diff --git a/agent/connect/ca/mock_Provider.go b/agent/connect/ca/mock_Provider.go index 3bc5f4c46c..1cf77c2e34 100644 --- a/agent/connect/ca/mock_Provider.go +++ b/agent/connect/ca/mock_Provider.go @@ -69,13 +69,13 @@ func (_m *MockProvider) Cleanup() error { return r0 } -// Configure provides a mock function with given fields: clusterID, isRoot, rawConfig, state -func (_m *MockProvider) Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}, state map[string]string) error { - ret := _m.Called(clusterID, isRoot, rawConfig, state) +// Configure provides a mock function with given fields: cfg +func (_m *MockProvider) Configure(cfg ProviderConfig) error { + ret := _m.Called(cfg) var r0 error - if rf, ok := ret.Get(0).(func(string, bool, map[string]interface{}, map[string]string) error); ok { - r0 = rf(clusterID, isRoot, rawConfig, state) + if rf, ok := ret.Get(0).(func(ProviderConfig) error); ok { + r0 = rf(cfg) } else { r0 = ret.Error(0) } diff --git a/agent/connect/ca/plugin/client.go b/agent/connect/ca/plugin/client.go deleted file mode 100644 index 1cdc25c6eb..0000000000 --- a/agent/connect/ca/plugin/client.go +++ /dev/null @@ -1,18 +0,0 @@ -package plugin - -import ( - "github.com/hashicorp/go-plugin" -) - -// ClientConfig returns a base *plugin.ClientConfig that is configured to -// be able to dispense CA provider plugins. The returned value should be -// modified with additional options prior to execution (such as Cmd, Managed, -// etc.) -func ClientConfig() *plugin.ClientConfig { - return &plugin.ClientConfig{ - HandshakeConfig: handshakeConfig, - Plugins: map[string]plugin.Plugin{ - Name: &ProviderPlugin{}, - }, - } -} diff --git a/agent/connect/ca/plugin/plugin.go b/agent/connect/ca/plugin/plugin.go deleted file mode 100644 index 1e32bda602..0000000000 --- a/agent/connect/ca/plugin/plugin.go +++ /dev/null @@ -1,41 +0,0 @@ -package plugin - -import ( - "context" - "net/rpc" - - "github.com/hashicorp/consul/agent/connect/ca" - "github.com/hashicorp/go-plugin" - "google.golang.org/grpc" -) - -// ProviderPlugin implements plugin.Plugin for initializing a plugin -// server and client for both net/rpc and gRPC. -type ProviderPlugin struct { - Impl ca.Provider -} - -func (p ProviderPlugin) Server(*plugin.MuxBroker) (interface{}, error) { - return &providerPluginRPCServer{impl: p.Impl}, nil -} - -func (ProviderPlugin) Client(b *plugin.MuxBroker, c *rpc.Client) (interface{}, error) { - return &providerPluginRPCClient{client: c}, nil -} - -func (p ProviderPlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { - RegisterCAServer(s, &providerPluginGRPCServer{impl: p.Impl}) - return nil -} - -func (ProviderPlugin) GRPCClient(doneCtx context.Context, _ *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { - return &providerPluginGRPCClient{ - client: NewCAClient(c), - clientConn: c, - doneCtx: doneCtx, - }, nil -} - -// Verification -var _ plugin.Plugin = ProviderPlugin{} -var _ plugin.GRPCPlugin = ProviderPlugin{} diff --git a/agent/connect/ca/plugin/plugin_test.go b/agent/connect/ca/plugin/plugin_test.go deleted file mode 100644 index 18c4d9463b..0000000000 --- a/agent/connect/ca/plugin/plugin_test.go +++ /dev/null @@ -1,316 +0,0 @@ -package plugin - -import ( - "crypto/x509" - "encoding/pem" - "errors" - "testing" - - "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/connect/ca" - "github.com/hashicorp/go-plugin" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" -) - -func TestProvider_Configure(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Basic configure - m.On("Configure", "foo", false, map[string]interface{}{ - "string": "bar", - "number": float64(42), // because json - }, map[string]string{ - "foo": "bar", - }).Once().Return(nil) - require.NoError(p.Configure("foo", false, map[string]interface{}{ - "string": "bar", - "number": float64(42), - }, map[string]string{ - "foo": "bar", - })) - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("Configure", "foo", false, map[string]interface{}{}, map[string]string{}). - Once().Return(errors.New("hello world")) - err := p.Configure("foo", false, map[string]interface{}{}, map[string]string{}) - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_GenerateRoot(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("GenerateRoot").Once().Return(nil) - require.NoError(p.GenerateRoot()) - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("GenerateRoot").Once().Return(errors.New("hello world")) - err := p.GenerateRoot() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_ActiveRoot(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("ActiveRoot").Once().Return("foo", nil) - actual, err := p.ActiveRoot() - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("ActiveRoot").Once().Return("", errors.New("hello world")) - actual, err = p.ActiveRoot() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_GenerateIntermediateCSR(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("GenerateIntermediateCSR").Once().Return("foo", nil) - actual, err := p.GenerateIntermediateCSR() - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("GenerateIntermediateCSR").Once().Return("", errors.New("hello world")) - actual, err = p.GenerateIntermediateCSR() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_SetIntermediate(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("SetIntermediate", "foo", "bar").Once().Return(nil) - err := p.SetIntermediate("foo", "bar") - require.NoError(err) - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("SetIntermediate", "foo", "bar").Once().Return(errors.New("hello world")) - err = p.SetIntermediate("foo", "bar") - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_ActiveIntermediate(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("ActiveIntermediate").Once().Return("foo", nil) - actual, err := p.ActiveIntermediate() - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("ActiveIntermediate").Once().Return("", errors.New("hello world")) - actual, err = p.ActiveIntermediate() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_GenerateIntermediate(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("GenerateIntermediate").Once().Return("foo", nil) - actual, err := p.GenerateIntermediate() - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("GenerateIntermediate").Once().Return("", errors.New("hello world")) - actual, err = p.GenerateIntermediate() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_Sign(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Create a CSR - csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) - block, _ := pem.Decode([]byte(csrPEM)) - csr, err := x509.ParseCertificateRequest(block.Bytes) - require.NoError(err) - require.NoError(csr.CheckSignature()) - - // No error - m.On("Sign", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { - csr := args.Get(0).(*x509.CertificateRequest) - require.NoError(csr.CheckSignature()) - }) - actual, err := p.Sign(csr) - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("Sign", mock.Anything).Once().Return("", errors.New("hello world")) - actual, err = p.Sign(csr) - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_SignIntermediate(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Create a CSR - csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) - block, _ := pem.Decode([]byte(csrPEM)) - csr, err := x509.ParseCertificateRequest(block.Bytes) - require.NoError(err) - require.NoError(csr.CheckSignature()) - - // No error - m.On("SignIntermediate", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { - csr := args.Get(0).(*x509.CertificateRequest) - require.NoError(csr.CheckSignature()) - }) - actual, err := p.SignIntermediate(csr) - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("SignIntermediate", mock.Anything).Once().Return("", errors.New("hello world")) - actual, err = p.SignIntermediate(csr) - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_CrossSignCA(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Create a CSR - root := connect.TestCA(t, nil) - block, _ := pem.Decode([]byte(root.RootCert)) - crt, err := x509.ParseCertificate(block.Bytes) - require.NoError(err) - - // No error - m.On("CrossSignCA", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { - actual := args.Get(0).(*x509.Certificate) - require.True(crt.Equal(actual)) - }) - actual, err := p.CrossSignCA(crt) - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("CrossSignCA", mock.Anything).Once().Return("", errors.New("hello world")) - actual, err = p.CrossSignCA(crt) - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_Cleanup(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("Cleanup").Once().Return(nil) - require.NoError(p.Cleanup()) - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("Cleanup").Once().Return(errors.New("hello world")) - err := p.Cleanup() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -// testPlugin runs the given test function callback for all supported -// transports of the plugin RPC layer. -func testPlugin(t *testing.T, f func(t *testing.T, m *ca.MockProvider, actual ca.Provider)) { - t.Run("net/rpc", func(t *testing.T) { - // Create a mock provider - mockP := new(ca.MockProvider) - client, _ := plugin.TestPluginRPCConn(t, map[string]plugin.Plugin{ - Name: &ProviderPlugin{Impl: mockP}, - }, nil) - defer client.Close() - - // Request the provider - raw, err := client.Dispense(Name) - require.NoError(t, err) - provider := raw.(ca.Provider) - - // Call the test function - f(t, mockP, provider) - }) - - t.Run("gRPC", func(t *testing.T) { - // Create a mock provider - mockP := new(ca.MockProvider) - client, _ := plugin.TestPluginGRPCConn(t, map[string]plugin.Plugin{ - Name: &ProviderPlugin{Impl: mockP}, - }) - defer client.Close() - - // Request the provider - raw, err := client.Dispense(Name) - require.NoError(t, err) - provider := raw.(ca.Provider) - - // Call the test function - f(t, mockP, provider) - }) -} diff --git a/agent/connect/ca/plugin/provider.pb.binary.go b/agent/connect/ca/plugin/provider.pb.binary.go deleted file mode 100644 index d188bff36a..0000000000 --- a/agent/connect/ca/plugin/provider.pb.binary.go +++ /dev/null @@ -1,158 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: provider.proto - -package plugin - -import ( - "github.com/golang/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ConfigureRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ConfigureRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SetIntermediateRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SetIntermediateRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SignRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SignRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SignIntermediateRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SignIntermediateRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *CrossSignCARequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *CrossSignCARequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *StateResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *StateResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ActiveRootResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ActiveRootResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *GenerateIntermediateCSRResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *GenerateIntermediateCSRResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ActiveIntermediateResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ActiveIntermediateResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *GenerateIntermediateResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *GenerateIntermediateResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SignResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SignResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SignIntermediateResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SignIntermediateResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *CrossSignCAResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *CrossSignCAResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *BoolResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *BoolResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *Empty) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *Empty) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/agent/connect/ca/plugin/provider.pb.go b/agent/connect/ca/plugin/provider.pb.go deleted file mode 100644 index 0bd4fcb4c7..0000000000 --- a/agent/connect/ca/plugin/provider.pb.go +++ /dev/null @@ -1,3473 +0,0 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: provider.proto - -package plugin - -import ( - context "context" - fmt "fmt" - proto "github.com/golang/protobuf/proto" - grpc "google.golang.org/grpc" - io "io" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package - -type ConfigureRequest struct { - ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` - IsRoot bool `protobuf:"varint,2,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"` - Config []byte `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"` - State []byte `protobuf:"bytes,4,opt,name=state,proto3" json:"state,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ConfigureRequest) Reset() { *m = ConfigureRequest{} } -func (m *ConfigureRequest) String() string { return proto.CompactTextString(m) } -func (*ConfigureRequest) ProtoMessage() {} -func (*ConfigureRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{0} -} -func (m *ConfigureRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ConfigureRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ConfigureRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ConfigureRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_ConfigureRequest.Merge(m, src) -} -func (m *ConfigureRequest) XXX_Size() int { - return m.Size() -} -func (m *ConfigureRequest) XXX_DiscardUnknown() { - xxx_messageInfo_ConfigureRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_ConfigureRequest proto.InternalMessageInfo - -func (m *ConfigureRequest) GetClusterId() string { - if m != nil { - return m.ClusterId - } - return "" -} - -func (m *ConfigureRequest) GetIsRoot() bool { - if m != nil { - return m.IsRoot - } - return false -} - -func (m *ConfigureRequest) GetConfig() []byte { - if m != nil { - return m.Config - } - return nil -} - -func (m *ConfigureRequest) GetState() []byte { - if m != nil { - return m.State - } - return nil -} - -type SetIntermediateRequest struct { - IntermediatePem string `protobuf:"bytes,1,opt,name=intermediate_pem,json=intermediatePem,proto3" json:"intermediate_pem,omitempty"` - RootPem string `protobuf:"bytes,2,opt,name=root_pem,json=rootPem,proto3" json:"root_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SetIntermediateRequest) Reset() { *m = SetIntermediateRequest{} } -func (m *SetIntermediateRequest) String() string { return proto.CompactTextString(m) } -func (*SetIntermediateRequest) ProtoMessage() {} -func (*SetIntermediateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{1} -} -func (m *SetIntermediateRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SetIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SetIntermediateRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SetIntermediateRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SetIntermediateRequest.Merge(m, src) -} -func (m *SetIntermediateRequest) XXX_Size() int { - return m.Size() -} -func (m *SetIntermediateRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SetIntermediateRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_SetIntermediateRequest proto.InternalMessageInfo - -func (m *SetIntermediateRequest) GetIntermediatePem() string { - if m != nil { - return m.IntermediatePem - } - return "" -} - -func (m *SetIntermediateRequest) GetRootPem() string { - if m != nil { - return m.RootPem - } - return "" -} - -type SignRequest struct { - Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SignRequest) Reset() { *m = SignRequest{} } -func (m *SignRequest) String() string { return proto.CompactTextString(m) } -func (*SignRequest) ProtoMessage() {} -func (*SignRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{2} -} -func (m *SignRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SignRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SignRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SignRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignRequest.Merge(m, src) -} -func (m *SignRequest) XXX_Size() int { - return m.Size() -} -func (m *SignRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SignRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_SignRequest proto.InternalMessageInfo - -func (m *SignRequest) GetCsr() []byte { - if m != nil { - return m.Csr - } - return nil -} - -type SignIntermediateRequest struct { - Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SignIntermediateRequest) Reset() { *m = SignIntermediateRequest{} } -func (m *SignIntermediateRequest) String() string { return proto.CompactTextString(m) } -func (*SignIntermediateRequest) ProtoMessage() {} -func (*SignIntermediateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{3} -} -func (m *SignIntermediateRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SignIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SignIntermediateRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SignIntermediateRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignIntermediateRequest.Merge(m, src) -} -func (m *SignIntermediateRequest) XXX_Size() int { - return m.Size() -} -func (m *SignIntermediateRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SignIntermediateRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_SignIntermediateRequest proto.InternalMessageInfo - -func (m *SignIntermediateRequest) GetCsr() []byte { - if m != nil { - return m.Csr - } - return nil -} - -type CrossSignCARequest struct { - Crt []byte `protobuf:"bytes,1,opt,name=crt,proto3" json:"crt,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CrossSignCARequest) Reset() { *m = CrossSignCARequest{} } -func (m *CrossSignCARequest) String() string { return proto.CompactTextString(m) } -func (*CrossSignCARequest) ProtoMessage() {} -func (*CrossSignCARequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{4} -} -func (m *CrossSignCARequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *CrossSignCARequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_CrossSignCARequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *CrossSignCARequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_CrossSignCARequest.Merge(m, src) -} -func (m *CrossSignCARequest) XXX_Size() int { - return m.Size() -} -func (m *CrossSignCARequest) XXX_DiscardUnknown() { - xxx_messageInfo_CrossSignCARequest.DiscardUnknown(m) -} - -var xxx_messageInfo_CrossSignCARequest proto.InternalMessageInfo - -func (m *CrossSignCARequest) GetCrt() []byte { - if m != nil { - return m.Crt - } - return nil -} - -type StateResponse struct { - State []byte `protobuf:"bytes,1,opt,name=state,proto3" json:"state,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *StateResponse) Reset() { *m = StateResponse{} } -func (m *StateResponse) String() string { return proto.CompactTextString(m) } -func (*StateResponse) ProtoMessage() {} -func (*StateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{5} -} -func (m *StateResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *StateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_StateResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *StateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_StateResponse.Merge(m, src) -} -func (m *StateResponse) XXX_Size() int { - return m.Size() -} -func (m *StateResponse) XXX_DiscardUnknown() { - xxx_messageInfo_StateResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_StateResponse proto.InternalMessageInfo - -func (m *StateResponse) GetState() []byte { - if m != nil { - return m.State - } - return nil -} - -type ActiveRootResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ActiveRootResponse) Reset() { *m = ActiveRootResponse{} } -func (m *ActiveRootResponse) String() string { return proto.CompactTextString(m) } -func (*ActiveRootResponse) ProtoMessage() {} -func (*ActiveRootResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{6} -} -func (m *ActiveRootResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ActiveRootResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ActiveRootResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ActiveRootResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_ActiveRootResponse.Merge(m, src) -} -func (m *ActiveRootResponse) XXX_Size() int { - return m.Size() -} -func (m *ActiveRootResponse) XXX_DiscardUnknown() { - xxx_messageInfo_ActiveRootResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_ActiveRootResponse proto.InternalMessageInfo - -func (m *ActiveRootResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type GenerateIntermediateCSRResponse struct { - CsrPem string `protobuf:"bytes,1,opt,name=csr_pem,json=csrPem,proto3" json:"csr_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *GenerateIntermediateCSRResponse) Reset() { *m = GenerateIntermediateCSRResponse{} } -func (m *GenerateIntermediateCSRResponse) String() string { return proto.CompactTextString(m) } -func (*GenerateIntermediateCSRResponse) ProtoMessage() {} -func (*GenerateIntermediateCSRResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{7} -} -func (m *GenerateIntermediateCSRResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *GenerateIntermediateCSRResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_GenerateIntermediateCSRResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *GenerateIntermediateCSRResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_GenerateIntermediateCSRResponse.Merge(m, src) -} -func (m *GenerateIntermediateCSRResponse) XXX_Size() int { - return m.Size() -} -func (m *GenerateIntermediateCSRResponse) XXX_DiscardUnknown() { - xxx_messageInfo_GenerateIntermediateCSRResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_GenerateIntermediateCSRResponse proto.InternalMessageInfo - -func (m *GenerateIntermediateCSRResponse) GetCsrPem() string { - if m != nil { - return m.CsrPem - } - return "" -} - -type ActiveIntermediateResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ActiveIntermediateResponse) Reset() { *m = ActiveIntermediateResponse{} } -func (m *ActiveIntermediateResponse) String() string { return proto.CompactTextString(m) } -func (*ActiveIntermediateResponse) ProtoMessage() {} -func (*ActiveIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{8} -} -func (m *ActiveIntermediateResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ActiveIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ActiveIntermediateResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ActiveIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_ActiveIntermediateResponse.Merge(m, src) -} -func (m *ActiveIntermediateResponse) XXX_Size() int { - return m.Size() -} -func (m *ActiveIntermediateResponse) XXX_DiscardUnknown() { - xxx_messageInfo_ActiveIntermediateResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_ActiveIntermediateResponse proto.InternalMessageInfo - -func (m *ActiveIntermediateResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type GenerateIntermediateResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *GenerateIntermediateResponse) Reset() { *m = GenerateIntermediateResponse{} } -func (m *GenerateIntermediateResponse) String() string { return proto.CompactTextString(m) } -func (*GenerateIntermediateResponse) ProtoMessage() {} -func (*GenerateIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{9} -} -func (m *GenerateIntermediateResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *GenerateIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_GenerateIntermediateResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *GenerateIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_GenerateIntermediateResponse.Merge(m, src) -} -func (m *GenerateIntermediateResponse) XXX_Size() int { - return m.Size() -} -func (m *GenerateIntermediateResponse) XXX_DiscardUnknown() { - xxx_messageInfo_GenerateIntermediateResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_GenerateIntermediateResponse proto.InternalMessageInfo - -func (m *GenerateIntermediateResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type SignResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SignResponse) Reset() { *m = SignResponse{} } -func (m *SignResponse) String() string { return proto.CompactTextString(m) } -func (*SignResponse) ProtoMessage() {} -func (*SignResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{10} -} -func (m *SignResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SignResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SignResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SignResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignResponse.Merge(m, src) -} -func (m *SignResponse) XXX_Size() int { - return m.Size() -} -func (m *SignResponse) XXX_DiscardUnknown() { - xxx_messageInfo_SignResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_SignResponse proto.InternalMessageInfo - -func (m *SignResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type SignIntermediateResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SignIntermediateResponse) Reset() { *m = SignIntermediateResponse{} } -func (m *SignIntermediateResponse) String() string { return proto.CompactTextString(m) } -func (*SignIntermediateResponse) ProtoMessage() {} -func (*SignIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{11} -} -func (m *SignIntermediateResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SignIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SignIntermediateResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SignIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignIntermediateResponse.Merge(m, src) -} -func (m *SignIntermediateResponse) XXX_Size() int { - return m.Size() -} -func (m *SignIntermediateResponse) XXX_DiscardUnknown() { - xxx_messageInfo_SignIntermediateResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_SignIntermediateResponse proto.InternalMessageInfo - -func (m *SignIntermediateResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type CrossSignCAResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CrossSignCAResponse) Reset() { *m = CrossSignCAResponse{} } -func (m *CrossSignCAResponse) String() string { return proto.CompactTextString(m) } -func (*CrossSignCAResponse) ProtoMessage() {} -func (*CrossSignCAResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{12} -} -func (m *CrossSignCAResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *CrossSignCAResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_CrossSignCAResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *CrossSignCAResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_CrossSignCAResponse.Merge(m, src) -} -func (m *CrossSignCAResponse) XXX_Size() int { - return m.Size() -} -func (m *CrossSignCAResponse) XXX_DiscardUnknown() { - xxx_messageInfo_CrossSignCAResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_CrossSignCAResponse proto.InternalMessageInfo - -func (m *CrossSignCAResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type BoolResponse struct { - Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *BoolResponse) Reset() { *m = BoolResponse{} } -func (m *BoolResponse) String() string { return proto.CompactTextString(m) } -func (*BoolResponse) ProtoMessage() {} -func (*BoolResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{13} -} -func (m *BoolResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *BoolResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_BoolResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *BoolResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_BoolResponse.Merge(m, src) -} -func (m *BoolResponse) XXX_Size() int { - return m.Size() -} -func (m *BoolResponse) XXX_DiscardUnknown() { - xxx_messageInfo_BoolResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_BoolResponse proto.InternalMessageInfo - -func (m *BoolResponse) GetOk() bool { - if m != nil { - return m.Ok - } - return false -} - -// Protobufs doesn't allow no req/resp so in the cases where there are -// no arguments we use the Empty message. -type Empty struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Empty) Reset() { *m = Empty{} } -func (m *Empty) String() string { return proto.CompactTextString(m) } -func (*Empty) ProtoMessage() {} -func (*Empty) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{14} -} -func (m *Empty) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Empty.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *Empty) XXX_Merge(src proto.Message) { - xxx_messageInfo_Empty.Merge(m, src) -} -func (m *Empty) XXX_Size() int { - return m.Size() -} -func (m *Empty) XXX_DiscardUnknown() { - xxx_messageInfo_Empty.DiscardUnknown(m) -} - -var xxx_messageInfo_Empty proto.InternalMessageInfo - -func init() { - proto.RegisterType((*ConfigureRequest)(nil), "plugin.ConfigureRequest") - proto.RegisterType((*SetIntermediateRequest)(nil), "plugin.SetIntermediateRequest") - proto.RegisterType((*SignRequest)(nil), "plugin.SignRequest") - proto.RegisterType((*SignIntermediateRequest)(nil), "plugin.SignIntermediateRequest") - proto.RegisterType((*CrossSignCARequest)(nil), "plugin.CrossSignCARequest") - proto.RegisterType((*StateResponse)(nil), "plugin.StateResponse") - proto.RegisterType((*ActiveRootResponse)(nil), "plugin.ActiveRootResponse") - proto.RegisterType((*GenerateIntermediateCSRResponse)(nil), "plugin.GenerateIntermediateCSRResponse") - proto.RegisterType((*ActiveIntermediateResponse)(nil), "plugin.ActiveIntermediateResponse") - proto.RegisterType((*GenerateIntermediateResponse)(nil), "plugin.GenerateIntermediateResponse") - proto.RegisterType((*SignResponse)(nil), "plugin.SignResponse") - proto.RegisterType((*SignIntermediateResponse)(nil), "plugin.SignIntermediateResponse") - proto.RegisterType((*CrossSignCAResponse)(nil), "plugin.CrossSignCAResponse") - proto.RegisterType((*BoolResponse)(nil), "plugin.BoolResponse") - proto.RegisterType((*Empty)(nil), "plugin.Empty") -} - -func init() { proto.RegisterFile("provider.proto", fileDescriptor_c6a9f3c02af3d1c8) } - -var fileDescriptor_c6a9f3c02af3d1c8 = []byte{ - // 599 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0xd1, 0x6e, 0xd3, 0x4a, - 0x10, 0xbd, 0x4e, 0x5b, 0x27, 0x99, 0xa6, 0x6d, 0xb4, 0xcd, 0x6d, 0x8c, 0x01, 0x27, 0xb2, 0x80, - 0x04, 0x41, 0x23, 0x41, 0x41, 0x95, 0xe0, 0x85, 0xd4, 0x82, 0xaa, 0xe2, 0xa5, 0x38, 0xe2, 0x95, - 0x28, 0x38, 0x4b, 0x64, 0x35, 0xf1, 0x9a, 0xdd, 0x75, 0x05, 0x7f, 0xc2, 0x7f, 0xf0, 0x13, 0x3c, - 0xf2, 0x09, 0x28, 0xfc, 0x08, 0xf2, 0xc6, 0xde, 0xd8, 0x1b, 0xb7, 0x7e, 0xcb, 0xcc, 0x9e, 0x39, - 0x3b, 0x67, 0xf6, 0x8c, 0x03, 0xfb, 0x21, 0x25, 0xd7, 0xfe, 0x14, 0xd3, 0x41, 0x48, 0x09, 0x27, - 0x48, 0x0f, 0xe7, 0xd1, 0xcc, 0x0f, 0xec, 0x6f, 0xd0, 0x74, 0x48, 0xf0, 0xc5, 0x9f, 0x45, 0x14, - 0xbb, 0xf8, 0x6b, 0x84, 0x19, 0x47, 0xf7, 0x01, 0xbc, 0x79, 0xc4, 0x38, 0xa6, 0x63, 0x7f, 0x6a, - 0x68, 0x5d, 0xad, 0x5f, 0x77, 0xeb, 0x49, 0xe6, 0x62, 0x8a, 0xda, 0x50, 0xf5, 0xd9, 0x98, 0x12, - 0xc2, 0x8d, 0x4a, 0x57, 0xeb, 0xd7, 0x5c, 0xdd, 0x67, 0x2e, 0x21, 0x1c, 0x1d, 0x81, 0xee, 0x09, - 0x2e, 0x63, 0xab, 0xab, 0xf5, 0x1b, 0x6e, 0x12, 0xa1, 0x16, 0xec, 0x30, 0x3e, 0xe1, 0xd8, 0xd8, - 0x16, 0xe9, 0x55, 0x60, 0x7f, 0x82, 0xa3, 0x11, 0xe6, 0x17, 0x01, 0xc7, 0x74, 0x81, 0xa7, 0xfe, - 0x84, 0xcb, 0xfb, 0x1f, 0x43, 0xd3, 0xcf, 0xa4, 0xc7, 0x21, 0x5e, 0x24, 0x5d, 0x1c, 0x64, 0xf3, - 0x97, 0x78, 0x81, 0xee, 0x40, 0x2d, 0x6e, 0x44, 0x40, 0x2a, 0x02, 0x52, 0x8d, 0xe3, 0x4b, 0xbc, - 0xb0, 0x3b, 0xb0, 0x3b, 0xf2, 0x67, 0x41, 0x4a, 0xda, 0x84, 0x2d, 0x8f, 0x51, 0xc1, 0xd3, 0x70, - 0xe3, 0x9f, 0xf6, 0x13, 0x68, 0xc7, 0x80, 0xa2, 0x0e, 0x36, 0xc1, 0x8f, 0x00, 0x39, 0x94, 0x30, - 0x16, 0x57, 0x38, 0xc3, 0x2c, 0x8e, 0x72, 0x89, 0xa3, 0xdc, 0x7e, 0x08, 0x7b, 0x23, 0x2e, 0x98, - 0x58, 0x48, 0x02, 0x86, 0xd7, 0xe2, 0xb5, 0xac, 0xf8, 0x63, 0x40, 0x43, 0x8f, 0xfb, 0xd7, 0x38, - 0x1e, 0x9c, 0xc4, 0xb6, 0xa1, 0xea, 0x51, 0x9e, 0xd1, 0xab, 0x7b, 0x54, 0x68, 0x79, 0x05, 0x9d, - 0x73, 0x1c, 0x60, 0x3a, 0xe1, 0x38, 0xdb, 0xae, 0x33, 0x72, 0x73, 0xb5, 0x8c, 0xe6, 0x6a, 0x19, - 0x8d, 0x6b, 0x5f, 0x82, 0xb9, 0xba, 0x2a, 0x2f, 0xb4, 0xec, 0xca, 0x53, 0xb8, 0x57, 0x74, 0x65, - 0x79, 0x61, 0x0f, 0x1a, 0xab, 0xb9, 0x97, 0x01, 0x4f, 0xc0, 0xd8, 0x9c, 0x7f, 0x59, 0xd1, 0x00, - 0x0e, 0x73, 0xef, 0x50, 0x86, 0xb7, 0xa0, 0x71, 0x46, 0xc8, 0x5c, 0x02, 0xf7, 0xa1, 0x42, 0xae, - 0x04, 0xa6, 0xe6, 0x56, 0xc8, 0x95, 0x5d, 0x85, 0x9d, 0xb7, 0x8b, 0x90, 0x7f, 0x7f, 0xfe, 0x53, - 0x87, 0x8a, 0x33, 0x44, 0x2f, 0xa0, 0x2e, 0xf7, 0x01, 0x19, 0x83, 0xd5, 0x96, 0x0c, 0xd4, 0x15, - 0x31, 0xf7, 0xd2, 0x13, 0x51, 0x8c, 0x8e, 0x61, 0x47, 0xbc, 0x3a, 0xca, 0xe7, 0xcd, 0xff, 0xd3, - 0x30, 0xef, 0x89, 0xa7, 0xd0, 0x48, 0x67, 0x2b, 0x16, 0x47, 0xa9, 0x52, 0xc8, 0x4f, 0x01, 0xd6, - 0x5e, 0x51, 0xb1, 0x66, 0x1a, 0x16, 0xd8, 0xe9, 0x03, 0xb4, 0x6f, 0x70, 0x8d, 0xca, 0xd2, 0x4b, - 0xc3, 0x32, 0x97, 0xbd, 0x81, 0x03, 0x65, 0x69, 0x91, 0x25, 0x35, 0x16, 0x6e, 0xb3, 0xaa, 0xe6, - 0x3c, 0x75, 0x7e, 0x8e, 0x44, 0xe9, 0xc7, 0xce, 0xab, 0x2a, 0xb4, 0xc8, 0x7b, 0x68, 0x15, 0x75, - 0xab, 0x52, 0x3d, 0xb8, 0x4d, 0x9a, 0x24, 0x7b, 0x06, 0xdb, 0xb1, 0xa3, 0xd0, 0xa1, 0x14, 0xb3, - 0xfe, 0x74, 0x98, 0xad, 0x7c, 0x32, 0x29, 0xf9, 0x08, 0x4d, 0xd5, 0xbe, 0xa8, 0x93, 0x45, 0x16, - 0x0d, 0xa3, 0x7b, 0x33, 0x20, 0xa1, 0x7d, 0x07, 0xbb, 0x19, 0x83, 0x23, 0xf9, 0xbe, 0x9b, 0x5f, - 0x1f, 0xf3, 0x6e, 0xe1, 0x59, 0xc2, 0xf3, 0x1a, 0x5a, 0xa3, 0x28, 0x0c, 0x09, 0xe5, 0x4c, 0x1e, - 0xfb, 0xc1, 0x4c, 0x1d, 0x8f, 0xd4, 0x96, 0xdb, 0x92, 0x1e, 0x54, 0x9d, 0x39, 0x9e, 0x04, 0x51, - 0x78, 0xbb, 0x37, 0xcf, 0x9a, 0xbf, 0x96, 0x96, 0xf6, 0x7b, 0x69, 0x69, 0x7f, 0x96, 0x96, 0xf6, - 0xe3, 0xaf, 0xf5, 0xdf, 0x67, 0x5d, 0xfc, 0xbf, 0x9c, 0xfc, 0x0b, 0x00, 0x00, 0xff, 0xff, 0x9e, - 0xa1, 0xdc, 0xbb, 0x71, 0x06, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// CAClient is the client API for CA service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type CAClient interface { - Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*Empty, error) - State(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*StateResponse, error) - GenerateRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) - ActiveRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveRootResponse, error) - GenerateIntermediateCSR(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateCSRResponse, error) - SetIntermediate(ctx context.Context, in *SetIntermediateRequest, opts ...grpc.CallOption) (*Empty, error) - ActiveIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveIntermediateResponse, error) - GenerateIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateResponse, error) - Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) - SignIntermediate(ctx context.Context, in *SignIntermediateRequest, opts ...grpc.CallOption) (*SignIntermediateResponse, error) - CrossSignCA(ctx context.Context, in *CrossSignCARequest, opts ...grpc.CallOption) (*CrossSignCAResponse, error) - SupportsCrossSigning(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*BoolResponse, error) - Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) -} - -type cAClient struct { - cc *grpc.ClientConn -} - -func NewCAClient(cc *grpc.ClientConn) CAClient { - return &cAClient{cc} -} - -func (c *cAClient) Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.CA/Configure", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) State(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*StateResponse, error) { - out := new(StateResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/State", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) GenerateRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.CA/GenerateRoot", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) ActiveRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveRootResponse, error) { - out := new(ActiveRootResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/ActiveRoot", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) GenerateIntermediateCSR(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateCSRResponse, error) { - out := new(GenerateIntermediateCSRResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/GenerateIntermediateCSR", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) SetIntermediate(ctx context.Context, in *SetIntermediateRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.CA/SetIntermediate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) ActiveIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveIntermediateResponse, error) { - out := new(ActiveIntermediateResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/ActiveIntermediate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) GenerateIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateResponse, error) { - out := new(GenerateIntermediateResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/GenerateIntermediate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) { - out := new(SignResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/Sign", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) SignIntermediate(ctx context.Context, in *SignIntermediateRequest, opts ...grpc.CallOption) (*SignIntermediateResponse, error) { - out := new(SignIntermediateResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/SignIntermediate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) CrossSignCA(ctx context.Context, in *CrossSignCARequest, opts ...grpc.CallOption) (*CrossSignCAResponse, error) { - out := new(CrossSignCAResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/CrossSignCA", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) SupportsCrossSigning(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*BoolResponse, error) { - out := new(BoolResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/SupportsCrossSigning", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.CA/Cleanup", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// CAServer is the server API for CA service. -type CAServer interface { - Configure(context.Context, *ConfigureRequest) (*Empty, error) - State(context.Context, *Empty) (*StateResponse, error) - GenerateRoot(context.Context, *Empty) (*Empty, error) - ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) - GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) - SetIntermediate(context.Context, *SetIntermediateRequest) (*Empty, error) - ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) - GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) - Sign(context.Context, *SignRequest) (*SignResponse, error) - SignIntermediate(context.Context, *SignIntermediateRequest) (*SignIntermediateResponse, error) - CrossSignCA(context.Context, *CrossSignCARequest) (*CrossSignCAResponse, error) - SupportsCrossSigning(context.Context, *Empty) (*BoolResponse, error) - Cleanup(context.Context, *Empty) (*Empty, error) -} - -func RegisterCAServer(s *grpc.Server, srv CAServer) { - s.RegisterService(&_CA_serviceDesc, srv) -} - -func _CA_Configure_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ConfigureRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).Configure(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/Configure", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).Configure(ctx, req.(*ConfigureRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_State_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).State(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/State", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).State(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_GenerateRoot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).GenerateRoot(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/GenerateRoot", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).GenerateRoot(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_ActiveRoot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).ActiveRoot(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/ActiveRoot", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).ActiveRoot(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_GenerateIntermediateCSR_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).GenerateIntermediateCSR(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/GenerateIntermediateCSR", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).GenerateIntermediateCSR(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_SetIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SetIntermediateRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).SetIntermediate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/SetIntermediate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).SetIntermediate(ctx, req.(*SetIntermediateRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_ActiveIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).ActiveIntermediate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/ActiveIntermediate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).ActiveIntermediate(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_GenerateIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).GenerateIntermediate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/GenerateIntermediate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).GenerateIntermediate(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SignRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).Sign(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/Sign", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).Sign(ctx, req.(*SignRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_SignIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SignIntermediateRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).SignIntermediate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/SignIntermediate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).SignIntermediate(ctx, req.(*SignIntermediateRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_CrossSignCA_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CrossSignCARequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).CrossSignCA(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/CrossSignCA", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).CrossSignCA(ctx, req.(*CrossSignCARequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_SupportsCrossSigning_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).SupportsCrossSigning(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/SupportsCrossSigning", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).SupportsCrossSigning(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_Cleanup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).Cleanup(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/Cleanup", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).Cleanup(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -var _CA_serviceDesc = grpc.ServiceDesc{ - ServiceName: "plugin.CA", - HandlerType: (*CAServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Configure", - Handler: _CA_Configure_Handler, - }, - { - MethodName: "State", - Handler: _CA_State_Handler, - }, - { - MethodName: "GenerateRoot", - Handler: _CA_GenerateRoot_Handler, - }, - { - MethodName: "ActiveRoot", - Handler: _CA_ActiveRoot_Handler, - }, - { - MethodName: "GenerateIntermediateCSR", - Handler: _CA_GenerateIntermediateCSR_Handler, - }, - { - MethodName: "SetIntermediate", - Handler: _CA_SetIntermediate_Handler, - }, - { - MethodName: "ActiveIntermediate", - Handler: _CA_ActiveIntermediate_Handler, - }, - { - MethodName: "GenerateIntermediate", - Handler: _CA_GenerateIntermediate_Handler, - }, - { - MethodName: "Sign", - Handler: _CA_Sign_Handler, - }, - { - MethodName: "SignIntermediate", - Handler: _CA_SignIntermediate_Handler, - }, - { - MethodName: "CrossSignCA", - Handler: _CA_CrossSignCA_Handler, - }, - { - MethodName: "SupportsCrossSigning", - Handler: _CA_SupportsCrossSigning_Handler, - }, - { - MethodName: "Cleanup", - Handler: _CA_Cleanup_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "provider.proto", -} - -func (m *ConfigureRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ConfigureRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.ClusterId) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.ClusterId))) - i += copy(dAtA[i:], m.ClusterId) - } - if m.IsRoot { - dAtA[i] = 0x10 - i++ - if m.IsRoot { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if len(m.Config) > 0 { - dAtA[i] = 0x1a - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.Config))) - i += copy(dAtA[i:], m.Config) - } - if len(m.State) > 0 { - dAtA[i] = 0x22 - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.State))) - i += copy(dAtA[i:], m.State) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SetIntermediateRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SetIntermediateRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.IntermediatePem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.IntermediatePem))) - i += copy(dAtA[i:], m.IntermediatePem) - } - if len(m.RootPem) > 0 { - dAtA[i] = 0x12 - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.RootPem))) - i += copy(dAtA[i:], m.RootPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SignRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SignRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.Csr) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.Csr))) - i += copy(dAtA[i:], m.Csr) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SignIntermediateRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SignIntermediateRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.Csr) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.Csr))) - i += copy(dAtA[i:], m.Csr) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *CrossSignCARequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CrossSignCARequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.Crt) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.Crt))) - i += copy(dAtA[i:], m.Crt) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *StateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *StateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.State) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.State))) - i += copy(dAtA[i:], m.State) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *ActiveRootResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ActiveRootResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *GenerateIntermediateCSRResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GenerateIntermediateCSRResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CsrPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CsrPem))) - i += copy(dAtA[i:], m.CsrPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *ActiveIntermediateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ActiveIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *GenerateIntermediateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GenerateIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SignResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SignResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SignIntermediateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SignIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *CrossSignCAResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CrossSignCAResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *BoolResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *BoolResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if m.Ok { - dAtA[i] = 0x8 - i++ - if m.Ok { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *Empty) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Empty) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func encodeVarintProvider(dAtA []byte, offset int, v uint64) int { - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return offset + 1 -} -func (m *ConfigureRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ClusterId) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.IsRoot { - n += 2 - } - l = len(m.Config) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - l = len(m.State) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SetIntermediateRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.IntermediatePem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - l = len(m.RootPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SignRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Csr) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SignIntermediateRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Csr) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *CrossSignCARequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Crt) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *StateResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.State) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *ActiveRootResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *GenerateIntermediateCSRResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CsrPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *ActiveIntermediateResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *GenerateIntermediateResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SignResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SignIntermediateResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *CrossSignCAResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *BoolResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Ok { - n += 2 - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *Empty) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func sovProvider(x uint64) (n int) { - for { - n++ - x >>= 7 - if x == 0 { - break - } - } - return n -} -func sozProvider(x uint64) (n int) { - return sovProvider(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ConfigureRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ConfigureRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterId", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ClusterId = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field IsRoot", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.IsRoot = bool(v != 0) - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Config = append(m.Config[:0], dAtA[iNdEx:postIndex]...) - if m.Config == nil { - m.Config = []byte{} - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.State = append(m.State[:0], dAtA[iNdEx:postIndex]...) - if m.State == nil { - m.State = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SetIntermediateRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SetIntermediateRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field IntermediatePem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.IntermediatePem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RootPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RootPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SignRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SignRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SignRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Csr", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Csr = append(m.Csr[:0], dAtA[iNdEx:postIndex]...) - if m.Csr == nil { - m.Csr = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SignIntermediateRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SignIntermediateRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Csr", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Csr = append(m.Csr[:0], dAtA[iNdEx:postIndex]...) - if m.Csr == nil { - m.Csr = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CrossSignCARequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CrossSignCARequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Crt", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Crt = append(m.Crt[:0], dAtA[iNdEx:postIndex]...) - if m.Crt == nil { - m.Crt = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *StateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: StateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: StateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.State = append(m.State[:0], dAtA[iNdEx:postIndex]...) - if m.State == nil { - m.State = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ActiveRootResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ActiveRootResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GenerateIntermediateCSRResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GenerateIntermediateCSRResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CsrPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CsrPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ActiveIntermediateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ActiveIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GenerateIntermediateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GenerateIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SignResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SignResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SignResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SignIntermediateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SignIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CrossSignCAResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CrossSignCAResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *BoolResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: BoolResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: BoolResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Ok", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Ok = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Empty) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Empty: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Empty: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipProvider(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowProvider - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowProvider - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - return iNdEx, nil - case 1: - iNdEx += 8 - return iNdEx, nil - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowProvider - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthProvider - } - iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthProvider - } - return iNdEx, nil - case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowProvider - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipProvider(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthProvider - } - } - return iNdEx, nil - case 4: - return iNdEx, nil - case 5: - iNdEx += 4 - return iNdEx, nil - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - } - panic("unreachable") -} - -var ( - ErrInvalidLengthProvider = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowProvider = fmt.Errorf("proto: integer overflow") -) diff --git a/agent/connect/ca/plugin/provider.proto b/agent/connect/ca/plugin/provider.proto deleted file mode 100644 index f51a5c040c..0000000000 --- a/agent/connect/ca/plugin/provider.proto +++ /dev/null @@ -1,93 +0,0 @@ -/* This proto file contains the service and structures for implementing - * a Consul CA provider plugin. For clearer documentation on what each - * RPC method should do, please refer to the Go interface documentation - * for `agent/connect/ca.Provider`. - * - * After implementing this service, the plugin must also output the proper - * format to stdout for the plugin handshake. Please refer to the Consul - * documentation for more information. - */ - -syntax = "proto3"; - -package plugin; - -service CA { - rpc Configure(ConfigureRequest) returns (Empty); - rpc State(Empty) returns (StateResponse); - rpc GenerateRoot(Empty) returns (Empty); - rpc ActiveRoot(Empty) returns (ActiveRootResponse); - rpc GenerateIntermediateCSR(Empty) returns (GenerateIntermediateCSRResponse); - rpc SetIntermediate(SetIntermediateRequest) returns (Empty); - rpc ActiveIntermediate(Empty) returns (ActiveIntermediateResponse); - rpc GenerateIntermediate(Empty) returns (GenerateIntermediateResponse); - rpc Sign(SignRequest) returns (SignResponse); - rpc SignIntermediate(SignIntermediateRequest) returns (SignIntermediateResponse); - rpc CrossSignCA(CrossSignCARequest) returns (CrossSignCAResponse); - rpc SupportsCrossSigning(Empty) returns (BoolResponse); - rpc Cleanup(Empty) returns (Empty); -} - -message ConfigureRequest { - string cluster_id = 1; - bool is_root = 2; - bytes config = 3; // JSON-encoded structure - bytes state = 4; // JSON-encoded structure -} - -message SetIntermediateRequest { - string intermediate_pem = 1; - string root_pem = 2; -} - -message SignRequest { - bytes csr = 1; -} - -message SignIntermediateRequest { - bytes csr = 1; -} - -message CrossSignCARequest { - bytes crt = 1; -} - -message StateResponse { - bytes state = 1; // JSON-encoded map[string]string -} - -message ActiveRootResponse { - string crt_pem = 1; -} - -message GenerateIntermediateCSRResponse { - string csr_pem = 1; -} - -message ActiveIntermediateResponse { - string crt_pem = 1; -} - -message GenerateIntermediateResponse { - string crt_pem = 1; -} - -message SignResponse { - string crt_pem = 1; -} - -message SignIntermediateResponse { - string crt_pem = 1; -} - -message CrossSignCAResponse { - string crt_pem = 1; -} - -message BoolResponse { - bool ok = 1; -} - -// Protobufs doesn't allow no req/resp so in the cases where there are -// no arguments we use the Empty message. -message Empty {} diff --git a/agent/connect/ca/plugin/serve.go b/agent/connect/ca/plugin/serve.go deleted file mode 100644 index 94bc04425c..0000000000 --- a/agent/connect/ca/plugin/serve.go +++ /dev/null @@ -1,33 +0,0 @@ -package plugin - -import ( - "github.com/hashicorp/consul/agent/connect/ca" - "github.com/hashicorp/go-plugin" -) - -// Name is the name of the plugin that users of the package should use -// with *plugin.Client.Dispense to get the proper plugin instance. -const Name = "consul-connect-ca" - -// handshakeConfig is the HandshakeConfig used to configure clients and servers. -var handshakeConfig = plugin.HandshakeConfig{ - // The ProtocolVersion is the version that must match between Consul - // and CA plugins. This should be bumped whenever a change happens in - // one or the other that makes it so that they can't safely communicate. - ProtocolVersion: 1, - - // The magic cookie values should NEVER be changed. - MagicCookieKey: "CONSUL_PLUGIN_MAGIC_COOKIE", - MagicCookieValue: "f31f63b28fa82a3cdb30a6284cb1e50e3a13b7e60ba105a2c91219da319d216c", -} - -// Serve serves a CA plugin. This function never returns and should be the -// final function called in the main function of the plugin. -func Serve(p ca.Provider) { - plugin.Serve(&plugin.ServeConfig{ - HandshakeConfig: handshakeConfig, - Plugins: map[string]plugin.Plugin{ - Name: &ProviderPlugin{Impl: p}, - }, - }) -} diff --git a/agent/connect/ca/plugin/transport_grpc.go b/agent/connect/ca/plugin/transport_grpc.go deleted file mode 100644 index 5aeb72a493..0000000000 --- a/agent/connect/ca/plugin/transport_grpc.go +++ /dev/null @@ -1,258 +0,0 @@ -package plugin - -import ( - "context" - "crypto/x509" - "encoding/json" - - "github.com/hashicorp/consul/agent/connect/ca" - "google.golang.org/grpc" -) - -// providerPluginGRPCServer implements the CAServer interface for gRPC. -type providerPluginGRPCServer struct { - impl ca.Provider -} - -func (p *providerPluginGRPCServer) Configure(_ context.Context, req *ConfigureRequest) (*Empty, error) { - var rawConfig map[string]interface{} - if err := json.Unmarshal(req.Config, &rawConfig); err != nil { - return nil, err - } - var state map[string]string - if err := json.Unmarshal(req.State, &state); err != nil { - return nil, err - } - - return &Empty{}, p.impl.Configure(req.ClusterId, req.IsRoot, rawConfig, state) -} - -func (p *providerPluginGRPCServer) State(context.Context, *Empty) (*StateResponse, error) { - got, err := p.impl.State() - var jsonBs []byte - if err == nil { - jsonBs, err = json.Marshal(got) - if err != nil { - return nil, err - } - } - return &StateResponse{State: jsonBs}, nil -} - -func (p *providerPluginGRPCServer) GenerateRoot(context.Context, *Empty) (*Empty, error) { - return &Empty{}, p.impl.GenerateRoot() -} - -func (p *providerPluginGRPCServer) ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) { - pem, err := p.impl.ActiveRoot() - return &ActiveRootResponse{CrtPem: pem}, err -} - -func (p *providerPluginGRPCServer) GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) { - pem, err := p.impl.GenerateIntermediateCSR() - return &GenerateIntermediateCSRResponse{CsrPem: pem}, err -} - -func (p *providerPluginGRPCServer) SetIntermediate(_ context.Context, req *SetIntermediateRequest) (*Empty, error) { - return &Empty{}, p.impl.SetIntermediate(req.IntermediatePem, req.RootPem) -} - -func (p *providerPluginGRPCServer) ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) { - pem, err := p.impl.ActiveIntermediate() - return &ActiveIntermediateResponse{CrtPem: pem}, err -} - -func (p *providerPluginGRPCServer) GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) { - pem, err := p.impl.GenerateIntermediate() - return &GenerateIntermediateResponse{CrtPem: pem}, err -} - -func (p *providerPluginGRPCServer) Sign(_ context.Context, req *SignRequest) (*SignResponse, error) { - csr, err := x509.ParseCertificateRequest(req.Csr) - if err != nil { - return nil, err - } - - crtPEM, err := p.impl.Sign(csr) - return &SignResponse{CrtPem: crtPEM}, err -} - -func (p *providerPluginGRPCServer) SignIntermediate(_ context.Context, req *SignIntermediateRequest) (*SignIntermediateResponse, error) { - csr, err := x509.ParseCertificateRequest(req.Csr) - if err != nil { - return nil, err - } - - crtPEM, err := p.impl.SignIntermediate(csr) - return &SignIntermediateResponse{CrtPem: crtPEM}, err -} - -func (p *providerPluginGRPCServer) CrossSignCA(_ context.Context, req *CrossSignCARequest) (*CrossSignCAResponse, error) { - crt, err := x509.ParseCertificate(req.Crt) - if err != nil { - return nil, err - } - - crtPEM, err := p.impl.CrossSignCA(crt) - return &CrossSignCAResponse{CrtPem: crtPEM}, err -} - -func (p *providerPluginGRPCServer) SupportsCrossSigning(context.Context, *Empty) (*BoolResponse, error) { - ok, err := p.impl.SupportsCrossSigning() - return &BoolResponse{Ok: ok}, err -} - -func (p *providerPluginGRPCServer) Cleanup(context.Context, *Empty) (*Empty, error) { - return &Empty{}, p.impl.Cleanup() -} - -// providerPluginGRPCClient implements ca.Provider for acting as a client -// to a remote CA provider plugin over gRPC. -type providerPluginGRPCClient struct { - client CAClient - clientConn *grpc.ClientConn - doneCtx context.Context -} - -func (p *providerPluginGRPCClient) Configure( - clusterId string, - isRoot bool, - rawConfig map[string]interface{}, - state map[string]string) error { - - config, err := json.Marshal(rawConfig) - if err != nil { - return err - } - - stateJSON, err := json.Marshal(state) - if err != nil { - return err - } - - _, err = p.client.Configure(p.doneCtx, &ConfigureRequest{ - ClusterId: clusterId, - IsRoot: isRoot, - Config: config, - State: stateJSON, - }) - return p.err(err) -} - -func (p *providerPluginGRPCClient) State() (map[string]string, error) { - stateResp, err := p.client.State(p.doneCtx, &Empty{}) - if err != nil { - return nil, p.err(err) - } - - var state map[string]string - err = json.Unmarshal(stateResp.State, &state) - if err != nil { - return nil, err - } - return state, nil -} - -func (p *providerPluginGRPCClient) GenerateRoot() error { - _, err := p.client.GenerateRoot(p.doneCtx, &Empty{}) - return p.err(err) -} - -func (p *providerPluginGRPCClient) ActiveRoot() (string, error) { - resp, err := p.client.ActiveRoot(p.doneCtx, &Empty{}) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) GenerateIntermediateCSR() (string, error) { - resp, err := p.client.GenerateIntermediateCSR(p.doneCtx, &Empty{}) - if err != nil { - return "", p.err(err) - } - - return resp.CsrPem, nil -} - -func (p *providerPluginGRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { - _, err := p.client.SetIntermediate(p.doneCtx, &SetIntermediateRequest{ - IntermediatePem: intermediatePEM, - RootPem: rootPEM, - }) - return p.err(err) -} - -func (p *providerPluginGRPCClient) ActiveIntermediate() (string, error) { - resp, err := p.client.ActiveIntermediate(p.doneCtx, &Empty{}) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) GenerateIntermediate() (string, error) { - resp, err := p.client.GenerateIntermediate(p.doneCtx, &Empty{}) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { - resp, err := p.client.Sign(p.doneCtx, &SignRequest{ - Csr: csr.Raw, - }) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { - resp, err := p.client.SignIntermediate(p.doneCtx, &SignIntermediateRequest{ - Csr: csr.Raw, - }) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { - resp, err := p.client.CrossSignCA(p.doneCtx, &CrossSignCARequest{ - Crt: crt.Raw, - }) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) SupportsCrossSigning() (bool, error) { - resp, err := p.client.SupportsCrossSigning(p.doneCtx, &Empty{}) - return resp.Ok, err -} - -func (p *providerPluginGRPCClient) Cleanup() error { - _, err := p.client.Cleanup(p.doneCtx, &Empty{}) - return p.err(err) -} - -func (p *providerPluginGRPCClient) err(err error) error { - if err := p.doneCtx.Err(); err != nil { - return err - } - - return err -} - -// Verification -var _ CAServer = &providerPluginGRPCServer{} -var _ ca.Provider = &providerPluginGRPCClient{} diff --git a/agent/connect/ca/plugin/transport_netrpc.go b/agent/connect/ca/plugin/transport_netrpc.go deleted file mode 100644 index 8de564bb44..0000000000 --- a/agent/connect/ca/plugin/transport_netrpc.go +++ /dev/null @@ -1,221 +0,0 @@ -package plugin - -import ( - "crypto/x509" - "encoding/json" - "net/rpc" - - "github.com/hashicorp/consul/agent/connect/ca" -) - -// providerPluginRPCServer implements a net/rpc backed transport for -// an underlying implementation of a ca.Provider. The server side is the -// plugin binary itself. -type providerPluginRPCServer struct { - impl ca.Provider -} - -func (p *providerPluginRPCServer) Configure(args *ConfigureRPCRequest, _ *struct{}) error { - return p.impl.Configure(args.ClusterId, args.IsRoot, args.RawConfig, args.State) -} - -func (p *providerPluginRPCServer) State(_ struct{}, resp *StateResponse) error { - state, err := p.impl.State() - if err != nil { - return err - } - resp.State, err = json.Marshal(state) - if err != nil { - return err - } - return nil -} - -func (p *providerPluginRPCServer) GenerateRoot(struct{}, *struct{}) error { - return p.impl.GenerateRoot() -} - -func (p *providerPluginRPCServer) ActiveRoot(_ struct{}, resp *ActiveRootResponse) error { - var err error - resp.CrtPem, err = p.impl.ActiveRoot() - return err -} - -func (p *providerPluginRPCServer) GenerateIntermediateCSR(_ struct{}, resp *GenerateIntermediateCSRResponse) error { - var err error - resp.CsrPem, err = p.impl.GenerateIntermediateCSR() - return err -} - -func (p *providerPluginRPCServer) SetIntermediate(args *SetIntermediateRPCRequest, _ *struct{}) error { - return p.impl.SetIntermediate(args.IntermediatePEM, args.RootPEM) -} - -func (p *providerPluginRPCServer) ActiveIntermediate(_ struct{}, resp *ActiveIntermediateResponse) error { - var err error - resp.CrtPem, err = p.impl.ActiveIntermediate() - return err -} - -func (p *providerPluginRPCServer) GenerateIntermediate(_ struct{}, resp *GenerateIntermediateResponse) error { - var err error - resp.CrtPem, err = p.impl.GenerateIntermediate() - return err -} - -func (p *providerPluginRPCServer) Sign(args *SignRequest, resp *SignResponse) error { - csr, err := x509.ParseCertificateRequest(args.Csr) - if err != nil { - return err - } - - resp.CrtPem, err = p.impl.Sign(csr) - return err -} - -func (p *providerPluginRPCServer) SignIntermediate(args *SignIntermediateRequest, resp *SignIntermediateResponse) error { - csr, err := x509.ParseCertificateRequest(args.Csr) - if err != nil { - return err - } - - resp.CrtPem, err = p.impl.SignIntermediate(csr) - return err -} - -func (p *providerPluginRPCServer) CrossSignCA(args *CrossSignCARequest, resp *CrossSignCAResponse) error { - crt, err := x509.ParseCertificate(args.Crt) - if err != nil { - return err - } - - resp.CrtPem, err = p.impl.CrossSignCA(crt) - return err -} - -func (p *providerPluginRPCServer) Cleanup(struct{}, *struct{}) error { - return p.impl.Cleanup() -} - -// providerPluginRPCClient implements a net/rpc backed transport for -// an underlying implementation of a ca.Provider. The client side is the -// software calling into the plugin binary over rpc. -// -// This implements ca.Provider. -type providerPluginRPCClient struct { - client *rpc.Client -} - -func (p *providerPluginRPCClient) Configure( - clusterId string, - isRoot bool, - rawConfig map[string]interface{}, - state map[string]string) error { - return p.client.Call("Plugin.Configure", &ConfigureRPCRequest{ - ClusterId: clusterId, - IsRoot: isRoot, - RawConfig: rawConfig, - State: state, - }, &struct{}{}) -} - -func (p *providerPluginRPCClient) State() (map[string]string, error) { - var resp StateResponse - err := p.client.Call("Plugin.State", struct{}{}, &resp) - if err != nil { - return nil, err - } - var state map[string]string - err = json.Unmarshal(resp.State, &state) - if err != nil { - return nil, err - } - return state, nil -} - -func (p *providerPluginRPCClient) GenerateRoot() error { - return p.client.Call("Plugin.GenerateRoot", struct{}{}, &struct{}{}) -} - -func (p *providerPluginRPCClient) ActiveRoot() (string, error) { - var resp ActiveRootResponse - err := p.client.Call("Plugin.ActiveRoot", struct{}{}, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) GenerateIntermediateCSR() (string, error) { - var resp GenerateIntermediateCSRResponse - err := p.client.Call("Plugin.GenerateIntermediateCSR", struct{}{}, &resp) - return resp.CsrPem, err -} - -func (p *providerPluginRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { - return p.client.Call("Plugin.SetIntermediate", &SetIntermediateRPCRequest{ - IntermediatePEM: intermediatePEM, - RootPEM: rootPEM, - }, &struct{}{}) -} - -func (p *providerPluginRPCClient) ActiveIntermediate() (string, error) { - var resp ActiveIntermediateResponse - err := p.client.Call("Plugin.ActiveIntermediate", struct{}{}, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) GenerateIntermediate() (string, error) { - var resp GenerateIntermediateResponse - err := p.client.Call("Plugin.GenerateIntermediate", struct{}{}, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { - var resp SignResponse - err := p.client.Call("Plugin.Sign", &SignRequest{ - Csr: csr.Raw, - }, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { - var resp SignIntermediateResponse - err := p.client.Call("Plugin.SignIntermediate", &SignIntermediateRequest{ - Csr: csr.Raw, - }, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { - var resp CrossSignCAResponse - err := p.client.Call("Plugin.CrossSignCA", &CrossSignCARequest{ - Crt: crt.Raw, - }, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) SupportsCrossSigning() (bool, error) { - var out BoolResponse - err := p.client.Call("Plugin.SupportsCrossSigning", struct{}{}, &out) - return out.Ok, err -} - -func (p *providerPluginRPCClient) Cleanup() error { - return p.client.Call("Plugin.Cleanup", struct{}{}, &struct{}{}) -} - -// Verification -var _ ca.Provider = &providerPluginRPCClient{} - -//------------------------------------------------------------------- -// Structs for net/rpc request and response - -type ConfigureRPCRequest struct { - ClusterId string - IsRoot bool - RawConfig map[string]interface{} - State map[string]string -} - -type SetIntermediateRPCRequest struct { - IntermediatePEM string - RootPEM string -} diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go index a789869c5c..855aa8e428 100644 --- a/agent/connect/ca/provider.go +++ b/agent/connect/ca/provider.go @@ -7,6 +7,36 @@ import ( //go:generate mockery -name Provider -inpkg +// ProviderConfig encapsulates all the data Consul passes to `Configure` on a +// new provider instance. The provider must treat this as read-only and make +// copies of any map or slice if it might modify them internally. +type ProviderConfig struct { + // ClusterID is the current Consul cluster ID. + ClusterID string + + // Datacenter is the current Consul datacenter. + Datacenter string + + // IsPrimary is true when the CA instance is in the primary DC typically it + // may choose to act as a root in this case while secondaries are typically + // intermediate CAs. In some case the primary DC in Consul is an intermediate + // signed by some external CA along with that CA's public cert so the old name + // of `IsRoot` was misleading. + IsPrimary bool + + // RawConfig is the user configuration for the provider and is + // provider-specific to be interpreted as the provider wishes. + RawConfig map[string]interface{} + + // State contains the State the same provider last persisted. It is provided + // after a restart or reconfiguration, or on a leader election on a new server + // to maintain operation. It MUST NOT be used for secret storage since it is + // visible in the API to operators. It's intended use is to store small bits + // of state like UUIDs of external resources that the provider has created and + // needs to continue to manage. + State map[string]string +} + // Provider is the interface for Consul to interact with // an external CA that provides leaf certificate signing for // given SpiffeIDServices. @@ -16,7 +46,7 @@ type Provider interface { // Config. State contains a the State the same provider last persisted on a // restart or reconfiguration. The provider must not modify `rawConfig` or // `state` maps directly as it may be being read from other goroutines. - Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}, state map[string]string) error + Configure(cfg ProviderConfig) error // State returns the current provider state. If the provider doesn't need to // store anything other than what the user configured this can return nil. It diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go index 2975bb561e..388a7fb19a 100644 --- a/agent/connect/ca/provider_consul.go +++ b/agent/connect/ca/provider_consul.go @@ -28,7 +28,7 @@ type ConsulProvider struct { config *structs.ConsulCAProviderConfig id string clusterID string - isRoot bool + isPrimary bool spiffeID *connect.SpiffeIDSigning logger *log.Logger @@ -49,21 +49,21 @@ type ConsulProviderStateDelegate interface { } // Configure sets up the provider using the given configuration. -func (c *ConsulProvider) Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}, state map[string]string) error { +func (c *ConsulProvider) Configure(cfg ProviderConfig) error { // Parse the raw config and update our ID. - config, err := ParseConsulCAConfig(rawConfig) + config, err := ParseConsulCAConfig(cfg.RawConfig) if err != nil { return err } c.config = config - hash := sha256.Sum256([]byte(fmt.Sprintf("%s,%s,%v", config.PrivateKey, config.RootCert, isRoot))) + hash := sha256.Sum256([]byte(fmt.Sprintf("%s,%s,%v", config.PrivateKey, config.RootCert, cfg.IsPrimary))) c.id = connect.HexString(hash[:]) - c.clusterID = clusterID - c.isRoot = isRoot - c.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: clusterID}) + c.clusterID = cfg.ClusterID + c.isPrimary = cfg.IsPrimary + c.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: c.clusterID}) // Passthrough test state for state handling tests. See testState doc. - c.parseTestState(rawConfig) + c.parseTestState(cfg.RawConfig) // Exit early if the state store has an entry for this provider's config. _, providerState, err := c.Delegate.State().CAProviderState(c.id) @@ -119,8 +119,8 @@ func (c *ConsulProvider) Configure(clusterID string, isRoot bool, rawConfig map[ return err } - c.logger.Printf("[DEBUG] consul CA provider configured ID=%s isRoot=%v", - c.id, c.isRoot) + c.logger.Printf("[DEBUG] consul CA provider configured ID=%s IsPrimary=%v", + c.id, c.isPrimary) return nil } @@ -152,7 +152,7 @@ func (c *ConsulProvider) GenerateRoot() error { return err } - if !c.isRoot { + if !c.isPrimary { return fmt.Errorf("provider is not the root certificate authority") } if providerState.RootCert != "" { @@ -202,7 +202,7 @@ func (c *ConsulProvider) GenerateIntermediateCSR() (string, error) { return "", err } - if c.isRoot { + if c.isPrimary { return "", fmt.Errorf("provider is the root certificate authority, " + "cannot generate an intermediate CSR") } @@ -217,7 +217,7 @@ func (c *ConsulProvider) GenerateIntermediateCSR() (string, error) { if err != nil { return "", err } - cn := connect.CACN("consul", uid, c.clusterID, c.isRoot) + cn := connect.CACN("consul", uid, c.clusterID, c.isPrimary) csr, err := connect.CreateCACSR(c.spiffeID, cn, signer) if err != nil { @@ -246,7 +246,7 @@ func (c *ConsulProvider) SetIntermediate(intermediatePEM, rootPEM string) error return err } - if c.isRoot { + if c.isPrimary { return fmt.Errorf("cannot set an intermediate using another root in the primary datacenter") } @@ -277,7 +277,7 @@ func (c *ConsulProvider) SetIntermediate(intermediatePEM, rootPEM string) error // We aren't maintaining separate root/intermediate CAs for the builtin // provider, so just return the root. func (c *ConsulProvider) ActiveIntermediate() (string, error) { - if c.isRoot { + if c.isPrimary { return c.ActiveRoot() } @@ -633,7 +633,7 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error if err != nil { return "", err } - cn := connect.CACN("consul", uid, c.clusterID, c.isRoot) + cn := connect.CACN("consul", uid, c.clusterID, c.isPrimary) serialNum := &big.Int{} serialNum.SetUint64(sn) template := x509.Certificate{ diff --git a/agent/connect/ca/provider_consul_test.go b/agent/connect/ca/provider_consul_test.go index e01a580d19..a8af767fe4 100644 --- a/agent/connect/ca/provider_consul_test.go +++ b/agent/connect/ca/provider_consul_test.go @@ -71,6 +71,15 @@ func testConsulCAConfig() *structs.CAConfiguration { } } +func testProviderConfig(caCfg *structs.CAConfiguration) ProviderConfig { + return ProviderConfig{ + ClusterID: caCfg.ClusterID, + Datacenter: "dc1", + IsPrimary: true, + RawConfig: caCfg.Config, + } +} + func requireNotEncoded(t *testing.T, v []byte) { t.Helper() require.False(t, connect.IsHexString(v)) @@ -84,7 +93,7 @@ func TestConsulCAProvider_Bootstrap(t *testing.T) { delegate := newMockDelegate(t, conf) provider := TestConsulProvider(t, delegate) - require.NoError(provider.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(provider.Configure(testProviderConfig(conf))) require.NoError(provider.GenerateRoot()) root, err := provider.ActiveRoot() @@ -117,7 +126,7 @@ func TestConsulCAProvider_Bootstrap_WithCert(t *testing.T) { delegate := newMockDelegate(t, conf) provider := TestConsulProvider(t, delegate) - require.NoError(provider.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(provider.Configure(testProviderConfig(conf))) require.NoError(provider.GenerateRoot()) root, err := provider.ActiveRoot() @@ -139,7 +148,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { delegate := newMockDelegate(t, conf) provider := TestConsulProvider(t, delegate) - require.NoError(provider.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(provider.Configure(testProviderConfig(conf))) require.NoError(provider.GenerateRoot()) spiffeService := &connect.SpiffeIDService{ @@ -245,7 +254,7 @@ func TestConsulCAProvider_CrossSignCA(t *testing.T) { provider1 := TestConsulProvider(t, delegate1) conf1.Config["PrivateKeyType"] = tc.SigningKeyType conf1.Config["PrivateKeyBits"] = tc.SigningKeyBits - require.NoError(provider1.Configure(conf1.ClusterID, true, conf1.Config, nil)) + require.NoError(provider1.Configure(testProviderConfig(conf1))) require.NoError(provider1.GenerateRoot()) conf2 := testConsulCAConfig() @@ -254,7 +263,7 @@ func TestConsulCAProvider_CrossSignCA(t *testing.T) { provider2 := TestConsulProvider(t, delegate2) conf2.Config["PrivateKeyType"] = tc.CSRKeyType conf2.Config["PrivateKeyBits"] = tc.CSRKeyBits - require.NoError(provider2.Configure(conf2.ClusterID, true, conf2.Config, nil)) + require.NoError(provider2.Configure(testProviderConfig(conf2))) require.NoError(provider2.GenerateRoot()) testCrossSignProviders(t, provider1, provider2) @@ -363,7 +372,7 @@ func TestConsulProvider_SignIntermediate(t *testing.T) { provider1 := TestConsulProvider(t, delegate1) conf1.Config["PrivateKeyType"] = tc.SigningKeyType conf1.Config["PrivateKeyBits"] = tc.SigningKeyBits - require.NoError(provider1.Configure(conf1.ClusterID, true, conf1.Config, nil)) + require.NoError(provider1.Configure(testProviderConfig(conf1))) require.NoError(provider1.GenerateRoot()) conf2 := testConsulCAConfig() @@ -372,7 +381,10 @@ func TestConsulProvider_SignIntermediate(t *testing.T) { provider2 := TestConsulProvider(t, delegate2) conf2.Config["PrivateKeyType"] = tc.CSRKeyType conf2.Config["PrivateKeyBits"] = tc.CSRKeyBits - require.NoError(provider2.Configure(conf2.ClusterID, false, conf2.Config, nil)) + cfg := testProviderConfig(conf2) + cfg.IsPrimary = false + cfg.Datacenter = "dc2" + require.NoError(provider2.Configure(cfg)) testSignIntermediateCrossDC(t, provider1, provider2) }) @@ -452,7 +464,7 @@ func TestConsulCAProvider_MigrateOldID(t *testing.T) { require.NotNil(providerState) provider := TestConsulProvider(t, delegate) - require.NoError(provider.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(provider.Configure(testProviderConfig(conf))) require.NoError(provider.GenerateRoot()) // After running Configure, the old ID entry should be gone. diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 10573c35d9..180648c46e 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -23,7 +23,7 @@ var ErrBackendNotInitialized = fmt.Errorf("backend not initialized") type VaultProvider struct { config *structs.VaultCAProviderConfig client *vaultapi.Client - isRoot bool + isPrimary bool clusterID string spiffeID *connect.SpiffeIDSigning } @@ -40,8 +40,8 @@ func vaultTLSConfig(config *structs.VaultCAProviderConfig) *vaultapi.TLSConfig { } // Configure sets up the provider using the given configuration. -func (v *VaultProvider) Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}, state map[string]string) error { - config, err := ParseVaultCAConfig(rawConfig) +func (v *VaultProvider) Configure(cfg ProviderConfig) error { + config, err := ParseVaultCAConfig(cfg.RawConfig) if err != nil { return err } @@ -61,9 +61,9 @@ func (v *VaultProvider) Configure(clusterID string, isRoot bool, rawConfig map[s client.SetToken(config.Token) v.config = config v.client = client - v.isRoot = isRoot - v.clusterID = clusterID - v.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: clusterID}) + v.isPrimary = cfg.IsPrimary + v.clusterID = cfg.ClusterID + v.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: v.clusterID}) return nil } @@ -81,7 +81,7 @@ func (v *VaultProvider) ActiveRoot() (string, error) { // GenerateRoot mounts and initializes a new root PKI backend if needed. func (v *VaultProvider) GenerateRoot() error { - if !v.isRoot { + if !v.isPrimary { return fmt.Errorf("provider is not the root certificate authority") } @@ -108,7 +108,7 @@ func (v *VaultProvider) GenerateRoot() error { return err } _, err = v.client.Logical().Write(v.config.RootPKIPath+"root/generate/internal", map[string]interface{}{ - "common_name": connect.CACN("vault", uid, v.clusterID, v.isRoot), + "common_name": connect.CACN("vault", uid, v.clusterID, v.isPrimary), "uri_sans": v.spiffeID.URI().String(), "key_type": v.config.PrivateKeyType, "key_bits": v.config.PrivateKeyBits, @@ -129,7 +129,7 @@ func (v *VaultProvider) GenerateRoot() error { // for another datacenter's root to sign, overwriting the intermediate backend // in the process. func (v *VaultProvider) GenerateIntermediateCSR() (string, error) { - if v.isRoot { + if v.isPrimary { return "", fmt.Errorf("provider is the root certificate authority, " + "cannot generate an intermediate CSR") } @@ -184,7 +184,7 @@ func (v *VaultProvider) generateIntermediateCSR() (string, error) { return "", err } data, err := v.client.Logical().Write(v.config.IntermediatePKIPath+"intermediate/generate/internal", map[string]interface{}{ - "common_name": connect.CACN("vault", uid, v.clusterID, v.isRoot), + "common_name": connect.CACN("vault", uid, v.clusterID, v.isPrimary), "key_type": v.config.PrivateKeyType, "key_bits": v.config.PrivateKeyBits, "uri_sans": v.spiffeID.URI().String(), @@ -206,7 +206,7 @@ func (v *VaultProvider) generateIntermediateCSR() (string, error) { // SetIntermediate writes the incoming intermediate and root certificates to the // intermediate backend (as a chain). func (v *VaultProvider) SetIntermediate(intermediatePEM, rootPEM string) error { - if v.isRoot { + if v.isPrimary { return fmt.Errorf("cannot set an intermediate using another root in the primary datacenter") } diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go index a0580ff88d..a0b2d3615d 100644 --- a/agent/connect/ca/provider_vault_test.go +++ b/agent/connect/ca/provider_vault_test.go @@ -289,7 +289,10 @@ func TestVaultProvider_SignIntermediateConsul(t *testing.T) { conf := testConsulCAConfig() delegate := newMockDelegate(t, conf) provider2 := TestConsulProvider(t, delegate) - require.NoError(t, provider2.Configure(conf.ClusterID, false, conf.Config, nil)) + cfg := testProviderConfig(conf) + cfg.IsPrimary = false + cfg.Datacenter = "dc2" + require.NoError(t, provider2.Configure(cfg)) testSignIntermediateCrossDC(t, provider1, provider2) }) @@ -299,7 +302,7 @@ func TestVaultProvider_SignIntermediateConsul(t *testing.T) { conf := testConsulCAConfig() delegate := newMockDelegate(t, conf) provider1 := TestConsulProvider(t, delegate) - require.NoError(t, provider1.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(t, provider1.Configure(testProviderConfig(conf))) require.NoError(t, provider1.GenerateRoot()) provider2, testVault2 := testVaultProviderWithConfig(t, false, nil) @@ -313,7 +316,7 @@ func testVaultProvider(t *testing.T) (*VaultProvider, *testVaultServer) { return testVaultProviderWithConfig(t, true, nil) } -func testVaultProviderWithConfig(t *testing.T, isRoot bool, rawConf map[string]interface{}) (*VaultProvider, *testVaultServer) { +func testVaultProviderWithConfig(t *testing.T, isPrimary bool, rawConf map[string]interface{}) (*VaultProvider, *testVaultServer) { testVault, err := runTestVault() if err != nil { t.Fatalf("err: %v", err) @@ -335,11 +338,23 @@ func testVaultProviderWithConfig(t *testing.T, isRoot bool, rawConf map[string]i provider := &VaultProvider{} - if err := provider.Configure(connect.TestClusterID, isRoot, conf, nil); err != nil { + cfg := ProviderConfig{ + ClusterID: connect.TestClusterID, + Datacenter: "dc1", + IsPrimary: true, + RawConfig: conf, + } + + if !isPrimary { + cfg.IsPrimary = false + cfg.Datacenter = "dc2" + } + + if err := provider.Configure(cfg); err != nil { testVault.Stop() t.Fatalf("err: %v", err) } - if isRoot { + if isPrimary { if err = provider.GenerateRoot(); err != nil { testVault.Stop() t.Fatalf("err: %v", err) diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go index fb00c0ff2d..da99f70a22 100644 --- a/agent/consul/connect_ca_endpoint.go +++ b/agent/consul/connect_ca_endpoint.go @@ -15,6 +15,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/connect/ca" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-memdb" @@ -186,8 +187,15 @@ func (s *ConnectCA) ConfigurationSet( if err != nil { return fmt.Errorf("could not initialize provider: %v", err) } - if err := newProvider.Configure(args.Config.ClusterID, true, - args.Config.Config, args.Config.State); err != nil { + pCfg := ca.ProviderConfig{ + ClusterID: args.Config.ClusterID, + Datacenter: s.srv.config.Datacenter, + // This endpoint can be called in a secondary DC too so set this correctly. + IsPrimary: s.srv.config.Datacenter == s.srv.config.PrimaryDatacenter, + RawConfig: args.Config.Config, + State: args.Config.State, + } + if err := newProvider.Configure(pCfg); err != nil { return fmt.Errorf("error configuring provider: %v", err) } if err := newProvider.GenerateRoot(); err != nil { diff --git a/agent/consul/leader_connect.go b/agent/consul/leader_connect.go index da76c1aaab..9243b888c1 100644 --- a/agent/consul/leader_connect.go +++ b/agent/consul/leader_connect.go @@ -212,7 +212,14 @@ func (s *Server) initializeCA() error { // initializeRootCA runs the initialization logic for a root CA. func (s *Server) initializeRootCA(provider ca.Provider, conf *structs.CAConfiguration) error { - if err := provider.Configure(conf.ClusterID, true, conf.Config, conf.State); err != nil { + pCfg := ca.ProviderConfig{ + ClusterID: conf.ClusterID, + Datacenter: s.config.Datacenter, + IsPrimary: true, + RawConfig: conf.Config, + State: conf.State, + } + if err := provider.Configure(pCfg); err != nil { return fmt.Errorf("error configuring provider: %v", err) } if err := provider.GenerateRoot(); err != nil { @@ -791,7 +798,14 @@ func (s *Server) initializeSecondaryProvider(provider ca.Provider, roots structs return err } - if err := provider.Configure(clusterID, false, conf.Config, conf.State); err != nil { + pCfg := ca.ProviderConfig{ + ClusterID: clusterID, + Datacenter: s.config.Datacenter, + IsPrimary: false, + RawConfig: conf.Config, + State: conf.State, + } + if err := provider.Configure(pCfg); err != nil { return fmt.Errorf("error configuring provider: %v", err) } diff --git a/go.mod b/go.mod index e00c0dbce5..35841bfc14 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,6 @@ require ( github.com/hashicorp/go-memdb v1.0.3 github.com/hashicorp/go-msgpack v0.5.5 github.com/hashicorp/go-multierror v1.0.0 - github.com/hashicorp/go-plugin v1.0.1 github.com/hashicorp/go-raftchunking v0.6.1 github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-syslog v1.0.0 diff --git a/vendor/github.com/hashicorp/go-plugin/.gitignore b/vendor/github.com/hashicorp/go-plugin/.gitignore deleted file mode 100644 index 4befed30a1..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -.DS_Store -.idea diff --git a/vendor/github.com/hashicorp/go-plugin/LICENSE b/vendor/github.com/hashicorp/go-plugin/LICENSE deleted file mode 100644 index 82b4de97c7..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/LICENSE +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/vendor/github.com/hashicorp/go-plugin/README.md b/vendor/github.com/hashicorp/go-plugin/README.md deleted file mode 100644 index fe305ad598..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/README.md +++ /dev/null @@ -1,168 +0,0 @@ -# Go Plugin System over RPC - -`go-plugin` is a Go (golang) plugin system over RPC. It is the plugin system -that has been in use by HashiCorp tooling for over 4 years. While initially -created for [Packer](https://www.packer.io), it is additionally in use by -[Terraform](https://www.terraform.io), [Nomad](https://www.nomadproject.io), and -[Vault](https://www.vaultproject.io). - -While the plugin system is over RPC, it is currently only designed to work -over a local [reliable] network. Plugins over a real network are not supported -and will lead to unexpected behavior. - -This plugin system has been used on millions of machines across many different -projects and has proven to be battle hardened and ready for production use. - -## Features - -The HashiCorp plugin system supports a number of features: - -**Plugins are Go interface implementations.** This makes writing and consuming -plugins feel very natural. To a plugin author: you just implement an -interface as if it were going to run in the same process. For a plugin user: -you just use and call functions on an interface as if it were in the same -process. This plugin system handles the communication in between. - -**Cross-language support.** Plugins can be written (and consumed) by -almost every major language. This library supports serving plugins via -[gRPC](http://www.grpc.io). gRPC-based plugins enable plugins to be written -in any language. - -**Complex arguments and return values are supported.** This library -provides APIs for handling complex arguments and return values such -as interfaces, `io.Reader/Writer`, etc. We do this by giving you a library -(`MuxBroker`) for creating new connections between the client/server to -serve additional interfaces or transfer raw data. - -**Bidirectional communication.** Because the plugin system supports -complex arguments, the host process can send it interface implementations -and the plugin can call back into the host process. - -**Built-in Logging.** Any plugins that use the `log` standard library -will have log data automatically sent to the host process. The host -process will mirror this output prefixed with the path to the plugin -binary. This makes debugging with plugins simple. If the host system -uses [hclog](https://github.com/hashicorp/go-hclog) then the log data -will be structured. If the plugin also uses hclog, logs from the plugin -will be sent to the host hclog and be structured. - -**Protocol Versioning.** A very basic "protocol version" is supported that -can be incremented to invalidate any previous plugins. This is useful when -interface signatures are changing, protocol level changes are necessary, -etc. When a protocol version is incompatible, a human friendly error -message is shown to the end user. - -**Stdout/Stderr Syncing.** While plugins are subprocesses, they can continue -to use stdout/stderr as usual and the output will get mirrored back to -the host process. The host process can control what `io.Writer` these -streams go to to prevent this from happening. - -**TTY Preservation.** Plugin subprocesses are connected to the identical -stdin file descriptor as the host process, allowing software that requires -a TTY to work. For example, a plugin can execute `ssh` and even though there -are multiple subprocesses and RPC happening, it will look and act perfectly -to the end user. - -**Host upgrade while a plugin is running.** Plugins can be "reattached" -so that the host process can be upgraded while the plugin is still running. -This requires the host/plugin to know this is possible and daemonize -properly. `NewClient` takes a `ReattachConfig` to determine if and how to -reattach. - -**Cryptographically Secure Plugins.** Plugins can be verified with an expected -checksum and RPC communications can be configured to use TLS. The host process -must be properly secured to protect this configuration. - -## Architecture - -The HashiCorp plugin system works by launching subprocesses and communicating -over RPC (using standard `net/rpc` or [gRPC](http://www.grpc.io)). A single -connection is made between any plugin and the host process. For net/rpc-based -plugins, we use a [connection multiplexing](https://github.com/hashicorp/yamux) -library to multiplex any other connections on top. For gRPC-based plugins, -the HTTP2 protocol handles multiplexing. - -This architecture has a number of benefits: - - * Plugins can't crash your host process: A panic in a plugin doesn't - panic the plugin user. - - * Plugins are very easy to write: just write a Go application and `go build`. - Or use any other language to write a gRPC server with a tiny amount of - boilerplate to support go-plugin. - - * Plugins are very easy to install: just put the binary in a location where - the host will find it (depends on the host but this library also provides - helpers), and the plugin host handles the rest. - - * Plugins can be relatively secure: The plugin only has access to the - interfaces and args given to it, not to the entire memory space of the - process. Additionally, go-plugin can communicate with the plugin over - TLS. - -## Usage - -To use the plugin system, you must take the following steps. These are -high-level steps that must be done. Examples are available in the -`examples/` directory. - - 1. Choose the interface(s) you want to expose for plugins. - - 2. For each interface, implement an implementation of that interface - that communicates over a `net/rpc` connection or over a - [gRPC](http://www.grpc.io) connection or both. You'll have to implement - both a client and server implementation. - - 3. Create a `Plugin` implementation that knows how to create the RPC - client/server for a given plugin type. - - 4. Plugin authors call `plugin.Serve` to serve a plugin from the - `main` function. - - 5. Plugin users use `plugin.Client` to launch a subprocess and request - an interface implementation over RPC. - -That's it! In practice, step 2 is the most tedious and time consuming step. -Even so, it isn't very difficult and you can see examples in the `examples/` -directory as well as throughout our various open source projects. - -For complete API documentation, see [GoDoc](https://godoc.org/github.com/hashicorp/go-plugin). - -## Roadmap - -Our plugin system is constantly evolving. As we use the plugin system for -new projects or for new features in existing projects, we constantly find -improvements we can make. - -At this point in time, the roadmap for the plugin system is: - -**Semantic Versioning.** Plugins will be able to implement a semantic version. -This plugin system will give host processes a system for constraining -versions. This is in addition to the protocol versioning already present -which is more for larger underlying changes. - -**Plugin fetching.** We will integrate with [go-getter](https://github.com/hashicorp/go-getter) -to support automatic download + install of plugins. Paired with cryptographically -secure plugins (above), we can make this a safe operation for an amazing -user experience. - -## What About Shared Libraries? - -When we started using plugins (late 2012, early 2013), plugins over RPC -were the only option since Go didn't support dynamic library loading. Today, -Go supports the [plugin](https://golang.org/pkg/plugin/) standard library with -a number of limitations. Since 2012, our plugin system has stabilized -from tens of millions of users using it, and has many benefits we've come to -value greatly. - -For example, we use this plugin system in -[Vault](https://www.vaultproject.io) where dynamic library loading is -not acceptable for security reasons. That is an extreme -example, but we believe our library system has more upsides than downsides -over dynamic library loading and since we've had it built and tested for years, -we'll continue to use it. - -Shared libraries have one major advantage over our system which is much -higher performance. In real world scenarios across our various tools, -we've never required any more performance out of our plugin system and it -has seen very high throughput, so this isn't a concern for us at the moment. diff --git a/vendor/github.com/hashicorp/go-plugin/client.go b/vendor/github.com/hashicorp/go-plugin/client.go deleted file mode 100644 index bc56559c63..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/client.go +++ /dev/null @@ -1,1025 +0,0 @@ -package plugin - -import ( - "bufio" - "context" - "crypto/subtle" - "crypto/tls" - "crypto/x509" - "encoding/base64" - "errors" - "fmt" - "hash" - "io" - "io/ioutil" - "net" - "os" - "os/exec" - "path/filepath" - "strconv" - "strings" - "sync" - "sync/atomic" - "time" - - hclog "github.com/hashicorp/go-hclog" -) - -// If this is 1, then we've called CleanupClients. This can be used -// by plugin RPC implementations to change error behavior since you -// can expected network connection errors at this point. This should be -// read by using sync/atomic. -var Killed uint32 = 0 - -// This is a slice of the "managed" clients which are cleaned up when -// calling Cleanup -var managedClients = make([]*Client, 0, 5) -var managedClientsLock sync.Mutex - -// Error types -var ( - // ErrProcessNotFound is returned when a client is instantiated to - // reattach to an existing process and it isn't found. - ErrProcessNotFound = errors.New("Reattachment process not found") - - // ErrChecksumsDoNotMatch is returned when binary's checksum doesn't match - // the one provided in the SecureConfig. - ErrChecksumsDoNotMatch = errors.New("checksums did not match") - - // ErrSecureNoChecksum is returned when an empty checksum is provided to the - // SecureConfig. - ErrSecureConfigNoChecksum = errors.New("no checksum provided") - - // ErrSecureNoHash is returned when a nil Hash object is provided to the - // SecureConfig. - ErrSecureConfigNoHash = errors.New("no hash implementation provided") - - // ErrSecureConfigAndReattach is returned when both Reattach and - // SecureConfig are set. - ErrSecureConfigAndReattach = errors.New("only one of Reattach or SecureConfig can be set") -) - -// Client handles the lifecycle of a plugin application. It launches -// plugins, connects to them, dispenses interface implementations, and handles -// killing the process. -// -// Plugin hosts should use one Client for each plugin executable. To -// dispense a plugin type, use the `Client.Client` function, and then -// cal `Dispense`. This awkward API is mostly historical but is used to split -// the client that deals with subprocess management and the client that -// does RPC management. -// -// See NewClient and ClientConfig for using a Client. -type Client struct { - config *ClientConfig - exited bool - l sync.Mutex - address net.Addr - process *os.Process - client ClientProtocol - protocol Protocol - logger hclog.Logger - doneCtx context.Context - ctxCancel context.CancelFunc - negotiatedVersion int - - // clientWaitGroup is used to manage the lifecycle of the plugin management - // goroutines. - clientWaitGroup sync.WaitGroup - - // stderrWaitGroup is used to prevent the command's Wait() function from - // being called before we've finished reading from the stderr pipe. - stderrWaitGroup sync.WaitGroup - - // processKilled is used for testing only, to flag when the process was - // forcefully killed. - processKilled bool -} - -// NegotiatedVersion returns the protocol version negotiated with the server. -// This is only valid after Start() is called. -func (c *Client) NegotiatedVersion() int { - return c.negotiatedVersion -} - -// ClientConfig is the configuration used to initialize a new -// plugin client. After being used to initialize a plugin client, -// that configuration must not be modified again. -type ClientConfig struct { - // HandshakeConfig is the configuration that must match servers. - HandshakeConfig - - // Plugins are the plugins that can be consumed. - // The implied version of this PluginSet is the Handshake.ProtocolVersion. - Plugins PluginSet - - // VersionedPlugins is a map of PluginSets for specific protocol versions. - // These can be used to negotiate a compatible version between client and - // server. If this is set, Handshake.ProtocolVersion is not required. - VersionedPlugins map[int]PluginSet - - // One of the following must be set, but not both. - // - // Cmd is the unstarted subprocess for starting the plugin. If this is - // set, then the Client starts the plugin process on its own and connects - // to it. - // - // Reattach is configuration for reattaching to an existing plugin process - // that is already running. This isn't common. - Cmd *exec.Cmd - Reattach *ReattachConfig - - // SecureConfig is configuration for verifying the integrity of the - // executable. It can not be used with Reattach. - SecureConfig *SecureConfig - - // TLSConfig is used to enable TLS on the RPC client. - TLSConfig *tls.Config - - // Managed represents if the client should be managed by the - // plugin package or not. If true, then by calling CleanupClients, - // it will automatically be cleaned up. Otherwise, the client - // user is fully responsible for making sure to Kill all plugin - // clients. By default the client is _not_ managed. - Managed bool - - // The minimum and maximum port to use for communicating with - // the subprocess. If not set, this defaults to 10,000 and 25,000 - // respectively. - MinPort, MaxPort uint - - // StartTimeout is the timeout to wait for the plugin to say it - // has started successfully. - StartTimeout time.Duration - - // If non-nil, then the stderr of the client will be written to here - // (as well as the log). This is the original os.Stderr of the subprocess. - // This isn't the output of synced stderr. - Stderr io.Writer - - // SyncStdout, SyncStderr can be set to override the - // respective os.Std* values in the plugin. Care should be taken to - // avoid races here. If these are nil, then this will automatically be - // hooked up to os.Stdin, Stdout, and Stderr, respectively. - // - // If the default values (nil) are used, then this package will not - // sync any of these streams. - SyncStdout io.Writer - SyncStderr io.Writer - - // AllowedProtocols is a list of allowed protocols. If this isn't set, - // then only netrpc is allowed. This is so that older go-plugin systems - // can show friendly errors if they see a plugin with an unknown - // protocol. - // - // By setting this, you can cause an error immediately on plugin start - // if an unsupported protocol is used with a good error message. - // - // If this isn't set at all (nil value), then only net/rpc is accepted. - // This is done for legacy reasons. You must explicitly opt-in to - // new protocols. - AllowedProtocols []Protocol - - // Logger is the logger that the client will used. If none is provided, - // it will default to hclog's default logger. - Logger hclog.Logger - - // AutoMTLS has the client and server automatically negotiate mTLS for - // transport authentication. This ensures that only the original client will - // be allowed to connect to the server, and all other connections will be - // rejected. The client will also refuse to connect to any server that isn't - // the original instance started by the client. - // - // In this mode of operation, the client generates a one-time use tls - // certificate, sends the public x.509 certificate to the new server, and - // the server generates a one-time use tls certificate, and sends the public - // x.509 certificate back to the client. These are used to authenticate all - // rpc connections between the client and server. - // - // Setting AutoMTLS to true implies that the server must support the - // protocol, and correctly negotiate the tls certificates, or a connection - // failure will result. - // - // The client should not set TLSConfig, nor should the server set a - // TLSProvider, because AutoMTLS implies that a new certificate and tls - // configuration will be generated at startup. - // - // You cannot Reattach to a server with this option enabled. - AutoMTLS bool -} - -// ReattachConfig is used to configure a client to reattach to an -// already-running plugin process. You can retrieve this information by -// calling ReattachConfig on Client. -type ReattachConfig struct { - Protocol Protocol - Addr net.Addr - Pid int -} - -// SecureConfig is used to configure a client to verify the integrity of an -// executable before running. It does this by verifying the checksum is -// expected. Hash is used to specify the hashing method to use when checksumming -// the file. The configuration is verified by the client by calling the -// SecureConfig.Check() function. -// -// The host process should ensure the checksum was provided by a trusted and -// authoritative source. The binary should be installed in such a way that it -// can not be modified by an unauthorized user between the time of this check -// and the time of execution. -type SecureConfig struct { - Checksum []byte - Hash hash.Hash -} - -// Check takes the filepath to an executable and returns true if the checksum of -// the file matches the checksum provided in the SecureConfig. -func (s *SecureConfig) Check(filePath string) (bool, error) { - if len(s.Checksum) == 0 { - return false, ErrSecureConfigNoChecksum - } - - if s.Hash == nil { - return false, ErrSecureConfigNoHash - } - - file, err := os.Open(filePath) - if err != nil { - return false, err - } - defer file.Close() - - _, err = io.Copy(s.Hash, file) - if err != nil { - return false, err - } - - sum := s.Hash.Sum(nil) - - return subtle.ConstantTimeCompare(sum, s.Checksum) == 1, nil -} - -// This makes sure all the managed subprocesses are killed and properly -// logged. This should be called before the parent process running the -// plugins exits. -// -// This must only be called _once_. -func CleanupClients() { - // Set the killed to true so that we don't get unexpected panics - atomic.StoreUint32(&Killed, 1) - - // Kill all the managed clients in parallel and use a WaitGroup - // to wait for them all to finish up. - var wg sync.WaitGroup - managedClientsLock.Lock() - for _, client := range managedClients { - wg.Add(1) - - go func(client *Client) { - client.Kill() - wg.Done() - }(client) - } - managedClientsLock.Unlock() - - wg.Wait() -} - -// Creates a new plugin client which manages the lifecycle of an external -// plugin and gets the address for the RPC connection. -// -// The client must be cleaned up at some point by calling Kill(). If -// the client is a managed client (created with NewManagedClient) you -// can just call CleanupClients at the end of your program and they will -// be properly cleaned. -func NewClient(config *ClientConfig) (c *Client) { - if config.MinPort == 0 && config.MaxPort == 0 { - config.MinPort = 10000 - config.MaxPort = 25000 - } - - if config.StartTimeout == 0 { - config.StartTimeout = 1 * time.Minute - } - - if config.Stderr == nil { - config.Stderr = ioutil.Discard - } - - if config.SyncStdout == nil { - config.SyncStdout = ioutil.Discard - } - if config.SyncStderr == nil { - config.SyncStderr = ioutil.Discard - } - - if config.AllowedProtocols == nil { - config.AllowedProtocols = []Protocol{ProtocolNetRPC} - } - - if config.Logger == nil { - config.Logger = hclog.New(&hclog.LoggerOptions{ - Output: hclog.DefaultOutput, - Level: hclog.Trace, - Name: "plugin", - }) - } - - c = &Client{ - config: config, - logger: config.Logger, - } - if config.Managed { - managedClientsLock.Lock() - managedClients = append(managedClients, c) - managedClientsLock.Unlock() - } - - return -} - -// Client returns the protocol client for this connection. -// -// Subsequent calls to this will return the same client. -func (c *Client) Client() (ClientProtocol, error) { - _, err := c.Start() - if err != nil { - return nil, err - } - - c.l.Lock() - defer c.l.Unlock() - - if c.client != nil { - return c.client, nil - } - - switch c.protocol { - case ProtocolNetRPC: - c.client, err = newRPCClient(c) - - case ProtocolGRPC: - c.client, err = newGRPCClient(c.doneCtx, c) - - default: - return nil, fmt.Errorf("unknown server protocol: %s", c.protocol) - } - - if err != nil { - c.client = nil - return nil, err - } - - return c.client, nil -} - -// Tells whether or not the underlying process has exited. -func (c *Client) Exited() bool { - c.l.Lock() - defer c.l.Unlock() - return c.exited -} - -// killed is used in tests to check if a process failed to exit gracefully, and -// needed to be killed. -func (c *Client) killed() bool { - c.l.Lock() - defer c.l.Unlock() - return c.processKilled -} - -// End the executing subprocess (if it is running) and perform any cleanup -// tasks necessary such as capturing any remaining logs and so on. -// -// This method blocks until the process successfully exits. -// -// This method can safely be called multiple times. -func (c *Client) Kill() { - // Grab a lock to read some private fields. - c.l.Lock() - process := c.process - addr := c.address - c.l.Unlock() - - // If there is no process, there is nothing to kill. - if process == nil { - return - } - - defer func() { - // Wait for the all client goroutines to finish. - c.clientWaitGroup.Wait() - - // Make sure there is no reference to the old process after it has been - // killed. - c.l.Lock() - c.process = nil - c.l.Unlock() - }() - - // We need to check for address here. It is possible that the plugin - // started (process != nil) but has no address (addr == nil) if the - // plugin failed at startup. If we do have an address, we need to close - // the plugin net connections. - graceful := false - if addr != nil { - // Close the client to cleanly exit the process. - client, err := c.Client() - if err == nil { - err = client.Close() - - // If there is no error, then we attempt to wait for a graceful - // exit. If there was an error, we assume that graceful cleanup - // won't happen and just force kill. - graceful = err == nil - if err != nil { - // If there was an error just log it. We're going to force - // kill in a moment anyways. - c.logger.Warn("error closing client during Kill", "err", err) - } - } else { - c.logger.Error("client", "error", err) - } - } - - // If we're attempting a graceful exit, then we wait for a short period - // of time to allow that to happen. To wait for this we just wait on the - // doneCh which would be closed if the process exits. - if graceful { - select { - case <-c.doneCtx.Done(): - c.logger.Debug("plugin exited") - return - case <-time.After(2 * time.Second): - } - } - - // If graceful exiting failed, just kill it - c.logger.Warn("plugin failed to exit gracefully") - process.Kill() - - c.l.Lock() - c.processKilled = true - c.l.Unlock() -} - -// Starts the underlying subprocess, communicating with it to negotiate -// a port for RPC connections, and returning the address to connect via RPC. -// -// This method is safe to call multiple times. Subsequent calls have no effect. -// Once a client has been started once, it cannot be started again, even if -// it was killed. -func (c *Client) Start() (addr net.Addr, err error) { - c.l.Lock() - defer c.l.Unlock() - - if c.address != nil { - return c.address, nil - } - - // If one of cmd or reattach isn't set, then it is an error. We wrap - // this in a {} for scoping reasons, and hopeful that the escape - // analysis will pop the stack here. - { - cmdSet := c.config.Cmd != nil - attachSet := c.config.Reattach != nil - secureSet := c.config.SecureConfig != nil - if cmdSet == attachSet { - return nil, fmt.Errorf("Only one of Cmd or Reattach must be set") - } - - if secureSet && attachSet { - return nil, ErrSecureConfigAndReattach - } - } - - if c.config.Reattach != nil { - return c.reattach() - } - - if c.config.VersionedPlugins == nil { - c.config.VersionedPlugins = make(map[int]PluginSet) - } - - // handle all plugins as versioned, using the handshake config as the default. - version := int(c.config.ProtocolVersion) - - // Make sure we're not overwriting a real version 0. If ProtocolVersion was - // non-zero, then we have to just assume the user made sure that - // VersionedPlugins doesn't conflict. - if _, ok := c.config.VersionedPlugins[version]; !ok && c.config.Plugins != nil { - c.config.VersionedPlugins[version] = c.config.Plugins - } - - var versionStrings []string - for v := range c.config.VersionedPlugins { - versionStrings = append(versionStrings, strconv.Itoa(v)) - } - - env := []string{ - fmt.Sprintf("%s=%s", c.config.MagicCookieKey, c.config.MagicCookieValue), - fmt.Sprintf("PLUGIN_MIN_PORT=%d", c.config.MinPort), - fmt.Sprintf("PLUGIN_MAX_PORT=%d", c.config.MaxPort), - fmt.Sprintf("PLUGIN_PROTOCOL_VERSIONS=%s", strings.Join(versionStrings, ",")), - } - - cmd := c.config.Cmd - cmd.Env = append(cmd.Env, os.Environ()...) - cmd.Env = append(cmd.Env, env...) - cmd.Stdin = os.Stdin - - cmdStdout, err := cmd.StdoutPipe() - if err != nil { - return nil, err - } - cmdStderr, err := cmd.StderrPipe() - if err != nil { - return nil, err - } - - if c.config.SecureConfig != nil { - if ok, err := c.config.SecureConfig.Check(cmd.Path); err != nil { - return nil, fmt.Errorf("error verifying checksum: %s", err) - } else if !ok { - return nil, ErrChecksumsDoNotMatch - } - } - - // Setup a temporary certificate for client/server mtls, and send the public - // certificate to the plugin. - if c.config.AutoMTLS { - c.logger.Info("configuring client automatic mTLS") - certPEM, keyPEM, err := generateCert() - if err != nil { - c.logger.Error("failed to generate client certificate", "error", err) - return nil, err - } - cert, err := tls.X509KeyPair(certPEM, keyPEM) - if err != nil { - c.logger.Error("failed to parse client certificate", "error", err) - return nil, err - } - - cmd.Env = append(cmd.Env, fmt.Sprintf("PLUGIN_CLIENT_CERT=%s", certPEM)) - - c.config.TLSConfig = &tls.Config{ - Certificates: []tls.Certificate{cert}, - ServerName: "localhost", - } - } - - c.logger.Debug("starting plugin", "path", cmd.Path, "args", cmd.Args) - err = cmd.Start() - if err != nil { - return - } - - // Set the process - c.process = cmd.Process - c.logger.Debug("plugin started", "path", cmd.Path, "pid", c.process.Pid) - - // Make sure the command is properly cleaned up if there is an error - defer func() { - r := recover() - - if err != nil || r != nil { - cmd.Process.Kill() - } - - if r != nil { - panic(r) - } - }() - - // Create a context for when we kill - c.doneCtx, c.ctxCancel = context.WithCancel(context.Background()) - - // Start goroutine that logs the stderr - c.clientWaitGroup.Add(1) - c.stderrWaitGroup.Add(1) - // logStderr calls Done() - go c.logStderr(cmdStderr) - - c.clientWaitGroup.Add(1) - go func() { - // ensure the context is cancelled when we're done - defer c.ctxCancel() - - defer c.clientWaitGroup.Done() - - // get the cmd info early, since the process information will be removed - // in Kill. - pid := c.process.Pid - path := cmd.Path - - // wait to finish reading from stderr since the stderr pipe reader - // will be closed by the subsequent call to cmd.Wait(). - c.stderrWaitGroup.Wait() - - // Wait for the command to end. - err := cmd.Wait() - - debugMsgArgs := []interface{}{ - "path", path, - "pid", pid, - } - if err != nil { - debugMsgArgs = append(debugMsgArgs, - []interface{}{"error", err.Error()}...) - } - - // Log and make sure to flush the logs write away - c.logger.Debug("plugin process exited", debugMsgArgs...) - os.Stderr.Sync() - - // Set that we exited, which takes a lock - c.l.Lock() - defer c.l.Unlock() - c.exited = true - }() - - // Start a goroutine that is going to be reading the lines - // out of stdout - linesCh := make(chan string) - c.clientWaitGroup.Add(1) - go func() { - defer c.clientWaitGroup.Done() - defer close(linesCh) - - scanner := bufio.NewScanner(cmdStdout) - for scanner.Scan() { - linesCh <- scanner.Text() - } - }() - - // Make sure after we exit we read the lines from stdout forever - // so they don't block since it is a pipe. - // The scanner goroutine above will close this, but track it with a wait - // group for completeness. - c.clientWaitGroup.Add(1) - defer func() { - go func() { - defer c.clientWaitGroup.Done() - for range linesCh { - } - }() - }() - - // Some channels for the next step - timeout := time.After(c.config.StartTimeout) - - // Start looking for the address - c.logger.Debug("waiting for RPC address", "path", cmd.Path) - select { - case <-timeout: - err = errors.New("timeout while waiting for plugin to start") - case <-c.doneCtx.Done(): - err = errors.New("plugin exited before we could connect") - case line := <-linesCh: - // Trim the line and split by "|" in order to get the parts of - // the output. - line = strings.TrimSpace(line) - parts := strings.SplitN(line, "|", 6) - if len(parts) < 4 { - err = fmt.Errorf( - "Unrecognized remote plugin message: %s\n\n"+ - "This usually means that the plugin is either invalid or simply\n"+ - "needs to be recompiled to support the latest protocol.", line) - return - } - - // Check the core protocol. Wrapped in a {} for scoping. - { - var coreProtocol int64 - coreProtocol, err = strconv.ParseInt(parts[0], 10, 0) - if err != nil { - err = fmt.Errorf("Error parsing core protocol version: %s", err) - return - } - - if int(coreProtocol) != CoreProtocolVersion { - err = fmt.Errorf("Incompatible core API version with plugin. "+ - "Plugin version: %s, Core version: %d\n\n"+ - "To fix this, the plugin usually only needs to be recompiled.\n"+ - "Please report this to the plugin author.", parts[0], CoreProtocolVersion) - return - } - } - - // Test the API version - version, pluginSet, err := c.checkProtoVersion(parts[1]) - if err != nil { - return addr, err - } - - // set the Plugins value to the compatible set, so the version - // doesn't need to be passed through to the ClientProtocol - // implementation. - c.config.Plugins = pluginSet - c.negotiatedVersion = version - c.logger.Debug("using plugin", "version", version) - - switch parts[2] { - case "tcp": - addr, err = net.ResolveTCPAddr("tcp", parts[3]) - case "unix": - addr, err = net.ResolveUnixAddr("unix", parts[3]) - default: - err = fmt.Errorf("Unknown address type: %s", parts[3]) - } - - // If we have a server type, then record that. We default to net/rpc - // for backwards compatibility. - c.protocol = ProtocolNetRPC - if len(parts) >= 5 { - c.protocol = Protocol(parts[4]) - } - - found := false - for _, p := range c.config.AllowedProtocols { - if p == c.protocol { - found = true - break - } - } - if !found { - err = fmt.Errorf("Unsupported plugin protocol %q. Supported: %v", - c.protocol, c.config.AllowedProtocols) - return addr, err - } - - // See if we have a TLS certificate from the server. - // Checking if the length is > 50 rules out catching the unused "extra" - // data returned from some older implementations. - if len(parts) >= 6 && len(parts[5]) > 50 { - err := c.loadServerCert(parts[5]) - if err != nil { - return nil, fmt.Errorf("error parsing server cert: %s", err) - } - } - } - - c.address = addr - return -} - -// loadServerCert is used by AutoMTLS to read an x.509 cert returned by the -// server, and load it as the RootCA for the client TLSConfig. -func (c *Client) loadServerCert(cert string) error { - certPool := x509.NewCertPool() - - asn1, err := base64.RawStdEncoding.DecodeString(cert) - if err != nil { - return err - } - - x509Cert, err := x509.ParseCertificate([]byte(asn1)) - if err != nil { - return err - } - - certPool.AddCert(x509Cert) - - c.config.TLSConfig.RootCAs = certPool - return nil -} - -func (c *Client) reattach() (net.Addr, error) { - // Verify the process still exists. If not, then it is an error - p, err := os.FindProcess(c.config.Reattach.Pid) - if err != nil { - return nil, err - } - - // Attempt to connect to the addr since on Unix systems FindProcess - // doesn't actually return an error if it can't find the process. - conn, err := net.Dial( - c.config.Reattach.Addr.Network(), - c.config.Reattach.Addr.String()) - if err != nil { - p.Kill() - return nil, ErrProcessNotFound - } - conn.Close() - - // Create a context for when we kill - c.doneCtx, c.ctxCancel = context.WithCancel(context.Background()) - - c.clientWaitGroup.Add(1) - // Goroutine to mark exit status - go func(pid int) { - defer c.clientWaitGroup.Done() - - // ensure the context is cancelled when we're done - defer c.ctxCancel() - - // Wait for the process to die - pidWait(pid) - - // Log so we can see it - c.logger.Debug("reattached plugin process exited") - - // Mark it - c.l.Lock() - defer c.l.Unlock() - c.exited = true - }(p.Pid) - - // Set the address and process - c.address = c.config.Reattach.Addr - c.process = p - c.protocol = c.config.Reattach.Protocol - if c.protocol == "" { - // Default the protocol to net/rpc for backwards compatibility - c.protocol = ProtocolNetRPC - } - - return c.address, nil -} - -// checkProtoVersion returns the negotiated version and PluginSet. -// This returns an error if the server returned an incompatible protocol -// version, or an invalid handshake response. -func (c *Client) checkProtoVersion(protoVersion string) (int, PluginSet, error) { - serverVersion, err := strconv.Atoi(protoVersion) - if err != nil { - return 0, nil, fmt.Errorf("Error parsing protocol version %q: %s", protoVersion, err) - } - - // record these for the error message - var clientVersions []int - - // all versions, including the legacy ProtocolVersion have been added to - // the versions set - for version, plugins := range c.config.VersionedPlugins { - clientVersions = append(clientVersions, version) - - if serverVersion != version { - continue - } - return version, plugins, nil - } - - return 0, nil, fmt.Errorf("Incompatible API version with plugin. "+ - "Plugin version: %d, Client versions: %d", serverVersion, clientVersions) -} - -// ReattachConfig returns the information that must be provided to NewClient -// to reattach to the plugin process that this client started. This is -// useful for plugins that detach from their parent process. -// -// If this returns nil then the process hasn't been started yet. Please -// call Start or Client before calling this. -func (c *Client) ReattachConfig() *ReattachConfig { - c.l.Lock() - defer c.l.Unlock() - - if c.address == nil { - return nil - } - - if c.config.Cmd != nil && c.config.Cmd.Process == nil { - return nil - } - - // If we connected via reattach, just return the information as-is - if c.config.Reattach != nil { - return c.config.Reattach - } - - return &ReattachConfig{ - Protocol: c.protocol, - Addr: c.address, - Pid: c.config.Cmd.Process.Pid, - } -} - -// Protocol returns the protocol of server on the remote end. This will -// start the plugin process if it isn't already started. Errors from -// starting the plugin are surpressed and ProtocolInvalid is returned. It -// is recommended you call Start explicitly before calling Protocol to ensure -// no errors occur. -func (c *Client) Protocol() Protocol { - _, err := c.Start() - if err != nil { - return ProtocolInvalid - } - - return c.protocol -} - -func netAddrDialer(addr net.Addr) func(string, time.Duration) (net.Conn, error) { - return func(_ string, _ time.Duration) (net.Conn, error) { - // Connect to the client - conn, err := net.Dial(addr.Network(), addr.String()) - if err != nil { - return nil, err - } - if tcpConn, ok := conn.(*net.TCPConn); ok { - // Make sure to set keep alive so that the connection doesn't die - tcpConn.SetKeepAlive(true) - } - - return conn, nil - } -} - -// dialer is compatible with grpc.WithDialer and creates the connection -// to the plugin. -func (c *Client) dialer(_ string, timeout time.Duration) (net.Conn, error) { - conn, err := netAddrDialer(c.address)("", timeout) - if err != nil { - return nil, err - } - - // If we have a TLS config we wrap our connection. We only do this - // for net/rpc since gRPC uses its own mechanism for TLS. - if c.protocol == ProtocolNetRPC && c.config.TLSConfig != nil { - conn = tls.Client(conn, c.config.TLSConfig) - } - - return conn, nil -} - -var stdErrBufferSize = 64 * 1024 - -func (c *Client) logStderr(r io.Reader) { - defer c.clientWaitGroup.Done() - defer c.stderrWaitGroup.Done() - l := c.logger.Named(filepath.Base(c.config.Cmd.Path)) - - reader := bufio.NewReaderSize(r, stdErrBufferSize) - // continuation indicates the previous line was a prefix - continuation := false - - for { - line, isPrefix, err := reader.ReadLine() - switch { - case err == io.EOF: - return - case err != nil: - l.Error("reading plugin stderr", "error", err) - return - } - - c.config.Stderr.Write(line) - - // The line was longer than our max token size, so it's likely - // incomplete and won't unmarshal. - if isPrefix || continuation { - l.Debug(string(line)) - - // if we're finishing a continued line, add the newline back in - if !isPrefix { - c.config.Stderr.Write([]byte{'\n'}) - } - - continuation = isPrefix - continue - } - - c.config.Stderr.Write([]byte{'\n'}) - - entry, err := parseJSON(line) - // If output is not JSON format, print directly to Debug - if err != nil { - // Attempt to infer the desired log level from the commonly used - // string prefixes - switch line := string(line); { - case strings.HasPrefix(line, "[TRACE]"): - l.Trace(line) - case strings.HasPrefix(line, "[DEBUG]"): - l.Debug(line) - case strings.HasPrefix(line, "[INFO]"): - l.Info(line) - case strings.HasPrefix(line, "[WARN]"): - l.Warn(line) - case strings.HasPrefix(line, "[ERROR]"): - l.Error(line) - default: - l.Debug(line) - } - } else { - out := flattenKVPairs(entry.KVPairs) - - out = append(out, "timestamp", entry.Timestamp.Format(hclog.TimeFormat)) - switch hclog.LevelFromString(entry.Level) { - case hclog.Trace: - l.Trace(entry.Message, out...) - case hclog.Debug: - l.Debug(entry.Message, out...) - case hclog.Info: - l.Info(entry.Message, out...) - case hclog.Warn: - l.Warn(entry.Message, out...) - case hclog.Error: - l.Error(entry.Message, out...) - default: - // if there was no log level, it's likely this is unexpected - // json from something other than hclog, and we should output - // it verbatim. - l.Debug(string(line)) - } - } - } -} diff --git a/vendor/github.com/hashicorp/go-plugin/discover.go b/vendor/github.com/hashicorp/go-plugin/discover.go deleted file mode 100644 index d22c566ed5..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/discover.go +++ /dev/null @@ -1,28 +0,0 @@ -package plugin - -import ( - "path/filepath" -) - -// Discover discovers plugins that are in a given directory. -// -// The directory doesn't need to be absolute. For example, "." will work fine. -// -// This currently assumes any file matching the glob is a plugin. -// In the future this may be smarter about checking that a file is -// executable and so on. -// -// TODO: test -func Discover(glob, dir string) ([]string, error) { - var err error - - // Make the directory absolute if it isn't already - if !filepath.IsAbs(dir) { - dir, err = filepath.Abs(dir) - if err != nil { - return nil, err - } - } - - return filepath.Glob(filepath.Join(dir, glob)) -} diff --git a/vendor/github.com/hashicorp/go-plugin/error.go b/vendor/github.com/hashicorp/go-plugin/error.go deleted file mode 100644 index 22a7baa6a0..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/error.go +++ /dev/null @@ -1,24 +0,0 @@ -package plugin - -// This is a type that wraps error types so that they can be messaged -// across RPC channels. Since "error" is an interface, we can't always -// gob-encode the underlying structure. This is a valid error interface -// implementer that we will push across. -type BasicError struct { - Message string -} - -// NewBasicError is used to create a BasicError. -// -// err is allowed to be nil. -func NewBasicError(err error) *BasicError { - if err == nil { - return nil - } - - return &BasicError{err.Error()} -} - -func (e *BasicError) Error() string { - return e.Message -} diff --git a/vendor/github.com/hashicorp/go-plugin/go.mod b/vendor/github.com/hashicorp/go-plugin/go.mod deleted file mode 100644 index f3ddf44e4c..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/go.mod +++ /dev/null @@ -1,17 +0,0 @@ -module github.com/hashicorp/go-plugin - -require ( - github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect - github.com/golang/protobuf v1.2.0 - github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd - github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb - github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 - github.com/oklog/run v1.0.0 - github.com/stretchr/testify v1.3.0 // indirect - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d - golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect - golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc // indirect - golang.org/x/text v0.3.0 // indirect - google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 // indirect - google.golang.org/grpc v1.14.0 -) diff --git a/vendor/github.com/hashicorp/go-plugin/go.sum b/vendor/github.com/hashicorp/go-plugin/go.sum deleted file mode 100644 index 21b14e998d..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/go.sum +++ /dev/null @@ -1,31 +0,0 @@ -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd h1:rNuUHR+CvK1IS89MMtcF0EpcVMZtjKfPRp4MEmt/aTs= -github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= -github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M= -github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= -github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 h1:7GoSOOW2jpsfkntVKaS2rAr1TJqfcxotyaUcuxoZSzg= -github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d h1:g9qWBGx4puODJTMVyoPrpoxPFgVGd+z1DZwjfRu4d0I= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc h1:WiYx1rIFmx8c0mXAFtv5D/mHyKe1+jmuP7PViuwqwuQ= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 h1:Nw54tB0rB7hY/N0NQvRW8DG4Yk3Q6T9cu9RcFQDu1tc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/grpc v1.14.0 h1:ArxJuB1NWfPY6r9Gp9gqwplT0Ge7nqv9msgu03lHLmo= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= diff --git a/vendor/github.com/hashicorp/go-plugin/grpc_broker.go b/vendor/github.com/hashicorp/go-plugin/grpc_broker.go deleted file mode 100644 index daf142d170..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/grpc_broker.go +++ /dev/null @@ -1,457 +0,0 @@ -package plugin - -import ( - "context" - "crypto/tls" - "errors" - "fmt" - "log" - "net" - "sync" - "sync/atomic" - "time" - - "github.com/hashicorp/go-plugin/internal/plugin" - - "github.com/oklog/run" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" -) - -// streamer interface is used in the broker to send/receive connection -// information. -type streamer interface { - Send(*plugin.ConnInfo) error - Recv() (*plugin.ConnInfo, error) - Close() -} - -// sendErr is used to pass errors back during a send. -type sendErr struct { - i *plugin.ConnInfo - ch chan error -} - -// gRPCBrokerServer is used by the plugin to start a stream and to send -// connection information to/from the plugin. Implements GRPCBrokerServer and -// streamer interfaces. -type gRPCBrokerServer struct { - // send is used to send connection info to the gRPC stream. - send chan *sendErr - - // recv is used to receive connection info from the gRPC stream. - recv chan *plugin.ConnInfo - - // quit closes down the stream. - quit chan struct{} - - // o is used to ensure we close the quit channel only once. - o sync.Once -} - -func newGRPCBrokerServer() *gRPCBrokerServer { - return &gRPCBrokerServer{ - send: make(chan *sendErr), - recv: make(chan *plugin.ConnInfo), - quit: make(chan struct{}), - } -} - -// StartStream implements the GRPCBrokerServer interface and will block until -// the quit channel is closed or the context reports Done. The stream will pass -// connection information to/from the client. -func (s *gRPCBrokerServer) StartStream(stream plugin.GRPCBroker_StartStreamServer) error { - doneCh := stream.Context().Done() - defer s.Close() - - // Proccess send stream - go func() { - for { - select { - case <-doneCh: - return - case <-s.quit: - return - case se := <-s.send: - err := stream.Send(se.i) - se.ch <- err - } - } - }() - - // Process receive stream - for { - i, err := stream.Recv() - if err != nil { - return err - } - select { - case <-doneCh: - return nil - case <-s.quit: - return nil - case s.recv <- i: - } - } - - return nil -} - -// Send is used by the GRPCBroker to pass connection information into the stream -// to the client. -func (s *gRPCBrokerServer) Send(i *plugin.ConnInfo) error { - ch := make(chan error) - defer close(ch) - - select { - case <-s.quit: - return errors.New("broker closed") - case s.send <- &sendErr{ - i: i, - ch: ch, - }: - } - - return <-ch -} - -// Recv is used by the GRPCBroker to pass connection information that has been -// sent from the client from the stream to the broker. -func (s *gRPCBrokerServer) Recv() (*plugin.ConnInfo, error) { - select { - case <-s.quit: - return nil, errors.New("broker closed") - case i := <-s.recv: - return i, nil - } -} - -// Close closes the quit channel, shutting down the stream. -func (s *gRPCBrokerServer) Close() { - s.o.Do(func() { - close(s.quit) - }) -} - -// gRPCBrokerClientImpl is used by the client to start a stream and to send -// connection information to/from the client. Implements GRPCBrokerClient and -// streamer interfaces. -type gRPCBrokerClientImpl struct { - // client is the underlying GRPC client used to make calls to the server. - client plugin.GRPCBrokerClient - - // send is used to send connection info to the gRPC stream. - send chan *sendErr - - // recv is used to receive connection info from the gRPC stream. - recv chan *plugin.ConnInfo - - // quit closes down the stream. - quit chan struct{} - - // o is used to ensure we close the quit channel only once. - o sync.Once -} - -func newGRPCBrokerClient(conn *grpc.ClientConn) *gRPCBrokerClientImpl { - return &gRPCBrokerClientImpl{ - client: plugin.NewGRPCBrokerClient(conn), - send: make(chan *sendErr), - recv: make(chan *plugin.ConnInfo), - quit: make(chan struct{}), - } -} - -// StartStream implements the GRPCBrokerClient interface and will block until -// the quit channel is closed or the context reports Done. The stream will pass -// connection information to/from the plugin. -func (s *gRPCBrokerClientImpl) StartStream() error { - ctx, cancelFunc := context.WithCancel(context.Background()) - defer cancelFunc() - defer s.Close() - - stream, err := s.client.StartStream(ctx) - if err != nil { - return err - } - doneCh := stream.Context().Done() - - go func() { - for { - select { - case <-doneCh: - return - case <-s.quit: - return - case se := <-s.send: - err := stream.Send(se.i) - se.ch <- err - } - } - }() - - for { - i, err := stream.Recv() - if err != nil { - return err - } - select { - case <-doneCh: - return nil - case <-s.quit: - return nil - case s.recv <- i: - } - } - - return nil -} - -// Send is used by the GRPCBroker to pass connection information into the stream -// to the plugin. -func (s *gRPCBrokerClientImpl) Send(i *plugin.ConnInfo) error { - ch := make(chan error) - defer close(ch) - - select { - case <-s.quit: - return errors.New("broker closed") - case s.send <- &sendErr{ - i: i, - ch: ch, - }: - } - - return <-ch -} - -// Recv is used by the GRPCBroker to pass connection information that has been -// sent from the plugin to the broker. -func (s *gRPCBrokerClientImpl) Recv() (*plugin.ConnInfo, error) { - select { - case <-s.quit: - return nil, errors.New("broker closed") - case i := <-s.recv: - return i, nil - } -} - -// Close closes the quit channel, shutting down the stream. -func (s *gRPCBrokerClientImpl) Close() { - s.o.Do(func() { - close(s.quit) - }) -} - -// GRPCBroker is responsible for brokering connections by unique ID. -// -// It is used by plugins to create multiple gRPC connections and data -// streams between the plugin process and the host process. -// -// This allows a plugin to request a channel with a specific ID to connect to -// or accept a connection from, and the broker handles the details of -// holding these channels open while they're being negotiated. -// -// The Plugin interface has access to these for both Server and Client. -// The broker can be used by either (optionally) to reserve and connect to -// new streams. This is useful for complex args and return values, -// or anything else you might need a data stream for. -type GRPCBroker struct { - nextId uint32 - streamer streamer - streams map[uint32]*gRPCBrokerPending - tls *tls.Config - doneCh chan struct{} - o sync.Once - - sync.Mutex -} - -type gRPCBrokerPending struct { - ch chan *plugin.ConnInfo - doneCh chan struct{} -} - -func newGRPCBroker(s streamer, tls *tls.Config) *GRPCBroker { - return &GRPCBroker{ - streamer: s, - streams: make(map[uint32]*gRPCBrokerPending), - tls: tls, - doneCh: make(chan struct{}), - } -} - -// Accept accepts a connection by ID. -// -// This should not be called multiple times with the same ID at one time. -func (b *GRPCBroker) Accept(id uint32) (net.Listener, error) { - listener, err := serverListener() - if err != nil { - return nil, err - } - - err = b.streamer.Send(&plugin.ConnInfo{ - ServiceId: id, - Network: listener.Addr().Network(), - Address: listener.Addr().String(), - }) - if err != nil { - return nil, err - } - - return listener, nil -} - -// AcceptAndServe is used to accept a specific stream ID and immediately -// serve a gRPC server on that stream ID. This is used to easily serve -// complex arguments. Each AcceptAndServe call opens a new listener socket and -// sends the connection info down the stream to the dialer. Since a new -// connection is opened every call, these calls should be used sparingly. -// Multiple gRPC server implementations can be registered to a single -// AcceptAndServe call. -func (b *GRPCBroker) AcceptAndServe(id uint32, s func([]grpc.ServerOption) *grpc.Server) { - listener, err := b.Accept(id) - if err != nil { - log.Printf("[ERR] plugin: plugin acceptAndServe error: %s", err) - return - } - defer listener.Close() - - var opts []grpc.ServerOption - if b.tls != nil { - opts = []grpc.ServerOption{grpc.Creds(credentials.NewTLS(b.tls))} - } - - server := s(opts) - - // Here we use a run group to close this goroutine if the server is shutdown - // or the broker is shutdown. - var g run.Group - { - // Serve on the listener, if shutting down call GracefulStop. - g.Add(func() error { - return server.Serve(listener) - }, func(err error) { - server.GracefulStop() - }) - } - { - // block on the closeCh or the doneCh. If we are shutting down close the - // closeCh. - closeCh := make(chan struct{}) - g.Add(func() error { - select { - case <-b.doneCh: - case <-closeCh: - } - return nil - }, func(err error) { - close(closeCh) - }) - } - - // Block until we are done - g.Run() -} - -// Close closes the stream and all servers. -func (b *GRPCBroker) Close() error { - b.streamer.Close() - b.o.Do(func() { - close(b.doneCh) - }) - return nil -} - -// Dial opens a connection by ID. -func (b *GRPCBroker) Dial(id uint32) (conn *grpc.ClientConn, err error) { - var c *plugin.ConnInfo - - // Open the stream - p := b.getStream(id) - select { - case c = <-p.ch: - close(p.doneCh) - case <-time.After(5 * time.Second): - return nil, fmt.Errorf("timeout waiting for connection info") - } - - var addr net.Addr - switch c.Network { - case "tcp": - addr, err = net.ResolveTCPAddr("tcp", c.Address) - case "unix": - addr, err = net.ResolveUnixAddr("unix", c.Address) - default: - err = fmt.Errorf("Unknown address type: %s", c.Address) - } - if err != nil { - return nil, err - } - - return dialGRPCConn(b.tls, netAddrDialer(addr)) -} - -// NextId returns a unique ID to use next. -// -// It is possible for very long-running plugin hosts to wrap this value, -// though it would require a very large amount of calls. In practice -// we've never seen it happen. -func (m *GRPCBroker) NextId() uint32 { - return atomic.AddUint32(&m.nextId, 1) -} - -// Run starts the brokering and should be executed in a goroutine, since it -// blocks forever, or until the session closes. -// -// Uses of GRPCBroker never need to call this. It is called internally by -// the plugin host/client. -func (m *GRPCBroker) Run() { - for { - stream, err := m.streamer.Recv() - if err != nil { - // Once we receive an error, just exit - break - } - - // Initialize the waiter - p := m.getStream(stream.ServiceId) - select { - case p.ch <- stream: - default: - } - - go m.timeoutWait(stream.ServiceId, p) - } -} - -func (m *GRPCBroker) getStream(id uint32) *gRPCBrokerPending { - m.Lock() - defer m.Unlock() - - p, ok := m.streams[id] - if ok { - return p - } - - m.streams[id] = &gRPCBrokerPending{ - ch: make(chan *plugin.ConnInfo, 1), - doneCh: make(chan struct{}), - } - return m.streams[id] -} - -func (m *GRPCBroker) timeoutWait(id uint32, p *gRPCBrokerPending) { - // Wait for the stream to either be picked up and connected, or - // for a timeout. - select { - case <-p.doneCh: - case <-time.After(5 * time.Second): - } - - m.Lock() - defer m.Unlock() - - // Delete the stream so no one else can grab it - delete(m.streams, id) -} diff --git a/vendor/github.com/hashicorp/go-plugin/grpc_client.go b/vendor/github.com/hashicorp/go-plugin/grpc_client.go deleted file mode 100644 index d0d0d8e20b..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/grpc_client.go +++ /dev/null @@ -1,117 +0,0 @@ -package plugin - -import ( - "crypto/tls" - "fmt" - "math" - "net" - "time" - - "github.com/hashicorp/go-plugin/internal/plugin" - "golang.org/x/net/context" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/health/grpc_health_v1" -) - -func dialGRPCConn(tls *tls.Config, dialer func(string, time.Duration) (net.Conn, error)) (*grpc.ClientConn, error) { - // Build dialing options. - opts := make([]grpc.DialOption, 0, 5) - - // We use a custom dialer so that we can connect over unix domain sockets. - opts = append(opts, grpc.WithDialer(dialer)) - - // Fail right away - opts = append(opts, grpc.FailOnNonTempDialError(true)) - - // If we have no TLS configuration set, we need to explicitly tell grpc - // that we're connecting with an insecure connection. - if tls == nil { - opts = append(opts, grpc.WithInsecure()) - } else { - opts = append(opts, grpc.WithTransportCredentials( - credentials.NewTLS(tls))) - } - - opts = append(opts, - grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(math.MaxInt32)), - grpc.WithDefaultCallOptions(grpc.MaxCallSendMsgSize(math.MaxInt32))) - - - // Connect. Note the first parameter is unused because we use a custom - // dialer that has the state to see the address. - conn, err := grpc.Dial("unused", opts...) - if err != nil { - return nil, err - } - - return conn, nil -} - -// newGRPCClient creates a new GRPCClient. The Client argument is expected -// to be successfully started already with a lock held. -func newGRPCClient(doneCtx context.Context, c *Client) (*GRPCClient, error) { - conn, err := dialGRPCConn(c.config.TLSConfig, c.dialer) - if err != nil { - return nil, err - } - - // Start the broker. - brokerGRPCClient := newGRPCBrokerClient(conn) - broker := newGRPCBroker(brokerGRPCClient, c.config.TLSConfig) - go broker.Run() - go brokerGRPCClient.StartStream() - - cl := &GRPCClient{ - Conn: conn, - Plugins: c.config.Plugins, - doneCtx: doneCtx, - broker: broker, - controller: plugin.NewGRPCControllerClient(conn), - } - - return cl, nil -} - -// GRPCClient connects to a GRPCServer over gRPC to dispense plugin types. -type GRPCClient struct { - Conn *grpc.ClientConn - Plugins map[string]Plugin - - doneCtx context.Context - broker *GRPCBroker - - controller plugin.GRPCControllerClient -} - -// ClientProtocol impl. -func (c *GRPCClient) Close() error { - c.broker.Close() - c.controller.Shutdown(c.doneCtx, &plugin.Empty{}) - return c.Conn.Close() -} - -// ClientProtocol impl. -func (c *GRPCClient) Dispense(name string) (interface{}, error) { - raw, ok := c.Plugins[name] - if !ok { - return nil, fmt.Errorf("unknown plugin type: %s", name) - } - - p, ok := raw.(GRPCPlugin) - if !ok { - return nil, fmt.Errorf("plugin %q doesn't support gRPC", name) - } - - return p.GRPCClient(c.doneCtx, c.broker, c.Conn) -} - -// ClientProtocol impl. -func (c *GRPCClient) Ping() error { - client := grpc_health_v1.NewHealthClient(c.Conn) - _, err := client.Check(context.Background(), &grpc_health_v1.HealthCheckRequest{ - Service: GRPCServiceName, - }) - - return err -} diff --git a/vendor/github.com/hashicorp/go-plugin/grpc_controller.go b/vendor/github.com/hashicorp/go-plugin/grpc_controller.go deleted file mode 100644 index 1a8a8e70ea..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/grpc_controller.go +++ /dev/null @@ -1,23 +0,0 @@ -package plugin - -import ( - "context" - - "github.com/hashicorp/go-plugin/internal/plugin" -) - -// GRPCControllerServer handles shutdown calls to terminate the server when the -// plugin client is closed. -type grpcControllerServer struct { - server *GRPCServer -} - -// Shutdown stops the grpc server. It first will attempt a graceful stop, then a -// full stop on the server. -func (s *grpcControllerServer) Shutdown(ctx context.Context, _ *plugin.Empty) (*plugin.Empty, error) { - resp := &plugin.Empty{} - - // TODO: figure out why GracefullStop doesn't work. - s.server.Stop() - return resp, nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/grpc_server.go b/vendor/github.com/hashicorp/go-plugin/grpc_server.go deleted file mode 100644 index d3dbf1cedc..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/grpc_server.go +++ /dev/null @@ -1,142 +0,0 @@ -package plugin - -import ( - "bytes" - "crypto/tls" - "encoding/json" - "fmt" - "io" - "net" - - hclog "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-plugin/internal/plugin" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/health" - "google.golang.org/grpc/health/grpc_health_v1" -) - -// GRPCServiceName is the name of the service that the health check should -// return as passing. -const GRPCServiceName = "plugin" - -// DefaultGRPCServer can be used with the "GRPCServer" field for Server -// as a default factory method to create a gRPC server with no extra options. -func DefaultGRPCServer(opts []grpc.ServerOption) *grpc.Server { - return grpc.NewServer(opts...) -} - -// GRPCServer is a ServerType implementation that serves plugins over -// gRPC. This allows plugins to easily be written for other languages. -// -// The GRPCServer outputs a custom configuration as a base64-encoded -// JSON structure represented by the GRPCServerConfig config structure. -type GRPCServer struct { - // Plugins are the list of plugins to serve. - Plugins map[string]Plugin - - // Server is the actual server that will accept connections. This - // will be used for plugin registration as well. - Server func([]grpc.ServerOption) *grpc.Server - - // TLS should be the TLS configuration if available. If this is nil, - // the connection will not have transport security. - TLS *tls.Config - - // DoneCh is the channel that is closed when this server has exited. - DoneCh chan struct{} - - // Stdout/StderrLis are the readers for stdout/stderr that will be copied - // to the stdout/stderr connection that is output. - Stdout io.Reader - Stderr io.Reader - - config GRPCServerConfig - server *grpc.Server - broker *GRPCBroker - - logger hclog.Logger -} - -// ServerProtocol impl. -func (s *GRPCServer) Init() error { - // Create our server - var opts []grpc.ServerOption - if s.TLS != nil { - opts = append(opts, grpc.Creds(credentials.NewTLS(s.TLS))) - } - s.server = s.Server(opts) - - // Register the health service - healthCheck := health.NewServer() - healthCheck.SetServingStatus( - GRPCServiceName, grpc_health_v1.HealthCheckResponse_SERVING) - grpc_health_v1.RegisterHealthServer(s.server, healthCheck) - - // Register the broker service - brokerServer := newGRPCBrokerServer() - plugin.RegisterGRPCBrokerServer(s.server, brokerServer) - s.broker = newGRPCBroker(brokerServer, s.TLS) - go s.broker.Run() - - // Register the controller - controllerServer := &grpcControllerServer{ - server: s, - } - plugin.RegisterGRPCControllerServer(s.server, controllerServer) - - // Register all our plugins onto the gRPC server. - for k, raw := range s.Plugins { - p, ok := raw.(GRPCPlugin) - if !ok { - return fmt.Errorf("%q is not a GRPC-compatible plugin", k) - } - - if err := p.GRPCServer(s.broker, s.server); err != nil { - return fmt.Errorf("error registering %q: %s", k, err) - } - } - - return nil -} - -// Stop calls Stop on the underlying grpc.Server -func (s *GRPCServer) Stop() { - s.server.Stop() -} - -// GracefulStop calls GracefulStop on the underlying grpc.Server -func (s *GRPCServer) GracefulStop() { - s.server.GracefulStop() -} - -// Config is the GRPCServerConfig encoded as JSON then base64. -func (s *GRPCServer) Config() string { - // Create a buffer that will contain our final contents - var buf bytes.Buffer - - // Wrap the base64 encoding with JSON encoding. - if err := json.NewEncoder(&buf).Encode(s.config); err != nil { - // We panic since ths shouldn't happen under any scenario. We - // carefully control the structure being encoded here and it should - // always be successful. - panic(err) - } - - return buf.String() -} - -func (s *GRPCServer) Serve(lis net.Listener) { - defer close(s.DoneCh) - err := s.server.Serve(lis) - if err != nil { - s.logger.Error("grpc server", "error", err) - } -} - -// GRPCServerConfig is the extra configuration passed along for consumers -// to facilitate using GRPC plugins. -type GRPCServerConfig struct { - StdoutAddr string `json:"stdout_addr"` - StderrAddr string `json:"stderr_addr"` -} diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/gen.go b/vendor/github.com/hashicorp/go-plugin/internal/plugin/gen.go deleted file mode 100644 index aa2fdc8138..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/gen.go +++ /dev/null @@ -1,3 +0,0 @@ -//go:generate protoc -I ./ ./grpc_broker.proto ./grpc_controller.proto --go_out=plugins=grpc:. - -package plugin diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.pb.go b/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.pb.go deleted file mode 100644 index b6850aa59e..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.pb.go +++ /dev/null @@ -1,203 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: grpc_broker.proto - -package plugin - -import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" - context "golang.org/x/net/context" - grpc "google.golang.org/grpc" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package - -type ConnInfo struct { - ServiceId uint32 `protobuf:"varint,1,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"` - Network string `protobuf:"bytes,2,opt,name=network,proto3" json:"network,omitempty"` - Address string `protobuf:"bytes,3,opt,name=address,proto3" json:"address,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ConnInfo) Reset() { *m = ConnInfo{} } -func (m *ConnInfo) String() string { return proto.CompactTextString(m) } -func (*ConnInfo) ProtoMessage() {} -func (*ConnInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_802e9beed3ec3b28, []int{0} -} - -func (m *ConnInfo) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ConnInfo.Unmarshal(m, b) -} -func (m *ConnInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ConnInfo.Marshal(b, m, deterministic) -} -func (m *ConnInfo) XXX_Merge(src proto.Message) { - xxx_messageInfo_ConnInfo.Merge(m, src) -} -func (m *ConnInfo) XXX_Size() int { - return xxx_messageInfo_ConnInfo.Size(m) -} -func (m *ConnInfo) XXX_DiscardUnknown() { - xxx_messageInfo_ConnInfo.DiscardUnknown(m) -} - -var xxx_messageInfo_ConnInfo proto.InternalMessageInfo - -func (m *ConnInfo) GetServiceId() uint32 { - if m != nil { - return m.ServiceId - } - return 0 -} - -func (m *ConnInfo) GetNetwork() string { - if m != nil { - return m.Network - } - return "" -} - -func (m *ConnInfo) GetAddress() string { - if m != nil { - return m.Address - } - return "" -} - -func init() { - proto.RegisterType((*ConnInfo)(nil), "plugin.ConnInfo") -} - -func init() { proto.RegisterFile("grpc_broker.proto", fileDescriptor_802e9beed3ec3b28) } - -var fileDescriptor_802e9beed3ec3b28 = []byte{ - // 175 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4c, 0x2f, 0x2a, 0x48, - 0x8e, 0x4f, 0x2a, 0xca, 0xcf, 0x4e, 0x2d, 0xd2, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x2b, - 0xc8, 0x29, 0x4d, 0xcf, 0xcc, 0x53, 0x8a, 0xe5, 0xe2, 0x70, 0xce, 0xcf, 0xcb, 0xf3, 0xcc, 0x4b, - 0xcb, 0x17, 0x92, 0xe5, 0xe2, 0x2a, 0x4e, 0x2d, 0x2a, 0xcb, 0x4c, 0x4e, 0x8d, 0xcf, 0x4c, 0x91, - 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x0d, 0xe2, 0x84, 0x8a, 0x78, 0xa6, 0x08, 0x49, 0x70, 0xb1, 0xe7, - 0xa5, 0x96, 0x94, 0xe7, 0x17, 0x65, 0x4b, 0x30, 0x29, 0x30, 0x6a, 0x70, 0x06, 0xc1, 0xb8, 0x20, - 0x99, 0xc4, 0x94, 0x94, 0xa2, 0xd4, 0xe2, 0x62, 0x09, 0x66, 0x88, 0x0c, 0x94, 0x6b, 0xe4, 0xcc, - 0xc5, 0xe5, 0x1e, 0x14, 0xe0, 0xec, 0x04, 0xb6, 0x5a, 0xc8, 0x94, 0x8b, 0x3b, 0xb8, 0x24, 0xb1, - 0xa8, 0x24, 0xb8, 0xa4, 0x28, 0x35, 0x31, 0x57, 0x48, 0x40, 0x0f, 0xe2, 0x08, 0x3d, 0x98, 0x0b, - 0xa4, 0x30, 0x44, 0x34, 0x18, 0x0d, 0x18, 0x9d, 0x38, 0xa2, 0xa0, 0xae, 0x4d, 0x62, 0x03, 0x3b, - 0xde, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0x10, 0x15, 0x39, 0x47, 0xd1, 0x00, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// GRPCBrokerClient is the client API for GRPCBroker service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type GRPCBrokerClient interface { - StartStream(ctx context.Context, opts ...grpc.CallOption) (GRPCBroker_StartStreamClient, error) -} - -type gRPCBrokerClient struct { - cc *grpc.ClientConn -} - -func NewGRPCBrokerClient(cc *grpc.ClientConn) GRPCBrokerClient { - return &gRPCBrokerClient{cc} -} - -func (c *gRPCBrokerClient) StartStream(ctx context.Context, opts ...grpc.CallOption) (GRPCBroker_StartStreamClient, error) { - stream, err := c.cc.NewStream(ctx, &_GRPCBroker_serviceDesc.Streams[0], "/plugin.GRPCBroker/StartStream", opts...) - if err != nil { - return nil, err - } - x := &gRPCBrokerStartStreamClient{stream} - return x, nil -} - -type GRPCBroker_StartStreamClient interface { - Send(*ConnInfo) error - Recv() (*ConnInfo, error) - grpc.ClientStream -} - -type gRPCBrokerStartStreamClient struct { - grpc.ClientStream -} - -func (x *gRPCBrokerStartStreamClient) Send(m *ConnInfo) error { - return x.ClientStream.SendMsg(m) -} - -func (x *gRPCBrokerStartStreamClient) Recv() (*ConnInfo, error) { - m := new(ConnInfo) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -// GRPCBrokerServer is the server API for GRPCBroker service. -type GRPCBrokerServer interface { - StartStream(GRPCBroker_StartStreamServer) error -} - -func RegisterGRPCBrokerServer(s *grpc.Server, srv GRPCBrokerServer) { - s.RegisterService(&_GRPCBroker_serviceDesc, srv) -} - -func _GRPCBroker_StartStream_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(GRPCBrokerServer).StartStream(&gRPCBrokerStartStreamServer{stream}) -} - -type GRPCBroker_StartStreamServer interface { - Send(*ConnInfo) error - Recv() (*ConnInfo, error) - grpc.ServerStream -} - -type gRPCBrokerStartStreamServer struct { - grpc.ServerStream -} - -func (x *gRPCBrokerStartStreamServer) Send(m *ConnInfo) error { - return x.ServerStream.SendMsg(m) -} - -func (x *gRPCBrokerStartStreamServer) Recv() (*ConnInfo, error) { - m := new(ConnInfo) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -var _GRPCBroker_serviceDesc = grpc.ServiceDesc{ - ServiceName: "plugin.GRPCBroker", - HandlerType: (*GRPCBrokerServer)(nil), - Methods: []grpc.MethodDesc{}, - Streams: []grpc.StreamDesc{ - { - StreamName: "StartStream", - Handler: _GRPCBroker_StartStream_Handler, - ServerStreams: true, - ClientStreams: true, - }, - }, - Metadata: "grpc_broker.proto", -} diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.proto b/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.proto deleted file mode 100644 index 3fa79e8ac0..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.proto +++ /dev/null @@ -1,15 +0,0 @@ -syntax = "proto3"; -package plugin; -option go_package = "plugin"; - -message ConnInfo { - uint32 service_id = 1; - string network = 2; - string address = 3; -} - -service GRPCBroker { - rpc StartStream(stream ConnInfo) returns (stream ConnInfo); -} - - diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.pb.go b/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.pb.go deleted file mode 100644 index 38b4204326..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.pb.go +++ /dev/null @@ -1,143 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: grpc_controller.proto - -package plugin - -import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" - context "golang.org/x/net/context" - grpc "google.golang.org/grpc" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package - -type Empty struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Empty) Reset() { *m = Empty{} } -func (m *Empty) String() string { return proto.CompactTextString(m) } -func (*Empty) ProtoMessage() {} -func (*Empty) Descriptor() ([]byte, []int) { - return fileDescriptor_23c2c7e42feab570, []int{0} -} - -func (m *Empty) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Empty.Unmarshal(m, b) -} -func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Empty.Marshal(b, m, deterministic) -} -func (m *Empty) XXX_Merge(src proto.Message) { - xxx_messageInfo_Empty.Merge(m, src) -} -func (m *Empty) XXX_Size() int { - return xxx_messageInfo_Empty.Size(m) -} -func (m *Empty) XXX_DiscardUnknown() { - xxx_messageInfo_Empty.DiscardUnknown(m) -} - -var xxx_messageInfo_Empty proto.InternalMessageInfo - -func init() { - proto.RegisterType((*Empty)(nil), "plugin.Empty") -} - -func init() { proto.RegisterFile("grpc_controller.proto", fileDescriptor_23c2c7e42feab570) } - -var fileDescriptor_23c2c7e42feab570 = []byte{ - // 108 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4d, 0x2f, 0x2a, 0x48, - 0x8e, 0x4f, 0xce, 0xcf, 0x2b, 0x29, 0xca, 0xcf, 0xc9, 0x49, 0x2d, 0xd2, 0x2b, 0x28, 0xca, 0x2f, - 0xc9, 0x17, 0x62, 0x2b, 0xc8, 0x29, 0x4d, 0xcf, 0xcc, 0x53, 0x62, 0xe7, 0x62, 0x75, 0xcd, 0x2d, - 0x28, 0xa9, 0x34, 0xb2, 0xe2, 0xe2, 0x73, 0x0f, 0x0a, 0x70, 0x76, 0x86, 0x2b, 0x14, 0xd2, 0xe0, - 0xe2, 0x08, 0xce, 0x28, 0x2d, 0x49, 0xc9, 0x2f, 0xcf, 0x13, 0xe2, 0xd5, 0x83, 0xa8, 0xd7, 0x03, - 0x2b, 0x96, 0x42, 0xe5, 0x3a, 0x71, 0x44, 0x41, 0x8d, 0x4b, 0x62, 0x03, 0x9b, 0x6e, 0x0c, 0x08, - 0x00, 0x00, 0xff, 0xff, 0xab, 0x7c, 0x27, 0xe5, 0x76, 0x00, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// GRPCControllerClient is the client API for GRPCController service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type GRPCControllerClient interface { - Shutdown(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) -} - -type gRPCControllerClient struct { - cc *grpc.ClientConn -} - -func NewGRPCControllerClient(cc *grpc.ClientConn) GRPCControllerClient { - return &gRPCControllerClient{cc} -} - -func (c *gRPCControllerClient) Shutdown(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.GRPCController/Shutdown", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// GRPCControllerServer is the server API for GRPCController service. -type GRPCControllerServer interface { - Shutdown(context.Context, *Empty) (*Empty, error) -} - -func RegisterGRPCControllerServer(s *grpc.Server, srv GRPCControllerServer) { - s.RegisterService(&_GRPCController_serviceDesc, srv) -} - -func _GRPCController_Shutdown_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(GRPCControllerServer).Shutdown(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.GRPCController/Shutdown", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(GRPCControllerServer).Shutdown(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -var _GRPCController_serviceDesc = grpc.ServiceDesc{ - ServiceName: "plugin.GRPCController", - HandlerType: (*GRPCControllerServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Shutdown", - Handler: _GRPCController_Shutdown_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "grpc_controller.proto", -} diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.proto b/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.proto deleted file mode 100644 index 345d0a1c1f..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.proto +++ /dev/null @@ -1,11 +0,0 @@ -syntax = "proto3"; -package plugin; -option go_package = "plugin"; - -message Empty { -} - -// The GRPCController is responsible for telling the plugin server to shutdown. -service GRPCController { - rpc Shutdown(Empty) returns (Empty); -} diff --git a/vendor/github.com/hashicorp/go-plugin/log_entry.go b/vendor/github.com/hashicorp/go-plugin/log_entry.go deleted file mode 100644 index fb2ef930ca..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/log_entry.go +++ /dev/null @@ -1,73 +0,0 @@ -package plugin - -import ( - "encoding/json" - "time" -) - -// logEntry is the JSON payload that gets sent to Stderr from the plugin to the host -type logEntry struct { - Message string `json:"@message"` - Level string `json:"@level"` - Timestamp time.Time `json:"timestamp"` - KVPairs []*logEntryKV `json:"kv_pairs"` -} - -// logEntryKV is a key value pair within the Output payload -type logEntryKV struct { - Key string `json:"key"` - Value interface{} `json:"value"` -} - -// flattenKVPairs is used to flatten KVPair slice into []interface{} -// for hclog consumption. -func flattenKVPairs(kvs []*logEntryKV) []interface{} { - var result []interface{} - for _, kv := range kvs { - result = append(result, kv.Key) - result = append(result, kv.Value) - } - - return result -} - -// parseJSON handles parsing JSON output -func parseJSON(input []byte) (*logEntry, error) { - var raw map[string]interface{} - entry := &logEntry{} - - err := json.Unmarshal(input, &raw) - if err != nil { - return nil, err - } - - // Parse hclog-specific objects - if v, ok := raw["@message"]; ok { - entry.Message = v.(string) - delete(raw, "@message") - } - - if v, ok := raw["@level"]; ok { - entry.Level = v.(string) - delete(raw, "@level") - } - - if v, ok := raw["@timestamp"]; ok { - t, err := time.Parse("2006-01-02T15:04:05.000000Z07:00", v.(string)) - if err != nil { - return nil, err - } - entry.Timestamp = t - delete(raw, "@timestamp") - } - - // Parse dynamic KV args from the hclog payload. - for k, v := range raw { - entry.KVPairs = append(entry.KVPairs, &logEntryKV{ - Key: k, - Value: v, - }) - } - - return entry, nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/mtls.go b/vendor/github.com/hashicorp/go-plugin/mtls.go deleted file mode 100644 index 8895524587..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/mtls.go +++ /dev/null @@ -1,73 +0,0 @@ -package plugin - -import ( - "bytes" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "math/big" - "time" -) - -// generateCert generates a temporary certificate for plugin authentication. The -// certificate and private key are returns in PEM format. -func generateCert() (cert []byte, privateKey []byte, err error) { - key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) - if err != nil { - return nil, nil, err - } - - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - sn, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - return nil, nil, err - } - - host := "localhost" - - template := &x509.Certificate{ - Subject: pkix.Name{ - CommonName: host, - Organization: []string{"HashiCorp"}, - }, - DNSNames: []string{host}, - ExtKeyUsage: []x509.ExtKeyUsage{ - x509.ExtKeyUsageClientAuth, - x509.ExtKeyUsageServerAuth, - }, - KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement | x509.KeyUsageCertSign, - BasicConstraintsValid: true, - SerialNumber: sn, - NotBefore: time.Now().Add(-30 * time.Second), - NotAfter: time.Now().Add(262980 * time.Hour), - IsCA: true, - } - - der, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key) - if err != nil { - return nil, nil, err - } - - var certOut bytes.Buffer - if err := pem.Encode(&certOut, &pem.Block{Type: "CERTIFICATE", Bytes: der}); err != nil { - return nil, nil, err - } - - keyBytes, err := x509.MarshalECPrivateKey(key) - if err != nil { - return nil, nil, err - } - - var keyOut bytes.Buffer - if err := pem.Encode(&keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes}); err != nil { - return nil, nil, err - } - - cert = certOut.Bytes() - privateKey = keyOut.Bytes() - - return cert, privateKey, nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/mux_broker.go b/vendor/github.com/hashicorp/go-plugin/mux_broker.go deleted file mode 100644 index 01c45ad7c6..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/mux_broker.go +++ /dev/null @@ -1,204 +0,0 @@ -package plugin - -import ( - "encoding/binary" - "fmt" - "log" - "net" - "sync" - "sync/atomic" - "time" - - "github.com/hashicorp/yamux" -) - -// MuxBroker is responsible for brokering multiplexed connections by unique ID. -// -// It is used by plugins to multiplex multiple RPC connections and data -// streams on top of a single connection between the plugin process and the -// host process. -// -// This allows a plugin to request a channel with a specific ID to connect to -// or accept a connection from, and the broker handles the details of -// holding these channels open while they're being negotiated. -// -// The Plugin interface has access to these for both Server and Client. -// The broker can be used by either (optionally) to reserve and connect to -// new multiplexed streams. This is useful for complex args and return values, -// or anything else you might need a data stream for. -type MuxBroker struct { - nextId uint32 - session *yamux.Session - streams map[uint32]*muxBrokerPending - - sync.Mutex -} - -type muxBrokerPending struct { - ch chan net.Conn - doneCh chan struct{} -} - -func newMuxBroker(s *yamux.Session) *MuxBroker { - return &MuxBroker{ - session: s, - streams: make(map[uint32]*muxBrokerPending), - } -} - -// Accept accepts a connection by ID. -// -// This should not be called multiple times with the same ID at one time. -func (m *MuxBroker) Accept(id uint32) (net.Conn, error) { - var c net.Conn - p := m.getStream(id) - select { - case c = <-p.ch: - close(p.doneCh) - case <-time.After(5 * time.Second): - m.Lock() - defer m.Unlock() - delete(m.streams, id) - - return nil, fmt.Errorf("timeout waiting for accept") - } - - // Ack our connection - if err := binary.Write(c, binary.LittleEndian, id); err != nil { - c.Close() - return nil, err - } - - return c, nil -} - -// AcceptAndServe is used to accept a specific stream ID and immediately -// serve an RPC server on that stream ID. This is used to easily serve -// complex arguments. -// -// The served interface is always registered to the "Plugin" name. -func (m *MuxBroker) AcceptAndServe(id uint32, v interface{}) { - conn, err := m.Accept(id) - if err != nil { - log.Printf("[ERR] plugin: plugin acceptAndServe error: %s", err) - return - } - - serve(conn, "Plugin", v) -} - -// Close closes the connection and all sub-connections. -func (m *MuxBroker) Close() error { - return m.session.Close() -} - -// Dial opens a connection by ID. -func (m *MuxBroker) Dial(id uint32) (net.Conn, error) { - // Open the stream - stream, err := m.session.OpenStream() - if err != nil { - return nil, err - } - - // Write the stream ID onto the wire. - if err := binary.Write(stream, binary.LittleEndian, id); err != nil { - stream.Close() - return nil, err - } - - // Read the ack that we connected. Then we're off! - var ack uint32 - if err := binary.Read(stream, binary.LittleEndian, &ack); err != nil { - stream.Close() - return nil, err - } - if ack != id { - stream.Close() - return nil, fmt.Errorf("bad ack: %d (expected %d)", ack, id) - } - - return stream, nil -} - -// NextId returns a unique ID to use next. -// -// It is possible for very long-running plugin hosts to wrap this value, -// though it would require a very large amount of RPC calls. In practice -// we've never seen it happen. -func (m *MuxBroker) NextId() uint32 { - return atomic.AddUint32(&m.nextId, 1) -} - -// Run starts the brokering and should be executed in a goroutine, since it -// blocks forever, or until the session closes. -// -// Uses of MuxBroker never need to call this. It is called internally by -// the plugin host/client. -func (m *MuxBroker) Run() { - for { - stream, err := m.session.AcceptStream() - if err != nil { - // Once we receive an error, just exit - break - } - - // Read the stream ID from the stream - var id uint32 - if err := binary.Read(stream, binary.LittleEndian, &id); err != nil { - stream.Close() - continue - } - - // Initialize the waiter - p := m.getStream(id) - select { - case p.ch <- stream: - default: - } - - // Wait for a timeout - go m.timeoutWait(id, p) - } -} - -func (m *MuxBroker) getStream(id uint32) *muxBrokerPending { - m.Lock() - defer m.Unlock() - - p, ok := m.streams[id] - if ok { - return p - } - - m.streams[id] = &muxBrokerPending{ - ch: make(chan net.Conn, 1), - doneCh: make(chan struct{}), - } - return m.streams[id] -} - -func (m *MuxBroker) timeoutWait(id uint32, p *muxBrokerPending) { - // Wait for the stream to either be picked up and connected, or - // for a timeout. - timeout := false - select { - case <-p.doneCh: - case <-time.After(5 * time.Second): - timeout = true - } - - m.Lock() - defer m.Unlock() - - // Delete the stream so no one else can grab it - delete(m.streams, id) - - // If we timed out, then check if we have a channel in the buffer, - // and if so, close it. - if timeout { - select { - case s := <-p.ch: - s.Close() - } - } -} diff --git a/vendor/github.com/hashicorp/go-plugin/plugin.go b/vendor/github.com/hashicorp/go-plugin/plugin.go deleted file mode 100644 index 79d9674633..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/plugin.go +++ /dev/null @@ -1,58 +0,0 @@ -// The plugin package exposes functions and helpers for communicating to -// plugins which are implemented as standalone binary applications. -// -// plugin.Client fully manages the lifecycle of executing the application, -// connecting to it, and returning the RPC client for dispensing plugins. -// -// plugin.Serve fully manages listeners to expose an RPC server from a binary -// that plugin.Client can connect to. -package plugin - -import ( - "context" - "errors" - "net/rpc" - - "google.golang.org/grpc" -) - -// Plugin is the interface that is implemented to serve/connect to an -// inteface implementation. -type Plugin interface { - // Server should return the RPC server compatible struct to serve - // the methods that the Client calls over net/rpc. - Server(*MuxBroker) (interface{}, error) - - // Client returns an interface implementation for the plugin you're - // serving that communicates to the server end of the plugin. - Client(*MuxBroker, *rpc.Client) (interface{}, error) -} - -// GRPCPlugin is the interface that is implemented to serve/connect to -// a plugin over gRPC. -type GRPCPlugin interface { - // GRPCServer should register this plugin for serving with the - // given GRPCServer. Unlike Plugin.Server, this is only called once - // since gRPC plugins serve singletons. - GRPCServer(*GRPCBroker, *grpc.Server) error - - // GRPCClient should return the interface implementation for the plugin - // you're serving via gRPC. The provided context will be canceled by - // go-plugin in the event of the plugin process exiting. - GRPCClient(context.Context, *GRPCBroker, *grpc.ClientConn) (interface{}, error) -} - -// NetRPCUnsupportedPlugin implements Plugin but returns errors for the -// Server and Client functions. This will effectively disable support for -// net/rpc based plugins. -// -// This struct can be embedded in your struct. -type NetRPCUnsupportedPlugin struct{} - -func (p NetRPCUnsupportedPlugin) Server(*MuxBroker) (interface{}, error) { - return nil, errors.New("net/rpc plugin protocol not supported") -} - -func (p NetRPCUnsupportedPlugin) Client(*MuxBroker, *rpc.Client) (interface{}, error) { - return nil, errors.New("net/rpc plugin protocol not supported") -} diff --git a/vendor/github.com/hashicorp/go-plugin/process.go b/vendor/github.com/hashicorp/go-plugin/process.go deleted file mode 100644 index 88c999a580..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/process.go +++ /dev/null @@ -1,24 +0,0 @@ -package plugin - -import ( - "time" -) - -// pidAlive checks whether a pid is alive. -func pidAlive(pid int) bool { - return _pidAlive(pid) -} - -// pidWait blocks for a process to exit. -func pidWait(pid int) error { - ticker := time.NewTicker(1 * time.Second) - defer ticker.Stop() - - for range ticker.C { - if !pidAlive(pid) { - break - } - } - - return nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/process_posix.go b/vendor/github.com/hashicorp/go-plugin/process_posix.go deleted file mode 100644 index 70ba546bf6..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/process_posix.go +++ /dev/null @@ -1,19 +0,0 @@ -// +build !windows - -package plugin - -import ( - "os" - "syscall" -) - -// _pidAlive tests whether a process is alive or not by sending it Signal 0, -// since Go otherwise has no way to test this. -func _pidAlive(pid int) bool { - proc, err := os.FindProcess(pid) - if err == nil { - err = proc.Signal(syscall.Signal(0)) - } - - return err == nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/process_windows.go b/vendor/github.com/hashicorp/go-plugin/process_windows.go deleted file mode 100644 index 9f7b018090..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/process_windows.go +++ /dev/null @@ -1,29 +0,0 @@ -package plugin - -import ( - "syscall" -) - -const ( - // Weird name but matches the MSDN docs - exit_STILL_ACTIVE = 259 - - processDesiredAccess = syscall.STANDARD_RIGHTS_READ | - syscall.PROCESS_QUERY_INFORMATION | - syscall.SYNCHRONIZE -) - -// _pidAlive tests whether a process is alive or not -func _pidAlive(pid int) bool { - h, err := syscall.OpenProcess(processDesiredAccess, false, uint32(pid)) - if err != nil { - return false - } - - var ec uint32 - if e := syscall.GetExitCodeProcess(h, &ec); e != nil { - return false - } - - return ec == exit_STILL_ACTIVE -} diff --git a/vendor/github.com/hashicorp/go-plugin/protocol.go b/vendor/github.com/hashicorp/go-plugin/protocol.go deleted file mode 100644 index 0cfc19e52d..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/protocol.go +++ /dev/null @@ -1,45 +0,0 @@ -package plugin - -import ( - "io" - "net" -) - -// Protocol is an enum representing the types of protocols. -type Protocol string - -const ( - ProtocolInvalid Protocol = "" - ProtocolNetRPC Protocol = "netrpc" - ProtocolGRPC Protocol = "grpc" -) - -// ServerProtocol is an interface that must be implemented for new plugin -// protocols to be servers. -type ServerProtocol interface { - // Init is called once to configure and initialize the protocol, but - // not start listening. This is the point at which all validation should - // be done and errors returned. - Init() error - - // Config is extra configuration to be outputted to stdout. This will - // be automatically base64 encoded to ensure it can be parsed properly. - // This can be an empty string if additional configuration is not needed. - Config() string - - // Serve is called to serve connections on the given listener. This should - // continue until the listener is closed. - Serve(net.Listener) -} - -// ClientProtocol is an interface that must be implemented for new plugin -// protocols to be clients. -type ClientProtocol interface { - io.Closer - - // Dispense dispenses a new instance of the plugin with the given name. - Dispense(string) (interface{}, error) - - // Ping checks that the client connection is still healthy. - Ping() error -} diff --git a/vendor/github.com/hashicorp/go-plugin/rpc_client.go b/vendor/github.com/hashicorp/go-plugin/rpc_client.go deleted file mode 100644 index f30a4b1d38..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/rpc_client.go +++ /dev/null @@ -1,170 +0,0 @@ -package plugin - -import ( - "crypto/tls" - "fmt" - "io" - "net" - "net/rpc" - - "github.com/hashicorp/yamux" -) - -// RPCClient connects to an RPCServer over net/rpc to dispense plugin types. -type RPCClient struct { - broker *MuxBroker - control *rpc.Client - plugins map[string]Plugin - - // These are the streams used for the various stdout/err overrides - stdout, stderr net.Conn -} - -// newRPCClient creates a new RPCClient. The Client argument is expected -// to be successfully started already with a lock held. -func newRPCClient(c *Client) (*RPCClient, error) { - // Connect to the client - conn, err := net.Dial(c.address.Network(), c.address.String()) - if err != nil { - return nil, err - } - if tcpConn, ok := conn.(*net.TCPConn); ok { - // Make sure to set keep alive so that the connection doesn't die - tcpConn.SetKeepAlive(true) - } - - if c.config.TLSConfig != nil { - conn = tls.Client(conn, c.config.TLSConfig) - } - - // Create the actual RPC client - result, err := NewRPCClient(conn, c.config.Plugins) - if err != nil { - conn.Close() - return nil, err - } - - // Begin the stream syncing so that stdin, out, err work properly - err = result.SyncStreams( - c.config.SyncStdout, - c.config.SyncStderr) - if err != nil { - result.Close() - return nil, err - } - - return result, nil -} - -// NewRPCClient creates a client from an already-open connection-like value. -// Dial is typically used instead. -func NewRPCClient(conn io.ReadWriteCloser, plugins map[string]Plugin) (*RPCClient, error) { - // Create the yamux client so we can multiplex - mux, err := yamux.Client(conn, nil) - if err != nil { - conn.Close() - return nil, err - } - - // Connect to the control stream. - control, err := mux.Open() - if err != nil { - mux.Close() - return nil, err - } - - // Connect stdout, stderr streams - stdstream := make([]net.Conn, 2) - for i, _ := range stdstream { - stdstream[i], err = mux.Open() - if err != nil { - mux.Close() - return nil, err - } - } - - // Create the broker and start it up - broker := newMuxBroker(mux) - go broker.Run() - - // Build the client using our broker and control channel. - return &RPCClient{ - broker: broker, - control: rpc.NewClient(control), - plugins: plugins, - stdout: stdstream[0], - stderr: stdstream[1], - }, nil -} - -// SyncStreams should be called to enable syncing of stdout, -// stderr with the plugin. -// -// This will return immediately and the syncing will continue to happen -// in the background. You do not need to launch this in a goroutine itself. -// -// This should never be called multiple times. -func (c *RPCClient) SyncStreams(stdout io.Writer, stderr io.Writer) error { - go copyStream("stdout", stdout, c.stdout) - go copyStream("stderr", stderr, c.stderr) - return nil -} - -// Close closes the connection. The client is no longer usable after this -// is called. -func (c *RPCClient) Close() error { - // Call the control channel and ask it to gracefully exit. If this - // errors, then we save it so that we always return an error but we - // want to try to close the other channels anyways. - var empty struct{} - returnErr := c.control.Call("Control.Quit", true, &empty) - - // Close the other streams we have - if err := c.control.Close(); err != nil { - return err - } - if err := c.stdout.Close(); err != nil { - return err - } - if err := c.stderr.Close(); err != nil { - return err - } - if err := c.broker.Close(); err != nil { - return err - } - - // Return back the error we got from Control.Quit. This is very important - // since we MUST return non-nil error if this fails so that Client.Kill - // will properly try a process.Kill. - return returnErr -} - -func (c *RPCClient) Dispense(name string) (interface{}, error) { - p, ok := c.plugins[name] - if !ok { - return nil, fmt.Errorf("unknown plugin type: %s", name) - } - - var id uint32 - if err := c.control.Call( - "Dispenser.Dispense", name, &id); err != nil { - return nil, err - } - - conn, err := c.broker.Dial(id) - if err != nil { - return nil, err - } - - return p.Client(c.broker, rpc.NewClient(conn)) -} - -// Ping pings the connection to ensure it is still alive. -// -// The error from the RPC call is returned exactly if you want to inspect -// it for further error analysis. Any error returned from here would indicate -// that the connection to the plugin is not healthy. -func (c *RPCClient) Ping() error { - var empty struct{} - return c.control.Call("Control.Ping", true, &empty) -} diff --git a/vendor/github.com/hashicorp/go-plugin/rpc_server.go b/vendor/github.com/hashicorp/go-plugin/rpc_server.go deleted file mode 100644 index 5bb18dd5db..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/rpc_server.go +++ /dev/null @@ -1,197 +0,0 @@ -package plugin - -import ( - "errors" - "fmt" - "io" - "log" - "net" - "net/rpc" - "sync" - - "github.com/hashicorp/yamux" -) - -// RPCServer listens for network connections and then dispenses interface -// implementations over net/rpc. -// -// After setting the fields below, they shouldn't be read again directly -// from the structure which may be reading/writing them concurrently. -type RPCServer struct { - Plugins map[string]Plugin - - // Stdout, Stderr are what this server will use instead of the - // normal stdin/out/err. This is because due to the multi-process nature - // of our plugin system, we can't use the normal process values so we - // make our own custom one we pipe across. - Stdout io.Reader - Stderr io.Reader - - // DoneCh should be set to a non-nil channel that will be closed - // when the control requests the RPC server to end. - DoneCh chan<- struct{} - - lock sync.Mutex -} - -// ServerProtocol impl. -func (s *RPCServer) Init() error { return nil } - -// ServerProtocol impl. -func (s *RPCServer) Config() string { return "" } - -// ServerProtocol impl. -func (s *RPCServer) Serve(lis net.Listener) { - for { - conn, err := lis.Accept() - if err != nil { - log.Printf("[ERR] plugin: plugin server: %s", err) - return - } - - go s.ServeConn(conn) - } -} - -// ServeConn runs a single connection. -// -// ServeConn blocks, serving the connection until the client hangs up. -func (s *RPCServer) ServeConn(conn io.ReadWriteCloser) { - // First create the yamux server to wrap this connection - mux, err := yamux.Server(conn, nil) - if err != nil { - conn.Close() - log.Printf("[ERR] plugin: error creating yamux server: %s", err) - return - } - - // Accept the control connection - control, err := mux.Accept() - if err != nil { - mux.Close() - if err != io.EOF { - log.Printf("[ERR] plugin: error accepting control connection: %s", err) - } - - return - } - - // Connect the stdstreams (in, out, err) - stdstream := make([]net.Conn, 2) - for i, _ := range stdstream { - stdstream[i], err = mux.Accept() - if err != nil { - mux.Close() - log.Printf("[ERR] plugin: accepting stream %d: %s", i, err) - return - } - } - - // Copy std streams out to the proper place - go copyStream("stdout", stdstream[0], s.Stdout) - go copyStream("stderr", stdstream[1], s.Stderr) - - // Create the broker and start it up - broker := newMuxBroker(mux) - go broker.Run() - - // Use the control connection to build the dispenser and serve the - // connection. - server := rpc.NewServer() - server.RegisterName("Control", &controlServer{ - server: s, - }) - server.RegisterName("Dispenser", &dispenseServer{ - broker: broker, - plugins: s.Plugins, - }) - server.ServeConn(control) -} - -// done is called internally by the control server to trigger the -// doneCh to close which is listened to by the main process to cleanly -// exit. -func (s *RPCServer) done() { - s.lock.Lock() - defer s.lock.Unlock() - - if s.DoneCh != nil { - close(s.DoneCh) - s.DoneCh = nil - } -} - -// dispenseServer dispenses variousinterface implementations for Terraform. -type controlServer struct { - server *RPCServer -} - -// Ping can be called to verify the connection (and likely the binary) -// is still alive to a plugin. -func (c *controlServer) Ping( - null bool, response *struct{}) error { - *response = struct{}{} - return nil -} - -func (c *controlServer) Quit( - null bool, response *struct{}) error { - // End the server - c.server.done() - - // Always return true - *response = struct{}{} - - return nil -} - -// dispenseServer dispenses variousinterface implementations for Terraform. -type dispenseServer struct { - broker *MuxBroker - plugins map[string]Plugin -} - -func (d *dispenseServer) Dispense( - name string, response *uint32) error { - // Find the function to create this implementation - p, ok := d.plugins[name] - if !ok { - return fmt.Errorf("unknown plugin type: %s", name) - } - - // Create the implementation first so we know if there is an error. - impl, err := p.Server(d.broker) - if err != nil { - // We turn the error into an errors error so that it works across RPC - return errors.New(err.Error()) - } - - // Reserve an ID for our implementation - id := d.broker.NextId() - *response = id - - // Run the rest in a goroutine since it can only happen once this RPC - // call returns. We wait for a connection for the plugin implementation - // and serve it. - go func() { - conn, err := d.broker.Accept(id) - if err != nil { - log.Printf("[ERR] go-plugin: plugin dispense error: %s: %s", name, err) - return - } - - serve(conn, "Plugin", impl) - }() - - return nil -} - -func serve(conn io.ReadWriteCloser, name string, v interface{}) { - server := rpc.NewServer() - if err := server.RegisterName(name, v); err != nil { - log.Printf("[ERR] go-plugin: plugin dispense error: %s", err) - return - } - - server.ServeConn(conn) -} diff --git a/vendor/github.com/hashicorp/go-plugin/server.go b/vendor/github.com/hashicorp/go-plugin/server.go deleted file mode 100644 index 4c230e3ab4..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/server.go +++ /dev/null @@ -1,452 +0,0 @@ -package plugin - -import ( - "crypto/tls" - "crypto/x509" - "encoding/base64" - "errors" - "fmt" - "io/ioutil" - "log" - "net" - "os" - "os/signal" - "runtime" - "sort" - "strconv" - "strings" - "sync/atomic" - - "github.com/hashicorp/go-hclog" - - "google.golang.org/grpc" -) - -// CoreProtocolVersion is the ProtocolVersion of the plugin system itself. -// We will increment this whenever we change any protocol behavior. This -// will invalidate any prior plugins but will at least allow us to iterate -// on the core in a safe way. We will do our best to do this very -// infrequently. -const CoreProtocolVersion = 1 - -// HandshakeConfig is the configuration used by client and servers to -// handshake before starting a plugin connection. This is embedded by -// both ServeConfig and ClientConfig. -// -// In practice, the plugin host creates a HandshakeConfig that is exported -// and plugins then can easily consume it. -type HandshakeConfig struct { - // ProtocolVersion is the version that clients must match on to - // agree they can communicate. This should match the ProtocolVersion - // set on ClientConfig when using a plugin. - // This field is not required if VersionedPlugins are being used in the - // Client or Server configurations. - ProtocolVersion uint - - // MagicCookieKey and value are used as a very basic verification - // that a plugin is intended to be launched. This is not a security - // measure, just a UX feature. If the magic cookie doesn't match, - // we show human-friendly output. - MagicCookieKey string - MagicCookieValue string -} - -// PluginSet is a set of plugins provided to be registered in the plugin -// server. -type PluginSet map[string]Plugin - -// ServeConfig configures what sorts of plugins are served. -type ServeConfig struct { - // HandshakeConfig is the configuration that must match clients. - HandshakeConfig - - // TLSProvider is a function that returns a configured tls.Config. - TLSProvider func() (*tls.Config, error) - - // Plugins are the plugins that are served. - // The implied version of this PluginSet is the Handshake.ProtocolVersion. - Plugins PluginSet - - // VersionedPlugins is a map of PluginSets for specific protocol versions. - // These can be used to negotiate a compatible version between client and - // server. If this is set, Handshake.ProtocolVersion is not required. - VersionedPlugins map[int]PluginSet - - // GRPCServer should be non-nil to enable serving the plugins over - // gRPC. This is a function to create the server when needed with the - // given server options. The server options populated by go-plugin will - // be for TLS if set. You may modify the input slice. - // - // Note that the grpc.Server will automatically be registered with - // the gRPC health checking service. This is not optional since go-plugin - // relies on this to implement Ping(). - GRPCServer func([]grpc.ServerOption) *grpc.Server - - // Logger is used to pass a logger into the server. If none is provided the - // server will create a default logger. - Logger hclog.Logger -} - -// protocolVersion determines the protocol version and plugin set to be used by -// the server. In the event that there is no suitable version, the last version -// in the config is returned leaving the client to report the incompatibility. -func protocolVersion(opts *ServeConfig) (int, Protocol, PluginSet) { - protoVersion := int(opts.ProtocolVersion) - pluginSet := opts.Plugins - protoType := ProtocolNetRPC - // Check if the client sent a list of acceptable versions - var clientVersions []int - if vs := os.Getenv("PLUGIN_PROTOCOL_VERSIONS"); vs != "" { - for _, s := range strings.Split(vs, ",") { - v, err := strconv.Atoi(s) - if err != nil { - fmt.Fprintf(os.Stderr, "server sent invalid plugin version %q", s) - continue - } - clientVersions = append(clientVersions, v) - } - } - - // We want to iterate in reverse order, to ensure we match the newest - // compatible plugin version. - sort.Sort(sort.Reverse(sort.IntSlice(clientVersions))) - - // set the old un-versioned fields as if they were versioned plugins - if opts.VersionedPlugins == nil { - opts.VersionedPlugins = make(map[int]PluginSet) - } - - if pluginSet != nil { - opts.VersionedPlugins[protoVersion] = pluginSet - } - - // Sort the version to make sure we match the latest first - var versions []int - for v := range opts.VersionedPlugins { - versions = append(versions, v) - } - - sort.Sort(sort.Reverse(sort.IntSlice(versions))) - - // See if we have multiple versions of Plugins to choose from - for _, version := range versions { - // Record each version, since we guarantee that this returns valid - // values even if they are not a protocol match. - protoVersion = version - pluginSet = opts.VersionedPlugins[version] - - // If we have a configured gRPC server we should select a protocol - if opts.GRPCServer != nil { - // All plugins in a set must use the same transport, so check the first - // for the protocol type - for _, p := range pluginSet { - switch p.(type) { - case GRPCPlugin: - protoType = ProtocolGRPC - default: - protoType = ProtocolNetRPC - } - break - } - } - - for _, clientVersion := range clientVersions { - if clientVersion == protoVersion { - return protoVersion, protoType, pluginSet - } - } - } - - // Return the lowest version as the fallback. - // Since we iterated over all the versions in reverse order above, these - // values are from the lowest version number plugins (which may be from - // a combination of the Handshake.ProtocolVersion and ServeConfig.Plugins - // fields). This allows serving the oldest version of our plugins to a - // legacy client that did not send a PLUGIN_PROTOCOL_VERSIONS list. - return protoVersion, protoType, pluginSet -} - -// Serve serves the plugins given by ServeConfig. -// -// Serve doesn't return until the plugin is done being executed. Any -// errors will be outputted to os.Stderr. -// -// This is the method that plugins should call in their main() functions. -func Serve(opts *ServeConfig) { - // Validate the handshake config - if opts.MagicCookieKey == "" || opts.MagicCookieValue == "" { - fmt.Fprintf(os.Stderr, - "Misconfigured ServeConfig given to serve this plugin: no magic cookie\n"+ - "key or value was set. Please notify the plugin author and report\n"+ - "this as a bug.\n") - os.Exit(1) - } - - // First check the cookie - if os.Getenv(opts.MagicCookieKey) != opts.MagicCookieValue { - fmt.Fprintf(os.Stderr, - "This binary is a plugin. These are not meant to be executed directly.\n"+ - "Please execute the program that consumes these plugins, which will\n"+ - "load any plugins automatically\n") - os.Exit(1) - } - - // negotiate the version and plugins - // start with default version in the handshake config - protoVersion, protoType, pluginSet := protocolVersion(opts) - - // Logging goes to the original stderr - log.SetOutput(os.Stderr) - - logger := opts.Logger - if logger == nil { - // internal logger to os.Stderr - logger = hclog.New(&hclog.LoggerOptions{ - Level: hclog.Trace, - Output: os.Stderr, - JSONFormat: true, - }) - } - - // Create our new stdout, stderr files. These will override our built-in - // stdout/stderr so that it works across the stream boundary. - stdout_r, stdout_w, err := os.Pipe() - if err != nil { - fmt.Fprintf(os.Stderr, "Error preparing plugin: %s\n", err) - os.Exit(1) - } - stderr_r, stderr_w, err := os.Pipe() - if err != nil { - fmt.Fprintf(os.Stderr, "Error preparing plugin: %s\n", err) - os.Exit(1) - } - - // Register a listener so we can accept a connection - listener, err := serverListener() - if err != nil { - logger.Error("plugin init error", "error", err) - return - } - - // Close the listener on return. We wrap this in a func() on purpose - // because the "listener" reference may change to TLS. - defer func() { - listener.Close() - }() - - var tlsConfig *tls.Config - if opts.TLSProvider != nil { - tlsConfig, err = opts.TLSProvider() - if err != nil { - logger.Error("plugin tls init", "error", err) - return - } - } - - var serverCert string - clientCert := os.Getenv("PLUGIN_CLIENT_CERT") - // If the client is configured using AutoMTLS, the certificate will be here, - // and we need to generate our own in response. - if tlsConfig == nil && clientCert != "" { - logger.Info("configuring server automatic mTLS") - clientCertPool := x509.NewCertPool() - if !clientCertPool.AppendCertsFromPEM([]byte(clientCert)) { - logger.Error("client cert provided but failed to parse", "cert", clientCert) - } - - certPEM, keyPEM, err := generateCert() - if err != nil { - logger.Error("failed to generate client certificate", "error", err) - panic(err) - } - - cert, err := tls.X509KeyPair(certPEM, keyPEM) - if err != nil { - logger.Error("failed to parse client certificate", "error", err) - panic(err) - } - - tlsConfig = &tls.Config{ - Certificates: []tls.Certificate{cert}, - ClientAuth: tls.RequireAndVerifyClientCert, - ClientCAs: clientCertPool, - MinVersion: tls.VersionTLS12, - } - - // We send back the raw leaf cert data for the client rather than the - // PEM, since the protocol can't handle newlines. - serverCert = base64.RawStdEncoding.EncodeToString(cert.Certificate[0]) - } - - // Create the channel to tell us when we're done - doneCh := make(chan struct{}) - - // Build the server type - var server ServerProtocol - switch protoType { - case ProtocolNetRPC: - // If we have a TLS configuration then we wrap the listener - // ourselves and do it at that level. - if tlsConfig != nil { - listener = tls.NewListener(listener, tlsConfig) - } - - // Create the RPC server to dispense - server = &RPCServer{ - Plugins: pluginSet, - Stdout: stdout_r, - Stderr: stderr_r, - DoneCh: doneCh, - } - - case ProtocolGRPC: - // Create the gRPC server - server = &GRPCServer{ - Plugins: pluginSet, - Server: opts.GRPCServer, - TLS: tlsConfig, - Stdout: stdout_r, - Stderr: stderr_r, - DoneCh: doneCh, - logger: logger, - } - - default: - panic("unknown server protocol: " + protoType) - } - - // Initialize the servers - if err := server.Init(); err != nil { - logger.Error("protocol init", "error", err) - return - } - - logger.Debug("plugin address", "network", listener.Addr().Network(), "address", listener.Addr().String()) - - // Output the address and service name to stdout so that the client can bring it up. - fmt.Printf("%d|%d|%s|%s|%s|%s\n", - CoreProtocolVersion, - protoVersion, - listener.Addr().Network(), - listener.Addr().String(), - protoType, - serverCert) - os.Stdout.Sync() - - // Eat the interrupts - ch := make(chan os.Signal, 1) - signal.Notify(ch, os.Interrupt) - go func() { - var count int32 = 0 - for { - <-ch - newCount := atomic.AddInt32(&count, 1) - logger.Debug("plugin received interrupt signal, ignoring", "count", newCount) - } - }() - - // Set our new out, err - os.Stdout = stdout_w - os.Stderr = stderr_w - - // Accept connections and wait for completion - go server.Serve(listener) - <-doneCh -} - -func serverListener() (net.Listener, error) { - if runtime.GOOS == "windows" { - return serverListener_tcp() - } - - return serverListener_unix() -} - -func serverListener_tcp() (net.Listener, error) { - envMinPort := os.Getenv("PLUGIN_MIN_PORT") - envMaxPort := os.Getenv("PLUGIN_MAX_PORT") - - var minPort, maxPort int64 - var err error - - switch { - case len(envMinPort) == 0: - minPort = 0 - default: - minPort, err = strconv.ParseInt(envMinPort, 10, 32) - if err != nil { - return nil, fmt.Errorf("Couldn't get value from PLUGIN_MIN_PORT: %v", err) - } - } - - switch { - case len(envMaxPort) == 0: - maxPort = 0 - default: - maxPort, err = strconv.ParseInt(envMaxPort, 10, 32) - if err != nil { - return nil, fmt.Errorf("Couldn't get value from PLUGIN_MAX_PORT: %v", err) - } - } - - if minPort > maxPort { - return nil, fmt.Errorf("ENV_MIN_PORT value of %d is greater than PLUGIN_MAX_PORT value of %d", minPort, maxPort) - } - - for port := minPort; port <= maxPort; port++ { - address := fmt.Sprintf("127.0.0.1:%d", port) - listener, err := net.Listen("tcp", address) - if err == nil { - return listener, nil - } - } - - return nil, errors.New("Couldn't bind plugin TCP listener") -} - -func serverListener_unix() (net.Listener, error) { - tf, err := ioutil.TempFile("", "plugin") - if err != nil { - return nil, err - } - path := tf.Name() - - // Close the file and remove it because it has to not exist for - // the domain socket. - if err := tf.Close(); err != nil { - return nil, err - } - if err := os.Remove(path); err != nil { - return nil, err - } - - l, err := net.Listen("unix", path) - if err != nil { - return nil, err - } - - // Wrap the listener in rmListener so that the Unix domain socket file - // is removed on close. - return &rmListener{ - Listener: l, - Path: path, - }, nil -} - -// rmListener is an implementation of net.Listener that forwards most -// calls to the listener but also removes a file as part of the close. We -// use this to cleanup the unix domain socket on close. -type rmListener struct { - net.Listener - Path string -} - -func (l *rmListener) Close() error { - // Close the listener itself - if err := l.Listener.Close(); err != nil { - return err - } - - // Remove the file - return os.Remove(l.Path) -} diff --git a/vendor/github.com/hashicorp/go-plugin/server_mux.go b/vendor/github.com/hashicorp/go-plugin/server_mux.go deleted file mode 100644 index 033079ea0f..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/server_mux.go +++ /dev/null @@ -1,31 +0,0 @@ -package plugin - -import ( - "fmt" - "os" -) - -// ServeMuxMap is the type that is used to configure ServeMux -type ServeMuxMap map[string]*ServeConfig - -// ServeMux is like Serve, but serves multiple types of plugins determined -// by the argument given on the command-line. -// -// This command doesn't return until the plugin is done being executed. Any -// errors are logged or output to stderr. -func ServeMux(m ServeMuxMap) { - if len(os.Args) != 2 { - fmt.Fprintf(os.Stderr, - "Invoked improperly. This is an internal command that shouldn't\n"+ - "be manually invoked.\n") - os.Exit(1) - } - - opts, ok := m[os.Args[1]] - if !ok { - fmt.Fprintf(os.Stderr, "Unknown plugin: %s\n", os.Args[1]) - os.Exit(1) - } - - Serve(opts) -} diff --git a/vendor/github.com/hashicorp/go-plugin/stream.go b/vendor/github.com/hashicorp/go-plugin/stream.go deleted file mode 100644 index 1d547aaaab..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/stream.go +++ /dev/null @@ -1,18 +0,0 @@ -package plugin - -import ( - "io" - "log" -) - -func copyStream(name string, dst io.Writer, src io.Reader) { - if src == nil { - panic(name + ": src is nil") - } - if dst == nil { - panic(name + ": dst is nil") - } - if _, err := io.Copy(dst, src); err != nil && err != io.EOF { - log.Printf("[ERR] plugin: stream copy '%s' error: %s", name, err) - } -} diff --git a/vendor/github.com/hashicorp/go-plugin/testing.go b/vendor/github.com/hashicorp/go-plugin/testing.go deleted file mode 100644 index 2cf2c26cc5..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/testing.go +++ /dev/null @@ -1,180 +0,0 @@ -package plugin - -import ( - "bytes" - "context" - "io" - "net" - "net/rpc" - - "github.com/mitchellh/go-testing-interface" - hclog "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-plugin/internal/plugin" - "google.golang.org/grpc" -) - -// TestOptions allows specifying options that can affect the behavior of the -// test functions -type TestOptions struct { - //ServerStdout causes the given value to be used in place of a blank buffer - //for RPCServer's Stdout - ServerStdout io.ReadCloser - - //ServerStderr causes the given value to be used in place of a blank buffer - //for RPCServer's Stderr - ServerStderr io.ReadCloser -} - -// The testing file contains test helpers that you can use outside of -// this package for making it easier to test plugins themselves. - -// TestConn is a helper function for returning a client and server -// net.Conn connected to each other. -func TestConn(t testing.T) (net.Conn, net.Conn) { - // Listen to any local port. This listener will be closed - // after a single connection is established. - l, err := net.Listen("tcp", "127.0.0.1:0") - if err != nil { - t.Fatalf("err: %s", err) - } - - // Start a goroutine to accept our client connection - var serverConn net.Conn - doneCh := make(chan struct{}) - go func() { - defer close(doneCh) - defer l.Close() - var err error - serverConn, err = l.Accept() - if err != nil { - t.Fatalf("err: %s", err) - } - }() - - // Connect to the server - clientConn, err := net.Dial("tcp", l.Addr().String()) - if err != nil { - t.Fatalf("err: %s", err) - } - - // Wait for the server side to acknowledge it has connected - <-doneCh - - return clientConn, serverConn -} - -// TestRPCConn returns a rpc client and server connected to each other. -func TestRPCConn(t testing.T) (*rpc.Client, *rpc.Server) { - clientConn, serverConn := TestConn(t) - - server := rpc.NewServer() - go server.ServeConn(serverConn) - - client := rpc.NewClient(clientConn) - return client, server -} - -// TestPluginRPCConn returns a plugin RPC client and server that are connected -// together and configured. -func TestPluginRPCConn(t testing.T, ps map[string]Plugin, opts *TestOptions) (*RPCClient, *RPCServer) { - // Create two net.Conns we can use to shuttle our control connection - clientConn, serverConn := TestConn(t) - - // Start up the server - server := &RPCServer{Plugins: ps, Stdout: new(bytes.Buffer), Stderr: new(bytes.Buffer)} - if opts != nil { - if opts.ServerStdout != nil { - server.Stdout = opts.ServerStdout - } - if opts.ServerStderr != nil { - server.Stderr = opts.ServerStderr - } - } - go server.ServeConn(serverConn) - - // Connect the client to the server - client, err := NewRPCClient(clientConn, ps) - if err != nil { - t.Fatalf("err: %s", err) - } - - return client, server -} - -// TestGRPCConn returns a gRPC client conn and grpc server that are connected -// together and configured. The register function is used to register services -// prior to the Serve call. This is used to test gRPC connections. -func TestGRPCConn(t testing.T, register func(*grpc.Server)) (*grpc.ClientConn, *grpc.Server) { - // Create a listener - l, err := net.Listen("tcp", "127.0.0.1:0") - if err != nil { - t.Fatalf("err: %s", err) - } - - server := grpc.NewServer() - register(server) - go server.Serve(l) - - // Connect to the server - conn, err := grpc.Dial( - l.Addr().String(), - grpc.WithBlock(), - grpc.WithInsecure()) - if err != nil { - t.Fatalf("err: %s", err) - } - - // Connection successful, close the listener - l.Close() - - return conn, server -} - -// TestPluginGRPCConn returns a plugin gRPC client and server that are connected -// together and configured. This is used to test gRPC connections. -func TestPluginGRPCConn(t testing.T, ps map[string]Plugin) (*GRPCClient, *GRPCServer) { - // Create a listener - l, err := net.Listen("tcp", "127.0.0.1:0") - if err != nil { - t.Fatalf("err: %s", err) - } - - // Start up the server - server := &GRPCServer{ - Plugins: ps, - DoneCh: make(chan struct{}), - Server: DefaultGRPCServer, - Stdout: new(bytes.Buffer), - Stderr: new(bytes.Buffer), - logger: hclog.Default(), - } - if err := server.Init(); err != nil { - t.Fatalf("err: %s", err) - } - go server.Serve(l) - - // Connect to the server - conn, err := grpc.Dial( - l.Addr().String(), - grpc.WithBlock(), - grpc.WithInsecure()) - if err != nil { - t.Fatalf("err: %s", err) - } - - brokerGRPCClient := newGRPCBrokerClient(conn) - broker := newGRPCBroker(brokerGRPCClient, nil) - go broker.Run() - go brokerGRPCClient.StartStream() - - // Create the client - client := &GRPCClient{ - Conn: conn, - Plugins: ps, - broker: broker, - doneCtx: context.Background(), - controller: plugin.NewGRPCControllerClient(conn), - } - - return client, server -} diff --git a/vendor/github.com/oklog/run/.gitignore b/vendor/github.com/oklog/run/.gitignore deleted file mode 100644 index a1338d6851..0000000000 --- a/vendor/github.com/oklog/run/.gitignore +++ /dev/null @@ -1,14 +0,0 @@ -# Binaries for programs and plugins -*.exe -*.dll -*.so -*.dylib - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736 -.glide/ diff --git a/vendor/github.com/oklog/run/.travis.yml b/vendor/github.com/oklog/run/.travis.yml deleted file mode 100644 index 362bdd41c0..0000000000 --- a/vendor/github.com/oklog/run/.travis.yml +++ /dev/null @@ -1,12 +0,0 @@ -language: go -sudo: false -go: - - 1.x - - tip -install: - - go get -v github.com/golang/lint/golint - - go build ./... -script: - - go vet ./... - - $HOME/gopath/bin/golint . - - go test -v -race ./... diff --git a/vendor/github.com/oklog/run/LICENSE b/vendor/github.com/oklog/run/LICENSE deleted file mode 100644 index 261eeb9e9f..0000000000 --- a/vendor/github.com/oklog/run/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/oklog/run/README.md b/vendor/github.com/oklog/run/README.md deleted file mode 100644 index a7228cd9a3..0000000000 --- a/vendor/github.com/oklog/run/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# run - -[![GoDoc](https://godoc.org/github.com/oklog/run?status.svg)](https://godoc.org/github.com/oklog/run) -[![Build Status](https://travis-ci.org/oklog/run.svg?branch=master)](https://travis-ci.org/oklog/run) -[![Go Report Card](https://goreportcard.com/badge/github.com/oklog/run)](https://goreportcard.com/report/github.com/oklog/run) -[![Apache 2 licensed](https://img.shields.io/badge/license-Apache2-blue.svg)](https://raw.githubusercontent.com/oklog/run/master/LICENSE) - -run.Group is a universal mechanism to manage goroutine lifecycles. - -Create a zero-value run.Group, and then add actors to it. Actors are defined as -a pair of functions: an **execute** function, which should run synchronously; -and an **interrupt** function, which, when invoked, should cause the execute -function to return. Finally, invoke Run, which blocks until the first actor -returns. This general-purpose API allows callers to model pretty much any -runnable task, and achieve well-defined lifecycle semantics for the group. - -run.Group was written to manage component lifecycles in func main for -[OK Log](https://github.com/oklog/oklog). -But it's useful in any circumstance where you need to orchestrate multiple -goroutines as a unit whole. -[Click here](https://www.youtube.com/watch?v=LHe1Cb_Ud_M&t=15m45s) to see a -video of a talk where run.Group is described. - -## Examples - -### context.Context - -```go -ctx, cancel := context.WithCancel(context.Background()) -g.Add(func() error { - return myProcess(ctx, ...) -}, func(error) { - cancel() -}) -``` - -### net.Listener - -```go -ln, _ := net.Listen("tcp", ":8080") -g.Add(func() error { - return http.Serve(ln, nil) -}, func(error) { - ln.Close() -}) -``` - -### io.ReadCloser - -```go -var conn io.ReadCloser = ... -g.Add(func() error { - s := bufio.NewScanner(conn) - for s.Scan() { - println(s.Text()) - } - return s.Err() -}, func(error) { - conn.Close() -}) -``` - -## Comparisons - -Package run is somewhat similar to package -[errgroup](https://godoc.org/golang.org/x/sync/errgroup), -except it doesn't require actor goroutines to understand context semantics. - -It's somewhat similar to package -[tomb.v1](https://godoc.org/gopkg.in/tomb.v1) or -[tomb.v2](https://godoc.org/gopkg.in/tomb.v2), -except it has a much smaller API surface, delegating e.g. staged shutdown of -goroutines to the caller. diff --git a/vendor/github.com/oklog/run/group.go b/vendor/github.com/oklog/run/group.go deleted file mode 100644 index 832d47dd16..0000000000 --- a/vendor/github.com/oklog/run/group.go +++ /dev/null @@ -1,62 +0,0 @@ -// Package run implements an actor-runner with deterministic teardown. It is -// somewhat similar to package errgroup, except it does not require actor -// goroutines to understand context semantics. This makes it suitable for use in -// more circumstances; for example, goroutines which are handling connections -// from net.Listeners, or scanning input from a closable io.Reader. -package run - -// Group collects actors (functions) and runs them concurrently. -// When one actor (function) returns, all actors are interrupted. -// The zero value of a Group is useful. -type Group struct { - actors []actor -} - -// Add an actor (function) to the group. Each actor must be pre-emptable by an -// interrupt function. That is, if interrupt is invoked, execute should return. -// Also, it must be safe to call interrupt even after execute has returned. -// -// The first actor (function) to return interrupts all running actors. -// The error is passed to the interrupt functions, and is returned by Run. -func (g *Group) Add(execute func() error, interrupt func(error)) { - g.actors = append(g.actors, actor{execute, interrupt}) -} - -// Run all actors (functions) concurrently. -// When the first actor returns, all others are interrupted. -// Run only returns when all actors have exited. -// Run returns the error returned by the first exiting actor. -func (g *Group) Run() error { - if len(g.actors) == 0 { - return nil - } - - // Run each actor. - errors := make(chan error, len(g.actors)) - for _, a := range g.actors { - go func(a actor) { - errors <- a.execute() - }(a) - } - - // Wait for the first actor to stop. - err := <-errors - - // Signal all actors to stop. - for _, a := range g.actors { - a.interrupt(err) - } - - // Wait for all actors to stop. - for i := 1; i < cap(errors); i++ { - <-errors - } - - // Return the original error. - return err -} - -type actor struct { - execute func() error - interrupt func(error) -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 48f2021eb2..7acd2577f4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -194,9 +194,6 @@ github.com/hashicorp/go-memdb github.com/hashicorp/go-msgpack/codec # github.com/hashicorp/go-multierror v1.0.0 github.com/hashicorp/go-multierror -# github.com/hashicorp/go-plugin v1.0.1 -github.com/hashicorp/go-plugin -github.com/hashicorp/go-plugin/internal/plugin # github.com/hashicorp/go-raftchunking v0.6.1 github.com/hashicorp/go-raftchunking github.com/hashicorp/go-raftchunking/types @@ -300,8 +297,6 @@ github.com/modern-go/concurrent github.com/modern-go/reflect2 # github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 github.com/nicolai86/scaleway-sdk -# github.com/oklog/run v1.0.0 -github.com/oklog/run # github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c github.com/packethost/packngo # github.com/pascaldekloe/goe v0.1.0