update codegen

Signed-off-by: cpanato <ctadeu@gmail.com>
sigstore · Jun 19, 2024 · 17cbb9d · 17cbb9d
1 parent 56b079d
commit 17cbb9d
Show file tree

Hide file tree

Showing 7 changed files with 105 additions and 53 deletions.
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/lifetime_watcher.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/lifetime_watcher.go
@@ -6,6 +6,7 @@ package api
 import (
 	"errors"
 	"math/rand"
+	"strings"
 	"sync"
 	"time"
 
@@ -31,6 +32,7 @@ var (
 	DefaultRenewerRenewBuffer = 5
 )
 
+//go:generate enumer -type=RenewBehavior -trimprefix=RenewBehavior
 type RenewBehavior uint
 
 const (
@@ -288,12 +290,18 @@ func (r *LifetimeWatcher) doRenewWithOptions(tokenMode bool, nonRenewable bool,
 		switch {
 		case nonRenewable || r.renewBehavior == RenewBehaviorRenewDisabled:
 			// Can't or won't renew, just keep the same expiration so we exit
-			// when it's reauthentication time
+			// when it's re-authentication time
 			remainingLeaseDuration = fallbackLeaseDuration
 
 		default:
 			// Renew the token
 			renewal, err = renew(credString, r.increment)
+			if err != nil && strings.Contains(err.Error(), "permission denied") {
+				// We can't renew since the token doesn't have permission to. Fall back
+				// to the code path for non-renewable tokens.
+				nonRenewable = true
+				continue
+			}
 			if err != nil || renewal == nil || (tokenMode && renewal.Auth == nil) {
 				if r.renewBehavior == RenewBehaviorErrorOnErrors {
 					if err != nil {
@@ -349,8 +357,11 @@ func (r *LifetimeWatcher) doRenewWithOptions(tokenMode bool, nonRenewable bool,
 
 		if errorBackoff == nil {
 			sleepDuration = r.calculateSleepDuration(remainingLeaseDuration, priorDuration)
-		} else if errorBackoff.NextBackOff() == backoff.Stop {
-			return err
+		} else {
+			sleepDuration = errorBackoff.NextBackOff()
+			if sleepDuration == backoff.Stop {
+				return err
+			}
 		}
 
 		// remainingLeaseDuration becomes the priorDuration for the next loop

diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/plugin_helpers.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/plugin_helpers.go
@@ -13,7 +13,8 @@ import (
 	"net/url"
 	"os"
 
-	"github.com/go-jose/go-jose/v3/jwt"
+	jose "github.com/go-jose/go-jose/v4"
+	"github.com/go-jose/go-jose/v4/jwt"
 	"github.com/hashicorp/errwrap"
 )
 
@@ -40,6 +41,11 @@ const (
 	// PluginUnwrapTokenEnv is the ENV name used to pass unwrap tokens to the
 	// plugin.
 	PluginUnwrapTokenEnv = "VAULT_UNWRAP_TOKEN"
+
+	// CubbyHoleJWTSignatureAlgorithm is the signature algorithm used for
+	// the unwrap token that Vault passes to a plugin when auto-mTLS is
+	// not enabled.
+	CubbyHoleJWTSignatureAlgorithm = jose.ES512
 )
 
 // PluginAPIClientMeta is a helper that plugins can use to configure TLS connections
@@ -102,7 +108,7 @@ func VaultPluginTLSProviderContext(ctx context.Context, apiTLSConfig *TLSConfig)
 	return func() (*tls.Config, error) {
 		unwrapToken := os.Getenv(PluginUnwrapTokenEnv)
 
-		parsedJWT, err := jwt.ParseSigned(unwrapToken)
+		parsedJWT, err := jwt.ParseSigned(unwrapToken, []jose.SignatureAlgorithm{CubbyHoleJWTSignatureAlgorithm})
 		if err != nil {
 			return nil, errwrap.Wrapf("error parsing wrapping token: {{err}}", err)
 		}

diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/plugin_runtime_types.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/plugin_runtime_types.go
@@ -9,11 +9,9 @@ package api
 
 import "fmt"
 
-var PluginRuntimeTypes = []PluginRuntimeType{
-	PluginRuntimeTypeUnsupported,
-	PluginRuntimeTypeContainer,
-}
+var PluginRuntimeTypes = _PluginRuntimeTypeValues
 
+//go:generate enumer -type=PluginRuntimeType -trimprefix=PluginRuntimeType -transform=snake
 type PluginRuntimeType uint32
 
 // This is a list of PluginRuntimeTypes used by Vault.
@@ -22,20 +20,11 @@ const (
 	PluginRuntimeTypeContainer
 )
 
-func (r PluginRuntimeType) String() string {
-	switch r {
-	case PluginRuntimeTypeContainer:
-		return "container"
-	default:
-		return "unsupported"
-	}
-}
-
+// ParsePluginRuntimeType is a wrapper around PluginRuntimeTypeString kept for backwards compatibility.
 func ParsePluginRuntimeType(PluginRuntimeType string) (PluginRuntimeType, error) {
-	switch PluginRuntimeType {
-	case "container":
-		return PluginRuntimeTypeContainer, nil
-	default:
+	t, err := PluginRuntimeTypeString(PluginRuntimeType)
+	if err != nil {
 		return PluginRuntimeTypeUnsupported, fmt.Errorf("%q is not a supported plugin runtime type", PluginRuntimeType)
 	}
+	return t, nil
 }
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/replication_status.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/replication_status.go
@@ -19,13 +19,14 @@ const (
 )
 
 type ClusterInfo struct {
-	APIAddr                     string `json:"api_address,omitempty" mapstructure:"api_address"`
-	ClusterAddress              string `json:"cluster_address,omitempty" mapstructure:"cluster_address"`
-	ConnectionStatus            string `json:"connection_status,omitempty" mapstructure:"connection_status"`
-	LastHeartBeat               string `json:"last_heartbeat,omitempty" mapstructure:"last_heartbeat"`
-	LastHeartBeatDurationMillis string `json:"last_heartbeat_duration_ms,omitempty" mapstructure:"last_heartbeat_duration_ms"`
-	ClockSkewMillis             string `json:"clock_skew_ms,omitempty" mapstructure:"clock_skew_ms"`
-	NodeID                      string `json:"node_id,omitempty" mapstructure:"node_id"`
+	APIAddr                           string `json:"api_address,omitempty" mapstructure:"api_address"`
+	ClusterAddress                    string `json:"cluster_address,omitempty" mapstructure:"cluster_address"`
+	ConnectionStatus                  string `json:"connection_status,omitempty" mapstructure:"connection_status"`
+	LastHeartBeat                     string `json:"last_heartbeat,omitempty" mapstructure:"last_heartbeat"`
+	LastHeartBeatDurationMillis       string `json:"last_heartbeat_duration_ms,omitempty" mapstructure:"last_heartbeat_duration_ms"`
+	ClockSkewMillis                   string `json:"clock_skew_ms,omitempty" mapstructure:"clock_skew_ms"`
+	NodeID                            string `json:"node_id,omitempty" mapstructure:"node_id"`
+	ReplicationPrimaryCanaryAgeMillis string `json:"replication_primary_canary_age_ms,omitempty" mapstructure:"replication_primary_canary_age_ms"`
 }
 
 type ReplicationStatusGenericResponse struct {

diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_hastatus.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_hastatus.go
@@ -35,14 +35,15 @@ type HAStatusResponse struct {
 }
 
 type HANode struct {
-	Hostname           string     `json:"hostname"`
-	APIAddress         string     `json:"api_address"`
-	ClusterAddress     string     `json:"cluster_address"`
-	ActiveNode         bool       `json:"active_node"`
-	LastEcho           *time.Time `json:"last_echo"`
-	EchoDurationMillis int64      `json:"echo_duration_ms"`
-	ClockSkewMillis    int64      `json:"clock_skew_ms"`
-	Version            string     `json:"version"`
-	UpgradeVersion     string     `json:"upgrade_version,omitempty"`
-	RedundancyZone     string     `json:"redundancy_zone,omitempty"`
+	Hostname                          string     `json:"hostname"`
+	APIAddress                        string     `json:"api_address"`
+	ClusterAddress                    string     `json:"cluster_address"`
+	ActiveNode                        bool       `json:"active_node"`
+	LastEcho                          *time.Time `json:"last_echo"`
+	EchoDurationMillis                int64      `json:"echo_duration_ms"`
+	ClockSkewMillis                   int64      `json:"clock_skew_ms"`
+	Version                           string     `json:"version"`
+	UpgradeVersion                    string     `json:"upgrade_version,omitempty"`
+	RedundancyZone                    string     `json:"redundancy_zone,omitempty"`
+	ReplicationPrimaryCanaryAgeMillis int64      `json:"replication_primary_canary_age_ms"`
 }
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_health.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_health.go
@@ -38,18 +38,19 @@ func (c *Sys) HealthWithContext(ctx context.Context) (*HealthResponse, error) {
 }
 
 type HealthResponse struct {
-	Initialized                bool   `json:"initialized"`
-	Sealed                     bool   `json:"sealed"`
-	Standby                    bool   `json:"standby"`
-	PerformanceStandby         bool   `json:"performance_standby"`
-	ReplicationPerformanceMode string `json:"replication_performance_mode"`
-	ReplicationDRMode          string `json:"replication_dr_mode"`
-	ServerTimeUTC              int64  `json:"server_time_utc"`
-	Version                    string `json:"version"`
-	ClusterName                string `json:"cluster_name,omitempty"`
-	ClusterID                  string `json:"cluster_id,omitempty"`
-	LastWAL                    uint64 `json:"last_wal,omitempty"`
-	Enterprise                 bool   `json:"enterprise"`
-	EchoDurationMillis         int64  `json:"echo_duration_ms"`
-	ClockSkewMillis            int64  `json:"clock_skew_ms"`
+	Initialized                       bool   `json:"initialized"`
+	Sealed                            bool   `json:"sealed"`
+	Standby                           bool   `json:"standby"`
+	PerformanceStandby                bool   `json:"performance_standby"`
+	ReplicationPerformanceMode        string `json:"replication_performance_mode"`
+	ReplicationDRMode                 string `json:"replication_dr_mode"`
+	ServerTimeUTC                     int64  `json:"server_time_utc"`
+	Version                           string `json:"version"`
+	ClusterName                       string `json:"cluster_name,omitempty"`
+	ClusterID                         string `json:"cluster_id,omitempty"`
+	LastWAL                           uint64 `json:"last_wal,omitempty"`
+	Enterprise                        bool   `json:"enterprise"`
+	EchoDurationMillis                int64  `json:"echo_duration_ms"`
+	ClockSkewMillis                   int64  `json:"clock_skew_ms"`
+	ReplicationPrimaryCanaryAgeMillis int64  `json:"replication_primary_canary_age_ms"`
 }
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_raft.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_raft.go
@@ -9,6 +9,7 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -100,6 +101,23 @@ type AutopilotState struct {
 	OptimisticFailureTolerance int                         `mapstructure:"optimistic_failure_tolerance,omitempty"`
 }
 
+func (a *AutopilotState) String() string {
+	var result string
+	result += fmt.Sprintf("Healthy: %t. FailureTolerance: %d. Leader: %s. OptimisticFailureTolerance: %d\n", a.Healthy, a.FailureTolerance, a.Leader, a.OptimisticFailureTolerance)
+	for _, s := range a.Servers {
+		result += fmt.Sprintf("Server: %s\n", s)
+	}
+	result += fmt.Sprintf("Voters: %v\n", a.Voters)
+	result += fmt.Sprintf("NonVoters: %v\n", a.NonVoters)
+
+	for name, zone := range a.RedundancyZones {
+		result += fmt.Sprintf("RedundancyZone %s: %s\n", name, &zone)
+	}
+
+	result += fmt.Sprintf("Upgrade: %s", a.Upgrade)
+	return result
+}
+
 // AutopilotServer represents the server blocks in the response of the raft
 // autopilot state API.
 type AutopilotServer struct {
@@ -119,12 +137,21 @@ type AutopilotServer struct {
 	NodeType       string `mapstructure:"node_type,omitempty"`
 }
 
+func (a *AutopilotServer) String() string {
+	return fmt.Sprintf("ID: %s. Name: %s. Address: %s. NodeStatus: %s. LastContact: %s. LastTerm: %d. LastIndex: %d. Healthy: %t. StableSince: %s. Status: %s. Version: %s. UpgradeVersion: %s. RedundancyZone: %s. NodeType: %s",
+		a.ID, a.Name, a.Address, a.NodeStatus, a.LastContact, a.LastTerm, a.LastIndex, a.Healthy, a.StableSince, a.Status, a.Version, a.UpgradeVersion, a.RedundancyZone, a.NodeType)
+}
+
 type AutopilotZone struct {
 	Servers          []string `mapstructure:"servers,omitempty"`
 	Voters           []string `mapstructure:"voters,omitempty"`
 	FailureTolerance int      `mapstructure:"failure_tolerance,omitempty"`
 }
 
+func (a *AutopilotZone) String() string {
+	return fmt.Sprintf("Servers: %v. Voters: %v. FailureTolerance: %d", a.Servers, a.Voters, a.FailureTolerance)
+}
+
 type AutopilotUpgrade struct {
 	Status                    string                                  `mapstructure:"status"`
 	TargetVersion             string                                  `mapstructure:"target_version,omitempty"`
@@ -137,13 +164,29 @@ type AutopilotUpgrade struct {
 	RedundancyZones           map[string]AutopilotZoneUpgradeVersions `mapstructure:"redundancy_zones,omitempty"`
 }
 
+func (a *AutopilotUpgrade) String() string {
+	result := fmt.Sprintf("Status: %s. TargetVersion: %s. TargetVersionVoters: %v. TargetVersionNonVoters: %v. TargetVersionReadReplicas: %v. OtherVersionVoters: %v. OtherVersionNonVoters: %v. OtherVersionReadReplicas: %v",
+		a.Status, a.TargetVersion, a.TargetVersionVoters, a.TargetVersionNonVoters, a.TargetVersionReadReplicas, a.OtherVersionVoters, a.OtherVersionNonVoters, a.OtherVersionReadReplicas)
+
+	for name, zone := range a.RedundancyZones {
+		result += fmt.Sprintf("Redundancy Zone %s: %s", name, zone)
+	}
+
+	return result
+}
+
 type AutopilotZoneUpgradeVersions struct {
 	TargetVersionVoters    []string `mapstructure:"target_version_voters,omitempty"`
 	TargetVersionNonVoters []string `mapstructure:"target_version_non_voters,omitempty"`
 	OtherVersionVoters     []string `mapstructure:"other_version_voters,omitempty"`
 	OtherVersionNonVoters  []string `mapstructure:"other_version_non_voters,omitempty"`
 }
 
+func (a *AutopilotZoneUpgradeVersions) String() string {
+	return fmt.Sprintf("TargetVersionVoters: %v. TargetVersionNonVoters: %v. OtherVersionVoters: %v. OtherVersionNonVoters: %v",
+		a.TargetVersionVoters, a.TargetVersionNonVoters, a.OtherVersionVoters, a.OtherVersionNonVoters)
+}
+
 // RaftJoin wraps RaftJoinWithContext using context.Background.
 func (c *Sys) RaftJoin(opts *RaftJoinRequest) (*RaftJoinResponse, error) {
 	return c.RaftJoinWithContext(context.Background(), opts)