From d7329097b27577aab2cc148c8579bcf70d82b764 Mon Sep 17 00:00:00 2001 From: Paul Banks Date: Mon, 18 Nov 2019 14:22:19 +0000 Subject: [PATCH] Change CA Configure struct to pass Datacenter through (#6775) * Change CA Configure struct to pass Datacenter through * Remove connect/ca/plugin as we don't have immediate plans to use it. We still intend to one day but there are likely to be several changes to the CA provider interface before we do so it's better to rebuild from history when we do that work properly. * Rename PrimaryDC; fix endpoint in secondary DCs --- agent/connect/ca/mock_Provider.go | 10 +- agent/connect/ca/plugin/client.go | 18 - agent/connect/ca/plugin/plugin.go | 41 - agent/connect/ca/plugin/plugin_test.go | 316 -- agent/connect/ca/plugin/provider.pb.binary.go | 158 - agent/connect/ca/plugin/provider.pb.go | 3473 ----------------- agent/connect/ca/plugin/provider.proto | 93 - agent/connect/ca/plugin/serve.go | 33 - agent/connect/ca/plugin/transport_grpc.go | 258 -- agent/connect/ca/plugin/transport_netrpc.go | 221 -- agent/connect/ca/provider.go | 32 +- agent/connect/ca/provider_consul.go | 32 +- agent/connect/ca/provider_consul_test.go | 28 +- agent/connect/ca/provider_vault.go | 22 +- agent/connect/ca/provider_vault_test.go | 25 +- agent/consul/connect_ca_endpoint.go | 12 +- agent/consul/leader_connect.go | 18 +- go.mod | 1 - .../github.com/hashicorp/go-plugin/.gitignore | 2 - vendor/github.com/hashicorp/go-plugin/LICENSE | 353 -- .../github.com/hashicorp/go-plugin/README.md | 168 - .../github.com/hashicorp/go-plugin/client.go | 1025 ----- .../hashicorp/go-plugin/discover.go | 28 - .../github.com/hashicorp/go-plugin/error.go | 24 - vendor/github.com/hashicorp/go-plugin/go.mod | 17 - vendor/github.com/hashicorp/go-plugin/go.sum | 31 - .../hashicorp/go-plugin/grpc_broker.go | 457 --- .../hashicorp/go-plugin/grpc_client.go | 117 - .../hashicorp/go-plugin/grpc_controller.go | 23 - .../hashicorp/go-plugin/grpc_server.go | 142 - .../go-plugin/internal/plugin/gen.go | 3 - .../internal/plugin/grpc_broker.pb.go | 203 - .../internal/plugin/grpc_broker.proto | 15 - .../internal/plugin/grpc_controller.pb.go | 143 - .../internal/plugin/grpc_controller.proto | 11 - .../hashicorp/go-plugin/log_entry.go | 73 - vendor/github.com/hashicorp/go-plugin/mtls.go | 73 - .../hashicorp/go-plugin/mux_broker.go | 204 - .../github.com/hashicorp/go-plugin/plugin.go | 58 - .../github.com/hashicorp/go-plugin/process.go | 24 - .../hashicorp/go-plugin/process_posix.go | 19 - .../hashicorp/go-plugin/process_windows.go | 29 - .../hashicorp/go-plugin/protocol.go | 45 - .../hashicorp/go-plugin/rpc_client.go | 170 - .../hashicorp/go-plugin/rpc_server.go | 197 - .../github.com/hashicorp/go-plugin/server.go | 452 --- .../hashicorp/go-plugin/server_mux.go | 31 - .../github.com/hashicorp/go-plugin/stream.go | 18 - .../github.com/hashicorp/go-plugin/testing.go | 180 - vendor/github.com/oklog/run/.gitignore | 14 - vendor/github.com/oklog/run/.travis.yml | 12 - vendor/github.com/oklog/run/LICENSE | 201 - vendor/github.com/oklog/run/README.md | 73 - vendor/github.com/oklog/run/group.go | 62 - vendor/modules.txt | 5 - 55 files changed, 129 insertions(+), 9364 deletions(-) delete mode 100644 agent/connect/ca/plugin/client.go delete mode 100644 agent/connect/ca/plugin/plugin.go delete mode 100644 agent/connect/ca/plugin/plugin_test.go delete mode 100644 agent/connect/ca/plugin/provider.pb.binary.go delete mode 100644 agent/connect/ca/plugin/provider.pb.go delete mode 100644 agent/connect/ca/plugin/provider.proto delete mode 100644 agent/connect/ca/plugin/serve.go delete mode 100644 agent/connect/ca/plugin/transport_grpc.go delete mode 100644 agent/connect/ca/plugin/transport_netrpc.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/.gitignore delete mode 100644 vendor/github.com/hashicorp/go-plugin/LICENSE delete mode 100644 vendor/github.com/hashicorp/go-plugin/README.md delete mode 100644 vendor/github.com/hashicorp/go-plugin/client.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/discover.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/error.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/go.mod delete mode 100644 vendor/github.com/hashicorp/go-plugin/go.sum delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_broker.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_client.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_controller.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/grpc_server.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/gen.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.pb.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.proto delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.pb.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.proto delete mode 100644 vendor/github.com/hashicorp/go-plugin/log_entry.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/mtls.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/mux_broker.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/plugin.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/process.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/process_posix.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/process_windows.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/protocol.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/rpc_client.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/rpc_server.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/server.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/server_mux.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/stream.go delete mode 100644 vendor/github.com/hashicorp/go-plugin/testing.go delete mode 100644 vendor/github.com/oklog/run/.gitignore delete mode 100644 vendor/github.com/oklog/run/.travis.yml delete mode 100644 vendor/github.com/oklog/run/LICENSE delete mode 100644 vendor/github.com/oklog/run/README.md delete mode 100644 vendor/github.com/oklog/run/group.go diff --git a/agent/connect/ca/mock_Provider.go b/agent/connect/ca/mock_Provider.go index 3bc5f4c46c..1cf77c2e34 100644 --- a/agent/connect/ca/mock_Provider.go +++ b/agent/connect/ca/mock_Provider.go @@ -69,13 +69,13 @@ func (_m *MockProvider) Cleanup() error { return r0 } -// Configure provides a mock function with given fields: clusterID, isRoot, rawConfig, state -func (_m *MockProvider) Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}, state map[string]string) error { - ret := _m.Called(clusterID, isRoot, rawConfig, state) +// Configure provides a mock function with given fields: cfg +func (_m *MockProvider) Configure(cfg ProviderConfig) error { + ret := _m.Called(cfg) var r0 error - if rf, ok := ret.Get(0).(func(string, bool, map[string]interface{}, map[string]string) error); ok { - r0 = rf(clusterID, isRoot, rawConfig, state) + if rf, ok := ret.Get(0).(func(ProviderConfig) error); ok { + r0 = rf(cfg) } else { r0 = ret.Error(0) } diff --git a/agent/connect/ca/plugin/client.go b/agent/connect/ca/plugin/client.go deleted file mode 100644 index 1cdc25c6eb..0000000000 --- a/agent/connect/ca/plugin/client.go +++ /dev/null @@ -1,18 +0,0 @@ -package plugin - -import ( - "github.com/hashicorp/go-plugin" -) - -// ClientConfig returns a base *plugin.ClientConfig that is configured to -// be able to dispense CA provider plugins. The returned value should be -// modified with additional options prior to execution (such as Cmd, Managed, -// etc.) -func ClientConfig() *plugin.ClientConfig { - return &plugin.ClientConfig{ - HandshakeConfig: handshakeConfig, - Plugins: map[string]plugin.Plugin{ - Name: &ProviderPlugin{}, - }, - } -} diff --git a/agent/connect/ca/plugin/plugin.go b/agent/connect/ca/plugin/plugin.go deleted file mode 100644 index 1e32bda602..0000000000 --- a/agent/connect/ca/plugin/plugin.go +++ /dev/null @@ -1,41 +0,0 @@ -package plugin - -import ( - "context" - "net/rpc" - - "github.com/hashicorp/consul/agent/connect/ca" - "github.com/hashicorp/go-plugin" - "google.golang.org/grpc" -) - -// ProviderPlugin implements plugin.Plugin for initializing a plugin -// server and client for both net/rpc and gRPC. -type ProviderPlugin struct { - Impl ca.Provider -} - -func (p ProviderPlugin) Server(*plugin.MuxBroker) (interface{}, error) { - return &providerPluginRPCServer{impl: p.Impl}, nil -} - -func (ProviderPlugin) Client(b *plugin.MuxBroker, c *rpc.Client) (interface{}, error) { - return &providerPluginRPCClient{client: c}, nil -} - -func (p ProviderPlugin) GRPCServer(_ *plugin.GRPCBroker, s *grpc.Server) error { - RegisterCAServer(s, &providerPluginGRPCServer{impl: p.Impl}) - return nil -} - -func (ProviderPlugin) GRPCClient(doneCtx context.Context, _ *plugin.GRPCBroker, c *grpc.ClientConn) (interface{}, error) { - return &providerPluginGRPCClient{ - client: NewCAClient(c), - clientConn: c, - doneCtx: doneCtx, - }, nil -} - -// Verification -var _ plugin.Plugin = ProviderPlugin{} -var _ plugin.GRPCPlugin = ProviderPlugin{} diff --git a/agent/connect/ca/plugin/plugin_test.go b/agent/connect/ca/plugin/plugin_test.go deleted file mode 100644 index 18c4d9463b..0000000000 --- a/agent/connect/ca/plugin/plugin_test.go +++ /dev/null @@ -1,316 +0,0 @@ -package plugin - -import ( - "crypto/x509" - "encoding/pem" - "errors" - "testing" - - "github.com/hashicorp/consul/agent/connect" - "github.com/hashicorp/consul/agent/connect/ca" - "github.com/hashicorp/go-plugin" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" -) - -func TestProvider_Configure(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Basic configure - m.On("Configure", "foo", false, map[string]interface{}{ - "string": "bar", - "number": float64(42), // because json - }, map[string]string{ - "foo": "bar", - }).Once().Return(nil) - require.NoError(p.Configure("foo", false, map[string]interface{}{ - "string": "bar", - "number": float64(42), - }, map[string]string{ - "foo": "bar", - })) - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("Configure", "foo", false, map[string]interface{}{}, map[string]string{}). - Once().Return(errors.New("hello world")) - err := p.Configure("foo", false, map[string]interface{}{}, map[string]string{}) - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_GenerateRoot(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("GenerateRoot").Once().Return(nil) - require.NoError(p.GenerateRoot()) - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("GenerateRoot").Once().Return(errors.New("hello world")) - err := p.GenerateRoot() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_ActiveRoot(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("ActiveRoot").Once().Return("foo", nil) - actual, err := p.ActiveRoot() - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("ActiveRoot").Once().Return("", errors.New("hello world")) - actual, err = p.ActiveRoot() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_GenerateIntermediateCSR(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("GenerateIntermediateCSR").Once().Return("foo", nil) - actual, err := p.GenerateIntermediateCSR() - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("GenerateIntermediateCSR").Once().Return("", errors.New("hello world")) - actual, err = p.GenerateIntermediateCSR() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_SetIntermediate(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("SetIntermediate", "foo", "bar").Once().Return(nil) - err := p.SetIntermediate("foo", "bar") - require.NoError(err) - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("SetIntermediate", "foo", "bar").Once().Return(errors.New("hello world")) - err = p.SetIntermediate("foo", "bar") - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_ActiveIntermediate(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("ActiveIntermediate").Once().Return("foo", nil) - actual, err := p.ActiveIntermediate() - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("ActiveIntermediate").Once().Return("", errors.New("hello world")) - actual, err = p.ActiveIntermediate() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_GenerateIntermediate(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("GenerateIntermediate").Once().Return("foo", nil) - actual, err := p.GenerateIntermediate() - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("GenerateIntermediate").Once().Return("", errors.New("hello world")) - actual, err = p.GenerateIntermediate() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_Sign(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Create a CSR - csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) - block, _ := pem.Decode([]byte(csrPEM)) - csr, err := x509.ParseCertificateRequest(block.Bytes) - require.NoError(err) - require.NoError(csr.CheckSignature()) - - // No error - m.On("Sign", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { - csr := args.Get(0).(*x509.CertificateRequest) - require.NoError(csr.CheckSignature()) - }) - actual, err := p.Sign(csr) - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("Sign", mock.Anything).Once().Return("", errors.New("hello world")) - actual, err = p.Sign(csr) - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_SignIntermediate(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Create a CSR - csrPEM, _ := connect.TestCSR(t, connect.TestSpiffeIDService(t, "web")) - block, _ := pem.Decode([]byte(csrPEM)) - csr, err := x509.ParseCertificateRequest(block.Bytes) - require.NoError(err) - require.NoError(csr.CheckSignature()) - - // No error - m.On("SignIntermediate", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { - csr := args.Get(0).(*x509.CertificateRequest) - require.NoError(csr.CheckSignature()) - }) - actual, err := p.SignIntermediate(csr) - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("SignIntermediate", mock.Anything).Once().Return("", errors.New("hello world")) - actual, err = p.SignIntermediate(csr) - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_CrossSignCA(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Create a CSR - root := connect.TestCA(t, nil) - block, _ := pem.Decode([]byte(root.RootCert)) - crt, err := x509.ParseCertificate(block.Bytes) - require.NoError(err) - - // No error - m.On("CrossSignCA", mock.Anything).Once().Return("foo", nil).Run(func(args mock.Arguments) { - actual := args.Get(0).(*x509.Certificate) - require.True(crt.Equal(actual)) - }) - actual, err := p.CrossSignCA(crt) - require.NoError(err) - require.Equal(actual, "foo") - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("CrossSignCA", mock.Anything).Once().Return("", errors.New("hello world")) - actual, err = p.CrossSignCA(crt) - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -func TestProvider_Cleanup(t *testing.T) { - testPlugin(t, func(t *testing.T, m *ca.MockProvider, p ca.Provider) { - require := require.New(t) - - // Try cleanup with no error - m.On("Cleanup").Once().Return(nil) - require.NoError(p.Cleanup()) - m.AssertExpectations(t) - - // Try with an error - m.Mock = mock.Mock{} - m.On("Cleanup").Once().Return(errors.New("hello world")) - err := p.Cleanup() - require.Error(err) - require.Contains(err.Error(), "hello") - m.AssertExpectations(t) - }) -} - -// testPlugin runs the given test function callback for all supported -// transports of the plugin RPC layer. -func testPlugin(t *testing.T, f func(t *testing.T, m *ca.MockProvider, actual ca.Provider)) { - t.Run("net/rpc", func(t *testing.T) { - // Create a mock provider - mockP := new(ca.MockProvider) - client, _ := plugin.TestPluginRPCConn(t, map[string]plugin.Plugin{ - Name: &ProviderPlugin{Impl: mockP}, - }, nil) - defer client.Close() - - // Request the provider - raw, err := client.Dispense(Name) - require.NoError(t, err) - provider := raw.(ca.Provider) - - // Call the test function - f(t, mockP, provider) - }) - - t.Run("gRPC", func(t *testing.T) { - // Create a mock provider - mockP := new(ca.MockProvider) - client, _ := plugin.TestPluginGRPCConn(t, map[string]plugin.Plugin{ - Name: &ProviderPlugin{Impl: mockP}, - }) - defer client.Close() - - // Request the provider - raw, err := client.Dispense(Name) - require.NoError(t, err) - provider := raw.(ca.Provider) - - // Call the test function - f(t, mockP, provider) - }) -} diff --git a/agent/connect/ca/plugin/provider.pb.binary.go b/agent/connect/ca/plugin/provider.pb.binary.go deleted file mode 100644 index d188bff36a..0000000000 --- a/agent/connect/ca/plugin/provider.pb.binary.go +++ /dev/null @@ -1,158 +0,0 @@ -// Code generated by protoc-gen-go-binary. DO NOT EDIT. -// source: provider.proto - -package plugin - -import ( - "github.com/golang/protobuf/proto" -) - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ConfigureRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ConfigureRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SetIntermediateRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SetIntermediateRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SignRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SignRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SignIntermediateRequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SignIntermediateRequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *CrossSignCARequest) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *CrossSignCARequest) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *StateResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *StateResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ActiveRootResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ActiveRootResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *GenerateIntermediateCSRResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *GenerateIntermediateCSRResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *ActiveIntermediateResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *ActiveIntermediateResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *GenerateIntermediateResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *GenerateIntermediateResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SignResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SignResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *SignIntermediateResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *SignIntermediateResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *CrossSignCAResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *CrossSignCAResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *BoolResponse) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *BoolResponse) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} - -// MarshalBinary implements encoding.BinaryMarshaler -func (msg *Empty) MarshalBinary() ([]byte, error) { - return proto.Marshal(msg) -} - -// UnmarshalBinary implements encoding.BinaryUnmarshaler -func (msg *Empty) UnmarshalBinary(b []byte) error { - return proto.Unmarshal(b, msg) -} diff --git a/agent/connect/ca/plugin/provider.pb.go b/agent/connect/ca/plugin/provider.pb.go deleted file mode 100644 index 0bd4fcb4c7..0000000000 --- a/agent/connect/ca/plugin/provider.pb.go +++ /dev/null @@ -1,3473 +0,0 @@ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: provider.proto - -package plugin - -import ( - context "context" - fmt "fmt" - proto "github.com/golang/protobuf/proto" - grpc "google.golang.org/grpc" - io "io" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package - -type ConfigureRequest struct { - ClusterId string `protobuf:"bytes,1,opt,name=cluster_id,json=clusterId,proto3" json:"cluster_id,omitempty"` - IsRoot bool `protobuf:"varint,2,opt,name=is_root,json=isRoot,proto3" json:"is_root,omitempty"` - Config []byte `protobuf:"bytes,3,opt,name=config,proto3" json:"config,omitempty"` - State []byte `protobuf:"bytes,4,opt,name=state,proto3" json:"state,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ConfigureRequest) Reset() { *m = ConfigureRequest{} } -func (m *ConfigureRequest) String() string { return proto.CompactTextString(m) } -func (*ConfigureRequest) ProtoMessage() {} -func (*ConfigureRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{0} -} -func (m *ConfigureRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ConfigureRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ConfigureRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ConfigureRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_ConfigureRequest.Merge(m, src) -} -func (m *ConfigureRequest) XXX_Size() int { - return m.Size() -} -func (m *ConfigureRequest) XXX_DiscardUnknown() { - xxx_messageInfo_ConfigureRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_ConfigureRequest proto.InternalMessageInfo - -func (m *ConfigureRequest) GetClusterId() string { - if m != nil { - return m.ClusterId - } - return "" -} - -func (m *ConfigureRequest) GetIsRoot() bool { - if m != nil { - return m.IsRoot - } - return false -} - -func (m *ConfigureRequest) GetConfig() []byte { - if m != nil { - return m.Config - } - return nil -} - -func (m *ConfigureRequest) GetState() []byte { - if m != nil { - return m.State - } - return nil -} - -type SetIntermediateRequest struct { - IntermediatePem string `protobuf:"bytes,1,opt,name=intermediate_pem,json=intermediatePem,proto3" json:"intermediate_pem,omitempty"` - RootPem string `protobuf:"bytes,2,opt,name=root_pem,json=rootPem,proto3" json:"root_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SetIntermediateRequest) Reset() { *m = SetIntermediateRequest{} } -func (m *SetIntermediateRequest) String() string { return proto.CompactTextString(m) } -func (*SetIntermediateRequest) ProtoMessage() {} -func (*SetIntermediateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{1} -} -func (m *SetIntermediateRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SetIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SetIntermediateRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SetIntermediateRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SetIntermediateRequest.Merge(m, src) -} -func (m *SetIntermediateRequest) XXX_Size() int { - return m.Size() -} -func (m *SetIntermediateRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SetIntermediateRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_SetIntermediateRequest proto.InternalMessageInfo - -func (m *SetIntermediateRequest) GetIntermediatePem() string { - if m != nil { - return m.IntermediatePem - } - return "" -} - -func (m *SetIntermediateRequest) GetRootPem() string { - if m != nil { - return m.RootPem - } - return "" -} - -type SignRequest struct { - Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SignRequest) Reset() { *m = SignRequest{} } -func (m *SignRequest) String() string { return proto.CompactTextString(m) } -func (*SignRequest) ProtoMessage() {} -func (*SignRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{2} -} -func (m *SignRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SignRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SignRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SignRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignRequest.Merge(m, src) -} -func (m *SignRequest) XXX_Size() int { - return m.Size() -} -func (m *SignRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SignRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_SignRequest proto.InternalMessageInfo - -func (m *SignRequest) GetCsr() []byte { - if m != nil { - return m.Csr - } - return nil -} - -type SignIntermediateRequest struct { - Csr []byte `protobuf:"bytes,1,opt,name=csr,proto3" json:"csr,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SignIntermediateRequest) Reset() { *m = SignIntermediateRequest{} } -func (m *SignIntermediateRequest) String() string { return proto.CompactTextString(m) } -func (*SignIntermediateRequest) ProtoMessage() {} -func (*SignIntermediateRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{3} -} -func (m *SignIntermediateRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SignIntermediateRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SignIntermediateRequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SignIntermediateRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignIntermediateRequest.Merge(m, src) -} -func (m *SignIntermediateRequest) XXX_Size() int { - return m.Size() -} -func (m *SignIntermediateRequest) XXX_DiscardUnknown() { - xxx_messageInfo_SignIntermediateRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_SignIntermediateRequest proto.InternalMessageInfo - -func (m *SignIntermediateRequest) GetCsr() []byte { - if m != nil { - return m.Csr - } - return nil -} - -type CrossSignCARequest struct { - Crt []byte `protobuf:"bytes,1,opt,name=crt,proto3" json:"crt,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CrossSignCARequest) Reset() { *m = CrossSignCARequest{} } -func (m *CrossSignCARequest) String() string { return proto.CompactTextString(m) } -func (*CrossSignCARequest) ProtoMessage() {} -func (*CrossSignCARequest) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{4} -} -func (m *CrossSignCARequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *CrossSignCARequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_CrossSignCARequest.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *CrossSignCARequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_CrossSignCARequest.Merge(m, src) -} -func (m *CrossSignCARequest) XXX_Size() int { - return m.Size() -} -func (m *CrossSignCARequest) XXX_DiscardUnknown() { - xxx_messageInfo_CrossSignCARequest.DiscardUnknown(m) -} - -var xxx_messageInfo_CrossSignCARequest proto.InternalMessageInfo - -func (m *CrossSignCARequest) GetCrt() []byte { - if m != nil { - return m.Crt - } - return nil -} - -type StateResponse struct { - State []byte `protobuf:"bytes,1,opt,name=state,proto3" json:"state,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *StateResponse) Reset() { *m = StateResponse{} } -func (m *StateResponse) String() string { return proto.CompactTextString(m) } -func (*StateResponse) ProtoMessage() {} -func (*StateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{5} -} -func (m *StateResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *StateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_StateResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *StateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_StateResponse.Merge(m, src) -} -func (m *StateResponse) XXX_Size() int { - return m.Size() -} -func (m *StateResponse) XXX_DiscardUnknown() { - xxx_messageInfo_StateResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_StateResponse proto.InternalMessageInfo - -func (m *StateResponse) GetState() []byte { - if m != nil { - return m.State - } - return nil -} - -type ActiveRootResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ActiveRootResponse) Reset() { *m = ActiveRootResponse{} } -func (m *ActiveRootResponse) String() string { return proto.CompactTextString(m) } -func (*ActiveRootResponse) ProtoMessage() {} -func (*ActiveRootResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{6} -} -func (m *ActiveRootResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ActiveRootResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ActiveRootResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ActiveRootResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_ActiveRootResponse.Merge(m, src) -} -func (m *ActiveRootResponse) XXX_Size() int { - return m.Size() -} -func (m *ActiveRootResponse) XXX_DiscardUnknown() { - xxx_messageInfo_ActiveRootResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_ActiveRootResponse proto.InternalMessageInfo - -func (m *ActiveRootResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type GenerateIntermediateCSRResponse struct { - CsrPem string `protobuf:"bytes,1,opt,name=csr_pem,json=csrPem,proto3" json:"csr_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *GenerateIntermediateCSRResponse) Reset() { *m = GenerateIntermediateCSRResponse{} } -func (m *GenerateIntermediateCSRResponse) String() string { return proto.CompactTextString(m) } -func (*GenerateIntermediateCSRResponse) ProtoMessage() {} -func (*GenerateIntermediateCSRResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{7} -} -func (m *GenerateIntermediateCSRResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *GenerateIntermediateCSRResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_GenerateIntermediateCSRResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *GenerateIntermediateCSRResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_GenerateIntermediateCSRResponse.Merge(m, src) -} -func (m *GenerateIntermediateCSRResponse) XXX_Size() int { - return m.Size() -} -func (m *GenerateIntermediateCSRResponse) XXX_DiscardUnknown() { - xxx_messageInfo_GenerateIntermediateCSRResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_GenerateIntermediateCSRResponse proto.InternalMessageInfo - -func (m *GenerateIntermediateCSRResponse) GetCsrPem() string { - if m != nil { - return m.CsrPem - } - return "" -} - -type ActiveIntermediateResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ActiveIntermediateResponse) Reset() { *m = ActiveIntermediateResponse{} } -func (m *ActiveIntermediateResponse) String() string { return proto.CompactTextString(m) } -func (*ActiveIntermediateResponse) ProtoMessage() {} -func (*ActiveIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{8} -} -func (m *ActiveIntermediateResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ActiveIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ActiveIntermediateResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ActiveIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_ActiveIntermediateResponse.Merge(m, src) -} -func (m *ActiveIntermediateResponse) XXX_Size() int { - return m.Size() -} -func (m *ActiveIntermediateResponse) XXX_DiscardUnknown() { - xxx_messageInfo_ActiveIntermediateResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_ActiveIntermediateResponse proto.InternalMessageInfo - -func (m *ActiveIntermediateResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type GenerateIntermediateResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *GenerateIntermediateResponse) Reset() { *m = GenerateIntermediateResponse{} } -func (m *GenerateIntermediateResponse) String() string { return proto.CompactTextString(m) } -func (*GenerateIntermediateResponse) ProtoMessage() {} -func (*GenerateIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{9} -} -func (m *GenerateIntermediateResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *GenerateIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_GenerateIntermediateResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *GenerateIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_GenerateIntermediateResponse.Merge(m, src) -} -func (m *GenerateIntermediateResponse) XXX_Size() int { - return m.Size() -} -func (m *GenerateIntermediateResponse) XXX_DiscardUnknown() { - xxx_messageInfo_GenerateIntermediateResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_GenerateIntermediateResponse proto.InternalMessageInfo - -func (m *GenerateIntermediateResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type SignResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SignResponse) Reset() { *m = SignResponse{} } -func (m *SignResponse) String() string { return proto.CompactTextString(m) } -func (*SignResponse) ProtoMessage() {} -func (*SignResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{10} -} -func (m *SignResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SignResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SignResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SignResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignResponse.Merge(m, src) -} -func (m *SignResponse) XXX_Size() int { - return m.Size() -} -func (m *SignResponse) XXX_DiscardUnknown() { - xxx_messageInfo_SignResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_SignResponse proto.InternalMessageInfo - -func (m *SignResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type SignIntermediateResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SignIntermediateResponse) Reset() { *m = SignIntermediateResponse{} } -func (m *SignIntermediateResponse) String() string { return proto.CompactTextString(m) } -func (*SignIntermediateResponse) ProtoMessage() {} -func (*SignIntermediateResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{11} -} -func (m *SignIntermediateResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SignIntermediateResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SignIntermediateResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SignIntermediateResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_SignIntermediateResponse.Merge(m, src) -} -func (m *SignIntermediateResponse) XXX_Size() int { - return m.Size() -} -func (m *SignIntermediateResponse) XXX_DiscardUnknown() { - xxx_messageInfo_SignIntermediateResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_SignIntermediateResponse proto.InternalMessageInfo - -func (m *SignIntermediateResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type CrossSignCAResponse struct { - CrtPem string `protobuf:"bytes,1,opt,name=crt_pem,json=crtPem,proto3" json:"crt_pem,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *CrossSignCAResponse) Reset() { *m = CrossSignCAResponse{} } -func (m *CrossSignCAResponse) String() string { return proto.CompactTextString(m) } -func (*CrossSignCAResponse) ProtoMessage() {} -func (*CrossSignCAResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{12} -} -func (m *CrossSignCAResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *CrossSignCAResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_CrossSignCAResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *CrossSignCAResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_CrossSignCAResponse.Merge(m, src) -} -func (m *CrossSignCAResponse) XXX_Size() int { - return m.Size() -} -func (m *CrossSignCAResponse) XXX_DiscardUnknown() { - xxx_messageInfo_CrossSignCAResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_CrossSignCAResponse proto.InternalMessageInfo - -func (m *CrossSignCAResponse) GetCrtPem() string { - if m != nil { - return m.CrtPem - } - return "" -} - -type BoolResponse struct { - Ok bool `protobuf:"varint,1,opt,name=ok,proto3" json:"ok,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *BoolResponse) Reset() { *m = BoolResponse{} } -func (m *BoolResponse) String() string { return proto.CompactTextString(m) } -func (*BoolResponse) ProtoMessage() {} -func (*BoolResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{13} -} -func (m *BoolResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *BoolResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_BoolResponse.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *BoolResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_BoolResponse.Merge(m, src) -} -func (m *BoolResponse) XXX_Size() int { - return m.Size() -} -func (m *BoolResponse) XXX_DiscardUnknown() { - xxx_messageInfo_BoolResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_BoolResponse proto.InternalMessageInfo - -func (m *BoolResponse) GetOk() bool { - if m != nil { - return m.Ok - } - return false -} - -// Protobufs doesn't allow no req/resp so in the cases where there are -// no arguments we use the Empty message. -type Empty struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Empty) Reset() { *m = Empty{} } -func (m *Empty) String() string { return proto.CompactTextString(m) } -func (*Empty) ProtoMessage() {} -func (*Empty) Descriptor() ([]byte, []int) { - return fileDescriptor_c6a9f3c02af3d1c8, []int{14} -} -func (m *Empty) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_Empty.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalTo(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *Empty) XXX_Merge(src proto.Message) { - xxx_messageInfo_Empty.Merge(m, src) -} -func (m *Empty) XXX_Size() int { - return m.Size() -} -func (m *Empty) XXX_DiscardUnknown() { - xxx_messageInfo_Empty.DiscardUnknown(m) -} - -var xxx_messageInfo_Empty proto.InternalMessageInfo - -func init() { - proto.RegisterType((*ConfigureRequest)(nil), "plugin.ConfigureRequest") - proto.RegisterType((*SetIntermediateRequest)(nil), "plugin.SetIntermediateRequest") - proto.RegisterType((*SignRequest)(nil), "plugin.SignRequest") - proto.RegisterType((*SignIntermediateRequest)(nil), "plugin.SignIntermediateRequest") - proto.RegisterType((*CrossSignCARequest)(nil), "plugin.CrossSignCARequest") - proto.RegisterType((*StateResponse)(nil), "plugin.StateResponse") - proto.RegisterType((*ActiveRootResponse)(nil), "plugin.ActiveRootResponse") - proto.RegisterType((*GenerateIntermediateCSRResponse)(nil), "plugin.GenerateIntermediateCSRResponse") - proto.RegisterType((*ActiveIntermediateResponse)(nil), "plugin.ActiveIntermediateResponse") - proto.RegisterType((*GenerateIntermediateResponse)(nil), "plugin.GenerateIntermediateResponse") - proto.RegisterType((*SignResponse)(nil), "plugin.SignResponse") - proto.RegisterType((*SignIntermediateResponse)(nil), "plugin.SignIntermediateResponse") - proto.RegisterType((*CrossSignCAResponse)(nil), "plugin.CrossSignCAResponse") - proto.RegisterType((*BoolResponse)(nil), "plugin.BoolResponse") - proto.RegisterType((*Empty)(nil), "plugin.Empty") -} - -func init() { proto.RegisterFile("provider.proto", fileDescriptor_c6a9f3c02af3d1c8) } - -var fileDescriptor_c6a9f3c02af3d1c8 = []byte{ - // 599 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x55, 0xd1, 0x6e, 0xd3, 0x4a, - 0x10, 0xbd, 0x4e, 0x5b, 0x27, 0x99, 0xa6, 0x6d, 0xb4, 0xcd, 0x6d, 0x8c, 0x01, 0x27, 0xb2, 0x80, - 0x04, 0x41, 0x23, 0x41, 0x41, 0x95, 0xe0, 0x85, 0xd4, 0x82, 0xaa, 0xe2, 0xa5, 0x38, 0xe2, 0x95, - 0x28, 0x38, 0x4b, 0x64, 0x35, 0xf1, 0x9a, 0xdd, 0x75, 0x05, 0x7f, 0xc2, 0x7f, 0xf0, 0x13, 0x3c, - 0xf2, 0x09, 0x28, 0xfc, 0x08, 0xf2, 0xc6, 0xde, 0xd8, 0x1b, 0xb7, 0x7e, 0xcb, 0xcc, 0x9e, 0x39, - 0x3b, 0x67, 0xf6, 0x8c, 0x03, 0xfb, 0x21, 0x25, 0xd7, 0xfe, 0x14, 0xd3, 0x41, 0x48, 0x09, 0x27, - 0x48, 0x0f, 0xe7, 0xd1, 0xcc, 0x0f, 0xec, 0x6f, 0xd0, 0x74, 0x48, 0xf0, 0xc5, 0x9f, 0x45, 0x14, - 0xbb, 0xf8, 0x6b, 0x84, 0x19, 0x47, 0xf7, 0x01, 0xbc, 0x79, 0xc4, 0x38, 0xa6, 0x63, 0x7f, 0x6a, - 0x68, 0x5d, 0xad, 0x5f, 0x77, 0xeb, 0x49, 0xe6, 0x62, 0x8a, 0xda, 0x50, 0xf5, 0xd9, 0x98, 0x12, - 0xc2, 0x8d, 0x4a, 0x57, 0xeb, 0xd7, 0x5c, 0xdd, 0x67, 0x2e, 0x21, 0x1c, 0x1d, 0x81, 0xee, 0x09, - 0x2e, 0x63, 0xab, 0xab, 0xf5, 0x1b, 0x6e, 0x12, 0xa1, 0x16, 0xec, 0x30, 0x3e, 0xe1, 0xd8, 0xd8, - 0x16, 0xe9, 0x55, 0x60, 0x7f, 0x82, 0xa3, 0x11, 0xe6, 0x17, 0x01, 0xc7, 0x74, 0x81, 0xa7, 0xfe, - 0x84, 0xcb, 0xfb, 0x1f, 0x43, 0xd3, 0xcf, 0xa4, 0xc7, 0x21, 0x5e, 0x24, 0x5d, 0x1c, 0x64, 0xf3, - 0x97, 0x78, 0x81, 0xee, 0x40, 0x2d, 0x6e, 0x44, 0x40, 0x2a, 0x02, 0x52, 0x8d, 0xe3, 0x4b, 0xbc, - 0xb0, 0x3b, 0xb0, 0x3b, 0xf2, 0x67, 0x41, 0x4a, 0xda, 0x84, 0x2d, 0x8f, 0x51, 0xc1, 0xd3, 0x70, - 0xe3, 0x9f, 0xf6, 0x13, 0x68, 0xc7, 0x80, 0xa2, 0x0e, 0x36, 0xc1, 0x8f, 0x00, 0x39, 0x94, 0x30, - 0x16, 0x57, 0x38, 0xc3, 0x2c, 0x8e, 0x72, 0x89, 0xa3, 0xdc, 0x7e, 0x08, 0x7b, 0x23, 0x2e, 0x98, - 0x58, 0x48, 0x02, 0x86, 0xd7, 0xe2, 0xb5, 0xac, 0xf8, 0x63, 0x40, 0x43, 0x8f, 0xfb, 0xd7, 0x38, - 0x1e, 0x9c, 0xc4, 0xb6, 0xa1, 0xea, 0x51, 0x9e, 0xd1, 0xab, 0x7b, 0x54, 0x68, 0x79, 0x05, 0x9d, - 0x73, 0x1c, 0x60, 0x3a, 0xe1, 0x38, 0xdb, 0xae, 0x33, 0x72, 0x73, 0xb5, 0x8c, 0xe6, 0x6a, 0x19, - 0x8d, 0x6b, 0x5f, 0x82, 0xb9, 0xba, 0x2a, 0x2f, 0xb4, 0xec, 0xca, 0x53, 0xb8, 0x57, 0x74, 0x65, - 0x79, 0x61, 0x0f, 0x1a, 0xab, 0xb9, 0x97, 0x01, 0x4f, 0xc0, 0xd8, 0x9c, 0x7f, 0x59, 0xd1, 0x00, - 0x0e, 0x73, 0xef, 0x50, 0x86, 0xb7, 0xa0, 0x71, 0x46, 0xc8, 0x5c, 0x02, 0xf7, 0xa1, 0x42, 0xae, - 0x04, 0xa6, 0xe6, 0x56, 0xc8, 0x95, 0x5d, 0x85, 0x9d, 0xb7, 0x8b, 0x90, 0x7f, 0x7f, 0xfe, 0x53, - 0x87, 0x8a, 0x33, 0x44, 0x2f, 0xa0, 0x2e, 0xf7, 0x01, 0x19, 0x83, 0xd5, 0x96, 0x0c, 0xd4, 0x15, - 0x31, 0xf7, 0xd2, 0x13, 0x51, 0x8c, 0x8e, 0x61, 0x47, 0xbc, 0x3a, 0xca, 0xe7, 0xcd, 0xff, 0xd3, - 0x30, 0xef, 0x89, 0xa7, 0xd0, 0x48, 0x67, 0x2b, 0x16, 0x47, 0xa9, 0x52, 0xc8, 0x4f, 0x01, 0xd6, - 0x5e, 0x51, 0xb1, 0x66, 0x1a, 0x16, 0xd8, 0xe9, 0x03, 0xb4, 0x6f, 0x70, 0x8d, 0xca, 0xd2, 0x4b, - 0xc3, 0x32, 0x97, 0xbd, 0x81, 0x03, 0x65, 0x69, 0x91, 0x25, 0x35, 0x16, 0x6e, 0xb3, 0xaa, 0xe6, - 0x3c, 0x75, 0x7e, 0x8e, 0x44, 0xe9, 0xc7, 0xce, 0xab, 0x2a, 0xb4, 0xc8, 0x7b, 0x68, 0x15, 0x75, - 0xab, 0x52, 0x3d, 0xb8, 0x4d, 0x9a, 0x24, 0x7b, 0x06, 0xdb, 0xb1, 0xa3, 0xd0, 0xa1, 0x14, 0xb3, - 0xfe, 0x74, 0x98, 0xad, 0x7c, 0x32, 0x29, 0xf9, 0x08, 0x4d, 0xd5, 0xbe, 0xa8, 0x93, 0x45, 0x16, - 0x0d, 0xa3, 0x7b, 0x33, 0x20, 0xa1, 0x7d, 0x07, 0xbb, 0x19, 0x83, 0x23, 0xf9, 0xbe, 0x9b, 0x5f, - 0x1f, 0xf3, 0x6e, 0xe1, 0x59, 0xc2, 0xf3, 0x1a, 0x5a, 0xa3, 0x28, 0x0c, 0x09, 0xe5, 0x4c, 0x1e, - 0xfb, 0xc1, 0x4c, 0x1d, 0x8f, 0xd4, 0x96, 0xdb, 0x92, 0x1e, 0x54, 0x9d, 0x39, 0x9e, 0x04, 0x51, - 0x78, 0xbb, 0x37, 0xcf, 0x9a, 0xbf, 0x96, 0x96, 0xf6, 0x7b, 0x69, 0x69, 0x7f, 0x96, 0x96, 0xf6, - 0xe3, 0xaf, 0xf5, 0xdf, 0x67, 0x5d, 0xfc, 0xbf, 0x9c, 0xfc, 0x0b, 0x00, 0x00, 0xff, 0xff, 0x9e, - 0xa1, 0xdc, 0xbb, 0x71, 0x06, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// CAClient is the client API for CA service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type CAClient interface { - Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*Empty, error) - State(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*StateResponse, error) - GenerateRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) - ActiveRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveRootResponse, error) - GenerateIntermediateCSR(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateCSRResponse, error) - SetIntermediate(ctx context.Context, in *SetIntermediateRequest, opts ...grpc.CallOption) (*Empty, error) - ActiveIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveIntermediateResponse, error) - GenerateIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateResponse, error) - Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) - SignIntermediate(ctx context.Context, in *SignIntermediateRequest, opts ...grpc.CallOption) (*SignIntermediateResponse, error) - CrossSignCA(ctx context.Context, in *CrossSignCARequest, opts ...grpc.CallOption) (*CrossSignCAResponse, error) - SupportsCrossSigning(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*BoolResponse, error) - Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) -} - -type cAClient struct { - cc *grpc.ClientConn -} - -func NewCAClient(cc *grpc.ClientConn) CAClient { - return &cAClient{cc} -} - -func (c *cAClient) Configure(ctx context.Context, in *ConfigureRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.CA/Configure", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) State(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*StateResponse, error) { - out := new(StateResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/State", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) GenerateRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.CA/GenerateRoot", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) ActiveRoot(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveRootResponse, error) { - out := new(ActiveRootResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/ActiveRoot", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) GenerateIntermediateCSR(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateCSRResponse, error) { - out := new(GenerateIntermediateCSRResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/GenerateIntermediateCSR", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) SetIntermediate(ctx context.Context, in *SetIntermediateRequest, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.CA/SetIntermediate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) ActiveIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*ActiveIntermediateResponse, error) { - out := new(ActiveIntermediateResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/ActiveIntermediate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) GenerateIntermediate(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*GenerateIntermediateResponse, error) { - out := new(GenerateIntermediateResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/GenerateIntermediate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) Sign(ctx context.Context, in *SignRequest, opts ...grpc.CallOption) (*SignResponse, error) { - out := new(SignResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/Sign", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) SignIntermediate(ctx context.Context, in *SignIntermediateRequest, opts ...grpc.CallOption) (*SignIntermediateResponse, error) { - out := new(SignIntermediateResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/SignIntermediate", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) CrossSignCA(ctx context.Context, in *CrossSignCARequest, opts ...grpc.CallOption) (*CrossSignCAResponse, error) { - out := new(CrossSignCAResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/CrossSignCA", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) SupportsCrossSigning(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*BoolResponse, error) { - out := new(BoolResponse) - err := c.cc.Invoke(ctx, "/plugin.CA/SupportsCrossSigning", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -func (c *cAClient) Cleanup(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.CA/Cleanup", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// CAServer is the server API for CA service. -type CAServer interface { - Configure(context.Context, *ConfigureRequest) (*Empty, error) - State(context.Context, *Empty) (*StateResponse, error) - GenerateRoot(context.Context, *Empty) (*Empty, error) - ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) - GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) - SetIntermediate(context.Context, *SetIntermediateRequest) (*Empty, error) - ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) - GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) - Sign(context.Context, *SignRequest) (*SignResponse, error) - SignIntermediate(context.Context, *SignIntermediateRequest) (*SignIntermediateResponse, error) - CrossSignCA(context.Context, *CrossSignCARequest) (*CrossSignCAResponse, error) - SupportsCrossSigning(context.Context, *Empty) (*BoolResponse, error) - Cleanup(context.Context, *Empty) (*Empty, error) -} - -func RegisterCAServer(s *grpc.Server, srv CAServer) { - s.RegisterService(&_CA_serviceDesc, srv) -} - -func _CA_Configure_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ConfigureRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).Configure(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/Configure", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).Configure(ctx, req.(*ConfigureRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_State_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).State(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/State", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).State(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_GenerateRoot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).GenerateRoot(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/GenerateRoot", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).GenerateRoot(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_ActiveRoot_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).ActiveRoot(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/ActiveRoot", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).ActiveRoot(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_GenerateIntermediateCSR_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).GenerateIntermediateCSR(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/GenerateIntermediateCSR", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).GenerateIntermediateCSR(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_SetIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SetIntermediateRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).SetIntermediate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/SetIntermediate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).SetIntermediate(ctx, req.(*SetIntermediateRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_ActiveIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).ActiveIntermediate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/ActiveIntermediate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).ActiveIntermediate(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_GenerateIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).GenerateIntermediate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/GenerateIntermediate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).GenerateIntermediate(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_Sign_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SignRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).Sign(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/Sign", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).Sign(ctx, req.(*SignRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_SignIntermediate_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(SignIntermediateRequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).SignIntermediate(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/SignIntermediate", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).SignIntermediate(ctx, req.(*SignIntermediateRequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_CrossSignCA_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(CrossSignCARequest) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).CrossSignCA(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/CrossSignCA", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).CrossSignCA(ctx, req.(*CrossSignCARequest)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_SupportsCrossSigning_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).SupportsCrossSigning(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/SupportsCrossSigning", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).SupportsCrossSigning(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -func _CA_Cleanup_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(CAServer).Cleanup(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.CA/Cleanup", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(CAServer).Cleanup(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -var _CA_serviceDesc = grpc.ServiceDesc{ - ServiceName: "plugin.CA", - HandlerType: (*CAServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Configure", - Handler: _CA_Configure_Handler, - }, - { - MethodName: "State", - Handler: _CA_State_Handler, - }, - { - MethodName: "GenerateRoot", - Handler: _CA_GenerateRoot_Handler, - }, - { - MethodName: "ActiveRoot", - Handler: _CA_ActiveRoot_Handler, - }, - { - MethodName: "GenerateIntermediateCSR", - Handler: _CA_GenerateIntermediateCSR_Handler, - }, - { - MethodName: "SetIntermediate", - Handler: _CA_SetIntermediate_Handler, - }, - { - MethodName: "ActiveIntermediate", - Handler: _CA_ActiveIntermediate_Handler, - }, - { - MethodName: "GenerateIntermediate", - Handler: _CA_GenerateIntermediate_Handler, - }, - { - MethodName: "Sign", - Handler: _CA_Sign_Handler, - }, - { - MethodName: "SignIntermediate", - Handler: _CA_SignIntermediate_Handler, - }, - { - MethodName: "CrossSignCA", - Handler: _CA_CrossSignCA_Handler, - }, - { - MethodName: "SupportsCrossSigning", - Handler: _CA_SupportsCrossSigning_Handler, - }, - { - MethodName: "Cleanup", - Handler: _CA_Cleanup_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "provider.proto", -} - -func (m *ConfigureRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ConfigureRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.ClusterId) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.ClusterId))) - i += copy(dAtA[i:], m.ClusterId) - } - if m.IsRoot { - dAtA[i] = 0x10 - i++ - if m.IsRoot { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if len(m.Config) > 0 { - dAtA[i] = 0x1a - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.Config))) - i += copy(dAtA[i:], m.Config) - } - if len(m.State) > 0 { - dAtA[i] = 0x22 - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.State))) - i += copy(dAtA[i:], m.State) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SetIntermediateRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SetIntermediateRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.IntermediatePem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.IntermediatePem))) - i += copy(dAtA[i:], m.IntermediatePem) - } - if len(m.RootPem) > 0 { - dAtA[i] = 0x12 - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.RootPem))) - i += copy(dAtA[i:], m.RootPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SignRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SignRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.Csr) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.Csr))) - i += copy(dAtA[i:], m.Csr) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SignIntermediateRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SignIntermediateRequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.Csr) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.Csr))) - i += copy(dAtA[i:], m.Csr) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *CrossSignCARequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CrossSignCARequest) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.Crt) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.Crt))) - i += copy(dAtA[i:], m.Crt) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *StateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *StateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.State) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.State))) - i += copy(dAtA[i:], m.State) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *ActiveRootResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ActiveRootResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *GenerateIntermediateCSRResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GenerateIntermediateCSRResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CsrPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CsrPem))) - i += copy(dAtA[i:], m.CsrPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *ActiveIntermediateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ActiveIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *GenerateIntermediateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *GenerateIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SignResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SignResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *SignIntermediateResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SignIntermediateResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *CrossSignCAResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *CrossSignCAResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.CrtPem) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintProvider(dAtA, i, uint64(len(m.CrtPem))) - i += copy(dAtA[i:], m.CrtPem) - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *BoolResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *BoolResponse) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if m.Ok { - dAtA[i] = 0x8 - i++ - if m.Ok { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i++ - } - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func (m *Empty) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Empty) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i += copy(dAtA[i:], m.XXX_unrecognized) - } - return i, nil -} - -func encodeVarintProvider(dAtA []byte, offset int, v uint64) int { - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return offset + 1 -} -func (m *ConfigureRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.ClusterId) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.IsRoot { - n += 2 - } - l = len(m.Config) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - l = len(m.State) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SetIntermediateRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.IntermediatePem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - l = len(m.RootPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SignRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Csr) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SignIntermediateRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Csr) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *CrossSignCARequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Crt) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *StateResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.State) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *ActiveRootResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *GenerateIntermediateCSRResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CsrPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *ActiveIntermediateResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *GenerateIntermediateResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SignResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *SignIntermediateResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *CrossSignCAResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.CrtPem) - if l > 0 { - n += 1 + l + sovProvider(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *BoolResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Ok { - n += 2 - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *Empty) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func sovProvider(x uint64) (n int) { - for { - n++ - x >>= 7 - if x == 0 { - break - } - } - return n -} -func sozProvider(x uint64) (n int) { - return sovProvider(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (m *ConfigureRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ConfigureRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ConfigureRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ClusterId", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ClusterId = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field IsRoot", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.IsRoot = bool(v != 0) - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Config", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Config = append(m.Config[:0], dAtA[iNdEx:postIndex]...) - if m.Config == nil { - m.Config = []byte{} - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.State = append(m.State[:0], dAtA[iNdEx:postIndex]...) - if m.State == nil { - m.State = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SetIntermediateRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SetIntermediateRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SetIntermediateRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field IntermediatePem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.IntermediatePem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RootPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RootPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SignRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SignRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SignRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Csr", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Csr = append(m.Csr[:0], dAtA[iNdEx:postIndex]...) - if m.Csr == nil { - m.Csr = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SignIntermediateRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SignIntermediateRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SignIntermediateRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Csr", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Csr = append(m.Csr[:0], dAtA[iNdEx:postIndex]...) - if m.Csr == nil { - m.Csr = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CrossSignCARequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CrossSignCARequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CrossSignCARequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Crt", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Crt = append(m.Crt[:0], dAtA[iNdEx:postIndex]...) - if m.Crt == nil { - m.Crt = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *StateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: StateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: StateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field State", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.State = append(m.State[:0], dAtA[iNdEx:postIndex]...) - if m.State == nil { - m.State = []byte{} - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ActiveRootResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ActiveRootResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ActiveRootResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GenerateIntermediateCSRResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GenerateIntermediateCSRResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GenerateIntermediateCSRResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CsrPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CsrPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *ActiveIntermediateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ActiveIntermediateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ActiveIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *GenerateIntermediateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: GenerateIntermediateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: GenerateIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SignResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SignResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SignResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *SignIntermediateResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SignIntermediateResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SignIntermediateResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *CrossSignCAResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CrossSignCAResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CrossSignCAResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CrtPem", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthProvider - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthProvider - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.CrtPem = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *BoolResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: BoolResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: BoolResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Ok", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Ok = bool(v != 0) - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Empty) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowProvider - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Empty: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Empty: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - default: - iNdEx = preIndex - skippy, err := skipProvider(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) < 0 { - return ErrInvalidLengthProvider - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipProvider(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowProvider - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowProvider - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - return iNdEx, nil - case 1: - iNdEx += 8 - return iNdEx, nil - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowProvider - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthProvider - } - iNdEx += length - if iNdEx < 0 { - return 0, ErrInvalidLengthProvider - } - return iNdEx, nil - case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowProvider - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipProvider(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - if iNdEx < 0 { - return 0, ErrInvalidLengthProvider - } - } - return iNdEx, nil - case 4: - return iNdEx, nil - case 5: - iNdEx += 4 - return iNdEx, nil - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - } - panic("unreachable") -} - -var ( - ErrInvalidLengthProvider = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowProvider = fmt.Errorf("proto: integer overflow") -) diff --git a/agent/connect/ca/plugin/provider.proto b/agent/connect/ca/plugin/provider.proto deleted file mode 100644 index f51a5c040c..0000000000 --- a/agent/connect/ca/plugin/provider.proto +++ /dev/null @@ -1,93 +0,0 @@ -/* This proto file contains the service and structures for implementing - * a Consul CA provider plugin. For clearer documentation on what each - * RPC method should do, please refer to the Go interface documentation - * for `agent/connect/ca.Provider`. - * - * After implementing this service, the plugin must also output the proper - * format to stdout for the plugin handshake. Please refer to the Consul - * documentation for more information. - */ - -syntax = "proto3"; - -package plugin; - -service CA { - rpc Configure(ConfigureRequest) returns (Empty); - rpc State(Empty) returns (StateResponse); - rpc GenerateRoot(Empty) returns (Empty); - rpc ActiveRoot(Empty) returns (ActiveRootResponse); - rpc GenerateIntermediateCSR(Empty) returns (GenerateIntermediateCSRResponse); - rpc SetIntermediate(SetIntermediateRequest) returns (Empty); - rpc ActiveIntermediate(Empty) returns (ActiveIntermediateResponse); - rpc GenerateIntermediate(Empty) returns (GenerateIntermediateResponse); - rpc Sign(SignRequest) returns (SignResponse); - rpc SignIntermediate(SignIntermediateRequest) returns (SignIntermediateResponse); - rpc CrossSignCA(CrossSignCARequest) returns (CrossSignCAResponse); - rpc SupportsCrossSigning(Empty) returns (BoolResponse); - rpc Cleanup(Empty) returns (Empty); -} - -message ConfigureRequest { - string cluster_id = 1; - bool is_root = 2; - bytes config = 3; // JSON-encoded structure - bytes state = 4; // JSON-encoded structure -} - -message SetIntermediateRequest { - string intermediate_pem = 1; - string root_pem = 2; -} - -message SignRequest { - bytes csr = 1; -} - -message SignIntermediateRequest { - bytes csr = 1; -} - -message CrossSignCARequest { - bytes crt = 1; -} - -message StateResponse { - bytes state = 1; // JSON-encoded map[string]string -} - -message ActiveRootResponse { - string crt_pem = 1; -} - -message GenerateIntermediateCSRResponse { - string csr_pem = 1; -} - -message ActiveIntermediateResponse { - string crt_pem = 1; -} - -message GenerateIntermediateResponse { - string crt_pem = 1; -} - -message SignResponse { - string crt_pem = 1; -} - -message SignIntermediateResponse { - string crt_pem = 1; -} - -message CrossSignCAResponse { - string crt_pem = 1; -} - -message BoolResponse { - bool ok = 1; -} - -// Protobufs doesn't allow no req/resp so in the cases where there are -// no arguments we use the Empty message. -message Empty {} diff --git a/agent/connect/ca/plugin/serve.go b/agent/connect/ca/plugin/serve.go deleted file mode 100644 index 94bc04425c..0000000000 --- a/agent/connect/ca/plugin/serve.go +++ /dev/null @@ -1,33 +0,0 @@ -package plugin - -import ( - "github.com/hashicorp/consul/agent/connect/ca" - "github.com/hashicorp/go-plugin" -) - -// Name is the name of the plugin that users of the package should use -// with *plugin.Client.Dispense to get the proper plugin instance. -const Name = "consul-connect-ca" - -// handshakeConfig is the HandshakeConfig used to configure clients and servers. -var handshakeConfig = plugin.HandshakeConfig{ - // The ProtocolVersion is the version that must match between Consul - // and CA plugins. This should be bumped whenever a change happens in - // one or the other that makes it so that they can't safely communicate. - ProtocolVersion: 1, - - // The magic cookie values should NEVER be changed. - MagicCookieKey: "CONSUL_PLUGIN_MAGIC_COOKIE", - MagicCookieValue: "f31f63b28fa82a3cdb30a6284cb1e50e3a13b7e60ba105a2c91219da319d216c", -} - -// Serve serves a CA plugin. This function never returns and should be the -// final function called in the main function of the plugin. -func Serve(p ca.Provider) { - plugin.Serve(&plugin.ServeConfig{ - HandshakeConfig: handshakeConfig, - Plugins: map[string]plugin.Plugin{ - Name: &ProviderPlugin{Impl: p}, - }, - }) -} diff --git a/agent/connect/ca/plugin/transport_grpc.go b/agent/connect/ca/plugin/transport_grpc.go deleted file mode 100644 index 5aeb72a493..0000000000 --- a/agent/connect/ca/plugin/transport_grpc.go +++ /dev/null @@ -1,258 +0,0 @@ -package plugin - -import ( - "context" - "crypto/x509" - "encoding/json" - - "github.com/hashicorp/consul/agent/connect/ca" - "google.golang.org/grpc" -) - -// providerPluginGRPCServer implements the CAServer interface for gRPC. -type providerPluginGRPCServer struct { - impl ca.Provider -} - -func (p *providerPluginGRPCServer) Configure(_ context.Context, req *ConfigureRequest) (*Empty, error) { - var rawConfig map[string]interface{} - if err := json.Unmarshal(req.Config, &rawConfig); err != nil { - return nil, err - } - var state map[string]string - if err := json.Unmarshal(req.State, &state); err != nil { - return nil, err - } - - return &Empty{}, p.impl.Configure(req.ClusterId, req.IsRoot, rawConfig, state) -} - -func (p *providerPluginGRPCServer) State(context.Context, *Empty) (*StateResponse, error) { - got, err := p.impl.State() - var jsonBs []byte - if err == nil { - jsonBs, err = json.Marshal(got) - if err != nil { - return nil, err - } - } - return &StateResponse{State: jsonBs}, nil -} - -func (p *providerPluginGRPCServer) GenerateRoot(context.Context, *Empty) (*Empty, error) { - return &Empty{}, p.impl.GenerateRoot() -} - -func (p *providerPluginGRPCServer) ActiveRoot(context.Context, *Empty) (*ActiveRootResponse, error) { - pem, err := p.impl.ActiveRoot() - return &ActiveRootResponse{CrtPem: pem}, err -} - -func (p *providerPluginGRPCServer) GenerateIntermediateCSR(context.Context, *Empty) (*GenerateIntermediateCSRResponse, error) { - pem, err := p.impl.GenerateIntermediateCSR() - return &GenerateIntermediateCSRResponse{CsrPem: pem}, err -} - -func (p *providerPluginGRPCServer) SetIntermediate(_ context.Context, req *SetIntermediateRequest) (*Empty, error) { - return &Empty{}, p.impl.SetIntermediate(req.IntermediatePem, req.RootPem) -} - -func (p *providerPluginGRPCServer) ActiveIntermediate(context.Context, *Empty) (*ActiveIntermediateResponse, error) { - pem, err := p.impl.ActiveIntermediate() - return &ActiveIntermediateResponse{CrtPem: pem}, err -} - -func (p *providerPluginGRPCServer) GenerateIntermediate(context.Context, *Empty) (*GenerateIntermediateResponse, error) { - pem, err := p.impl.GenerateIntermediate() - return &GenerateIntermediateResponse{CrtPem: pem}, err -} - -func (p *providerPluginGRPCServer) Sign(_ context.Context, req *SignRequest) (*SignResponse, error) { - csr, err := x509.ParseCertificateRequest(req.Csr) - if err != nil { - return nil, err - } - - crtPEM, err := p.impl.Sign(csr) - return &SignResponse{CrtPem: crtPEM}, err -} - -func (p *providerPluginGRPCServer) SignIntermediate(_ context.Context, req *SignIntermediateRequest) (*SignIntermediateResponse, error) { - csr, err := x509.ParseCertificateRequest(req.Csr) - if err != nil { - return nil, err - } - - crtPEM, err := p.impl.SignIntermediate(csr) - return &SignIntermediateResponse{CrtPem: crtPEM}, err -} - -func (p *providerPluginGRPCServer) CrossSignCA(_ context.Context, req *CrossSignCARequest) (*CrossSignCAResponse, error) { - crt, err := x509.ParseCertificate(req.Crt) - if err != nil { - return nil, err - } - - crtPEM, err := p.impl.CrossSignCA(crt) - return &CrossSignCAResponse{CrtPem: crtPEM}, err -} - -func (p *providerPluginGRPCServer) SupportsCrossSigning(context.Context, *Empty) (*BoolResponse, error) { - ok, err := p.impl.SupportsCrossSigning() - return &BoolResponse{Ok: ok}, err -} - -func (p *providerPluginGRPCServer) Cleanup(context.Context, *Empty) (*Empty, error) { - return &Empty{}, p.impl.Cleanup() -} - -// providerPluginGRPCClient implements ca.Provider for acting as a client -// to a remote CA provider plugin over gRPC. -type providerPluginGRPCClient struct { - client CAClient - clientConn *grpc.ClientConn - doneCtx context.Context -} - -func (p *providerPluginGRPCClient) Configure( - clusterId string, - isRoot bool, - rawConfig map[string]interface{}, - state map[string]string) error { - - config, err := json.Marshal(rawConfig) - if err != nil { - return err - } - - stateJSON, err := json.Marshal(state) - if err != nil { - return err - } - - _, err = p.client.Configure(p.doneCtx, &ConfigureRequest{ - ClusterId: clusterId, - IsRoot: isRoot, - Config: config, - State: stateJSON, - }) - return p.err(err) -} - -func (p *providerPluginGRPCClient) State() (map[string]string, error) { - stateResp, err := p.client.State(p.doneCtx, &Empty{}) - if err != nil { - return nil, p.err(err) - } - - var state map[string]string - err = json.Unmarshal(stateResp.State, &state) - if err != nil { - return nil, err - } - return state, nil -} - -func (p *providerPluginGRPCClient) GenerateRoot() error { - _, err := p.client.GenerateRoot(p.doneCtx, &Empty{}) - return p.err(err) -} - -func (p *providerPluginGRPCClient) ActiveRoot() (string, error) { - resp, err := p.client.ActiveRoot(p.doneCtx, &Empty{}) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) GenerateIntermediateCSR() (string, error) { - resp, err := p.client.GenerateIntermediateCSR(p.doneCtx, &Empty{}) - if err != nil { - return "", p.err(err) - } - - return resp.CsrPem, nil -} - -func (p *providerPluginGRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { - _, err := p.client.SetIntermediate(p.doneCtx, &SetIntermediateRequest{ - IntermediatePem: intermediatePEM, - RootPem: rootPEM, - }) - return p.err(err) -} - -func (p *providerPluginGRPCClient) ActiveIntermediate() (string, error) { - resp, err := p.client.ActiveIntermediate(p.doneCtx, &Empty{}) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) GenerateIntermediate() (string, error) { - resp, err := p.client.GenerateIntermediate(p.doneCtx, &Empty{}) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { - resp, err := p.client.Sign(p.doneCtx, &SignRequest{ - Csr: csr.Raw, - }) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { - resp, err := p.client.SignIntermediate(p.doneCtx, &SignIntermediateRequest{ - Csr: csr.Raw, - }) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { - resp, err := p.client.CrossSignCA(p.doneCtx, &CrossSignCARequest{ - Crt: crt.Raw, - }) - if err != nil { - return "", p.err(err) - } - - return resp.CrtPem, nil -} - -func (p *providerPluginGRPCClient) SupportsCrossSigning() (bool, error) { - resp, err := p.client.SupportsCrossSigning(p.doneCtx, &Empty{}) - return resp.Ok, err -} - -func (p *providerPluginGRPCClient) Cleanup() error { - _, err := p.client.Cleanup(p.doneCtx, &Empty{}) - return p.err(err) -} - -func (p *providerPluginGRPCClient) err(err error) error { - if err := p.doneCtx.Err(); err != nil { - return err - } - - return err -} - -// Verification -var _ CAServer = &providerPluginGRPCServer{} -var _ ca.Provider = &providerPluginGRPCClient{} diff --git a/agent/connect/ca/plugin/transport_netrpc.go b/agent/connect/ca/plugin/transport_netrpc.go deleted file mode 100644 index 8de564bb44..0000000000 --- a/agent/connect/ca/plugin/transport_netrpc.go +++ /dev/null @@ -1,221 +0,0 @@ -package plugin - -import ( - "crypto/x509" - "encoding/json" - "net/rpc" - - "github.com/hashicorp/consul/agent/connect/ca" -) - -// providerPluginRPCServer implements a net/rpc backed transport for -// an underlying implementation of a ca.Provider. The server side is the -// plugin binary itself. -type providerPluginRPCServer struct { - impl ca.Provider -} - -func (p *providerPluginRPCServer) Configure(args *ConfigureRPCRequest, _ *struct{}) error { - return p.impl.Configure(args.ClusterId, args.IsRoot, args.RawConfig, args.State) -} - -func (p *providerPluginRPCServer) State(_ struct{}, resp *StateResponse) error { - state, err := p.impl.State() - if err != nil { - return err - } - resp.State, err = json.Marshal(state) - if err != nil { - return err - } - return nil -} - -func (p *providerPluginRPCServer) GenerateRoot(struct{}, *struct{}) error { - return p.impl.GenerateRoot() -} - -func (p *providerPluginRPCServer) ActiveRoot(_ struct{}, resp *ActiveRootResponse) error { - var err error - resp.CrtPem, err = p.impl.ActiveRoot() - return err -} - -func (p *providerPluginRPCServer) GenerateIntermediateCSR(_ struct{}, resp *GenerateIntermediateCSRResponse) error { - var err error - resp.CsrPem, err = p.impl.GenerateIntermediateCSR() - return err -} - -func (p *providerPluginRPCServer) SetIntermediate(args *SetIntermediateRPCRequest, _ *struct{}) error { - return p.impl.SetIntermediate(args.IntermediatePEM, args.RootPEM) -} - -func (p *providerPluginRPCServer) ActiveIntermediate(_ struct{}, resp *ActiveIntermediateResponse) error { - var err error - resp.CrtPem, err = p.impl.ActiveIntermediate() - return err -} - -func (p *providerPluginRPCServer) GenerateIntermediate(_ struct{}, resp *GenerateIntermediateResponse) error { - var err error - resp.CrtPem, err = p.impl.GenerateIntermediate() - return err -} - -func (p *providerPluginRPCServer) Sign(args *SignRequest, resp *SignResponse) error { - csr, err := x509.ParseCertificateRequest(args.Csr) - if err != nil { - return err - } - - resp.CrtPem, err = p.impl.Sign(csr) - return err -} - -func (p *providerPluginRPCServer) SignIntermediate(args *SignIntermediateRequest, resp *SignIntermediateResponse) error { - csr, err := x509.ParseCertificateRequest(args.Csr) - if err != nil { - return err - } - - resp.CrtPem, err = p.impl.SignIntermediate(csr) - return err -} - -func (p *providerPluginRPCServer) CrossSignCA(args *CrossSignCARequest, resp *CrossSignCAResponse) error { - crt, err := x509.ParseCertificate(args.Crt) - if err != nil { - return err - } - - resp.CrtPem, err = p.impl.CrossSignCA(crt) - return err -} - -func (p *providerPluginRPCServer) Cleanup(struct{}, *struct{}) error { - return p.impl.Cleanup() -} - -// providerPluginRPCClient implements a net/rpc backed transport for -// an underlying implementation of a ca.Provider. The client side is the -// software calling into the plugin binary over rpc. -// -// This implements ca.Provider. -type providerPluginRPCClient struct { - client *rpc.Client -} - -func (p *providerPluginRPCClient) Configure( - clusterId string, - isRoot bool, - rawConfig map[string]interface{}, - state map[string]string) error { - return p.client.Call("Plugin.Configure", &ConfigureRPCRequest{ - ClusterId: clusterId, - IsRoot: isRoot, - RawConfig: rawConfig, - State: state, - }, &struct{}{}) -} - -func (p *providerPluginRPCClient) State() (map[string]string, error) { - var resp StateResponse - err := p.client.Call("Plugin.State", struct{}{}, &resp) - if err != nil { - return nil, err - } - var state map[string]string - err = json.Unmarshal(resp.State, &state) - if err != nil { - return nil, err - } - return state, nil -} - -func (p *providerPluginRPCClient) GenerateRoot() error { - return p.client.Call("Plugin.GenerateRoot", struct{}{}, &struct{}{}) -} - -func (p *providerPluginRPCClient) ActiveRoot() (string, error) { - var resp ActiveRootResponse - err := p.client.Call("Plugin.ActiveRoot", struct{}{}, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) GenerateIntermediateCSR() (string, error) { - var resp GenerateIntermediateCSRResponse - err := p.client.Call("Plugin.GenerateIntermediateCSR", struct{}{}, &resp) - return resp.CsrPem, err -} - -func (p *providerPluginRPCClient) SetIntermediate(intermediatePEM, rootPEM string) error { - return p.client.Call("Plugin.SetIntermediate", &SetIntermediateRPCRequest{ - IntermediatePEM: intermediatePEM, - RootPEM: rootPEM, - }, &struct{}{}) -} - -func (p *providerPluginRPCClient) ActiveIntermediate() (string, error) { - var resp ActiveIntermediateResponse - err := p.client.Call("Plugin.ActiveIntermediate", struct{}{}, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) GenerateIntermediate() (string, error) { - var resp GenerateIntermediateResponse - err := p.client.Call("Plugin.GenerateIntermediate", struct{}{}, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) Sign(csr *x509.CertificateRequest) (string, error) { - var resp SignResponse - err := p.client.Call("Plugin.Sign", &SignRequest{ - Csr: csr.Raw, - }, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) SignIntermediate(csr *x509.CertificateRequest) (string, error) { - var resp SignIntermediateResponse - err := p.client.Call("Plugin.SignIntermediate", &SignIntermediateRequest{ - Csr: csr.Raw, - }, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) CrossSignCA(crt *x509.Certificate) (string, error) { - var resp CrossSignCAResponse - err := p.client.Call("Plugin.CrossSignCA", &CrossSignCARequest{ - Crt: crt.Raw, - }, &resp) - return resp.CrtPem, err -} - -func (p *providerPluginRPCClient) SupportsCrossSigning() (bool, error) { - var out BoolResponse - err := p.client.Call("Plugin.SupportsCrossSigning", struct{}{}, &out) - return out.Ok, err -} - -func (p *providerPluginRPCClient) Cleanup() error { - return p.client.Call("Plugin.Cleanup", struct{}{}, &struct{}{}) -} - -// Verification -var _ ca.Provider = &providerPluginRPCClient{} - -//------------------------------------------------------------------- -// Structs for net/rpc request and response - -type ConfigureRPCRequest struct { - ClusterId string - IsRoot bool - RawConfig map[string]interface{} - State map[string]string -} - -type SetIntermediateRPCRequest struct { - IntermediatePEM string - RootPEM string -} diff --git a/agent/connect/ca/provider.go b/agent/connect/ca/provider.go index a789869c5c..855aa8e428 100644 --- a/agent/connect/ca/provider.go +++ b/agent/connect/ca/provider.go @@ -7,6 +7,36 @@ import ( //go:generate mockery -name Provider -inpkg +// ProviderConfig encapsulates all the data Consul passes to `Configure` on a +// new provider instance. The provider must treat this as read-only and make +// copies of any map or slice if it might modify them internally. +type ProviderConfig struct { + // ClusterID is the current Consul cluster ID. + ClusterID string + + // Datacenter is the current Consul datacenter. + Datacenter string + + // IsPrimary is true when the CA instance is in the primary DC typically it + // may choose to act as a root in this case while secondaries are typically + // intermediate CAs. In some case the primary DC in Consul is an intermediate + // signed by some external CA along with that CA's public cert so the old name + // of `IsRoot` was misleading. + IsPrimary bool + + // RawConfig is the user configuration for the provider and is + // provider-specific to be interpreted as the provider wishes. + RawConfig map[string]interface{} + + // State contains the State the same provider last persisted. It is provided + // after a restart or reconfiguration, or on a leader election on a new server + // to maintain operation. It MUST NOT be used for secret storage since it is + // visible in the API to operators. It's intended use is to store small bits + // of state like UUIDs of external resources that the provider has created and + // needs to continue to manage. + State map[string]string +} + // Provider is the interface for Consul to interact with // an external CA that provides leaf certificate signing for // given SpiffeIDServices. @@ -16,7 +46,7 @@ type Provider interface { // Config. State contains a the State the same provider last persisted on a // restart or reconfiguration. The provider must not modify `rawConfig` or // `state` maps directly as it may be being read from other goroutines. - Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}, state map[string]string) error + Configure(cfg ProviderConfig) error // State returns the current provider state. If the provider doesn't need to // store anything other than what the user configured this can return nil. It diff --git a/agent/connect/ca/provider_consul.go b/agent/connect/ca/provider_consul.go index 2975bb561e..388a7fb19a 100644 --- a/agent/connect/ca/provider_consul.go +++ b/agent/connect/ca/provider_consul.go @@ -28,7 +28,7 @@ type ConsulProvider struct { config *structs.ConsulCAProviderConfig id string clusterID string - isRoot bool + isPrimary bool spiffeID *connect.SpiffeIDSigning logger *log.Logger @@ -49,21 +49,21 @@ type ConsulProviderStateDelegate interface { } // Configure sets up the provider using the given configuration. -func (c *ConsulProvider) Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}, state map[string]string) error { +func (c *ConsulProvider) Configure(cfg ProviderConfig) error { // Parse the raw config and update our ID. - config, err := ParseConsulCAConfig(rawConfig) + config, err := ParseConsulCAConfig(cfg.RawConfig) if err != nil { return err } c.config = config - hash := sha256.Sum256([]byte(fmt.Sprintf("%s,%s,%v", config.PrivateKey, config.RootCert, isRoot))) + hash := sha256.Sum256([]byte(fmt.Sprintf("%s,%s,%v", config.PrivateKey, config.RootCert, cfg.IsPrimary))) c.id = connect.HexString(hash[:]) - c.clusterID = clusterID - c.isRoot = isRoot - c.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: clusterID}) + c.clusterID = cfg.ClusterID + c.isPrimary = cfg.IsPrimary + c.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: c.clusterID}) // Passthrough test state for state handling tests. See testState doc. - c.parseTestState(rawConfig) + c.parseTestState(cfg.RawConfig) // Exit early if the state store has an entry for this provider's config. _, providerState, err := c.Delegate.State().CAProviderState(c.id) @@ -119,8 +119,8 @@ func (c *ConsulProvider) Configure(clusterID string, isRoot bool, rawConfig map[ return err } - c.logger.Printf("[DEBUG] consul CA provider configured ID=%s isRoot=%v", - c.id, c.isRoot) + c.logger.Printf("[DEBUG] consul CA provider configured ID=%s IsPrimary=%v", + c.id, c.isPrimary) return nil } @@ -152,7 +152,7 @@ func (c *ConsulProvider) GenerateRoot() error { return err } - if !c.isRoot { + if !c.isPrimary { return fmt.Errorf("provider is not the root certificate authority") } if providerState.RootCert != "" { @@ -202,7 +202,7 @@ func (c *ConsulProvider) GenerateIntermediateCSR() (string, error) { return "", err } - if c.isRoot { + if c.isPrimary { return "", fmt.Errorf("provider is the root certificate authority, " + "cannot generate an intermediate CSR") } @@ -217,7 +217,7 @@ func (c *ConsulProvider) GenerateIntermediateCSR() (string, error) { if err != nil { return "", err } - cn := connect.CACN("consul", uid, c.clusterID, c.isRoot) + cn := connect.CACN("consul", uid, c.clusterID, c.isPrimary) csr, err := connect.CreateCACSR(c.spiffeID, cn, signer) if err != nil { @@ -246,7 +246,7 @@ func (c *ConsulProvider) SetIntermediate(intermediatePEM, rootPEM string) error return err } - if c.isRoot { + if c.isPrimary { return fmt.Errorf("cannot set an intermediate using another root in the primary datacenter") } @@ -277,7 +277,7 @@ func (c *ConsulProvider) SetIntermediate(intermediatePEM, rootPEM string) error // We aren't maintaining separate root/intermediate CAs for the builtin // provider, so just return the root. func (c *ConsulProvider) ActiveIntermediate() (string, error) { - if c.isRoot { + if c.isPrimary { return c.ActiveRoot() } @@ -633,7 +633,7 @@ func (c *ConsulProvider) generateCA(privateKey string, sn uint64) (string, error if err != nil { return "", err } - cn := connect.CACN("consul", uid, c.clusterID, c.isRoot) + cn := connect.CACN("consul", uid, c.clusterID, c.isPrimary) serialNum := &big.Int{} serialNum.SetUint64(sn) template := x509.Certificate{ diff --git a/agent/connect/ca/provider_consul_test.go b/agent/connect/ca/provider_consul_test.go index e01a580d19..a8af767fe4 100644 --- a/agent/connect/ca/provider_consul_test.go +++ b/agent/connect/ca/provider_consul_test.go @@ -71,6 +71,15 @@ func testConsulCAConfig() *structs.CAConfiguration { } } +func testProviderConfig(caCfg *structs.CAConfiguration) ProviderConfig { + return ProviderConfig{ + ClusterID: caCfg.ClusterID, + Datacenter: "dc1", + IsPrimary: true, + RawConfig: caCfg.Config, + } +} + func requireNotEncoded(t *testing.T, v []byte) { t.Helper() require.False(t, connect.IsHexString(v)) @@ -84,7 +93,7 @@ func TestConsulCAProvider_Bootstrap(t *testing.T) { delegate := newMockDelegate(t, conf) provider := TestConsulProvider(t, delegate) - require.NoError(provider.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(provider.Configure(testProviderConfig(conf))) require.NoError(provider.GenerateRoot()) root, err := provider.ActiveRoot() @@ -117,7 +126,7 @@ func TestConsulCAProvider_Bootstrap_WithCert(t *testing.T) { delegate := newMockDelegate(t, conf) provider := TestConsulProvider(t, delegate) - require.NoError(provider.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(provider.Configure(testProviderConfig(conf))) require.NoError(provider.GenerateRoot()) root, err := provider.ActiveRoot() @@ -139,7 +148,7 @@ func TestConsulCAProvider_SignLeaf(t *testing.T) { delegate := newMockDelegate(t, conf) provider := TestConsulProvider(t, delegate) - require.NoError(provider.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(provider.Configure(testProviderConfig(conf))) require.NoError(provider.GenerateRoot()) spiffeService := &connect.SpiffeIDService{ @@ -245,7 +254,7 @@ func TestConsulCAProvider_CrossSignCA(t *testing.T) { provider1 := TestConsulProvider(t, delegate1) conf1.Config["PrivateKeyType"] = tc.SigningKeyType conf1.Config["PrivateKeyBits"] = tc.SigningKeyBits - require.NoError(provider1.Configure(conf1.ClusterID, true, conf1.Config, nil)) + require.NoError(provider1.Configure(testProviderConfig(conf1))) require.NoError(provider1.GenerateRoot()) conf2 := testConsulCAConfig() @@ -254,7 +263,7 @@ func TestConsulCAProvider_CrossSignCA(t *testing.T) { provider2 := TestConsulProvider(t, delegate2) conf2.Config["PrivateKeyType"] = tc.CSRKeyType conf2.Config["PrivateKeyBits"] = tc.CSRKeyBits - require.NoError(provider2.Configure(conf2.ClusterID, true, conf2.Config, nil)) + require.NoError(provider2.Configure(testProviderConfig(conf2))) require.NoError(provider2.GenerateRoot()) testCrossSignProviders(t, provider1, provider2) @@ -363,7 +372,7 @@ func TestConsulProvider_SignIntermediate(t *testing.T) { provider1 := TestConsulProvider(t, delegate1) conf1.Config["PrivateKeyType"] = tc.SigningKeyType conf1.Config["PrivateKeyBits"] = tc.SigningKeyBits - require.NoError(provider1.Configure(conf1.ClusterID, true, conf1.Config, nil)) + require.NoError(provider1.Configure(testProviderConfig(conf1))) require.NoError(provider1.GenerateRoot()) conf2 := testConsulCAConfig() @@ -372,7 +381,10 @@ func TestConsulProvider_SignIntermediate(t *testing.T) { provider2 := TestConsulProvider(t, delegate2) conf2.Config["PrivateKeyType"] = tc.CSRKeyType conf2.Config["PrivateKeyBits"] = tc.CSRKeyBits - require.NoError(provider2.Configure(conf2.ClusterID, false, conf2.Config, nil)) + cfg := testProviderConfig(conf2) + cfg.IsPrimary = false + cfg.Datacenter = "dc2" + require.NoError(provider2.Configure(cfg)) testSignIntermediateCrossDC(t, provider1, provider2) }) @@ -452,7 +464,7 @@ func TestConsulCAProvider_MigrateOldID(t *testing.T) { require.NotNil(providerState) provider := TestConsulProvider(t, delegate) - require.NoError(provider.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(provider.Configure(testProviderConfig(conf))) require.NoError(provider.GenerateRoot()) // After running Configure, the old ID entry should be gone. diff --git a/agent/connect/ca/provider_vault.go b/agent/connect/ca/provider_vault.go index 10573c35d9..180648c46e 100644 --- a/agent/connect/ca/provider_vault.go +++ b/agent/connect/ca/provider_vault.go @@ -23,7 +23,7 @@ var ErrBackendNotInitialized = fmt.Errorf("backend not initialized") type VaultProvider struct { config *structs.VaultCAProviderConfig client *vaultapi.Client - isRoot bool + isPrimary bool clusterID string spiffeID *connect.SpiffeIDSigning } @@ -40,8 +40,8 @@ func vaultTLSConfig(config *structs.VaultCAProviderConfig) *vaultapi.TLSConfig { } // Configure sets up the provider using the given configuration. -func (v *VaultProvider) Configure(clusterID string, isRoot bool, rawConfig map[string]interface{}, state map[string]string) error { - config, err := ParseVaultCAConfig(rawConfig) +func (v *VaultProvider) Configure(cfg ProviderConfig) error { + config, err := ParseVaultCAConfig(cfg.RawConfig) if err != nil { return err } @@ -61,9 +61,9 @@ func (v *VaultProvider) Configure(clusterID string, isRoot bool, rawConfig map[s client.SetToken(config.Token) v.config = config v.client = client - v.isRoot = isRoot - v.clusterID = clusterID - v.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: clusterID}) + v.isPrimary = cfg.IsPrimary + v.clusterID = cfg.ClusterID + v.spiffeID = connect.SpiffeIDSigningForCluster(&structs.CAConfiguration{ClusterID: v.clusterID}) return nil } @@ -81,7 +81,7 @@ func (v *VaultProvider) ActiveRoot() (string, error) { // GenerateRoot mounts and initializes a new root PKI backend if needed. func (v *VaultProvider) GenerateRoot() error { - if !v.isRoot { + if !v.isPrimary { return fmt.Errorf("provider is not the root certificate authority") } @@ -108,7 +108,7 @@ func (v *VaultProvider) GenerateRoot() error { return err } _, err = v.client.Logical().Write(v.config.RootPKIPath+"root/generate/internal", map[string]interface{}{ - "common_name": connect.CACN("vault", uid, v.clusterID, v.isRoot), + "common_name": connect.CACN("vault", uid, v.clusterID, v.isPrimary), "uri_sans": v.spiffeID.URI().String(), "key_type": v.config.PrivateKeyType, "key_bits": v.config.PrivateKeyBits, @@ -129,7 +129,7 @@ func (v *VaultProvider) GenerateRoot() error { // for another datacenter's root to sign, overwriting the intermediate backend // in the process. func (v *VaultProvider) GenerateIntermediateCSR() (string, error) { - if v.isRoot { + if v.isPrimary { return "", fmt.Errorf("provider is the root certificate authority, " + "cannot generate an intermediate CSR") } @@ -184,7 +184,7 @@ func (v *VaultProvider) generateIntermediateCSR() (string, error) { return "", err } data, err := v.client.Logical().Write(v.config.IntermediatePKIPath+"intermediate/generate/internal", map[string]interface{}{ - "common_name": connect.CACN("vault", uid, v.clusterID, v.isRoot), + "common_name": connect.CACN("vault", uid, v.clusterID, v.isPrimary), "key_type": v.config.PrivateKeyType, "key_bits": v.config.PrivateKeyBits, "uri_sans": v.spiffeID.URI().String(), @@ -206,7 +206,7 @@ func (v *VaultProvider) generateIntermediateCSR() (string, error) { // SetIntermediate writes the incoming intermediate and root certificates to the // intermediate backend (as a chain). func (v *VaultProvider) SetIntermediate(intermediatePEM, rootPEM string) error { - if v.isRoot { + if v.isPrimary { return fmt.Errorf("cannot set an intermediate using another root in the primary datacenter") } diff --git a/agent/connect/ca/provider_vault_test.go b/agent/connect/ca/provider_vault_test.go index a0580ff88d..a0b2d3615d 100644 --- a/agent/connect/ca/provider_vault_test.go +++ b/agent/connect/ca/provider_vault_test.go @@ -289,7 +289,10 @@ func TestVaultProvider_SignIntermediateConsul(t *testing.T) { conf := testConsulCAConfig() delegate := newMockDelegate(t, conf) provider2 := TestConsulProvider(t, delegate) - require.NoError(t, provider2.Configure(conf.ClusterID, false, conf.Config, nil)) + cfg := testProviderConfig(conf) + cfg.IsPrimary = false + cfg.Datacenter = "dc2" + require.NoError(t, provider2.Configure(cfg)) testSignIntermediateCrossDC(t, provider1, provider2) }) @@ -299,7 +302,7 @@ func TestVaultProvider_SignIntermediateConsul(t *testing.T) { conf := testConsulCAConfig() delegate := newMockDelegate(t, conf) provider1 := TestConsulProvider(t, delegate) - require.NoError(t, provider1.Configure(conf.ClusterID, true, conf.Config, nil)) + require.NoError(t, provider1.Configure(testProviderConfig(conf))) require.NoError(t, provider1.GenerateRoot()) provider2, testVault2 := testVaultProviderWithConfig(t, false, nil) @@ -313,7 +316,7 @@ func testVaultProvider(t *testing.T) (*VaultProvider, *testVaultServer) { return testVaultProviderWithConfig(t, true, nil) } -func testVaultProviderWithConfig(t *testing.T, isRoot bool, rawConf map[string]interface{}) (*VaultProvider, *testVaultServer) { +func testVaultProviderWithConfig(t *testing.T, isPrimary bool, rawConf map[string]interface{}) (*VaultProvider, *testVaultServer) { testVault, err := runTestVault() if err != nil { t.Fatalf("err: %v", err) @@ -335,11 +338,23 @@ func testVaultProviderWithConfig(t *testing.T, isRoot bool, rawConf map[string]i provider := &VaultProvider{} - if err := provider.Configure(connect.TestClusterID, isRoot, conf, nil); err != nil { + cfg := ProviderConfig{ + ClusterID: connect.TestClusterID, + Datacenter: "dc1", + IsPrimary: true, + RawConfig: conf, + } + + if !isPrimary { + cfg.IsPrimary = false + cfg.Datacenter = "dc2" + } + + if err := provider.Configure(cfg); err != nil { testVault.Stop() t.Fatalf("err: %v", err) } - if isRoot { + if isPrimary { if err = provider.GenerateRoot(); err != nil { testVault.Stop() t.Fatalf("err: %v", err) diff --git a/agent/consul/connect_ca_endpoint.go b/agent/consul/connect_ca_endpoint.go index fb00c0ff2d..da99f70a22 100644 --- a/agent/consul/connect_ca_endpoint.go +++ b/agent/consul/connect_ca_endpoint.go @@ -15,6 +15,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" + "github.com/hashicorp/consul/agent/connect/ca" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-memdb" @@ -186,8 +187,15 @@ func (s *ConnectCA) ConfigurationSet( if err != nil { return fmt.Errorf("could not initialize provider: %v", err) } - if err := newProvider.Configure(args.Config.ClusterID, true, - args.Config.Config, args.Config.State); err != nil { + pCfg := ca.ProviderConfig{ + ClusterID: args.Config.ClusterID, + Datacenter: s.srv.config.Datacenter, + // This endpoint can be called in a secondary DC too so set this correctly. + IsPrimary: s.srv.config.Datacenter == s.srv.config.PrimaryDatacenter, + RawConfig: args.Config.Config, + State: args.Config.State, + } + if err := newProvider.Configure(pCfg); err != nil { return fmt.Errorf("error configuring provider: %v", err) } if err := newProvider.GenerateRoot(); err != nil { diff --git a/agent/consul/leader_connect.go b/agent/consul/leader_connect.go index da76c1aaab..9243b888c1 100644 --- a/agent/consul/leader_connect.go +++ b/agent/consul/leader_connect.go @@ -212,7 +212,14 @@ func (s *Server) initializeCA() error { // initializeRootCA runs the initialization logic for a root CA. func (s *Server) initializeRootCA(provider ca.Provider, conf *structs.CAConfiguration) error { - if err := provider.Configure(conf.ClusterID, true, conf.Config, conf.State); err != nil { + pCfg := ca.ProviderConfig{ + ClusterID: conf.ClusterID, + Datacenter: s.config.Datacenter, + IsPrimary: true, + RawConfig: conf.Config, + State: conf.State, + } + if err := provider.Configure(pCfg); err != nil { return fmt.Errorf("error configuring provider: %v", err) } if err := provider.GenerateRoot(); err != nil { @@ -791,7 +798,14 @@ func (s *Server) initializeSecondaryProvider(provider ca.Provider, roots structs return err } - if err := provider.Configure(clusterID, false, conf.Config, conf.State); err != nil { + pCfg := ca.ProviderConfig{ + ClusterID: clusterID, + Datacenter: s.config.Datacenter, + IsPrimary: false, + RawConfig: conf.Config, + State: conf.State, + } + if err := provider.Configure(pCfg); err != nil { return fmt.Errorf("error configuring provider: %v", err) } diff --git a/go.mod b/go.mod index e00c0dbce5..35841bfc14 100644 --- a/go.mod +++ b/go.mod @@ -34,7 +34,6 @@ require ( github.com/hashicorp/go-memdb v1.0.3 github.com/hashicorp/go-msgpack v0.5.5 github.com/hashicorp/go-multierror v1.0.0 - github.com/hashicorp/go-plugin v1.0.1 github.com/hashicorp/go-raftchunking v0.6.1 github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-syslog v1.0.0 diff --git a/vendor/github.com/hashicorp/go-plugin/.gitignore b/vendor/github.com/hashicorp/go-plugin/.gitignore deleted file mode 100644 index 4befed30a1..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -.DS_Store -.idea diff --git a/vendor/github.com/hashicorp/go-plugin/LICENSE b/vendor/github.com/hashicorp/go-plugin/LICENSE deleted file mode 100644 index 82b4de97c7..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/LICENSE +++ /dev/null @@ -1,353 +0,0 @@ -Mozilla Public License, version 2.0 - -1. Definitions - -1.1. “Contributor” - - means each individual or legal entity that creates, contributes to the - creation of, or owns Covered Software. - -1.2. “Contributor Version” - - means the combination of the Contributions of others (if any) used by a - Contributor and that particular Contributor’s Contribution. - -1.3. “Contribution” - - means Covered Software of a particular Contributor. - -1.4. “Covered Software” - - means Source Code Form to which the initial Contributor has attached the - notice in Exhibit A, the Executable Form of such Source Code Form, and - Modifications of such Source Code Form, in each case including portions - thereof. - -1.5. “Incompatible With Secondary Licenses” - means - - a. that the initial Contributor has attached the notice described in - Exhibit B to the Covered Software; or - - b. that the Covered Software was made available under the terms of version - 1.1 or earlier of the License, but not also under the terms of a - Secondary License. - -1.6. “Executable Form” - - means any form of the work other than Source Code Form. - -1.7. “Larger Work” - - means a work that combines Covered Software with other material, in a separate - file or files, that is not Covered Software. - -1.8. “License” - - means this document. - -1.9. “Licensable” - - means having the right to grant, to the maximum extent possible, whether at the - time of the initial grant or subsequently, any and all of the rights conveyed by - this License. - -1.10. “Modifications” - - means any of the following: - - a. any file in Source Code Form that results from an addition to, deletion - from, or modification of the contents of Covered Software; or - - b. any new file in Source Code Form that contains any Covered Software. - -1.11. “Patent Claims” of a Contributor - - means any patent claim(s), including without limitation, method, process, - and apparatus claims, in any patent Licensable by such Contributor that - would be infringed, but for the grant of the License, by the making, - using, selling, offering for sale, having made, import, or transfer of - either its Contributions or its Contributor Version. - -1.12. “Secondary License” - - means either the GNU General Public License, Version 2.0, the GNU Lesser - General Public License, Version 2.1, the GNU Affero General Public - License, Version 3.0, or any later versions of those licenses. - -1.13. “Source Code Form” - - means the form of the work preferred for making modifications. - -1.14. “You” (or “Your”) - - means an individual or a legal entity exercising rights under this - License. For legal entities, “You” includes any entity that controls, is - controlled by, or is under common control with You. For purposes of this - definition, “control” means (a) the power, direct or indirect, to cause - the direction or management of such entity, whether by contract or - otherwise, or (b) ownership of more than fifty percent (50%) of the - outstanding shares or beneficial ownership of such entity. - - -2. License Grants and Conditions - -2.1. Grants - - Each Contributor hereby grants You a world-wide, royalty-free, - non-exclusive license: - - a. under intellectual property rights (other than patent or trademark) - Licensable by such Contributor to use, reproduce, make available, - modify, display, perform, distribute, and otherwise exploit its - Contributions, either on an unmodified basis, with Modifications, or as - part of a Larger Work; and - - b. under Patent Claims of such Contributor to make, use, sell, offer for - sale, have made, import, and otherwise transfer either its Contributions - or its Contributor Version. - -2.2. Effective Date - - The licenses granted in Section 2.1 with respect to any Contribution become - effective for each Contribution on the date the Contributor first distributes - such Contribution. - -2.3. Limitations on Grant Scope - - The licenses granted in this Section 2 are the only rights granted under this - License. No additional rights or licenses will be implied from the distribution - or licensing of Covered Software under this License. Notwithstanding Section - 2.1(b) above, no patent license is granted by a Contributor: - - a. for any code that a Contributor has removed from Covered Software; or - - b. for infringements caused by: (i) Your and any other third party’s - modifications of Covered Software, or (ii) the combination of its - Contributions with other software (except as part of its Contributor - Version); or - - c. under Patent Claims infringed by Covered Software in the absence of its - Contributions. - - This License does not grant any rights in the trademarks, service marks, or - logos of any Contributor (except as may be necessary to comply with the - notice requirements in Section 3.4). - -2.4. Subsequent Licenses - - No Contributor makes additional grants as a result of Your choice to - distribute the Covered Software under a subsequent version of this License - (see Section 10.2) or under the terms of a Secondary License (if permitted - under the terms of Section 3.3). - -2.5. Representation - - Each Contributor represents that the Contributor believes its Contributions - are its original creation(s) or it has sufficient rights to grant the - rights to its Contributions conveyed by this License. - -2.6. Fair Use - - This License is not intended to limit any rights You have under applicable - copyright doctrines of fair use, fair dealing, or other equivalents. - -2.7. Conditions - - Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in - Section 2.1. - - -3. Responsibilities - -3.1. Distribution of Source Form - - All distribution of Covered Software in Source Code Form, including any - Modifications that You create or to which You contribute, must be under the - terms of this License. You must inform recipients that the Source Code Form - of the Covered Software is governed by the terms of this License, and how - they can obtain a copy of this License. You may not attempt to alter or - restrict the recipients’ rights in the Source Code Form. - -3.2. Distribution of Executable Form - - If You distribute Covered Software in Executable Form then: - - a. such Covered Software must also be made available in Source Code Form, - as described in Section 3.1, and You must inform recipients of the - Executable Form how they can obtain a copy of such Source Code Form by - reasonable means in a timely manner, at a charge no more than the cost - of distribution to the recipient; and - - b. You may distribute such Executable Form under the terms of this License, - or sublicense it under different terms, provided that the license for - the Executable Form does not attempt to limit or alter the recipients’ - rights in the Source Code Form under this License. - -3.3. Distribution of a Larger Work - - You may create and distribute a Larger Work under terms of Your choice, - provided that You also comply with the requirements of this License for the - Covered Software. If the Larger Work is a combination of Covered Software - with a work governed by one or more Secondary Licenses, and the Covered - Software is not Incompatible With Secondary Licenses, this License permits - You to additionally distribute such Covered Software under the terms of - such Secondary License(s), so that the recipient of the Larger Work may, at - their option, further distribute the Covered Software under the terms of - either this License or such Secondary License(s). - -3.4. Notices - - You may not remove or alter the substance of any license notices (including - copyright notices, patent notices, disclaimers of warranty, or limitations - of liability) contained within the Source Code Form of the Covered - Software, except that You may alter any license notices to the extent - required to remedy known factual inaccuracies. - -3.5. Application of Additional Terms - - You may choose to offer, and to charge a fee for, warranty, support, - indemnity or liability obligations to one or more recipients of Covered - Software. However, You may do so only on Your own behalf, and not on behalf - of any Contributor. You must make it absolutely clear that any such - warranty, support, indemnity, or liability obligation is offered by You - alone, and You hereby agree to indemnify every Contributor for any - liability incurred by such Contributor as a result of warranty, support, - indemnity or liability terms You offer. You may include additional - disclaimers of warranty and limitations of liability specific to any - jurisdiction. - -4. Inability to Comply Due to Statute or Regulation - - If it is impossible for You to comply with any of the terms of this License - with respect to some or all of the Covered Software due to statute, judicial - order, or regulation then You must: (a) comply with the terms of this License - to the maximum extent possible; and (b) describe the limitations and the code - they affect. Such description must be placed in a text file included with all - distributions of the Covered Software under this License. Except to the - extent prohibited by statute or regulation, such description must be - sufficiently detailed for a recipient of ordinary skill to be able to - understand it. - -5. Termination - -5.1. The rights granted under this License will terminate automatically if You - fail to comply with any of its terms. However, if You become compliant, - then the rights granted under this License from a particular Contributor - are reinstated (a) provisionally, unless and until such Contributor - explicitly and finally terminates Your grants, and (b) on an ongoing basis, - if such Contributor fails to notify You of the non-compliance by some - reasonable means prior to 60 days after You have come back into compliance. - Moreover, Your grants from a particular Contributor are reinstated on an - ongoing basis if such Contributor notifies You of the non-compliance by - some reasonable means, this is the first time You have received notice of - non-compliance with this License from such Contributor, and You become - compliant prior to 30 days after Your receipt of the notice. - -5.2. If You initiate litigation against any entity by asserting a patent - infringement claim (excluding declaratory judgment actions, counter-claims, - and cross-claims) alleging that a Contributor Version directly or - indirectly infringes any patent, then the rights granted to You by any and - all Contributors for the Covered Software under Section 2.1 of this License - shall terminate. - -5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user - license agreements (excluding distributors and resellers) which have been - validly granted by You or Your distributors under this License prior to - termination shall survive termination. - -6. Disclaimer of Warranty - - Covered Software is provided under this License on an “as is” basis, without - warranty of any kind, either expressed, implied, or statutory, including, - without limitation, warranties that the Covered Software is free of defects, - merchantable, fit for a particular purpose or non-infringing. The entire - risk as to the quality and performance of the Covered Software is with You. - Should any Covered Software prove defective in any respect, You (not any - Contributor) assume the cost of any necessary servicing, repair, or - correction. This disclaimer of warranty constitutes an essential part of this - License. No use of any Covered Software is authorized under this License - except under this disclaimer. - -7. Limitation of Liability - - Under no circumstances and under no legal theory, whether tort (including - negligence), contract, or otherwise, shall any Contributor, or anyone who - distributes Covered Software as permitted above, be liable to You for any - direct, indirect, special, incidental, or consequential damages of any - character including, without limitation, damages for lost profits, loss of - goodwill, work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses, even if such party shall have been - informed of the possibility of such damages. This limitation of liability - shall not apply to liability for death or personal injury resulting from such - party’s negligence to the extent applicable law prohibits such limitation. - Some jurisdictions do not allow the exclusion or limitation of incidental or - consequential damages, so this exclusion and limitation may not apply to You. - -8. Litigation - - Any litigation relating to this License may be brought only in the courts of - a jurisdiction where the defendant maintains its principal place of business - and such litigation shall be governed by laws of that jurisdiction, without - reference to its conflict-of-law provisions. Nothing in this Section shall - prevent a party’s ability to bring cross-claims or counter-claims. - -9. Miscellaneous - - This License represents the complete agreement concerning the subject matter - hereof. If any provision of this License is held to be unenforceable, such - provision shall be reformed only to the extent necessary to make it - enforceable. Any law or regulation which provides that the language of a - contract shall be construed against the drafter shall not be used to construe - this License against a Contributor. - - -10. Versions of the License - -10.1. New Versions - - Mozilla Foundation is the license steward. Except as provided in Section - 10.3, no one other than the license steward has the right to modify or - publish new versions of this License. Each version will be given a - distinguishing version number. - -10.2. Effect of New Versions - - You may distribute the Covered Software under the terms of the version of - the License under which You originally received the Covered Software, or - under the terms of any subsequent version published by the license - steward. - -10.3. Modified Versions - - If you create software not governed by this License, and you want to - create a new license for such software, you may create and use a modified - version of this License if you rename the license and remove any - references to the name of the license steward (except to note that such - modified license differs from this License). - -10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses - If You choose to distribute Source Code Form that is Incompatible With - Secondary Licenses under the terms of this version of the License, the - notice described in Exhibit B of this License must be attached. - -Exhibit A - Source Code Form License Notice - - This Source Code Form is subject to the - terms of the Mozilla Public License, v. - 2.0. If a copy of the MPL was not - distributed with this file, You can - obtain one at - http://mozilla.org/MPL/2.0/. - -If it is not possible or desirable to put the notice in a particular file, then -You may include the notice in a location (such as a LICENSE file in a relevant -directory) where a recipient would be likely to look for such a notice. - -You may add additional accurate notices of copyright ownership. - -Exhibit B - “Incompatible With Secondary Licenses” Notice - - This Source Code Form is “Incompatible - With Secondary Licenses”, as defined by - the Mozilla Public License, v. 2.0. diff --git a/vendor/github.com/hashicorp/go-plugin/README.md b/vendor/github.com/hashicorp/go-plugin/README.md deleted file mode 100644 index fe305ad598..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/README.md +++ /dev/null @@ -1,168 +0,0 @@ -# Go Plugin System over RPC - -`go-plugin` is a Go (golang) plugin system over RPC. It is the plugin system -that has been in use by HashiCorp tooling for over 4 years. While initially -created for [Packer](https://www.packer.io), it is additionally in use by -[Terraform](https://www.terraform.io), [Nomad](https://www.nomadproject.io), and -[Vault](https://www.vaultproject.io). - -While the plugin system is over RPC, it is currently only designed to work -over a local [reliable] network. Plugins over a real network are not supported -and will lead to unexpected behavior. - -This plugin system has been used on millions of machines across many different -projects and has proven to be battle hardened and ready for production use. - -## Features - -The HashiCorp plugin system supports a number of features: - -**Plugins are Go interface implementations.** This makes writing and consuming -plugins feel very natural. To a plugin author: you just implement an -interface as if it were going to run in the same process. For a plugin user: -you just use and call functions on an interface as if it were in the same -process. This plugin system handles the communication in between. - -**Cross-language support.** Plugins can be written (and consumed) by -almost every major language. This library supports serving plugins via -[gRPC](http://www.grpc.io). gRPC-based plugins enable plugins to be written -in any language. - -**Complex arguments and return values are supported.** This library -provides APIs for handling complex arguments and return values such -as interfaces, `io.Reader/Writer`, etc. We do this by giving you a library -(`MuxBroker`) for creating new connections between the client/server to -serve additional interfaces or transfer raw data. - -**Bidirectional communication.** Because the plugin system supports -complex arguments, the host process can send it interface implementations -and the plugin can call back into the host process. - -**Built-in Logging.** Any plugins that use the `log` standard library -will have log data automatically sent to the host process. The host -process will mirror this output prefixed with the path to the plugin -binary. This makes debugging with plugins simple. If the host system -uses [hclog](https://github.com/hashicorp/go-hclog) then the log data -will be structured. If the plugin also uses hclog, logs from the plugin -will be sent to the host hclog and be structured. - -**Protocol Versioning.** A very basic "protocol version" is supported that -can be incremented to invalidate any previous plugins. This is useful when -interface signatures are changing, protocol level changes are necessary, -etc. When a protocol version is incompatible, a human friendly error -message is shown to the end user. - -**Stdout/Stderr Syncing.** While plugins are subprocesses, they can continue -to use stdout/stderr as usual and the output will get mirrored back to -the host process. The host process can control what `io.Writer` these -streams go to to prevent this from happening. - -**TTY Preservation.** Plugin subprocesses are connected to the identical -stdin file descriptor as the host process, allowing software that requires -a TTY to work. For example, a plugin can execute `ssh` and even though there -are multiple subprocesses and RPC happening, it will look and act perfectly -to the end user. - -**Host upgrade while a plugin is running.** Plugins can be "reattached" -so that the host process can be upgraded while the plugin is still running. -This requires the host/plugin to know this is possible and daemonize -properly. `NewClient` takes a `ReattachConfig` to determine if and how to -reattach. - -**Cryptographically Secure Plugins.** Plugins can be verified with an expected -checksum and RPC communications can be configured to use TLS. The host process -must be properly secured to protect this configuration. - -## Architecture - -The HashiCorp plugin system works by launching subprocesses and communicating -over RPC (using standard `net/rpc` or [gRPC](http://www.grpc.io)). A single -connection is made between any plugin and the host process. For net/rpc-based -plugins, we use a [connection multiplexing](https://github.com/hashicorp/yamux) -library to multiplex any other connections on top. For gRPC-based plugins, -the HTTP2 protocol handles multiplexing. - -This architecture has a number of benefits: - - * Plugins can't crash your host process: A panic in a plugin doesn't - panic the plugin user. - - * Plugins are very easy to write: just write a Go application and `go build`. - Or use any other language to write a gRPC server with a tiny amount of - boilerplate to support go-plugin. - - * Plugins are very easy to install: just put the binary in a location where - the host will find it (depends on the host but this library also provides - helpers), and the plugin host handles the rest. - - * Plugins can be relatively secure: The plugin only has access to the - interfaces and args given to it, not to the entire memory space of the - process. Additionally, go-plugin can communicate with the plugin over - TLS. - -## Usage - -To use the plugin system, you must take the following steps. These are -high-level steps that must be done. Examples are available in the -`examples/` directory. - - 1. Choose the interface(s) you want to expose for plugins. - - 2. For each interface, implement an implementation of that interface - that communicates over a `net/rpc` connection or over a - [gRPC](http://www.grpc.io) connection or both. You'll have to implement - both a client and server implementation. - - 3. Create a `Plugin` implementation that knows how to create the RPC - client/server for a given plugin type. - - 4. Plugin authors call `plugin.Serve` to serve a plugin from the - `main` function. - - 5. Plugin users use `plugin.Client` to launch a subprocess and request - an interface implementation over RPC. - -That's it! In practice, step 2 is the most tedious and time consuming step. -Even so, it isn't very difficult and you can see examples in the `examples/` -directory as well as throughout our various open source projects. - -For complete API documentation, see [GoDoc](https://godoc.org/github.com/hashicorp/go-plugin). - -## Roadmap - -Our plugin system is constantly evolving. As we use the plugin system for -new projects or for new features in existing projects, we constantly find -improvements we can make. - -At this point in time, the roadmap for the plugin system is: - -**Semantic Versioning.** Plugins will be able to implement a semantic version. -This plugin system will give host processes a system for constraining -versions. This is in addition to the protocol versioning already present -which is more for larger underlying changes. - -**Plugin fetching.** We will integrate with [go-getter](https://github.com/hashicorp/go-getter) -to support automatic download + install of plugins. Paired with cryptographically -secure plugins (above), we can make this a safe operation for an amazing -user experience. - -## What About Shared Libraries? - -When we started using plugins (late 2012, early 2013), plugins over RPC -were the only option since Go didn't support dynamic library loading. Today, -Go supports the [plugin](https://golang.org/pkg/plugin/) standard library with -a number of limitations. Since 2012, our plugin system has stabilized -from tens of millions of users using it, and has many benefits we've come to -value greatly. - -For example, we use this plugin system in -[Vault](https://www.vaultproject.io) where dynamic library loading is -not acceptable for security reasons. That is an extreme -example, but we believe our library system has more upsides than downsides -over dynamic library loading and since we've had it built and tested for years, -we'll continue to use it. - -Shared libraries have one major advantage over our system which is much -higher performance. In real world scenarios across our various tools, -we've never required any more performance out of our plugin system and it -has seen very high throughput, so this isn't a concern for us at the moment. diff --git a/vendor/github.com/hashicorp/go-plugin/client.go b/vendor/github.com/hashicorp/go-plugin/client.go deleted file mode 100644 index bc56559c63..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/client.go +++ /dev/null @@ -1,1025 +0,0 @@ -package plugin - -import ( - "bufio" - "context" - "crypto/subtle" - "crypto/tls" - "crypto/x509" - "encoding/base64" - "errors" - "fmt" - "hash" - "io" - "io/ioutil" - "net" - "os" - "os/exec" - "path/filepath" - "strconv" - "strings" - "sync" - "sync/atomic" - "time" - - hclog "github.com/hashicorp/go-hclog" -) - -// If this is 1, then we've called CleanupClients. This can be used -// by plugin RPC implementations to change error behavior since you -// can expected network connection errors at this point. This should be -// read by using sync/atomic. -var Killed uint32 = 0 - -// This is a slice of the "managed" clients which are cleaned up when -// calling Cleanup -var managedClients = make([]*Client, 0, 5) -var managedClientsLock sync.Mutex - -// Error types -var ( - // ErrProcessNotFound is returned when a client is instantiated to - // reattach to an existing process and it isn't found. - ErrProcessNotFound = errors.New("Reattachment process not found") - - // ErrChecksumsDoNotMatch is returned when binary's checksum doesn't match - // the one provided in the SecureConfig. - ErrChecksumsDoNotMatch = errors.New("checksums did not match") - - // ErrSecureNoChecksum is returned when an empty checksum is provided to the - // SecureConfig. - ErrSecureConfigNoChecksum = errors.New("no checksum provided") - - // ErrSecureNoHash is returned when a nil Hash object is provided to the - // SecureConfig. - ErrSecureConfigNoHash = errors.New("no hash implementation provided") - - // ErrSecureConfigAndReattach is returned when both Reattach and - // SecureConfig are set. - ErrSecureConfigAndReattach = errors.New("only one of Reattach or SecureConfig can be set") -) - -// Client handles the lifecycle of a plugin application. It launches -// plugins, connects to them, dispenses interface implementations, and handles -// killing the process. -// -// Plugin hosts should use one Client for each plugin executable. To -// dispense a plugin type, use the `Client.Client` function, and then -// cal `Dispense`. This awkward API is mostly historical but is used to split -// the client that deals with subprocess management and the client that -// does RPC management. -// -// See NewClient and ClientConfig for using a Client. -type Client struct { - config *ClientConfig - exited bool - l sync.Mutex - address net.Addr - process *os.Process - client ClientProtocol - protocol Protocol - logger hclog.Logger - doneCtx context.Context - ctxCancel context.CancelFunc - negotiatedVersion int - - // clientWaitGroup is used to manage the lifecycle of the plugin management - // goroutines. - clientWaitGroup sync.WaitGroup - - // stderrWaitGroup is used to prevent the command's Wait() function from - // being called before we've finished reading from the stderr pipe. - stderrWaitGroup sync.WaitGroup - - // processKilled is used for testing only, to flag when the process was - // forcefully killed. - processKilled bool -} - -// NegotiatedVersion returns the protocol version negotiated with the server. -// This is only valid after Start() is called. -func (c *Client) NegotiatedVersion() int { - return c.negotiatedVersion -} - -// ClientConfig is the configuration used to initialize a new -// plugin client. After being used to initialize a plugin client, -// that configuration must not be modified again. -type ClientConfig struct { - // HandshakeConfig is the configuration that must match servers. - HandshakeConfig - - // Plugins are the plugins that can be consumed. - // The implied version of this PluginSet is the Handshake.ProtocolVersion. - Plugins PluginSet - - // VersionedPlugins is a map of PluginSets for specific protocol versions. - // These can be used to negotiate a compatible version between client and - // server. If this is set, Handshake.ProtocolVersion is not required. - VersionedPlugins map[int]PluginSet - - // One of the following must be set, but not both. - // - // Cmd is the unstarted subprocess for starting the plugin. If this is - // set, then the Client starts the plugin process on its own and connects - // to it. - // - // Reattach is configuration for reattaching to an existing plugin process - // that is already running. This isn't common. - Cmd *exec.Cmd - Reattach *ReattachConfig - - // SecureConfig is configuration for verifying the integrity of the - // executable. It can not be used with Reattach. - SecureConfig *SecureConfig - - // TLSConfig is used to enable TLS on the RPC client. - TLSConfig *tls.Config - - // Managed represents if the client should be managed by the - // plugin package or not. If true, then by calling CleanupClients, - // it will automatically be cleaned up. Otherwise, the client - // user is fully responsible for making sure to Kill all plugin - // clients. By default the client is _not_ managed. - Managed bool - - // The minimum and maximum port to use for communicating with - // the subprocess. If not set, this defaults to 10,000 and 25,000 - // respectively. - MinPort, MaxPort uint - - // StartTimeout is the timeout to wait for the plugin to say it - // has started successfully. - StartTimeout time.Duration - - // If non-nil, then the stderr of the client will be written to here - // (as well as the log). This is the original os.Stderr of the subprocess. - // This isn't the output of synced stderr. - Stderr io.Writer - - // SyncStdout, SyncStderr can be set to override the - // respective os.Std* values in the plugin. Care should be taken to - // avoid races here. If these are nil, then this will automatically be - // hooked up to os.Stdin, Stdout, and Stderr, respectively. - // - // If the default values (nil) are used, then this package will not - // sync any of these streams. - SyncStdout io.Writer - SyncStderr io.Writer - - // AllowedProtocols is a list of allowed protocols. If this isn't set, - // then only netrpc is allowed. This is so that older go-plugin systems - // can show friendly errors if they see a plugin with an unknown - // protocol. - // - // By setting this, you can cause an error immediately on plugin start - // if an unsupported protocol is used with a good error message. - // - // If this isn't set at all (nil value), then only net/rpc is accepted. - // This is done for legacy reasons. You must explicitly opt-in to - // new protocols. - AllowedProtocols []Protocol - - // Logger is the logger that the client will used. If none is provided, - // it will default to hclog's default logger. - Logger hclog.Logger - - // AutoMTLS has the client and server automatically negotiate mTLS for - // transport authentication. This ensures that only the original client will - // be allowed to connect to the server, and all other connections will be - // rejected. The client will also refuse to connect to any server that isn't - // the original instance started by the client. - // - // In this mode of operation, the client generates a one-time use tls - // certificate, sends the public x.509 certificate to the new server, and - // the server generates a one-time use tls certificate, and sends the public - // x.509 certificate back to the client. These are used to authenticate all - // rpc connections between the client and server. - // - // Setting AutoMTLS to true implies that the server must support the - // protocol, and correctly negotiate the tls certificates, or a connection - // failure will result. - // - // The client should not set TLSConfig, nor should the server set a - // TLSProvider, because AutoMTLS implies that a new certificate and tls - // configuration will be generated at startup. - // - // You cannot Reattach to a server with this option enabled. - AutoMTLS bool -} - -// ReattachConfig is used to configure a client to reattach to an -// already-running plugin process. You can retrieve this information by -// calling ReattachConfig on Client. -type ReattachConfig struct { - Protocol Protocol - Addr net.Addr - Pid int -} - -// SecureConfig is used to configure a client to verify the integrity of an -// executable before running. It does this by verifying the checksum is -// expected. Hash is used to specify the hashing method to use when checksumming -// the file. The configuration is verified by the client by calling the -// SecureConfig.Check() function. -// -// The host process should ensure the checksum was provided by a trusted and -// authoritative source. The binary should be installed in such a way that it -// can not be modified by an unauthorized user between the time of this check -// and the time of execution. -type SecureConfig struct { - Checksum []byte - Hash hash.Hash -} - -// Check takes the filepath to an executable and returns true if the checksum of -// the file matches the checksum provided in the SecureConfig. -func (s *SecureConfig) Check(filePath string) (bool, error) { - if len(s.Checksum) == 0 { - return false, ErrSecureConfigNoChecksum - } - - if s.Hash == nil { - return false, ErrSecureConfigNoHash - } - - file, err := os.Open(filePath) - if err != nil { - return false, err - } - defer file.Close() - - _, err = io.Copy(s.Hash, file) - if err != nil { - return false, err - } - - sum := s.Hash.Sum(nil) - - return subtle.ConstantTimeCompare(sum, s.Checksum) == 1, nil -} - -// This makes sure all the managed subprocesses are killed and properly -// logged. This should be called before the parent process running the -// plugins exits. -// -// This must only be called _once_. -func CleanupClients() { - // Set the killed to true so that we don't get unexpected panics - atomic.StoreUint32(&Killed, 1) - - // Kill all the managed clients in parallel and use a WaitGroup - // to wait for them all to finish up. - var wg sync.WaitGroup - managedClientsLock.Lock() - for _, client := range managedClients { - wg.Add(1) - - go func(client *Client) { - client.Kill() - wg.Done() - }(client) - } - managedClientsLock.Unlock() - - wg.Wait() -} - -// Creates a new plugin client which manages the lifecycle of an external -// plugin and gets the address for the RPC connection. -// -// The client must be cleaned up at some point by calling Kill(). If -// the client is a managed client (created with NewManagedClient) you -// can just call CleanupClients at the end of your program and they will -// be properly cleaned. -func NewClient(config *ClientConfig) (c *Client) { - if config.MinPort == 0 && config.MaxPort == 0 { - config.MinPort = 10000 - config.MaxPort = 25000 - } - - if config.StartTimeout == 0 { - config.StartTimeout = 1 * time.Minute - } - - if config.Stderr == nil { - config.Stderr = ioutil.Discard - } - - if config.SyncStdout == nil { - config.SyncStdout = ioutil.Discard - } - if config.SyncStderr == nil { - config.SyncStderr = ioutil.Discard - } - - if config.AllowedProtocols == nil { - config.AllowedProtocols = []Protocol{ProtocolNetRPC} - } - - if config.Logger == nil { - config.Logger = hclog.New(&hclog.LoggerOptions{ - Output: hclog.DefaultOutput, - Level: hclog.Trace, - Name: "plugin", - }) - } - - c = &Client{ - config: config, - logger: config.Logger, - } - if config.Managed { - managedClientsLock.Lock() - managedClients = append(managedClients, c) - managedClientsLock.Unlock() - } - - return -} - -// Client returns the protocol client for this connection. -// -// Subsequent calls to this will return the same client. -func (c *Client) Client() (ClientProtocol, error) { - _, err := c.Start() - if err != nil { - return nil, err - } - - c.l.Lock() - defer c.l.Unlock() - - if c.client != nil { - return c.client, nil - } - - switch c.protocol { - case ProtocolNetRPC: - c.client, err = newRPCClient(c) - - case ProtocolGRPC: - c.client, err = newGRPCClient(c.doneCtx, c) - - default: - return nil, fmt.Errorf("unknown server protocol: %s", c.protocol) - } - - if err != nil { - c.client = nil - return nil, err - } - - return c.client, nil -} - -// Tells whether or not the underlying process has exited. -func (c *Client) Exited() bool { - c.l.Lock() - defer c.l.Unlock() - return c.exited -} - -// killed is used in tests to check if a process failed to exit gracefully, and -// needed to be killed. -func (c *Client) killed() bool { - c.l.Lock() - defer c.l.Unlock() - return c.processKilled -} - -// End the executing subprocess (if it is running) and perform any cleanup -// tasks necessary such as capturing any remaining logs and so on. -// -// This method blocks until the process successfully exits. -// -// This method can safely be called multiple times. -func (c *Client) Kill() { - // Grab a lock to read some private fields. - c.l.Lock() - process := c.process - addr := c.address - c.l.Unlock() - - // If there is no process, there is nothing to kill. - if process == nil { - return - } - - defer func() { - // Wait for the all client goroutines to finish. - c.clientWaitGroup.Wait() - - // Make sure there is no reference to the old process after it has been - // killed. - c.l.Lock() - c.process = nil - c.l.Unlock() - }() - - // We need to check for address here. It is possible that the plugin - // started (process != nil) but has no address (addr == nil) if the - // plugin failed at startup. If we do have an address, we need to close - // the plugin net connections. - graceful := false - if addr != nil { - // Close the client to cleanly exit the process. - client, err := c.Client() - if err == nil { - err = client.Close() - - // If there is no error, then we attempt to wait for a graceful - // exit. If there was an error, we assume that graceful cleanup - // won't happen and just force kill. - graceful = err == nil - if err != nil { - // If there was an error just log it. We're going to force - // kill in a moment anyways. - c.logger.Warn("error closing client during Kill", "err", err) - } - } else { - c.logger.Error("client", "error", err) - } - } - - // If we're attempting a graceful exit, then we wait for a short period - // of time to allow that to happen. To wait for this we just wait on the - // doneCh which would be closed if the process exits. - if graceful { - select { - case <-c.doneCtx.Done(): - c.logger.Debug("plugin exited") - return - case <-time.After(2 * time.Second): - } - } - - // If graceful exiting failed, just kill it - c.logger.Warn("plugin failed to exit gracefully") - process.Kill() - - c.l.Lock() - c.processKilled = true - c.l.Unlock() -} - -// Starts the underlying subprocess, communicating with it to negotiate -// a port for RPC connections, and returning the address to connect via RPC. -// -// This method is safe to call multiple times. Subsequent calls have no effect. -// Once a client has been started once, it cannot be started again, even if -// it was killed. -func (c *Client) Start() (addr net.Addr, err error) { - c.l.Lock() - defer c.l.Unlock() - - if c.address != nil { - return c.address, nil - } - - // If one of cmd or reattach isn't set, then it is an error. We wrap - // this in a {} for scoping reasons, and hopeful that the escape - // analysis will pop the stack here. - { - cmdSet := c.config.Cmd != nil - attachSet := c.config.Reattach != nil - secureSet := c.config.SecureConfig != nil - if cmdSet == attachSet { - return nil, fmt.Errorf("Only one of Cmd or Reattach must be set") - } - - if secureSet && attachSet { - return nil, ErrSecureConfigAndReattach - } - } - - if c.config.Reattach != nil { - return c.reattach() - } - - if c.config.VersionedPlugins == nil { - c.config.VersionedPlugins = make(map[int]PluginSet) - } - - // handle all plugins as versioned, using the handshake config as the default. - version := int(c.config.ProtocolVersion) - - // Make sure we're not overwriting a real version 0. If ProtocolVersion was - // non-zero, then we have to just assume the user made sure that - // VersionedPlugins doesn't conflict. - if _, ok := c.config.VersionedPlugins[version]; !ok && c.config.Plugins != nil { - c.config.VersionedPlugins[version] = c.config.Plugins - } - - var versionStrings []string - for v := range c.config.VersionedPlugins { - versionStrings = append(versionStrings, strconv.Itoa(v)) - } - - env := []string{ - fmt.Sprintf("%s=%s", c.config.MagicCookieKey, c.config.MagicCookieValue), - fmt.Sprintf("PLUGIN_MIN_PORT=%d", c.config.MinPort), - fmt.Sprintf("PLUGIN_MAX_PORT=%d", c.config.MaxPort), - fmt.Sprintf("PLUGIN_PROTOCOL_VERSIONS=%s", strings.Join(versionStrings, ",")), - } - - cmd := c.config.Cmd - cmd.Env = append(cmd.Env, os.Environ()...) - cmd.Env = append(cmd.Env, env...) - cmd.Stdin = os.Stdin - - cmdStdout, err := cmd.StdoutPipe() - if err != nil { - return nil, err - } - cmdStderr, err := cmd.StderrPipe() - if err != nil { - return nil, err - } - - if c.config.SecureConfig != nil { - if ok, err := c.config.SecureConfig.Check(cmd.Path); err != nil { - return nil, fmt.Errorf("error verifying checksum: %s", err) - } else if !ok { - return nil, ErrChecksumsDoNotMatch - } - } - - // Setup a temporary certificate for client/server mtls, and send the public - // certificate to the plugin. - if c.config.AutoMTLS { - c.logger.Info("configuring client automatic mTLS") - certPEM, keyPEM, err := generateCert() - if err != nil { - c.logger.Error("failed to generate client certificate", "error", err) - return nil, err - } - cert, err := tls.X509KeyPair(certPEM, keyPEM) - if err != nil { - c.logger.Error("failed to parse client certificate", "error", err) - return nil, err - } - - cmd.Env = append(cmd.Env, fmt.Sprintf("PLUGIN_CLIENT_CERT=%s", certPEM)) - - c.config.TLSConfig = &tls.Config{ - Certificates: []tls.Certificate{cert}, - ServerName: "localhost", - } - } - - c.logger.Debug("starting plugin", "path", cmd.Path, "args", cmd.Args) - err = cmd.Start() - if err != nil { - return - } - - // Set the process - c.process = cmd.Process - c.logger.Debug("plugin started", "path", cmd.Path, "pid", c.process.Pid) - - // Make sure the command is properly cleaned up if there is an error - defer func() { - r := recover() - - if err != nil || r != nil { - cmd.Process.Kill() - } - - if r != nil { - panic(r) - } - }() - - // Create a context for when we kill - c.doneCtx, c.ctxCancel = context.WithCancel(context.Background()) - - // Start goroutine that logs the stderr - c.clientWaitGroup.Add(1) - c.stderrWaitGroup.Add(1) - // logStderr calls Done() - go c.logStderr(cmdStderr) - - c.clientWaitGroup.Add(1) - go func() { - // ensure the context is cancelled when we're done - defer c.ctxCancel() - - defer c.clientWaitGroup.Done() - - // get the cmd info early, since the process information will be removed - // in Kill. - pid := c.process.Pid - path := cmd.Path - - // wait to finish reading from stderr since the stderr pipe reader - // will be closed by the subsequent call to cmd.Wait(). - c.stderrWaitGroup.Wait() - - // Wait for the command to end. - err := cmd.Wait() - - debugMsgArgs := []interface{}{ - "path", path, - "pid", pid, - } - if err != nil { - debugMsgArgs = append(debugMsgArgs, - []interface{}{"error", err.Error()}...) - } - - // Log and make sure to flush the logs write away - c.logger.Debug("plugin process exited", debugMsgArgs...) - os.Stderr.Sync() - - // Set that we exited, which takes a lock - c.l.Lock() - defer c.l.Unlock() - c.exited = true - }() - - // Start a goroutine that is going to be reading the lines - // out of stdout - linesCh := make(chan string) - c.clientWaitGroup.Add(1) - go func() { - defer c.clientWaitGroup.Done() - defer close(linesCh) - - scanner := bufio.NewScanner(cmdStdout) - for scanner.Scan() { - linesCh <- scanner.Text() - } - }() - - // Make sure after we exit we read the lines from stdout forever - // so they don't block since it is a pipe. - // The scanner goroutine above will close this, but track it with a wait - // group for completeness. - c.clientWaitGroup.Add(1) - defer func() { - go func() { - defer c.clientWaitGroup.Done() - for range linesCh { - } - }() - }() - - // Some channels for the next step - timeout := time.After(c.config.StartTimeout) - - // Start looking for the address - c.logger.Debug("waiting for RPC address", "path", cmd.Path) - select { - case <-timeout: - err = errors.New("timeout while waiting for plugin to start") - case <-c.doneCtx.Done(): - err = errors.New("plugin exited before we could connect") - case line := <-linesCh: - // Trim the line and split by "|" in order to get the parts of - // the output. - line = strings.TrimSpace(line) - parts := strings.SplitN(line, "|", 6) - if len(parts) < 4 { - err = fmt.Errorf( - "Unrecognized remote plugin message: %s\n\n"+ - "This usually means that the plugin is either invalid or simply\n"+ - "needs to be recompiled to support the latest protocol.", line) - return - } - - // Check the core protocol. Wrapped in a {} for scoping. - { - var coreProtocol int64 - coreProtocol, err = strconv.ParseInt(parts[0], 10, 0) - if err != nil { - err = fmt.Errorf("Error parsing core protocol version: %s", err) - return - } - - if int(coreProtocol) != CoreProtocolVersion { - err = fmt.Errorf("Incompatible core API version with plugin. "+ - "Plugin version: %s, Core version: %d\n\n"+ - "To fix this, the plugin usually only needs to be recompiled.\n"+ - "Please report this to the plugin author.", parts[0], CoreProtocolVersion) - return - } - } - - // Test the API version - version, pluginSet, err := c.checkProtoVersion(parts[1]) - if err != nil { - return addr, err - } - - // set the Plugins value to the compatible set, so the version - // doesn't need to be passed through to the ClientProtocol - // implementation. - c.config.Plugins = pluginSet - c.negotiatedVersion = version - c.logger.Debug("using plugin", "version", version) - - switch parts[2] { - case "tcp": - addr, err = net.ResolveTCPAddr("tcp", parts[3]) - case "unix": - addr, err = net.ResolveUnixAddr("unix", parts[3]) - default: - err = fmt.Errorf("Unknown address type: %s", parts[3]) - } - - // If we have a server type, then record that. We default to net/rpc - // for backwards compatibility. - c.protocol = ProtocolNetRPC - if len(parts) >= 5 { - c.protocol = Protocol(parts[4]) - } - - found := false - for _, p := range c.config.AllowedProtocols { - if p == c.protocol { - found = true - break - } - } - if !found { - err = fmt.Errorf("Unsupported plugin protocol %q. Supported: %v", - c.protocol, c.config.AllowedProtocols) - return addr, err - } - - // See if we have a TLS certificate from the server. - // Checking if the length is > 50 rules out catching the unused "extra" - // data returned from some older implementations. - if len(parts) >= 6 && len(parts[5]) > 50 { - err := c.loadServerCert(parts[5]) - if err != nil { - return nil, fmt.Errorf("error parsing server cert: %s", err) - } - } - } - - c.address = addr - return -} - -// loadServerCert is used by AutoMTLS to read an x.509 cert returned by the -// server, and load it as the RootCA for the client TLSConfig. -func (c *Client) loadServerCert(cert string) error { - certPool := x509.NewCertPool() - - asn1, err := base64.RawStdEncoding.DecodeString(cert) - if err != nil { - return err - } - - x509Cert, err := x509.ParseCertificate([]byte(asn1)) - if err != nil { - return err - } - - certPool.AddCert(x509Cert) - - c.config.TLSConfig.RootCAs = certPool - return nil -} - -func (c *Client) reattach() (net.Addr, error) { - // Verify the process still exists. If not, then it is an error - p, err := os.FindProcess(c.config.Reattach.Pid) - if err != nil { - return nil, err - } - - // Attempt to connect to the addr since on Unix systems FindProcess - // doesn't actually return an error if it can't find the process. - conn, err := net.Dial( - c.config.Reattach.Addr.Network(), - c.config.Reattach.Addr.String()) - if err != nil { - p.Kill() - return nil, ErrProcessNotFound - } - conn.Close() - - // Create a context for when we kill - c.doneCtx, c.ctxCancel = context.WithCancel(context.Background()) - - c.clientWaitGroup.Add(1) - // Goroutine to mark exit status - go func(pid int) { - defer c.clientWaitGroup.Done() - - // ensure the context is cancelled when we're done - defer c.ctxCancel() - - // Wait for the process to die - pidWait(pid) - - // Log so we can see it - c.logger.Debug("reattached plugin process exited") - - // Mark it - c.l.Lock() - defer c.l.Unlock() - c.exited = true - }(p.Pid) - - // Set the address and process - c.address = c.config.Reattach.Addr - c.process = p - c.protocol = c.config.Reattach.Protocol - if c.protocol == "" { - // Default the protocol to net/rpc for backwards compatibility - c.protocol = ProtocolNetRPC - } - - return c.address, nil -} - -// checkProtoVersion returns the negotiated version and PluginSet. -// This returns an error if the server returned an incompatible protocol -// version, or an invalid handshake response. -func (c *Client) checkProtoVersion(protoVersion string) (int, PluginSet, error) { - serverVersion, err := strconv.Atoi(protoVersion) - if err != nil { - return 0, nil, fmt.Errorf("Error parsing protocol version %q: %s", protoVersion, err) - } - - // record these for the error message - var clientVersions []int - - // all versions, including the legacy ProtocolVersion have been added to - // the versions set - for version, plugins := range c.config.VersionedPlugins { - clientVersions = append(clientVersions, version) - - if serverVersion != version { - continue - } - return version, plugins, nil - } - - return 0, nil, fmt.Errorf("Incompatible API version with plugin. "+ - "Plugin version: %d, Client versions: %d", serverVersion, clientVersions) -} - -// ReattachConfig returns the information that must be provided to NewClient -// to reattach to the plugin process that this client started. This is -// useful for plugins that detach from their parent process. -// -// If this returns nil then the process hasn't been started yet. Please -// call Start or Client before calling this. -func (c *Client) ReattachConfig() *ReattachConfig { - c.l.Lock() - defer c.l.Unlock() - - if c.address == nil { - return nil - } - - if c.config.Cmd != nil && c.config.Cmd.Process == nil { - return nil - } - - // If we connected via reattach, just return the information as-is - if c.config.Reattach != nil { - return c.config.Reattach - } - - return &ReattachConfig{ - Protocol: c.protocol, - Addr: c.address, - Pid: c.config.Cmd.Process.Pid, - } -} - -// Protocol returns the protocol of server on the remote end. This will -// start the plugin process if it isn't already started. Errors from -// starting the plugin are surpressed and ProtocolInvalid is returned. It -// is recommended you call Start explicitly before calling Protocol to ensure -// no errors occur. -func (c *Client) Protocol() Protocol { - _, err := c.Start() - if err != nil { - return ProtocolInvalid - } - - return c.protocol -} - -func netAddrDialer(addr net.Addr) func(string, time.Duration) (net.Conn, error) { - return func(_ string, _ time.Duration) (net.Conn, error) { - // Connect to the client - conn, err := net.Dial(addr.Network(), addr.String()) - if err != nil { - return nil, err - } - if tcpConn, ok := conn.(*net.TCPConn); ok { - // Make sure to set keep alive so that the connection doesn't die - tcpConn.SetKeepAlive(true) - } - - return conn, nil - } -} - -// dialer is compatible with grpc.WithDialer and creates the connection -// to the plugin. -func (c *Client) dialer(_ string, timeout time.Duration) (net.Conn, error) { - conn, err := netAddrDialer(c.address)("", timeout) - if err != nil { - return nil, err - } - - // If we have a TLS config we wrap our connection. We only do this - // for net/rpc since gRPC uses its own mechanism for TLS. - if c.protocol == ProtocolNetRPC && c.config.TLSConfig != nil { - conn = tls.Client(conn, c.config.TLSConfig) - } - - return conn, nil -} - -var stdErrBufferSize = 64 * 1024 - -func (c *Client) logStderr(r io.Reader) { - defer c.clientWaitGroup.Done() - defer c.stderrWaitGroup.Done() - l := c.logger.Named(filepath.Base(c.config.Cmd.Path)) - - reader := bufio.NewReaderSize(r, stdErrBufferSize) - // continuation indicates the previous line was a prefix - continuation := false - - for { - line, isPrefix, err := reader.ReadLine() - switch { - case err == io.EOF: - return - case err != nil: - l.Error("reading plugin stderr", "error", err) - return - } - - c.config.Stderr.Write(line) - - // The line was longer than our max token size, so it's likely - // incomplete and won't unmarshal. - if isPrefix || continuation { - l.Debug(string(line)) - - // if we're finishing a continued line, add the newline back in - if !isPrefix { - c.config.Stderr.Write([]byte{'\n'}) - } - - continuation = isPrefix - continue - } - - c.config.Stderr.Write([]byte{'\n'}) - - entry, err := parseJSON(line) - // If output is not JSON format, print directly to Debug - if err != nil { - // Attempt to infer the desired log level from the commonly used - // string prefixes - switch line := string(line); { - case strings.HasPrefix(line, "[TRACE]"): - l.Trace(line) - case strings.HasPrefix(line, "[DEBUG]"): - l.Debug(line) - case strings.HasPrefix(line, "[INFO]"): - l.Info(line) - case strings.HasPrefix(line, "[WARN]"): - l.Warn(line) - case strings.HasPrefix(line, "[ERROR]"): - l.Error(line) - default: - l.Debug(line) - } - } else { - out := flattenKVPairs(entry.KVPairs) - - out = append(out, "timestamp", entry.Timestamp.Format(hclog.TimeFormat)) - switch hclog.LevelFromString(entry.Level) { - case hclog.Trace: - l.Trace(entry.Message, out...) - case hclog.Debug: - l.Debug(entry.Message, out...) - case hclog.Info: - l.Info(entry.Message, out...) - case hclog.Warn: - l.Warn(entry.Message, out...) - case hclog.Error: - l.Error(entry.Message, out...) - default: - // if there was no log level, it's likely this is unexpected - // json from something other than hclog, and we should output - // it verbatim. - l.Debug(string(line)) - } - } - } -} diff --git a/vendor/github.com/hashicorp/go-plugin/discover.go b/vendor/github.com/hashicorp/go-plugin/discover.go deleted file mode 100644 index d22c566ed5..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/discover.go +++ /dev/null @@ -1,28 +0,0 @@ -package plugin - -import ( - "path/filepath" -) - -// Discover discovers plugins that are in a given directory. -// -// The directory doesn't need to be absolute. For example, "." will work fine. -// -// This currently assumes any file matching the glob is a plugin. -// In the future this may be smarter about checking that a file is -// executable and so on. -// -// TODO: test -func Discover(glob, dir string) ([]string, error) { - var err error - - // Make the directory absolute if it isn't already - if !filepath.IsAbs(dir) { - dir, err = filepath.Abs(dir) - if err != nil { - return nil, err - } - } - - return filepath.Glob(filepath.Join(dir, glob)) -} diff --git a/vendor/github.com/hashicorp/go-plugin/error.go b/vendor/github.com/hashicorp/go-plugin/error.go deleted file mode 100644 index 22a7baa6a0..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/error.go +++ /dev/null @@ -1,24 +0,0 @@ -package plugin - -// This is a type that wraps error types so that they can be messaged -// across RPC channels. Since "error" is an interface, we can't always -// gob-encode the underlying structure. This is a valid error interface -// implementer that we will push across. -type BasicError struct { - Message string -} - -// NewBasicError is used to create a BasicError. -// -// err is allowed to be nil. -func NewBasicError(err error) *BasicError { - if err == nil { - return nil - } - - return &BasicError{err.Error()} -} - -func (e *BasicError) Error() string { - return e.Message -} diff --git a/vendor/github.com/hashicorp/go-plugin/go.mod b/vendor/github.com/hashicorp/go-plugin/go.mod deleted file mode 100644 index f3ddf44e4c..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/go.mod +++ /dev/null @@ -1,17 +0,0 @@ -module github.com/hashicorp/go-plugin - -require ( - github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect - github.com/golang/protobuf v1.2.0 - github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd - github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb - github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 - github.com/oklog/run v1.0.0 - github.com/stretchr/testify v1.3.0 // indirect - golang.org/x/net v0.0.0-20180826012351-8a410e7b638d - golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 // indirect - golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc // indirect - golang.org/x/text v0.3.0 // indirect - google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 // indirect - google.golang.org/grpc v1.14.0 -) diff --git a/vendor/github.com/hashicorp/go-plugin/go.sum b/vendor/github.com/hashicorp/go-plugin/go.sum deleted file mode 100644 index 21b14e998d..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/go.sum +++ /dev/null @@ -1,31 +0,0 @@ -github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8= -github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd h1:rNuUHR+CvK1IS89MMtcF0EpcVMZtjKfPRp4MEmt/aTs= -github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= -github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb h1:b5rjCoWHc7eqmAS4/qyk21ZsHyb6Mxv/jykxvNTkU4M= -github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= -github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77 h1:7GoSOOW2jpsfkntVKaS2rAr1TJqfcxotyaUcuxoZSzg= -github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= -github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= -github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d h1:g9qWBGx4puODJTMVyoPrpoxPFgVGd+z1DZwjfRu4d0I= -golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc h1:WiYx1rIFmx8c0mXAFtv5D/mHyKe1+jmuP7PViuwqwuQ= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= -golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8 h1:Nw54tB0rB7hY/N0NQvRW8DG4Yk3Q6T9cu9RcFQDu1tc= -google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= -google.golang.org/grpc v1.14.0 h1:ArxJuB1NWfPY6r9Gp9gqwplT0Ge7nqv9msgu03lHLmo= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= diff --git a/vendor/github.com/hashicorp/go-plugin/grpc_broker.go b/vendor/github.com/hashicorp/go-plugin/grpc_broker.go deleted file mode 100644 index daf142d170..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/grpc_broker.go +++ /dev/null @@ -1,457 +0,0 @@ -package plugin - -import ( - "context" - "crypto/tls" - "errors" - "fmt" - "log" - "net" - "sync" - "sync/atomic" - "time" - - "github.com/hashicorp/go-plugin/internal/plugin" - - "github.com/oklog/run" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" -) - -// streamer interface is used in the broker to send/receive connection -// information. -type streamer interface { - Send(*plugin.ConnInfo) error - Recv() (*plugin.ConnInfo, error) - Close() -} - -// sendErr is used to pass errors back during a send. -type sendErr struct { - i *plugin.ConnInfo - ch chan error -} - -// gRPCBrokerServer is used by the plugin to start a stream and to send -// connection information to/from the plugin. Implements GRPCBrokerServer and -// streamer interfaces. -type gRPCBrokerServer struct { - // send is used to send connection info to the gRPC stream. - send chan *sendErr - - // recv is used to receive connection info from the gRPC stream. - recv chan *plugin.ConnInfo - - // quit closes down the stream. - quit chan struct{} - - // o is used to ensure we close the quit channel only once. - o sync.Once -} - -func newGRPCBrokerServer() *gRPCBrokerServer { - return &gRPCBrokerServer{ - send: make(chan *sendErr), - recv: make(chan *plugin.ConnInfo), - quit: make(chan struct{}), - } -} - -// StartStream implements the GRPCBrokerServer interface and will block until -// the quit channel is closed or the context reports Done. The stream will pass -// connection information to/from the client. -func (s *gRPCBrokerServer) StartStream(stream plugin.GRPCBroker_StartStreamServer) error { - doneCh := stream.Context().Done() - defer s.Close() - - // Proccess send stream - go func() { - for { - select { - case <-doneCh: - return - case <-s.quit: - return - case se := <-s.send: - err := stream.Send(se.i) - se.ch <- err - } - } - }() - - // Process receive stream - for { - i, err := stream.Recv() - if err != nil { - return err - } - select { - case <-doneCh: - return nil - case <-s.quit: - return nil - case s.recv <- i: - } - } - - return nil -} - -// Send is used by the GRPCBroker to pass connection information into the stream -// to the client. -func (s *gRPCBrokerServer) Send(i *plugin.ConnInfo) error { - ch := make(chan error) - defer close(ch) - - select { - case <-s.quit: - return errors.New("broker closed") - case s.send <- &sendErr{ - i: i, - ch: ch, - }: - } - - return <-ch -} - -// Recv is used by the GRPCBroker to pass connection information that has been -// sent from the client from the stream to the broker. -func (s *gRPCBrokerServer) Recv() (*plugin.ConnInfo, error) { - select { - case <-s.quit: - return nil, errors.New("broker closed") - case i := <-s.recv: - return i, nil - } -} - -// Close closes the quit channel, shutting down the stream. -func (s *gRPCBrokerServer) Close() { - s.o.Do(func() { - close(s.quit) - }) -} - -// gRPCBrokerClientImpl is used by the client to start a stream and to send -// connection information to/from the client. Implements GRPCBrokerClient and -// streamer interfaces. -type gRPCBrokerClientImpl struct { - // client is the underlying GRPC client used to make calls to the server. - client plugin.GRPCBrokerClient - - // send is used to send connection info to the gRPC stream. - send chan *sendErr - - // recv is used to receive connection info from the gRPC stream. - recv chan *plugin.ConnInfo - - // quit closes down the stream. - quit chan struct{} - - // o is used to ensure we close the quit channel only once. - o sync.Once -} - -func newGRPCBrokerClient(conn *grpc.ClientConn) *gRPCBrokerClientImpl { - return &gRPCBrokerClientImpl{ - client: plugin.NewGRPCBrokerClient(conn), - send: make(chan *sendErr), - recv: make(chan *plugin.ConnInfo), - quit: make(chan struct{}), - } -} - -// StartStream implements the GRPCBrokerClient interface and will block until -// the quit channel is closed or the context reports Done. The stream will pass -// connection information to/from the plugin. -func (s *gRPCBrokerClientImpl) StartStream() error { - ctx, cancelFunc := context.WithCancel(context.Background()) - defer cancelFunc() - defer s.Close() - - stream, err := s.client.StartStream(ctx) - if err != nil { - return err - } - doneCh := stream.Context().Done() - - go func() { - for { - select { - case <-doneCh: - return - case <-s.quit: - return - case se := <-s.send: - err := stream.Send(se.i) - se.ch <- err - } - } - }() - - for { - i, err := stream.Recv() - if err != nil { - return err - } - select { - case <-doneCh: - return nil - case <-s.quit: - return nil - case s.recv <- i: - } - } - - return nil -} - -// Send is used by the GRPCBroker to pass connection information into the stream -// to the plugin. -func (s *gRPCBrokerClientImpl) Send(i *plugin.ConnInfo) error { - ch := make(chan error) - defer close(ch) - - select { - case <-s.quit: - return errors.New("broker closed") - case s.send <- &sendErr{ - i: i, - ch: ch, - }: - } - - return <-ch -} - -// Recv is used by the GRPCBroker to pass connection information that has been -// sent from the plugin to the broker. -func (s *gRPCBrokerClientImpl) Recv() (*plugin.ConnInfo, error) { - select { - case <-s.quit: - return nil, errors.New("broker closed") - case i := <-s.recv: - return i, nil - } -} - -// Close closes the quit channel, shutting down the stream. -func (s *gRPCBrokerClientImpl) Close() { - s.o.Do(func() { - close(s.quit) - }) -} - -// GRPCBroker is responsible for brokering connections by unique ID. -// -// It is used by plugins to create multiple gRPC connections and data -// streams between the plugin process and the host process. -// -// This allows a plugin to request a channel with a specific ID to connect to -// or accept a connection from, and the broker handles the details of -// holding these channels open while they're being negotiated. -// -// The Plugin interface has access to these for both Server and Client. -// The broker can be used by either (optionally) to reserve and connect to -// new streams. This is useful for complex args and return values, -// or anything else you might need a data stream for. -type GRPCBroker struct { - nextId uint32 - streamer streamer - streams map[uint32]*gRPCBrokerPending - tls *tls.Config - doneCh chan struct{} - o sync.Once - - sync.Mutex -} - -type gRPCBrokerPending struct { - ch chan *plugin.ConnInfo - doneCh chan struct{} -} - -func newGRPCBroker(s streamer, tls *tls.Config) *GRPCBroker { - return &GRPCBroker{ - streamer: s, - streams: make(map[uint32]*gRPCBrokerPending), - tls: tls, - doneCh: make(chan struct{}), - } -} - -// Accept accepts a connection by ID. -// -// This should not be called multiple times with the same ID at one time. -func (b *GRPCBroker) Accept(id uint32) (net.Listener, error) { - listener, err := serverListener() - if err != nil { - return nil, err - } - - err = b.streamer.Send(&plugin.ConnInfo{ - ServiceId: id, - Network: listener.Addr().Network(), - Address: listener.Addr().String(), - }) - if err != nil { - return nil, err - } - - return listener, nil -} - -// AcceptAndServe is used to accept a specific stream ID and immediately -// serve a gRPC server on that stream ID. This is used to easily serve -// complex arguments. Each AcceptAndServe call opens a new listener socket and -// sends the connection info down the stream to the dialer. Since a new -// connection is opened every call, these calls should be used sparingly. -// Multiple gRPC server implementations can be registered to a single -// AcceptAndServe call. -func (b *GRPCBroker) AcceptAndServe(id uint32, s func([]grpc.ServerOption) *grpc.Server) { - listener, err := b.Accept(id) - if err != nil { - log.Printf("[ERR] plugin: plugin acceptAndServe error: %s", err) - return - } - defer listener.Close() - - var opts []grpc.ServerOption - if b.tls != nil { - opts = []grpc.ServerOption{grpc.Creds(credentials.NewTLS(b.tls))} - } - - server := s(opts) - - // Here we use a run group to close this goroutine if the server is shutdown - // or the broker is shutdown. - var g run.Group - { - // Serve on the listener, if shutting down call GracefulStop. - g.Add(func() error { - return server.Serve(listener) - }, func(err error) { - server.GracefulStop() - }) - } - { - // block on the closeCh or the doneCh. If we are shutting down close the - // closeCh. - closeCh := make(chan struct{}) - g.Add(func() error { - select { - case <-b.doneCh: - case <-closeCh: - } - return nil - }, func(err error) { - close(closeCh) - }) - } - - // Block until we are done - g.Run() -} - -// Close closes the stream and all servers. -func (b *GRPCBroker) Close() error { - b.streamer.Close() - b.o.Do(func() { - close(b.doneCh) - }) - return nil -} - -// Dial opens a connection by ID. -func (b *GRPCBroker) Dial(id uint32) (conn *grpc.ClientConn, err error) { - var c *plugin.ConnInfo - - // Open the stream - p := b.getStream(id) - select { - case c = <-p.ch: - close(p.doneCh) - case <-time.After(5 * time.Second): - return nil, fmt.Errorf("timeout waiting for connection info") - } - - var addr net.Addr - switch c.Network { - case "tcp": - addr, err = net.ResolveTCPAddr("tcp", c.Address) - case "unix": - addr, err = net.ResolveUnixAddr("unix", c.Address) - default: - err = fmt.Errorf("Unknown address type: %s", c.Address) - } - if err != nil { - return nil, err - } - - return dialGRPCConn(b.tls, netAddrDialer(addr)) -} - -// NextId returns a unique ID to use next. -// -// It is possible for very long-running plugin hosts to wrap this value, -// though it would require a very large amount of calls. In practice -// we've never seen it happen. -func (m *GRPCBroker) NextId() uint32 { - return atomic.AddUint32(&m.nextId, 1) -} - -// Run starts the brokering and should be executed in a goroutine, since it -// blocks forever, or until the session closes. -// -// Uses of GRPCBroker never need to call this. It is called internally by -// the plugin host/client. -func (m *GRPCBroker) Run() { - for { - stream, err := m.streamer.Recv() - if err != nil { - // Once we receive an error, just exit - break - } - - // Initialize the waiter - p := m.getStream(stream.ServiceId) - select { - case p.ch <- stream: - default: - } - - go m.timeoutWait(stream.ServiceId, p) - } -} - -func (m *GRPCBroker) getStream(id uint32) *gRPCBrokerPending { - m.Lock() - defer m.Unlock() - - p, ok := m.streams[id] - if ok { - return p - } - - m.streams[id] = &gRPCBrokerPending{ - ch: make(chan *plugin.ConnInfo, 1), - doneCh: make(chan struct{}), - } - return m.streams[id] -} - -func (m *GRPCBroker) timeoutWait(id uint32, p *gRPCBrokerPending) { - // Wait for the stream to either be picked up and connected, or - // for a timeout. - select { - case <-p.doneCh: - case <-time.After(5 * time.Second): - } - - m.Lock() - defer m.Unlock() - - // Delete the stream so no one else can grab it - delete(m.streams, id) -} diff --git a/vendor/github.com/hashicorp/go-plugin/grpc_client.go b/vendor/github.com/hashicorp/go-plugin/grpc_client.go deleted file mode 100644 index d0d0d8e20b..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/grpc_client.go +++ /dev/null @@ -1,117 +0,0 @@ -package plugin - -import ( - "crypto/tls" - "fmt" - "math" - "net" - "time" - - "github.com/hashicorp/go-plugin/internal/plugin" - "golang.org/x/net/context" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/health/grpc_health_v1" -) - -func dialGRPCConn(tls *tls.Config, dialer func(string, time.Duration) (net.Conn, error)) (*grpc.ClientConn, error) { - // Build dialing options. - opts := make([]grpc.DialOption, 0, 5) - - // We use a custom dialer so that we can connect over unix domain sockets. - opts = append(opts, grpc.WithDialer(dialer)) - - // Fail right away - opts = append(opts, grpc.FailOnNonTempDialError(true)) - - // If we have no TLS configuration set, we need to explicitly tell grpc - // that we're connecting with an insecure connection. - if tls == nil { - opts = append(opts, grpc.WithInsecure()) - } else { - opts = append(opts, grpc.WithTransportCredentials( - credentials.NewTLS(tls))) - } - - opts = append(opts, - grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(math.MaxInt32)), - grpc.WithDefaultCallOptions(grpc.MaxCallSendMsgSize(math.MaxInt32))) - - - // Connect. Note the first parameter is unused because we use a custom - // dialer that has the state to see the address. - conn, err := grpc.Dial("unused", opts...) - if err != nil { - return nil, err - } - - return conn, nil -} - -// newGRPCClient creates a new GRPCClient. The Client argument is expected -// to be successfully started already with a lock held. -func newGRPCClient(doneCtx context.Context, c *Client) (*GRPCClient, error) { - conn, err := dialGRPCConn(c.config.TLSConfig, c.dialer) - if err != nil { - return nil, err - } - - // Start the broker. - brokerGRPCClient := newGRPCBrokerClient(conn) - broker := newGRPCBroker(brokerGRPCClient, c.config.TLSConfig) - go broker.Run() - go brokerGRPCClient.StartStream() - - cl := &GRPCClient{ - Conn: conn, - Plugins: c.config.Plugins, - doneCtx: doneCtx, - broker: broker, - controller: plugin.NewGRPCControllerClient(conn), - } - - return cl, nil -} - -// GRPCClient connects to a GRPCServer over gRPC to dispense plugin types. -type GRPCClient struct { - Conn *grpc.ClientConn - Plugins map[string]Plugin - - doneCtx context.Context - broker *GRPCBroker - - controller plugin.GRPCControllerClient -} - -// ClientProtocol impl. -func (c *GRPCClient) Close() error { - c.broker.Close() - c.controller.Shutdown(c.doneCtx, &plugin.Empty{}) - return c.Conn.Close() -} - -// ClientProtocol impl. -func (c *GRPCClient) Dispense(name string) (interface{}, error) { - raw, ok := c.Plugins[name] - if !ok { - return nil, fmt.Errorf("unknown plugin type: %s", name) - } - - p, ok := raw.(GRPCPlugin) - if !ok { - return nil, fmt.Errorf("plugin %q doesn't support gRPC", name) - } - - return p.GRPCClient(c.doneCtx, c.broker, c.Conn) -} - -// ClientProtocol impl. -func (c *GRPCClient) Ping() error { - client := grpc_health_v1.NewHealthClient(c.Conn) - _, err := client.Check(context.Background(), &grpc_health_v1.HealthCheckRequest{ - Service: GRPCServiceName, - }) - - return err -} diff --git a/vendor/github.com/hashicorp/go-plugin/grpc_controller.go b/vendor/github.com/hashicorp/go-plugin/grpc_controller.go deleted file mode 100644 index 1a8a8e70ea..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/grpc_controller.go +++ /dev/null @@ -1,23 +0,0 @@ -package plugin - -import ( - "context" - - "github.com/hashicorp/go-plugin/internal/plugin" -) - -// GRPCControllerServer handles shutdown calls to terminate the server when the -// plugin client is closed. -type grpcControllerServer struct { - server *GRPCServer -} - -// Shutdown stops the grpc server. It first will attempt a graceful stop, then a -// full stop on the server. -func (s *grpcControllerServer) Shutdown(ctx context.Context, _ *plugin.Empty) (*plugin.Empty, error) { - resp := &plugin.Empty{} - - // TODO: figure out why GracefullStop doesn't work. - s.server.Stop() - return resp, nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/grpc_server.go b/vendor/github.com/hashicorp/go-plugin/grpc_server.go deleted file mode 100644 index d3dbf1cedc..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/grpc_server.go +++ /dev/null @@ -1,142 +0,0 @@ -package plugin - -import ( - "bytes" - "crypto/tls" - "encoding/json" - "fmt" - "io" - "net" - - hclog "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-plugin/internal/plugin" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/health" - "google.golang.org/grpc/health/grpc_health_v1" -) - -// GRPCServiceName is the name of the service that the health check should -// return as passing. -const GRPCServiceName = "plugin" - -// DefaultGRPCServer can be used with the "GRPCServer" field for Server -// as a default factory method to create a gRPC server with no extra options. -func DefaultGRPCServer(opts []grpc.ServerOption) *grpc.Server { - return grpc.NewServer(opts...) -} - -// GRPCServer is a ServerType implementation that serves plugins over -// gRPC. This allows plugins to easily be written for other languages. -// -// The GRPCServer outputs a custom configuration as a base64-encoded -// JSON structure represented by the GRPCServerConfig config structure. -type GRPCServer struct { - // Plugins are the list of plugins to serve. - Plugins map[string]Plugin - - // Server is the actual server that will accept connections. This - // will be used for plugin registration as well. - Server func([]grpc.ServerOption) *grpc.Server - - // TLS should be the TLS configuration if available. If this is nil, - // the connection will not have transport security. - TLS *tls.Config - - // DoneCh is the channel that is closed when this server has exited. - DoneCh chan struct{} - - // Stdout/StderrLis are the readers for stdout/stderr that will be copied - // to the stdout/stderr connection that is output. - Stdout io.Reader - Stderr io.Reader - - config GRPCServerConfig - server *grpc.Server - broker *GRPCBroker - - logger hclog.Logger -} - -// ServerProtocol impl. -func (s *GRPCServer) Init() error { - // Create our server - var opts []grpc.ServerOption - if s.TLS != nil { - opts = append(opts, grpc.Creds(credentials.NewTLS(s.TLS))) - } - s.server = s.Server(opts) - - // Register the health service - healthCheck := health.NewServer() - healthCheck.SetServingStatus( - GRPCServiceName, grpc_health_v1.HealthCheckResponse_SERVING) - grpc_health_v1.RegisterHealthServer(s.server, healthCheck) - - // Register the broker service - brokerServer := newGRPCBrokerServer() - plugin.RegisterGRPCBrokerServer(s.server, brokerServer) - s.broker = newGRPCBroker(brokerServer, s.TLS) - go s.broker.Run() - - // Register the controller - controllerServer := &grpcControllerServer{ - server: s, - } - plugin.RegisterGRPCControllerServer(s.server, controllerServer) - - // Register all our plugins onto the gRPC server. - for k, raw := range s.Plugins { - p, ok := raw.(GRPCPlugin) - if !ok { - return fmt.Errorf("%q is not a GRPC-compatible plugin", k) - } - - if err := p.GRPCServer(s.broker, s.server); err != nil { - return fmt.Errorf("error registering %q: %s", k, err) - } - } - - return nil -} - -// Stop calls Stop on the underlying grpc.Server -func (s *GRPCServer) Stop() { - s.server.Stop() -} - -// GracefulStop calls GracefulStop on the underlying grpc.Server -func (s *GRPCServer) GracefulStop() { - s.server.GracefulStop() -} - -// Config is the GRPCServerConfig encoded as JSON then base64. -func (s *GRPCServer) Config() string { - // Create a buffer that will contain our final contents - var buf bytes.Buffer - - // Wrap the base64 encoding with JSON encoding. - if err := json.NewEncoder(&buf).Encode(s.config); err != nil { - // We panic since ths shouldn't happen under any scenario. We - // carefully control the structure being encoded here and it should - // always be successful. - panic(err) - } - - return buf.String() -} - -func (s *GRPCServer) Serve(lis net.Listener) { - defer close(s.DoneCh) - err := s.server.Serve(lis) - if err != nil { - s.logger.Error("grpc server", "error", err) - } -} - -// GRPCServerConfig is the extra configuration passed along for consumers -// to facilitate using GRPC plugins. -type GRPCServerConfig struct { - StdoutAddr string `json:"stdout_addr"` - StderrAddr string `json:"stderr_addr"` -} diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/gen.go b/vendor/github.com/hashicorp/go-plugin/internal/plugin/gen.go deleted file mode 100644 index aa2fdc8138..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/gen.go +++ /dev/null @@ -1,3 +0,0 @@ -//go:generate protoc -I ./ ./grpc_broker.proto ./grpc_controller.proto --go_out=plugins=grpc:. - -package plugin diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.pb.go b/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.pb.go deleted file mode 100644 index b6850aa59e..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.pb.go +++ /dev/null @@ -1,203 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: grpc_broker.proto - -package plugin - -import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" - context "golang.org/x/net/context" - grpc "google.golang.org/grpc" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package - -type ConnInfo struct { - ServiceId uint32 `protobuf:"varint,1,opt,name=service_id,json=serviceId,proto3" json:"service_id,omitempty"` - Network string `protobuf:"bytes,2,opt,name=network,proto3" json:"network,omitempty"` - Address string `protobuf:"bytes,3,opt,name=address,proto3" json:"address,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ConnInfo) Reset() { *m = ConnInfo{} } -func (m *ConnInfo) String() string { return proto.CompactTextString(m) } -func (*ConnInfo) ProtoMessage() {} -func (*ConnInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_802e9beed3ec3b28, []int{0} -} - -func (m *ConnInfo) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_ConnInfo.Unmarshal(m, b) -} -func (m *ConnInfo) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_ConnInfo.Marshal(b, m, deterministic) -} -func (m *ConnInfo) XXX_Merge(src proto.Message) { - xxx_messageInfo_ConnInfo.Merge(m, src) -} -func (m *ConnInfo) XXX_Size() int { - return xxx_messageInfo_ConnInfo.Size(m) -} -func (m *ConnInfo) XXX_DiscardUnknown() { - xxx_messageInfo_ConnInfo.DiscardUnknown(m) -} - -var xxx_messageInfo_ConnInfo proto.InternalMessageInfo - -func (m *ConnInfo) GetServiceId() uint32 { - if m != nil { - return m.ServiceId - } - return 0 -} - -func (m *ConnInfo) GetNetwork() string { - if m != nil { - return m.Network - } - return "" -} - -func (m *ConnInfo) GetAddress() string { - if m != nil { - return m.Address - } - return "" -} - -func init() { - proto.RegisterType((*ConnInfo)(nil), "plugin.ConnInfo") -} - -func init() { proto.RegisterFile("grpc_broker.proto", fileDescriptor_802e9beed3ec3b28) } - -var fileDescriptor_802e9beed3ec3b28 = []byte{ - // 175 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4c, 0x2f, 0x2a, 0x48, - 0x8e, 0x4f, 0x2a, 0xca, 0xcf, 0x4e, 0x2d, 0xd2, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x62, 0x2b, - 0xc8, 0x29, 0x4d, 0xcf, 0xcc, 0x53, 0x8a, 0xe5, 0xe2, 0x70, 0xce, 0xcf, 0xcb, 0xf3, 0xcc, 0x4b, - 0xcb, 0x17, 0x92, 0xe5, 0xe2, 0x2a, 0x4e, 0x2d, 0x2a, 0xcb, 0x4c, 0x4e, 0x8d, 0xcf, 0x4c, 0x91, - 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x0d, 0xe2, 0x84, 0x8a, 0x78, 0xa6, 0x08, 0x49, 0x70, 0xb1, 0xe7, - 0xa5, 0x96, 0x94, 0xe7, 0x17, 0x65, 0x4b, 0x30, 0x29, 0x30, 0x6a, 0x70, 0x06, 0xc1, 0xb8, 0x20, - 0x99, 0xc4, 0x94, 0x94, 0xa2, 0xd4, 0xe2, 0x62, 0x09, 0x66, 0x88, 0x0c, 0x94, 0x6b, 0xe4, 0xcc, - 0xc5, 0xe5, 0x1e, 0x14, 0xe0, 0xec, 0x04, 0xb6, 0x5a, 0xc8, 0x94, 0x8b, 0x3b, 0xb8, 0x24, 0xb1, - 0xa8, 0x24, 0xb8, 0xa4, 0x28, 0x35, 0x31, 0x57, 0x48, 0x40, 0x0f, 0xe2, 0x08, 0x3d, 0x98, 0x0b, - 0xa4, 0x30, 0x44, 0x34, 0x18, 0x0d, 0x18, 0x9d, 0x38, 0xa2, 0xa0, 0xae, 0x4d, 0x62, 0x03, 0x3b, - 0xde, 0x18, 0x10, 0x00, 0x00, 0xff, 0xff, 0x10, 0x15, 0x39, 0x47, 0xd1, 0x00, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// GRPCBrokerClient is the client API for GRPCBroker service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type GRPCBrokerClient interface { - StartStream(ctx context.Context, opts ...grpc.CallOption) (GRPCBroker_StartStreamClient, error) -} - -type gRPCBrokerClient struct { - cc *grpc.ClientConn -} - -func NewGRPCBrokerClient(cc *grpc.ClientConn) GRPCBrokerClient { - return &gRPCBrokerClient{cc} -} - -func (c *gRPCBrokerClient) StartStream(ctx context.Context, opts ...grpc.CallOption) (GRPCBroker_StartStreamClient, error) { - stream, err := c.cc.NewStream(ctx, &_GRPCBroker_serviceDesc.Streams[0], "/plugin.GRPCBroker/StartStream", opts...) - if err != nil { - return nil, err - } - x := &gRPCBrokerStartStreamClient{stream} - return x, nil -} - -type GRPCBroker_StartStreamClient interface { - Send(*ConnInfo) error - Recv() (*ConnInfo, error) - grpc.ClientStream -} - -type gRPCBrokerStartStreamClient struct { - grpc.ClientStream -} - -func (x *gRPCBrokerStartStreamClient) Send(m *ConnInfo) error { - return x.ClientStream.SendMsg(m) -} - -func (x *gRPCBrokerStartStreamClient) Recv() (*ConnInfo, error) { - m := new(ConnInfo) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -// GRPCBrokerServer is the server API for GRPCBroker service. -type GRPCBrokerServer interface { - StartStream(GRPCBroker_StartStreamServer) error -} - -func RegisterGRPCBrokerServer(s *grpc.Server, srv GRPCBrokerServer) { - s.RegisterService(&_GRPCBroker_serviceDesc, srv) -} - -func _GRPCBroker_StartStream_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(GRPCBrokerServer).StartStream(&gRPCBrokerStartStreamServer{stream}) -} - -type GRPCBroker_StartStreamServer interface { - Send(*ConnInfo) error - Recv() (*ConnInfo, error) - grpc.ServerStream -} - -type gRPCBrokerStartStreamServer struct { - grpc.ServerStream -} - -func (x *gRPCBrokerStartStreamServer) Send(m *ConnInfo) error { - return x.ServerStream.SendMsg(m) -} - -func (x *gRPCBrokerStartStreamServer) Recv() (*ConnInfo, error) { - m := new(ConnInfo) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} - -var _GRPCBroker_serviceDesc = grpc.ServiceDesc{ - ServiceName: "plugin.GRPCBroker", - HandlerType: (*GRPCBrokerServer)(nil), - Methods: []grpc.MethodDesc{}, - Streams: []grpc.StreamDesc{ - { - StreamName: "StartStream", - Handler: _GRPCBroker_StartStream_Handler, - ServerStreams: true, - ClientStreams: true, - }, - }, - Metadata: "grpc_broker.proto", -} diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.proto b/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.proto deleted file mode 100644 index 3fa79e8ac0..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_broker.proto +++ /dev/null @@ -1,15 +0,0 @@ -syntax = "proto3"; -package plugin; -option go_package = "plugin"; - -message ConnInfo { - uint32 service_id = 1; - string network = 2; - string address = 3; -} - -service GRPCBroker { - rpc StartStream(stream ConnInfo) returns (stream ConnInfo); -} - - diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.pb.go b/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.pb.go deleted file mode 100644 index 38b4204326..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.pb.go +++ /dev/null @@ -1,143 +0,0 @@ -// Code generated by protoc-gen-go. DO NOT EDIT. -// source: grpc_controller.proto - -package plugin - -import ( - fmt "fmt" - proto "github.com/golang/protobuf/proto" - context "golang.org/x/net/context" - grpc "google.golang.org/grpc" - math "math" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.ProtoPackageIsVersion2 // please upgrade the proto package - -type Empty struct { - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *Empty) Reset() { *m = Empty{} } -func (m *Empty) String() string { return proto.CompactTextString(m) } -func (*Empty) ProtoMessage() {} -func (*Empty) Descriptor() ([]byte, []int) { - return fileDescriptor_23c2c7e42feab570, []int{0} -} - -func (m *Empty) XXX_Unmarshal(b []byte) error { - return xxx_messageInfo_Empty.Unmarshal(m, b) -} -func (m *Empty) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - return xxx_messageInfo_Empty.Marshal(b, m, deterministic) -} -func (m *Empty) XXX_Merge(src proto.Message) { - xxx_messageInfo_Empty.Merge(m, src) -} -func (m *Empty) XXX_Size() int { - return xxx_messageInfo_Empty.Size(m) -} -func (m *Empty) XXX_DiscardUnknown() { - xxx_messageInfo_Empty.DiscardUnknown(m) -} - -var xxx_messageInfo_Empty proto.InternalMessageInfo - -func init() { - proto.RegisterType((*Empty)(nil), "plugin.Empty") -} - -func init() { proto.RegisterFile("grpc_controller.proto", fileDescriptor_23c2c7e42feab570) } - -var fileDescriptor_23c2c7e42feab570 = []byte{ - // 108 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x4d, 0x2f, 0x2a, 0x48, - 0x8e, 0x4f, 0xce, 0xcf, 0x2b, 0x29, 0xca, 0xcf, 0xc9, 0x49, 0x2d, 0xd2, 0x2b, 0x28, 0xca, 0x2f, - 0xc9, 0x17, 0x62, 0x2b, 0xc8, 0x29, 0x4d, 0xcf, 0xcc, 0x53, 0x62, 0xe7, 0x62, 0x75, 0xcd, 0x2d, - 0x28, 0xa9, 0x34, 0xb2, 0xe2, 0xe2, 0x73, 0x0f, 0x0a, 0x70, 0x76, 0x86, 0x2b, 0x14, 0xd2, 0xe0, - 0xe2, 0x08, 0xce, 0x28, 0x2d, 0x49, 0xc9, 0x2f, 0xcf, 0x13, 0xe2, 0xd5, 0x83, 0xa8, 0xd7, 0x03, - 0x2b, 0x96, 0x42, 0xe5, 0x3a, 0x71, 0x44, 0x41, 0x8d, 0x4b, 0x62, 0x03, 0x9b, 0x6e, 0x0c, 0x08, - 0x00, 0x00, 0xff, 0xff, 0xab, 0x7c, 0x27, 0xe5, 0x76, 0x00, 0x00, 0x00, -} - -// Reference imports to suppress errors if they are not otherwise used. -var _ context.Context -var _ grpc.ClientConn - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the grpc package it is being compiled against. -const _ = grpc.SupportPackageIsVersion4 - -// GRPCControllerClient is the client API for GRPCController service. -// -// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream. -type GRPCControllerClient interface { - Shutdown(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) -} - -type gRPCControllerClient struct { - cc *grpc.ClientConn -} - -func NewGRPCControllerClient(cc *grpc.ClientConn) GRPCControllerClient { - return &gRPCControllerClient{cc} -} - -func (c *gRPCControllerClient) Shutdown(ctx context.Context, in *Empty, opts ...grpc.CallOption) (*Empty, error) { - out := new(Empty) - err := c.cc.Invoke(ctx, "/plugin.GRPCController/Shutdown", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - -// GRPCControllerServer is the server API for GRPCController service. -type GRPCControllerServer interface { - Shutdown(context.Context, *Empty) (*Empty, error) -} - -func RegisterGRPCControllerServer(s *grpc.Server, srv GRPCControllerServer) { - s.RegisterService(&_GRPCController_serviceDesc, srv) -} - -func _GRPCController_Shutdown_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(Empty) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(GRPCControllerServer).Shutdown(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/plugin.GRPCController/Shutdown", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(GRPCControllerServer).Shutdown(ctx, req.(*Empty)) - } - return interceptor(ctx, in, info, handler) -} - -var _GRPCController_serviceDesc = grpc.ServiceDesc{ - ServiceName: "plugin.GRPCController", - HandlerType: (*GRPCControllerServer)(nil), - Methods: []grpc.MethodDesc{ - { - MethodName: "Shutdown", - Handler: _GRPCController_Shutdown_Handler, - }, - }, - Streams: []grpc.StreamDesc{}, - Metadata: "grpc_controller.proto", -} diff --git a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.proto b/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.proto deleted file mode 100644 index 345d0a1c1f..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/internal/plugin/grpc_controller.proto +++ /dev/null @@ -1,11 +0,0 @@ -syntax = "proto3"; -package plugin; -option go_package = "plugin"; - -message Empty { -} - -// The GRPCController is responsible for telling the plugin server to shutdown. -service GRPCController { - rpc Shutdown(Empty) returns (Empty); -} diff --git a/vendor/github.com/hashicorp/go-plugin/log_entry.go b/vendor/github.com/hashicorp/go-plugin/log_entry.go deleted file mode 100644 index fb2ef930ca..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/log_entry.go +++ /dev/null @@ -1,73 +0,0 @@ -package plugin - -import ( - "encoding/json" - "time" -) - -// logEntry is the JSON payload that gets sent to Stderr from the plugin to the host -type logEntry struct { - Message string `json:"@message"` - Level string `json:"@level"` - Timestamp time.Time `json:"timestamp"` - KVPairs []*logEntryKV `json:"kv_pairs"` -} - -// logEntryKV is a key value pair within the Output payload -type logEntryKV struct { - Key string `json:"key"` - Value interface{} `json:"value"` -} - -// flattenKVPairs is used to flatten KVPair slice into []interface{} -// for hclog consumption. -func flattenKVPairs(kvs []*logEntryKV) []interface{} { - var result []interface{} - for _, kv := range kvs { - result = append(result, kv.Key) - result = append(result, kv.Value) - } - - return result -} - -// parseJSON handles parsing JSON output -func parseJSON(input []byte) (*logEntry, error) { - var raw map[string]interface{} - entry := &logEntry{} - - err := json.Unmarshal(input, &raw) - if err != nil { - return nil, err - } - - // Parse hclog-specific objects - if v, ok := raw["@message"]; ok { - entry.Message = v.(string) - delete(raw, "@message") - } - - if v, ok := raw["@level"]; ok { - entry.Level = v.(string) - delete(raw, "@level") - } - - if v, ok := raw["@timestamp"]; ok { - t, err := time.Parse("2006-01-02T15:04:05.000000Z07:00", v.(string)) - if err != nil { - return nil, err - } - entry.Timestamp = t - delete(raw, "@timestamp") - } - - // Parse dynamic KV args from the hclog payload. - for k, v := range raw { - entry.KVPairs = append(entry.KVPairs, &logEntryKV{ - Key: k, - Value: v, - }) - } - - return entry, nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/mtls.go b/vendor/github.com/hashicorp/go-plugin/mtls.go deleted file mode 100644 index 8895524587..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/mtls.go +++ /dev/null @@ -1,73 +0,0 @@ -package plugin - -import ( - "bytes" - "crypto/ecdsa" - "crypto/elliptic" - "crypto/rand" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "math/big" - "time" -) - -// generateCert generates a temporary certificate for plugin authentication. The -// certificate and private key are returns in PEM format. -func generateCert() (cert []byte, privateKey []byte, err error) { - key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) - if err != nil { - return nil, nil, err - } - - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - sn, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - return nil, nil, err - } - - host := "localhost" - - template := &x509.Certificate{ - Subject: pkix.Name{ - CommonName: host, - Organization: []string{"HashiCorp"}, - }, - DNSNames: []string{host}, - ExtKeyUsage: []x509.ExtKeyUsage{ - x509.ExtKeyUsageClientAuth, - x509.ExtKeyUsageServerAuth, - }, - KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageKeyAgreement | x509.KeyUsageCertSign, - BasicConstraintsValid: true, - SerialNumber: sn, - NotBefore: time.Now().Add(-30 * time.Second), - NotAfter: time.Now().Add(262980 * time.Hour), - IsCA: true, - } - - der, err := x509.CreateCertificate(rand.Reader, template, template, key.Public(), key) - if err != nil { - return nil, nil, err - } - - var certOut bytes.Buffer - if err := pem.Encode(&certOut, &pem.Block{Type: "CERTIFICATE", Bytes: der}); err != nil { - return nil, nil, err - } - - keyBytes, err := x509.MarshalECPrivateKey(key) - if err != nil { - return nil, nil, err - } - - var keyOut bytes.Buffer - if err := pem.Encode(&keyOut, &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes}); err != nil { - return nil, nil, err - } - - cert = certOut.Bytes() - privateKey = keyOut.Bytes() - - return cert, privateKey, nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/mux_broker.go b/vendor/github.com/hashicorp/go-plugin/mux_broker.go deleted file mode 100644 index 01c45ad7c6..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/mux_broker.go +++ /dev/null @@ -1,204 +0,0 @@ -package plugin - -import ( - "encoding/binary" - "fmt" - "log" - "net" - "sync" - "sync/atomic" - "time" - - "github.com/hashicorp/yamux" -) - -// MuxBroker is responsible for brokering multiplexed connections by unique ID. -// -// It is used by plugins to multiplex multiple RPC connections and data -// streams on top of a single connection between the plugin process and the -// host process. -// -// This allows a plugin to request a channel with a specific ID to connect to -// or accept a connection from, and the broker handles the details of -// holding these channels open while they're being negotiated. -// -// The Plugin interface has access to these for both Server and Client. -// The broker can be used by either (optionally) to reserve and connect to -// new multiplexed streams. This is useful for complex args and return values, -// or anything else you might need a data stream for. -type MuxBroker struct { - nextId uint32 - session *yamux.Session - streams map[uint32]*muxBrokerPending - - sync.Mutex -} - -type muxBrokerPending struct { - ch chan net.Conn - doneCh chan struct{} -} - -func newMuxBroker(s *yamux.Session) *MuxBroker { - return &MuxBroker{ - session: s, - streams: make(map[uint32]*muxBrokerPending), - } -} - -// Accept accepts a connection by ID. -// -// This should not be called multiple times with the same ID at one time. -func (m *MuxBroker) Accept(id uint32) (net.Conn, error) { - var c net.Conn - p := m.getStream(id) - select { - case c = <-p.ch: - close(p.doneCh) - case <-time.After(5 * time.Second): - m.Lock() - defer m.Unlock() - delete(m.streams, id) - - return nil, fmt.Errorf("timeout waiting for accept") - } - - // Ack our connection - if err := binary.Write(c, binary.LittleEndian, id); err != nil { - c.Close() - return nil, err - } - - return c, nil -} - -// AcceptAndServe is used to accept a specific stream ID and immediately -// serve an RPC server on that stream ID. This is used to easily serve -// complex arguments. -// -// The served interface is always registered to the "Plugin" name. -func (m *MuxBroker) AcceptAndServe(id uint32, v interface{}) { - conn, err := m.Accept(id) - if err != nil { - log.Printf("[ERR] plugin: plugin acceptAndServe error: %s", err) - return - } - - serve(conn, "Plugin", v) -} - -// Close closes the connection and all sub-connections. -func (m *MuxBroker) Close() error { - return m.session.Close() -} - -// Dial opens a connection by ID. -func (m *MuxBroker) Dial(id uint32) (net.Conn, error) { - // Open the stream - stream, err := m.session.OpenStream() - if err != nil { - return nil, err - } - - // Write the stream ID onto the wire. - if err := binary.Write(stream, binary.LittleEndian, id); err != nil { - stream.Close() - return nil, err - } - - // Read the ack that we connected. Then we're off! - var ack uint32 - if err := binary.Read(stream, binary.LittleEndian, &ack); err != nil { - stream.Close() - return nil, err - } - if ack != id { - stream.Close() - return nil, fmt.Errorf("bad ack: %d (expected %d)", ack, id) - } - - return stream, nil -} - -// NextId returns a unique ID to use next. -// -// It is possible for very long-running plugin hosts to wrap this value, -// though it would require a very large amount of RPC calls. In practice -// we've never seen it happen. -func (m *MuxBroker) NextId() uint32 { - return atomic.AddUint32(&m.nextId, 1) -} - -// Run starts the brokering and should be executed in a goroutine, since it -// blocks forever, or until the session closes. -// -// Uses of MuxBroker never need to call this. It is called internally by -// the plugin host/client. -func (m *MuxBroker) Run() { - for { - stream, err := m.session.AcceptStream() - if err != nil { - // Once we receive an error, just exit - break - } - - // Read the stream ID from the stream - var id uint32 - if err := binary.Read(stream, binary.LittleEndian, &id); err != nil { - stream.Close() - continue - } - - // Initialize the waiter - p := m.getStream(id) - select { - case p.ch <- stream: - default: - } - - // Wait for a timeout - go m.timeoutWait(id, p) - } -} - -func (m *MuxBroker) getStream(id uint32) *muxBrokerPending { - m.Lock() - defer m.Unlock() - - p, ok := m.streams[id] - if ok { - return p - } - - m.streams[id] = &muxBrokerPending{ - ch: make(chan net.Conn, 1), - doneCh: make(chan struct{}), - } - return m.streams[id] -} - -func (m *MuxBroker) timeoutWait(id uint32, p *muxBrokerPending) { - // Wait for the stream to either be picked up and connected, or - // for a timeout. - timeout := false - select { - case <-p.doneCh: - case <-time.After(5 * time.Second): - timeout = true - } - - m.Lock() - defer m.Unlock() - - // Delete the stream so no one else can grab it - delete(m.streams, id) - - // If we timed out, then check if we have a channel in the buffer, - // and if so, close it. - if timeout { - select { - case s := <-p.ch: - s.Close() - } - } -} diff --git a/vendor/github.com/hashicorp/go-plugin/plugin.go b/vendor/github.com/hashicorp/go-plugin/plugin.go deleted file mode 100644 index 79d9674633..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/plugin.go +++ /dev/null @@ -1,58 +0,0 @@ -// The plugin package exposes functions and helpers for communicating to -// plugins which are implemented as standalone binary applications. -// -// plugin.Client fully manages the lifecycle of executing the application, -// connecting to it, and returning the RPC client for dispensing plugins. -// -// plugin.Serve fully manages listeners to expose an RPC server from a binary -// that plugin.Client can connect to. -package plugin - -import ( - "context" - "errors" - "net/rpc" - - "google.golang.org/grpc" -) - -// Plugin is the interface that is implemented to serve/connect to an -// inteface implementation. -type Plugin interface { - // Server should return the RPC server compatible struct to serve - // the methods that the Client calls over net/rpc. - Server(*MuxBroker) (interface{}, error) - - // Client returns an interface implementation for the plugin you're - // serving that communicates to the server end of the plugin. - Client(*MuxBroker, *rpc.Client) (interface{}, error) -} - -// GRPCPlugin is the interface that is implemented to serve/connect to -// a plugin over gRPC. -type GRPCPlugin interface { - // GRPCServer should register this plugin for serving with the - // given GRPCServer. Unlike Plugin.Server, this is only called once - // since gRPC plugins serve singletons. - GRPCServer(*GRPCBroker, *grpc.Server) error - - // GRPCClient should return the interface implementation for the plugin - // you're serving via gRPC. The provided context will be canceled by - // go-plugin in the event of the plugin process exiting. - GRPCClient(context.Context, *GRPCBroker, *grpc.ClientConn) (interface{}, error) -} - -// NetRPCUnsupportedPlugin implements Plugin but returns errors for the -// Server and Client functions. This will effectively disable support for -// net/rpc based plugins. -// -// This struct can be embedded in your struct. -type NetRPCUnsupportedPlugin struct{} - -func (p NetRPCUnsupportedPlugin) Server(*MuxBroker) (interface{}, error) { - return nil, errors.New("net/rpc plugin protocol not supported") -} - -func (p NetRPCUnsupportedPlugin) Client(*MuxBroker, *rpc.Client) (interface{}, error) { - return nil, errors.New("net/rpc plugin protocol not supported") -} diff --git a/vendor/github.com/hashicorp/go-plugin/process.go b/vendor/github.com/hashicorp/go-plugin/process.go deleted file mode 100644 index 88c999a580..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/process.go +++ /dev/null @@ -1,24 +0,0 @@ -package plugin - -import ( - "time" -) - -// pidAlive checks whether a pid is alive. -func pidAlive(pid int) bool { - return _pidAlive(pid) -} - -// pidWait blocks for a process to exit. -func pidWait(pid int) error { - ticker := time.NewTicker(1 * time.Second) - defer ticker.Stop() - - for range ticker.C { - if !pidAlive(pid) { - break - } - } - - return nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/process_posix.go b/vendor/github.com/hashicorp/go-plugin/process_posix.go deleted file mode 100644 index 70ba546bf6..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/process_posix.go +++ /dev/null @@ -1,19 +0,0 @@ -// +build !windows - -package plugin - -import ( - "os" - "syscall" -) - -// _pidAlive tests whether a process is alive or not by sending it Signal 0, -// since Go otherwise has no way to test this. -func _pidAlive(pid int) bool { - proc, err := os.FindProcess(pid) - if err == nil { - err = proc.Signal(syscall.Signal(0)) - } - - return err == nil -} diff --git a/vendor/github.com/hashicorp/go-plugin/process_windows.go b/vendor/github.com/hashicorp/go-plugin/process_windows.go deleted file mode 100644 index 9f7b018090..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/process_windows.go +++ /dev/null @@ -1,29 +0,0 @@ -package plugin - -import ( - "syscall" -) - -const ( - // Weird name but matches the MSDN docs - exit_STILL_ACTIVE = 259 - - processDesiredAccess = syscall.STANDARD_RIGHTS_READ | - syscall.PROCESS_QUERY_INFORMATION | - syscall.SYNCHRONIZE -) - -// _pidAlive tests whether a process is alive or not -func _pidAlive(pid int) bool { - h, err := syscall.OpenProcess(processDesiredAccess, false, uint32(pid)) - if err != nil { - return false - } - - var ec uint32 - if e := syscall.GetExitCodeProcess(h, &ec); e != nil { - return false - } - - return ec == exit_STILL_ACTIVE -} diff --git a/vendor/github.com/hashicorp/go-plugin/protocol.go b/vendor/github.com/hashicorp/go-plugin/protocol.go deleted file mode 100644 index 0cfc19e52d..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/protocol.go +++ /dev/null @@ -1,45 +0,0 @@ -package plugin - -import ( - "io" - "net" -) - -// Protocol is an enum representing the types of protocols. -type Protocol string - -const ( - ProtocolInvalid Protocol = "" - ProtocolNetRPC Protocol = "netrpc" - ProtocolGRPC Protocol = "grpc" -) - -// ServerProtocol is an interface that must be implemented for new plugin -// protocols to be servers. -type ServerProtocol interface { - // Init is called once to configure and initialize the protocol, but - // not start listening. This is the point at which all validation should - // be done and errors returned. - Init() error - - // Config is extra configuration to be outputted to stdout. This will - // be automatically base64 encoded to ensure it can be parsed properly. - // This can be an empty string if additional configuration is not needed. - Config() string - - // Serve is called to serve connections on the given listener. This should - // continue until the listener is closed. - Serve(net.Listener) -} - -// ClientProtocol is an interface that must be implemented for new plugin -// protocols to be clients. -type ClientProtocol interface { - io.Closer - - // Dispense dispenses a new instance of the plugin with the given name. - Dispense(string) (interface{}, error) - - // Ping checks that the client connection is still healthy. - Ping() error -} diff --git a/vendor/github.com/hashicorp/go-plugin/rpc_client.go b/vendor/github.com/hashicorp/go-plugin/rpc_client.go deleted file mode 100644 index f30a4b1d38..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/rpc_client.go +++ /dev/null @@ -1,170 +0,0 @@ -package plugin - -import ( - "crypto/tls" - "fmt" - "io" - "net" - "net/rpc" - - "github.com/hashicorp/yamux" -) - -// RPCClient connects to an RPCServer over net/rpc to dispense plugin types. -type RPCClient struct { - broker *MuxBroker - control *rpc.Client - plugins map[string]Plugin - - // These are the streams used for the various stdout/err overrides - stdout, stderr net.Conn -} - -// newRPCClient creates a new RPCClient. The Client argument is expected -// to be successfully started already with a lock held. -func newRPCClient(c *Client) (*RPCClient, error) { - // Connect to the client - conn, err := net.Dial(c.address.Network(), c.address.String()) - if err != nil { - return nil, err - } - if tcpConn, ok := conn.(*net.TCPConn); ok { - // Make sure to set keep alive so that the connection doesn't die - tcpConn.SetKeepAlive(true) - } - - if c.config.TLSConfig != nil { - conn = tls.Client(conn, c.config.TLSConfig) - } - - // Create the actual RPC client - result, err := NewRPCClient(conn, c.config.Plugins) - if err != nil { - conn.Close() - return nil, err - } - - // Begin the stream syncing so that stdin, out, err work properly - err = result.SyncStreams( - c.config.SyncStdout, - c.config.SyncStderr) - if err != nil { - result.Close() - return nil, err - } - - return result, nil -} - -// NewRPCClient creates a client from an already-open connection-like value. -// Dial is typically used instead. -func NewRPCClient(conn io.ReadWriteCloser, plugins map[string]Plugin) (*RPCClient, error) { - // Create the yamux client so we can multiplex - mux, err := yamux.Client(conn, nil) - if err != nil { - conn.Close() - return nil, err - } - - // Connect to the control stream. - control, err := mux.Open() - if err != nil { - mux.Close() - return nil, err - } - - // Connect stdout, stderr streams - stdstream := make([]net.Conn, 2) - for i, _ := range stdstream { - stdstream[i], err = mux.Open() - if err != nil { - mux.Close() - return nil, err - } - } - - // Create the broker and start it up - broker := newMuxBroker(mux) - go broker.Run() - - // Build the client using our broker and control channel. - return &RPCClient{ - broker: broker, - control: rpc.NewClient(control), - plugins: plugins, - stdout: stdstream[0], - stderr: stdstream[1], - }, nil -} - -// SyncStreams should be called to enable syncing of stdout, -// stderr with the plugin. -// -// This will return immediately and the syncing will continue to happen -// in the background. You do not need to launch this in a goroutine itself. -// -// This should never be called multiple times. -func (c *RPCClient) SyncStreams(stdout io.Writer, stderr io.Writer) error { - go copyStream("stdout", stdout, c.stdout) - go copyStream("stderr", stderr, c.stderr) - return nil -} - -// Close closes the connection. The client is no longer usable after this -// is called. -func (c *RPCClient) Close() error { - // Call the control channel and ask it to gracefully exit. If this - // errors, then we save it so that we always return an error but we - // want to try to close the other channels anyways. - var empty struct{} - returnErr := c.control.Call("Control.Quit", true, &empty) - - // Close the other streams we have - if err := c.control.Close(); err != nil { - return err - } - if err := c.stdout.Close(); err != nil { - return err - } - if err := c.stderr.Close(); err != nil { - return err - } - if err := c.broker.Close(); err != nil { - return err - } - - // Return back the error we got from Control.Quit. This is very important - // since we MUST return non-nil error if this fails so that Client.Kill - // will properly try a process.Kill. - return returnErr -} - -func (c *RPCClient) Dispense(name string) (interface{}, error) { - p, ok := c.plugins[name] - if !ok { - return nil, fmt.Errorf("unknown plugin type: %s", name) - } - - var id uint32 - if err := c.control.Call( - "Dispenser.Dispense", name, &id); err != nil { - return nil, err - } - - conn, err := c.broker.Dial(id) - if err != nil { - return nil, err - } - - return p.Client(c.broker, rpc.NewClient(conn)) -} - -// Ping pings the connection to ensure it is still alive. -// -// The error from the RPC call is returned exactly if you want to inspect -// it for further error analysis. Any error returned from here would indicate -// that the connection to the plugin is not healthy. -func (c *RPCClient) Ping() error { - var empty struct{} - return c.control.Call("Control.Ping", true, &empty) -} diff --git a/vendor/github.com/hashicorp/go-plugin/rpc_server.go b/vendor/github.com/hashicorp/go-plugin/rpc_server.go deleted file mode 100644 index 5bb18dd5db..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/rpc_server.go +++ /dev/null @@ -1,197 +0,0 @@ -package plugin - -import ( - "errors" - "fmt" - "io" - "log" - "net" - "net/rpc" - "sync" - - "github.com/hashicorp/yamux" -) - -// RPCServer listens for network connections and then dispenses interface -// implementations over net/rpc. -// -// After setting the fields below, they shouldn't be read again directly -// from the structure which may be reading/writing them concurrently. -type RPCServer struct { - Plugins map[string]Plugin - - // Stdout, Stderr are what this server will use instead of the - // normal stdin/out/err. This is because due to the multi-process nature - // of our plugin system, we can't use the normal process values so we - // make our own custom one we pipe across. - Stdout io.Reader - Stderr io.Reader - - // DoneCh should be set to a non-nil channel that will be closed - // when the control requests the RPC server to end. - DoneCh chan<- struct{} - - lock sync.Mutex -} - -// ServerProtocol impl. -func (s *RPCServer) Init() error { return nil } - -// ServerProtocol impl. -func (s *RPCServer) Config() string { return "" } - -// ServerProtocol impl. -func (s *RPCServer) Serve(lis net.Listener) { - for { - conn, err := lis.Accept() - if err != nil { - log.Printf("[ERR] plugin: plugin server: %s", err) - return - } - - go s.ServeConn(conn) - } -} - -// ServeConn runs a single connection. -// -// ServeConn blocks, serving the connection until the client hangs up. -func (s *RPCServer) ServeConn(conn io.ReadWriteCloser) { - // First create the yamux server to wrap this connection - mux, err := yamux.Server(conn, nil) - if err != nil { - conn.Close() - log.Printf("[ERR] plugin: error creating yamux server: %s", err) - return - } - - // Accept the control connection - control, err := mux.Accept() - if err != nil { - mux.Close() - if err != io.EOF { - log.Printf("[ERR] plugin: error accepting control connection: %s", err) - } - - return - } - - // Connect the stdstreams (in, out, err) - stdstream := make([]net.Conn, 2) - for i, _ := range stdstream { - stdstream[i], err = mux.Accept() - if err != nil { - mux.Close() - log.Printf("[ERR] plugin: accepting stream %d: %s", i, err) - return - } - } - - // Copy std streams out to the proper place - go copyStream("stdout", stdstream[0], s.Stdout) - go copyStream("stderr", stdstream[1], s.Stderr) - - // Create the broker and start it up - broker := newMuxBroker(mux) - go broker.Run() - - // Use the control connection to build the dispenser and serve the - // connection. - server := rpc.NewServer() - server.RegisterName("Control", &controlServer{ - server: s, - }) - server.RegisterName("Dispenser", &dispenseServer{ - broker: broker, - plugins: s.Plugins, - }) - server.ServeConn(control) -} - -// done is called internally by the control server to trigger the -// doneCh to close which is listened to by the main process to cleanly -// exit. -func (s *RPCServer) done() { - s.lock.Lock() - defer s.lock.Unlock() - - if s.DoneCh != nil { - close(s.DoneCh) - s.DoneCh = nil - } -} - -// dispenseServer dispenses variousinterface implementations for Terraform. -type controlServer struct { - server *RPCServer -} - -// Ping can be called to verify the connection (and likely the binary) -// is still alive to a plugin. -func (c *controlServer) Ping( - null bool, response *struct{}) error { - *response = struct{}{} - return nil -} - -func (c *controlServer) Quit( - null bool, response *struct{}) error { - // End the server - c.server.done() - - // Always return true - *response = struct{}{} - - return nil -} - -// dispenseServer dispenses variousinterface implementations for Terraform. -type dispenseServer struct { - broker *MuxBroker - plugins map[string]Plugin -} - -func (d *dispenseServer) Dispense( - name string, response *uint32) error { - // Find the function to create this implementation - p, ok := d.plugins[name] - if !ok { - return fmt.Errorf("unknown plugin type: %s", name) - } - - // Create the implementation first so we know if there is an error. - impl, err := p.Server(d.broker) - if err != nil { - // We turn the error into an errors error so that it works across RPC - return errors.New(err.Error()) - } - - // Reserve an ID for our implementation - id := d.broker.NextId() - *response = id - - // Run the rest in a goroutine since it can only happen once this RPC - // call returns. We wait for a connection for the plugin implementation - // and serve it. - go func() { - conn, err := d.broker.Accept(id) - if err != nil { - log.Printf("[ERR] go-plugin: plugin dispense error: %s: %s", name, err) - return - } - - serve(conn, "Plugin", impl) - }() - - return nil -} - -func serve(conn io.ReadWriteCloser, name string, v interface{}) { - server := rpc.NewServer() - if err := server.RegisterName(name, v); err != nil { - log.Printf("[ERR] go-plugin: plugin dispense error: %s", err) - return - } - - server.ServeConn(conn) -} diff --git a/vendor/github.com/hashicorp/go-plugin/server.go b/vendor/github.com/hashicorp/go-plugin/server.go deleted file mode 100644 index 4c230e3ab4..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/server.go +++ /dev/null @@ -1,452 +0,0 @@ -package plugin - -import ( - "crypto/tls" - "crypto/x509" - "encoding/base64" - "errors" - "fmt" - "io/ioutil" - "log" - "net" - "os" - "os/signal" - "runtime" - "sort" - "strconv" - "strings" - "sync/atomic" - - "github.com/hashicorp/go-hclog" - - "google.golang.org/grpc" -) - -// CoreProtocolVersion is the ProtocolVersion of the plugin system itself. -// We will increment this whenever we change any protocol behavior. This -// will invalidate any prior plugins but will at least allow us to iterate -// on the core in a safe way. We will do our best to do this very -// infrequently. -const CoreProtocolVersion = 1 - -// HandshakeConfig is the configuration used by client and servers to -// handshake before starting a plugin connection. This is embedded by -// both ServeConfig and ClientConfig. -// -// In practice, the plugin host creates a HandshakeConfig that is exported -// and plugins then can easily consume it. -type HandshakeConfig struct { - // ProtocolVersion is the version that clients must match on to - // agree they can communicate. This should match the ProtocolVersion - // set on ClientConfig when using a plugin. - // This field is not required if VersionedPlugins are being used in the - // Client or Server configurations. - ProtocolVersion uint - - // MagicCookieKey and value are used as a very basic verification - // that a plugin is intended to be launched. This is not a security - // measure, just a UX feature. If the magic cookie doesn't match, - // we show human-friendly output. - MagicCookieKey string - MagicCookieValue string -} - -// PluginSet is a set of plugins provided to be registered in the plugin -// server. -type PluginSet map[string]Plugin - -// ServeConfig configures what sorts of plugins are served. -type ServeConfig struct { - // HandshakeConfig is the configuration that must match clients. - HandshakeConfig - - // TLSProvider is a function that returns a configured tls.Config. - TLSProvider func() (*tls.Config, error) - - // Plugins are the plugins that are served. - // The implied version of this PluginSet is the Handshake.ProtocolVersion. - Plugins PluginSet - - // VersionedPlugins is a map of PluginSets for specific protocol versions. - // These can be used to negotiate a compatible version between client and - // server. If this is set, Handshake.ProtocolVersion is not required. - VersionedPlugins map[int]PluginSet - - // GRPCServer should be non-nil to enable serving the plugins over - // gRPC. This is a function to create the server when needed with the - // given server options. The server options populated by go-plugin will - // be for TLS if set. You may modify the input slice. - // - // Note that the grpc.Server will automatically be registered with - // the gRPC health checking service. This is not optional since go-plugin - // relies on this to implement Ping(). - GRPCServer func([]grpc.ServerOption) *grpc.Server - - // Logger is used to pass a logger into the server. If none is provided the - // server will create a default logger. - Logger hclog.Logger -} - -// protocolVersion determines the protocol version and plugin set to be used by -// the server. In the event that there is no suitable version, the last version -// in the config is returned leaving the client to report the incompatibility. -func protocolVersion(opts *ServeConfig) (int, Protocol, PluginSet) { - protoVersion := int(opts.ProtocolVersion) - pluginSet := opts.Plugins - protoType := ProtocolNetRPC - // Check if the client sent a list of acceptable versions - var clientVersions []int - if vs := os.Getenv("PLUGIN_PROTOCOL_VERSIONS"); vs != "" { - for _, s := range strings.Split(vs, ",") { - v, err := strconv.Atoi(s) - if err != nil { - fmt.Fprintf(os.Stderr, "server sent invalid plugin version %q", s) - continue - } - clientVersions = append(clientVersions, v) - } - } - - // We want to iterate in reverse order, to ensure we match the newest - // compatible plugin version. - sort.Sort(sort.Reverse(sort.IntSlice(clientVersions))) - - // set the old un-versioned fields as if they were versioned plugins - if opts.VersionedPlugins == nil { - opts.VersionedPlugins = make(map[int]PluginSet) - } - - if pluginSet != nil { - opts.VersionedPlugins[protoVersion] = pluginSet - } - - // Sort the version to make sure we match the latest first - var versions []int - for v := range opts.VersionedPlugins { - versions = append(versions, v) - } - - sort.Sort(sort.Reverse(sort.IntSlice(versions))) - - // See if we have multiple versions of Plugins to choose from - for _, version := range versions { - // Record each version, since we guarantee that this returns valid - // values even if they are not a protocol match. - protoVersion = version - pluginSet = opts.VersionedPlugins[version] - - // If we have a configured gRPC server we should select a protocol - if opts.GRPCServer != nil { - // All plugins in a set must use the same transport, so check the first - // for the protocol type - for _, p := range pluginSet { - switch p.(type) { - case GRPCPlugin: - protoType = ProtocolGRPC - default: - protoType = ProtocolNetRPC - } - break - } - } - - for _, clientVersion := range clientVersions { - if clientVersion == protoVersion { - return protoVersion, protoType, pluginSet - } - } - } - - // Return the lowest version as the fallback. - // Since we iterated over all the versions in reverse order above, these - // values are from the lowest version number plugins (which may be from - // a combination of the Handshake.ProtocolVersion and ServeConfig.Plugins - // fields). This allows serving the oldest version of our plugins to a - // legacy client that did not send a PLUGIN_PROTOCOL_VERSIONS list. - return protoVersion, protoType, pluginSet -} - -// Serve serves the plugins given by ServeConfig. -// -// Serve doesn't return until the plugin is done being executed. Any -// errors will be outputted to os.Stderr. -// -// This is the method that plugins should call in their main() functions. -func Serve(opts *ServeConfig) { - // Validate the handshake config - if opts.MagicCookieKey == "" || opts.MagicCookieValue == "" { - fmt.Fprintf(os.Stderr, - "Misconfigured ServeConfig given to serve this plugin: no magic cookie\n"+ - "key or value was set. Please notify the plugin author and report\n"+ - "this as a bug.\n") - os.Exit(1) - } - - // First check the cookie - if os.Getenv(opts.MagicCookieKey) != opts.MagicCookieValue { - fmt.Fprintf(os.Stderr, - "This binary is a plugin. These are not meant to be executed directly.\n"+ - "Please execute the program that consumes these plugins, which will\n"+ - "load any plugins automatically\n") - os.Exit(1) - } - - // negotiate the version and plugins - // start with default version in the handshake config - protoVersion, protoType, pluginSet := protocolVersion(opts) - - // Logging goes to the original stderr - log.SetOutput(os.Stderr) - - logger := opts.Logger - if logger == nil { - // internal logger to os.Stderr - logger = hclog.New(&hclog.LoggerOptions{ - Level: hclog.Trace, - Output: os.Stderr, - JSONFormat: true, - }) - } - - // Create our new stdout, stderr files. These will override our built-in - // stdout/stderr so that it works across the stream boundary. - stdout_r, stdout_w, err := os.Pipe() - if err != nil { - fmt.Fprintf(os.Stderr, "Error preparing plugin: %s\n", err) - os.Exit(1) - } - stderr_r, stderr_w, err := os.Pipe() - if err != nil { - fmt.Fprintf(os.Stderr, "Error preparing plugin: %s\n", err) - os.Exit(1) - } - - // Register a listener so we can accept a connection - listener, err := serverListener() - if err != nil { - logger.Error("plugin init error", "error", err) - return - } - - // Close the listener on return. We wrap this in a func() on purpose - // because the "listener" reference may change to TLS. - defer func() { - listener.Close() - }() - - var tlsConfig *tls.Config - if opts.TLSProvider != nil { - tlsConfig, err = opts.TLSProvider() - if err != nil { - logger.Error("plugin tls init", "error", err) - return - } - } - - var serverCert string - clientCert := os.Getenv("PLUGIN_CLIENT_CERT") - // If the client is configured using AutoMTLS, the certificate will be here, - // and we need to generate our own in response. - if tlsConfig == nil && clientCert != "" { - logger.Info("configuring server automatic mTLS") - clientCertPool := x509.NewCertPool() - if !clientCertPool.AppendCertsFromPEM([]byte(clientCert)) { - logger.Error("client cert provided but failed to parse", "cert", clientCert) - } - - certPEM, keyPEM, err := generateCert() - if err != nil { - logger.Error("failed to generate client certificate", "error", err) - panic(err) - } - - cert, err := tls.X509KeyPair(certPEM, keyPEM) - if err != nil { - logger.Error("failed to parse client certificate", "error", err) - panic(err) - } - - tlsConfig = &tls.Config{ - Certificates: []tls.Certificate{cert}, - ClientAuth: tls.RequireAndVerifyClientCert, - ClientCAs: clientCertPool, - MinVersion: tls.VersionTLS12, - } - - // We send back the raw leaf cert data for the client rather than the - // PEM, since the protocol can't handle newlines. - serverCert = base64.RawStdEncoding.EncodeToString(cert.Certificate[0]) - } - - // Create the channel to tell us when we're done - doneCh := make(chan struct{}) - - // Build the server type - var server ServerProtocol - switch protoType { - case ProtocolNetRPC: - // If we have a TLS configuration then we wrap the listener - // ourselves and do it at that level. - if tlsConfig != nil { - listener = tls.NewListener(listener, tlsConfig) - } - - // Create the RPC server to dispense - server = &RPCServer{ - Plugins: pluginSet, - Stdout: stdout_r, - Stderr: stderr_r, - DoneCh: doneCh, - } - - case ProtocolGRPC: - // Create the gRPC server - server = &GRPCServer{ - Plugins: pluginSet, - Server: opts.GRPCServer, - TLS: tlsConfig, - Stdout: stdout_r, - Stderr: stderr_r, - DoneCh: doneCh, - logger: logger, - } - - default: - panic("unknown server protocol: " + protoType) - } - - // Initialize the servers - if err := server.Init(); err != nil { - logger.Error("protocol init", "error", err) - return - } - - logger.Debug("plugin address", "network", listener.Addr().Network(), "address", listener.Addr().String()) - - // Output the address and service name to stdout so that the client can bring it up. - fmt.Printf("%d|%d|%s|%s|%s|%s\n", - CoreProtocolVersion, - protoVersion, - listener.Addr().Network(), - listener.Addr().String(), - protoType, - serverCert) - os.Stdout.Sync() - - // Eat the interrupts - ch := make(chan os.Signal, 1) - signal.Notify(ch, os.Interrupt) - go func() { - var count int32 = 0 - for { - <-ch - newCount := atomic.AddInt32(&count, 1) - logger.Debug("plugin received interrupt signal, ignoring", "count", newCount) - } - }() - - // Set our new out, err - os.Stdout = stdout_w - os.Stderr = stderr_w - - // Accept connections and wait for completion - go server.Serve(listener) - <-doneCh -} - -func serverListener() (net.Listener, error) { - if runtime.GOOS == "windows" { - return serverListener_tcp() - } - - return serverListener_unix() -} - -func serverListener_tcp() (net.Listener, error) { - envMinPort := os.Getenv("PLUGIN_MIN_PORT") - envMaxPort := os.Getenv("PLUGIN_MAX_PORT") - - var minPort, maxPort int64 - var err error - - switch { - case len(envMinPort) == 0: - minPort = 0 - default: - minPort, err = strconv.ParseInt(envMinPort, 10, 32) - if err != nil { - return nil, fmt.Errorf("Couldn't get value from PLUGIN_MIN_PORT: %v", err) - } - } - - switch { - case len(envMaxPort) == 0: - maxPort = 0 - default: - maxPort, err = strconv.ParseInt(envMaxPort, 10, 32) - if err != nil { - return nil, fmt.Errorf("Couldn't get value from PLUGIN_MAX_PORT: %v", err) - } - } - - if minPort > maxPort { - return nil, fmt.Errorf("ENV_MIN_PORT value of %d is greater than PLUGIN_MAX_PORT value of %d", minPort, maxPort) - } - - for port := minPort; port <= maxPort; port++ { - address := fmt.Sprintf("127.0.0.1:%d", port) - listener, err := net.Listen("tcp", address) - if err == nil { - return listener, nil - } - } - - return nil, errors.New("Couldn't bind plugin TCP listener") -} - -func serverListener_unix() (net.Listener, error) { - tf, err := ioutil.TempFile("", "plugin") - if err != nil { - return nil, err - } - path := tf.Name() - - // Close the file and remove it because it has to not exist for - // the domain socket. - if err := tf.Close(); err != nil { - return nil, err - } - if err := os.Remove(path); err != nil { - return nil, err - } - - l, err := net.Listen("unix", path) - if err != nil { - return nil, err - } - - // Wrap the listener in rmListener so that the Unix domain socket file - // is removed on close. - return &rmListener{ - Listener: l, - Path: path, - }, nil -} - -// rmListener is an implementation of net.Listener that forwards most -// calls to the listener but also removes a file as part of the close. We -// use this to cleanup the unix domain socket on close. -type rmListener struct { - net.Listener - Path string -} - -func (l *rmListener) Close() error { - // Close the listener itself - if err := l.Listener.Close(); err != nil { - return err - } - - // Remove the file - return os.Remove(l.Path) -} diff --git a/vendor/github.com/hashicorp/go-plugin/server_mux.go b/vendor/github.com/hashicorp/go-plugin/server_mux.go deleted file mode 100644 index 033079ea0f..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/server_mux.go +++ /dev/null @@ -1,31 +0,0 @@ -package plugin - -import ( - "fmt" - "os" -) - -// ServeMuxMap is the type that is used to configure ServeMux -type ServeMuxMap map[string]*ServeConfig - -// ServeMux is like Serve, but serves multiple types of plugins determined -// by the argument given on the command-line. -// -// This command doesn't return until the plugin is done being executed. Any -// errors are logged or output to stderr. -func ServeMux(m ServeMuxMap) { - if len(os.Args) != 2 { - fmt.Fprintf(os.Stderr, - "Invoked improperly. This is an internal command that shouldn't\n"+ - "be manually invoked.\n") - os.Exit(1) - } - - opts, ok := m[os.Args[1]] - if !ok { - fmt.Fprintf(os.Stderr, "Unknown plugin: %s\n", os.Args[1]) - os.Exit(1) - } - - Serve(opts) -} diff --git a/vendor/github.com/hashicorp/go-plugin/stream.go b/vendor/github.com/hashicorp/go-plugin/stream.go deleted file mode 100644 index 1d547aaaab..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/stream.go +++ /dev/null @@ -1,18 +0,0 @@ -package plugin - -import ( - "io" - "log" -) - -func copyStream(name string, dst io.Writer, src io.Reader) { - if src == nil { - panic(name + ": src is nil") - } - if dst == nil { - panic(name + ": dst is nil") - } - if _, err := io.Copy(dst, src); err != nil && err != io.EOF { - log.Printf("[ERR] plugin: stream copy '%s' error: %s", name, err) - } -} diff --git a/vendor/github.com/hashicorp/go-plugin/testing.go b/vendor/github.com/hashicorp/go-plugin/testing.go deleted file mode 100644 index 2cf2c26cc5..0000000000 --- a/vendor/github.com/hashicorp/go-plugin/testing.go +++ /dev/null @@ -1,180 +0,0 @@ -package plugin - -import ( - "bytes" - "context" - "io" - "net" - "net/rpc" - - "github.com/mitchellh/go-testing-interface" - hclog "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-plugin/internal/plugin" - "google.golang.org/grpc" -) - -// TestOptions allows specifying options that can affect the behavior of the -// test functions -type TestOptions struct { - //ServerStdout causes the given value to be used in place of a blank buffer - //for RPCServer's Stdout - ServerStdout io.ReadCloser - - //ServerStderr causes the given value to be used in place of a blank buffer - //for RPCServer's Stderr - ServerStderr io.ReadCloser -} - -// The testing file contains test helpers that you can use outside of -// this package for making it easier to test plugins themselves. - -// TestConn is a helper function for returning a client and server -// net.Conn connected to each other. -func TestConn(t testing.T) (net.Conn, net.Conn) { - // Listen to any local port. This listener will be closed - // after a single connection is established. - l, err := net.Listen("tcp", "127.0.0.1:0") - if err != nil { - t.Fatalf("err: %s", err) - } - - // Start a goroutine to accept our client connection - var serverConn net.Conn - doneCh := make(chan struct{}) - go func() { - defer close(doneCh) - defer l.Close() - var err error - serverConn, err = l.Accept() - if err != nil { - t.Fatalf("err: %s", err) - } - }() - - // Connect to the server - clientConn, err := net.Dial("tcp", l.Addr().String()) - if err != nil { - t.Fatalf("err: %s", err) - } - - // Wait for the server side to acknowledge it has connected - <-doneCh - - return clientConn, serverConn -} - -// TestRPCConn returns a rpc client and server connected to each other. -func TestRPCConn(t testing.T) (*rpc.Client, *rpc.Server) { - clientConn, serverConn := TestConn(t) - - server := rpc.NewServer() - go server.ServeConn(serverConn) - - client := rpc.NewClient(clientConn) - return client, server -} - -// TestPluginRPCConn returns a plugin RPC client and server that are connected -// together and configured. -func TestPluginRPCConn(t testing.T, ps map[string]Plugin, opts *TestOptions) (*RPCClient, *RPCServer) { - // Create two net.Conns we can use to shuttle our control connection - clientConn, serverConn := TestConn(t) - - // Start up the server - server := &RPCServer{Plugins: ps, Stdout: new(bytes.Buffer), Stderr: new(bytes.Buffer)} - if opts != nil { - if opts.ServerStdout != nil { - server.Stdout = opts.ServerStdout - } - if opts.ServerStderr != nil { - server.Stderr = opts.ServerStderr - } - } - go server.ServeConn(serverConn) - - // Connect the client to the server - client, err := NewRPCClient(clientConn, ps) - if err != nil { - t.Fatalf("err: %s", err) - } - - return client, server -} - -// TestGRPCConn returns a gRPC client conn and grpc server that are connected -// together and configured. The register function is used to register services -// prior to the Serve call. This is used to test gRPC connections. -func TestGRPCConn(t testing.T, register func(*grpc.Server)) (*grpc.ClientConn, *grpc.Server) { - // Create a listener - l, err := net.Listen("tcp", "127.0.0.1:0") - if err != nil { - t.Fatalf("err: %s", err) - } - - server := grpc.NewServer() - register(server) - go server.Serve(l) - - // Connect to the server - conn, err := grpc.Dial( - l.Addr().String(), - grpc.WithBlock(), - grpc.WithInsecure()) - if err != nil { - t.Fatalf("err: %s", err) - } - - // Connection successful, close the listener - l.Close() - - return conn, server -} - -// TestPluginGRPCConn returns a plugin gRPC client and server that are connected -// together and configured. This is used to test gRPC connections. -func TestPluginGRPCConn(t testing.T, ps map[string]Plugin) (*GRPCClient, *GRPCServer) { - // Create a listener - l, err := net.Listen("tcp", "127.0.0.1:0") - if err != nil { - t.Fatalf("err: %s", err) - } - - // Start up the server - server := &GRPCServer{ - Plugins: ps, - DoneCh: make(chan struct{}), - Server: DefaultGRPCServer, - Stdout: new(bytes.Buffer), - Stderr: new(bytes.Buffer), - logger: hclog.Default(), - } - if err := server.Init(); err != nil { - t.Fatalf("err: %s", err) - } - go server.Serve(l) - - // Connect to the server - conn, err := grpc.Dial( - l.Addr().String(), - grpc.WithBlock(), - grpc.WithInsecure()) - if err != nil { - t.Fatalf("err: %s", err) - } - - brokerGRPCClient := newGRPCBrokerClient(conn) - broker := newGRPCBroker(brokerGRPCClient, nil) - go broker.Run() - go brokerGRPCClient.StartStream() - - // Create the client - client := &GRPCClient{ - Conn: conn, - Plugins: ps, - broker: broker, - doneCtx: context.Background(), - controller: plugin.NewGRPCControllerClient(conn), - } - - return client, server -} diff --git a/vendor/github.com/oklog/run/.gitignore b/vendor/github.com/oklog/run/.gitignore deleted file mode 100644 index a1338d6851..0000000000 --- a/vendor/github.com/oklog/run/.gitignore +++ /dev/null @@ -1,14 +0,0 @@ -# Binaries for programs and plugins -*.exe -*.dll -*.so -*.dylib - -# Test binary, build with `go test -c` -*.test - -# Output of the go coverage tool, specifically when used with LiteIDE -*.out - -# Project-local glide cache, RE: https://github.com/Masterminds/glide/issues/736 -.glide/ diff --git a/vendor/github.com/oklog/run/.travis.yml b/vendor/github.com/oklog/run/.travis.yml deleted file mode 100644 index 362bdd41c0..0000000000 --- a/vendor/github.com/oklog/run/.travis.yml +++ /dev/null @@ -1,12 +0,0 @@ -language: go -sudo: false -go: - - 1.x - - tip -install: - - go get -v github.com/golang/lint/golint - - go build ./... -script: - - go vet ./... - - $HOME/gopath/bin/golint . - - go test -v -race ./... diff --git a/vendor/github.com/oklog/run/LICENSE b/vendor/github.com/oklog/run/LICENSE deleted file mode 100644 index 261eeb9e9f..0000000000 --- a/vendor/github.com/oklog/run/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/vendor/github.com/oklog/run/README.md b/vendor/github.com/oklog/run/README.md deleted file mode 100644 index a7228cd9a3..0000000000 --- a/vendor/github.com/oklog/run/README.md +++ /dev/null @@ -1,73 +0,0 @@ -# run - -[![GoDoc](https://godoc.org/github.com/oklog/run?status.svg)](https://godoc.org/github.com/oklog/run) -[![Build Status](https://travis-ci.org/oklog/run.svg?branch=master)](https://travis-ci.org/oklog/run) -[![Go Report Card](https://goreportcard.com/badge/github.com/oklog/run)](https://goreportcard.com/report/github.com/oklog/run) -[![Apache 2 licensed](https://img.shields.io/badge/license-Apache2-blue.svg)](https://raw.githubusercontent.com/oklog/run/master/LICENSE) - -run.Group is a universal mechanism to manage goroutine lifecycles. - -Create a zero-value run.Group, and then add actors to it. Actors are defined as -a pair of functions: an **execute** function, which should run synchronously; -and an **interrupt** function, which, when invoked, should cause the execute -function to return. Finally, invoke Run, which blocks until the first actor -returns. This general-purpose API allows callers to model pretty much any -runnable task, and achieve well-defined lifecycle semantics for the group. - -run.Group was written to manage component lifecycles in func main for -[OK Log](https://github.com/oklog/oklog). -But it's useful in any circumstance where you need to orchestrate multiple -goroutines as a unit whole. -[Click here](https://www.youtube.com/watch?v=LHe1Cb_Ud_M&t=15m45s) to see a -video of a talk where run.Group is described. - -## Examples - -### context.Context - -```go -ctx, cancel := context.WithCancel(context.Background()) -g.Add(func() error { - return myProcess(ctx, ...) -}, func(error) { - cancel() -}) -``` - -### net.Listener - -```go -ln, _ := net.Listen("tcp", ":8080") -g.Add(func() error { - return http.Serve(ln, nil) -}, func(error) { - ln.Close() -}) -``` - -### io.ReadCloser - -```go -var conn io.ReadCloser = ... -g.Add(func() error { - s := bufio.NewScanner(conn) - for s.Scan() { - println(s.Text()) - } - return s.Err() -}, func(error) { - conn.Close() -}) -``` - -## Comparisons - -Package run is somewhat similar to package -[errgroup](https://godoc.org/golang.org/x/sync/errgroup), -except it doesn't require actor goroutines to understand context semantics. - -It's somewhat similar to package -[tomb.v1](https://godoc.org/gopkg.in/tomb.v1) or -[tomb.v2](https://godoc.org/gopkg.in/tomb.v2), -except it has a much smaller API surface, delegating e.g. staged shutdown of -goroutines to the caller. diff --git a/vendor/github.com/oklog/run/group.go b/vendor/github.com/oklog/run/group.go deleted file mode 100644 index 832d47dd16..0000000000 --- a/vendor/github.com/oklog/run/group.go +++ /dev/null @@ -1,62 +0,0 @@ -// Package run implements an actor-runner with deterministic teardown. It is -// somewhat similar to package errgroup, except it does not require actor -// goroutines to understand context semantics. This makes it suitable for use in -// more circumstances; for example, goroutines which are handling connections -// from net.Listeners, or scanning input from a closable io.Reader. -package run - -// Group collects actors (functions) and runs them concurrently. -// When one actor (function) returns, all actors are interrupted. -// The zero value of a Group is useful. -type Group struct { - actors []actor -} - -// Add an actor (function) to the group. Each actor must be pre-emptable by an -// interrupt function. That is, if interrupt is invoked, execute should return. -// Also, it must be safe to call interrupt even after execute has returned. -// -// The first actor (function) to return interrupts all running actors. -// The error is passed to the interrupt functions, and is returned by Run. -func (g *Group) Add(execute func() error, interrupt func(error)) { - g.actors = append(g.actors, actor{execute, interrupt}) -} - -// Run all actors (functions) concurrently. -// When the first actor returns, all others are interrupted. -// Run only returns when all actors have exited. -// Run returns the error returned by the first exiting actor. -func (g *Group) Run() error { - if len(g.actors) == 0 { - return nil - } - - // Run each actor. - errors := make(chan error, len(g.actors)) - for _, a := range g.actors { - go func(a actor) { - errors <- a.execute() - }(a) - } - - // Wait for the first actor to stop. - err := <-errors - - // Signal all actors to stop. - for _, a := range g.actors { - a.interrupt(err) - } - - // Wait for all actors to stop. - for i := 1; i < cap(errors); i++ { - <-errors - } - - // Return the original error. - return err -} - -type actor struct { - execute func() error - interrupt func(error) -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 48f2021eb2..7acd2577f4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -194,9 +194,6 @@ github.com/hashicorp/go-memdb github.com/hashicorp/go-msgpack/codec # github.com/hashicorp/go-multierror v1.0.0 github.com/hashicorp/go-multierror -# github.com/hashicorp/go-plugin v1.0.1 -github.com/hashicorp/go-plugin -github.com/hashicorp/go-plugin/internal/plugin # github.com/hashicorp/go-raftchunking v0.6.1 github.com/hashicorp/go-raftchunking github.com/hashicorp/go-raftchunking/types @@ -300,8 +297,6 @@ github.com/modern-go/concurrent github.com/modern-go/reflect2 # github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 github.com/nicolai86/scaleway-sdk -# github.com/oklog/run v1.0.0 -github.com/oklog/run # github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c github.com/packethost/packngo # github.com/pascaldekloe/goe v0.1.0