpha/projects/", + Path: "{project}/regions/{region}/resourcePolicies/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/alpha/projects/", + Path: "{project}/regions/{region}/resourcePolicies/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, + }, + }, "projects/regions/subnetworks": { "compute": { "alpha": IamRestResource{ @@ -916,6 +1080,52 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ }, }, }, + "projects/services": { + "iap": { + "v1beta1": IamRestResource{ + Name: "services", + TypeKey: "projects/services", + Service: "iap", + IsPreferredVersion: true, + Parameters: []string{"resource"}, + CollectionReplacementKeys: map[string]string{}, + GetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://iap.googleapis.com/", + Path: "v1beta1/{+resource}:getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://iap.googleapis.com/", + Path: "v1beta1/{+resource}:setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, + }, + }, + "projects/services/versions": { + "iap": { + "v1beta1": IamRestResource{ + Name: "versions", + TypeKey: "projects/services/versions", + Service: "iap", + IsPreferredVersion: true, + Parameters: []string{"resource"}, + CollectionReplacementKeys: map[string]string{}, + GetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://iap.googleapis.com/", + Path: "v1beta1/{+resource}:getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://iap.googleapis.com/", + Path: "v1beta1/{+resource}:setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, + }, + }, "projects/snapshots": { "compute": { "alpha": IamRestResource{ @@ -940,6 +1150,28 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ RequestFormat: `{"policy": %s}`, }, }, + "beta": IamRestResource{ + Name: "snapshots", + TypeKey: "projects/snapshots", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "resource"}, + CollectionReplacementKeys: map[string]string{ + "projects": "project", + "snapshots": "resource", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/global/snapshots/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/global/snapshots/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, }, "pubsub": { "v1": IamRestResource{ @@ -1047,6 +1279,33 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ }, }, }, + "projects/zones/allocations": { + "compute": { + "alpha": IamRestResource{ + Name: "allocations", + TypeKey: "projects/zones/allocations", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "zone", "resource"}, + CollectionReplacementKeys: map[string]string{ + "allocations": "resource", + "projects": "project", + "zones": "zone", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/alpha/projects/", + Path: "{project}/zones/{zone}/allocations/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/alpha/projects/", + Path: "{project}/zones/{zone}/allocations/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, + }, + }, "projects/zones/disks": { "compute": { "alpha": IamRestResource{ @@ -1072,30 +1331,26 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ RequestFormat: `{"policy": %s}`, }, }, - }, - }, - "projects/zones/hosts": { - "compute": { - "alpha": IamRestResource{ - Name: "hosts", - TypeKey: "projects/zones/hosts", + "beta": IamRestResource{ + Name: "disks", + TypeKey: "projects/zones/disks", Service: "compute", IsPreferredVersion: false, Parameters: []string{"project", "zone", "resource"}, CollectionReplacementKeys: map[string]string{ - "hosts": "resource", + "disks": "resource", "projects": "project", "zones": "zone", }, GetMethod: RestMethod{ HttpMethod: "GET", - BaseURL: "https://www.googleapis.com/compute/alpha/projects/", - Path: "{project}/zones/{zone}/hosts/{resource}/getIamPolicy", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/zones/{zone}/disks/{resource}/getIamPolicy", }, SetMethod: RestMethod{ HttpMethod: "POST", - BaseURL: "https://www.googleapis.com/compute/alpha/projects/", - Path: "{project}/zones/{zone}/hosts/{resource}/setIamPolicy", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/zones/{zone}/disks/{resource}/setIamPolicy", RequestFormat: `{"policy": %s}`, }, }, @@ -1126,6 +1381,29 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ RequestFormat: `{"policy": %s}`, }, }, + "beta": IamRestResource{ + Name: "instances", + TypeKey: "projects/zones/instances", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "zone", "resource"}, + CollectionReplacementKeys: map[string]string{ + "instances": "resource", + "projects": "project", + "zones": "zone", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/zones/{zone}/instances/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/zones/{zone}/instances/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, }, }, "projects/zones/nodeGroups": { @@ -1153,6 +1431,29 @@ var generatedIamResources = map[string]map[string]map[string]IamRestResource{ RequestFormat: `{"policy": %s}`, }, }, + "beta": IamRestResource{ + Name: "nodeGroups", + TypeKey: "projects/zones/nodeGroups", + Service: "compute", + IsPreferredVersion: false, + Parameters: []string{"project", "zone", "resource"}, + CollectionReplacementKeys: map[string]string{ + "nodeGroups": "resource", + "projects": "project", + "zones": "zone", + }, + GetMethod: RestMethod{ + HttpMethod: "GET", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/zones/{zone}/nodeGroups/{resource}/getIamPolicy", + }, + SetMethod: RestMethod{ + HttpMethod: "POST", + BaseURL: "https://www.googleapis.com/compute/beta/projects/", + Path: "{project}/zones/{zone}/nodeGroups/{resource}/setIamPolicy", + RequestFormat: `{"policy": %s}`, + }, + }, }, }, "services": { diff --git a/vendor/vendor.json b/vendor/vendor.json index 9a9bc56e03..20256925cf 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -276,6 +276,12 @@ "revision": "ef9535c490beb6b59620d93f6c7ba88e9b3b1ad0", "revisionTime": "2018-08-22T15:14:34Z" }, + { + "checksumSHA1": "Lbc1eCpbtMykOp4hEFoER5XU8Ds=", + "path": "github.com/aliyun/alibaba-cloud-sdk-go/sdk/auth/credentials/providers", + "revision": "e63e5962c8d71461c87a9236319569cda2237d98", + "revisionTime": "2018-08-27T12:30:37Z" + }, { "checksumSHA1": "/qgQnVuKg8C8p1Wh2KXdTKMBr5c=", "path": "github.com/aliyun/alibaba-cloud-sdk-go/sdk/endpoints", @@ -1345,16 +1351,16 @@ "revisionTime": "2018-05-30T15:59:58Z" }, { - "checksumSHA1": "YfqomSqF4w9VSXlE0fIuXHLY1fc=", + "checksumSHA1": "76udfjuAEmd4JFZP8LhTLTKZ6gk=", "path": "github.com/hashicorp/vault-plugin-auth-alicloud", - "revision": "aec43c9721368e8a28bfac4ad3b450d4c77efce3", - "revisionTime": "2018-08-16T20:09:44Z" + "revision": "90acf238c385792939aade0286fcb941d9899435", + "revisionTime": "2018-08-22T21:26:04Z" }, { - "checksumSHA1": "KyRLlVNKvvjYWXqDxi478EBUEMY=", + "checksumSHA1": "xdrSQoX7B7Hr4iWm9T2+5wHVpHQ=", "path": "github.com/hashicorp/vault-plugin-auth-alicloud/tools", - "revision": "aec43c9721368e8a28bfac4ad3b450d4c77efce3", - "revisionTime": "2018-08-16T20:09:44Z" + "revision": "90acf238c385792939aade0286fcb941d9899435", + "revisionTime": "2018-08-22T21:26:04Z" }, { "checksumSHA1": "ojr0r/jmutGEhftDXiHthCCwpIA=", @@ -1369,16 +1375,16 @@ "revisionTime": "2018-08-16T20:11:31Z" }, { - "checksumSHA1": "JUXORFc1mMn3GR1Jbd/yTbThB1w=", + "checksumSHA1": "DezgN3BHtzu7NO6tiTHaWc3YTkg=", "path": "github.com/hashicorp/vault-plugin-auth-gcp/plugin", - "revision": "1d90f74b1b8af3b05b88ee465ea5624a60cd18d9", - "revisionTime": "2018-08-16T20:13:19Z" + "revision": "a00186a9031fc8db194e9b6002eed76db0ded90c", + "revisionTime": "2018-08-27T19:24:31Z" }, { - "checksumSHA1": "9xYGzwnImQsjRCHPOHd4/c3rSRU=", + "checksumSHA1": "YFH1mRVe/J2zVQ0myuWRDrv5BxQ=", "path": "github.com/hashicorp/vault-plugin-auth-jwt", - "revision": "7f5b553d68478cb0e60a99c384cfb1cb113c3e34", - "revisionTime": "2018-08-16T20:14:11Z" + "revision": "fb9c940ad0ebccbd4dcaeed816bc1e6e6a4744f3", + "revisionTime": "2018-08-21T19:10:38Z" }, { "checksumSHA1": "hrJZzU9iG2ixRu2hOdPgN7wa48c=", @@ -1389,20 +1395,20 @@ { "checksumSHA1": "pNERL2s72vwnApekzTLxGsvkyNU=", "path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin", - "revision": "8c6b5413b569441491d04dcb798a9eb16e28cd22", - "revisionTime": "2018-08-16T20:17:55Z" + "revision": "d8a0991deac4006068826a99b82d8274aa119161", + "revisionTime": "2018-08-20T22:27:10Z" }, { "checksumSHA1": "GOxdFElG31lXWgKFG9aqpDcG47M=", "path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin/client", - "revision": "8c6b5413b569441491d04dcb798a9eb16e28cd22", - "revisionTime": "2018-08-16T20:17:55Z" + "revision": "d8a0991deac4006068826a99b82d8274aa119161", + "revisionTime": "2018-08-20T22:27:10Z" }, { "checksumSHA1": "RaH2xTkjaToCk+RoPhap7I66ibo=", "path": "github.com/hashicorp/vault-plugin-secrets-ad/plugin/util", - "revision": "8c6b5413b569441491d04dcb798a9eb16e28cd22", - "revisionTime": "2018-08-16T20:17:55Z" + "revision": "d8a0991deac4006068826a99b82d8274aa119161", + "revisionTime": "2018-08-20T22:27:10Z" }, { "checksumSHA1": "fTT9z8zhrp0abUWgB326BeEWFbI=", @@ -1413,23 +1419,23 @@ { "checksumSHA1": "zkmWfxanMFQXWQIAboXj/jqF12g=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin", - "revision": "68d42fd7e379030c1de3b86840fad7950b926eab", - "revisionTime": "2018-08-16T20:19:41Z" + "revision": "ba74744a1fcfcd9c5f3635571a0734e6a13ce349", + "revisionTime": "2018-08-17T20:56:55Z" }, { - "checksumSHA1": "Dmpy+AguiGWfVg43Me5HB3+eDsk=", + "checksumSHA1": "zwKMP2eBB2fKeOXMf0afsbw1bS0=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/iamutil", - "revision": "68d42fd7e379030c1de3b86840fad7950b926eab", - "revisionTime": "2018-08-16T20:19:41Z" + "revision": "ba74744a1fcfcd9c5f3635571a0734e6a13ce349", + "revisionTime": "2018-08-17T20:56:55Z" }, { "checksumSHA1": "81kYL49zTBoj1NYczxB2Xbr2d6Y=", "path": "github.com/hashicorp/vault-plugin-secrets-gcp/plugin/util", - "revision": "68d42fd7e379030c1de3b86840fad7950b926eab", - "revisionTime": "2018-08-16T20:19:41Z" + "revision": "ba74744a1fcfcd9c5f3635571a0734e6a13ce349", + "revisionTime": "2018-08-17T20:56:55Z" }, { - "checksumSHA1": "52hRfCsr1X3d+JAkqPazeVRmJA4=", + "checksumSHA1": "FkppDRdkWTF4Ry+olqZT8L0Stb8=", "path": "github.com/hashicorp/vault-plugin-secrets-kv", "revision": "5a464a61f7def5e5688e5c77b60d1a655d11a633", "revisionTime": "2018-08-25T21:53:24Z"