feat: restructure project and fix vault/sdk version

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
renovate[bot] 2023-12-14 13:21:44 +00:00 committed by Harald Hoyer
parent 518b1bc8d4
commit d55f035d34
Signed by: harald
GPG key ID: F519A1143B3FBE32
17 changed files with 848 additions and 579 deletions

View file

@ -31,7 +31,7 @@ jobs:
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: 1.19
go-version: 1.21.4
- name: Build
run: go build -v ./...

View file

@ -42,7 +42,7 @@ RUN --mount=type=cache,target=/root/.cache --mount=type=cache,target=/go --mount
mkdir -p /go/src/github.com/matter-labs/vault-auth-tee; \
cd /go/src/github.com/matter-labs/vault-auth-tee; \
rsync -a --delete-after /data/ ./ ; \
CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -o vault-auth-tee; \
CGO_ENABLED=1 GOOS=linux GOARCH=amd64 go build -o vault-auth-tee cmd/vault-auth-tee/main.go ; \
mkdir -p /opt/vault/plugins; \
cp vault-auth-tee /opt/vault/plugins/vault-auth-tee; \
:

View file

@ -2,12 +2,10 @@
// Copyright (c) HashiCorp, Inc.
// Copyright (c) Matter Labs
package tee
package vault_auth_tee
import (
"context"
"github.com/matter-labs/vault-auth-tee/version"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
)
@ -39,7 +37,7 @@ func Backend() *backend {
},
AuthRenew: b.loginPathWrapper(b.pathLoginRenew),
BackendType: logical.TypeCredential,
RunningVersion: "v" + version.Version,
RunningVersion: "v" + Version,
}
return &b

View file

@ -2,7 +2,7 @@
// Copyright (c) HashiCorp, Inc.
// Copyright (c) Matter Labs
package tee
package vault_auth_tee
import (
"context"

View file

@ -5,13 +5,12 @@
package main
import (
"github.com/matter-labs/vault-auth-tee"
"os"
hclog "github.com/hashicorp/go-hclog"
"github.com/hashicorp/vault/api"
"github.com/hashicorp/vault/sdk/plugin"
"github.com/matter-labs/vault-auth-tee/tee"
)
func main() {
@ -23,7 +22,7 @@ func main() {
tlsProviderFunc := api.VaultPluginTLSProvider(tlsConfig)
if err := plugin.ServeMultiplex(&plugin.ServeOpts{
BackendFactoryFunc: tee.Factory,
BackendFactoryFunc: vault_auth_tee.Factory,
// set the TLSProviderFunc so that the plugin maintains backwards
// compatibility with Vault versions that dont support plugin AutoMTLS
TLSProviderFunc: tlsProviderFunc,

236
go.mod
View file

@ -1,166 +1,207 @@
module github.com/matter-labs/vault-auth-tee
go 1.19
go 1.21
require (
github.com/hashicorp/go-hclog v1.6.2
github.com/hashicorp/go-rootcerts v1.0.2
github.com/hashicorp/vault v1.14.1
github.com/hashicorp/vault/api v1.9.2
github.com/hashicorp/vault/sdk v0.9.2-0.20230704151349-7522ca248f90
github.com/hashicorp/vault v1.2.1-0.20240208012854-90c1515f84d3
github.com/hashicorp/vault/api v1.11.0
github.com/hashicorp/vault/sdk v0.11.0
github.com/stretchr/testify v1.8.4
golang.org/x/crypto v0.17.0
golang.org/x/crypto v0.18.0
)
require (
cloud.google.com/go/compute v1.19.3 // indirect
cloud.google.com/go/cloudsqlconn v1.4.3 // indirect
cloud.google.com/go/compute v1.23.3 // indirect
cloud.google.com/go/compute/metadata v0.2.3 // indirect
cloud.google.com/go/iam v1.0.1 // indirect
cloud.google.com/go/kms v1.10.2 // indirect
cloud.google.com/go/monitoring v1.13.0 // indirect
github.com/Azure/azure-sdk-for-go v67.2.0+incompatible // indirect
cloud.google.com/go/iam v1.1.5 // indirect
cloud.google.com/go/kms v1.15.6 // indirect
cloud.google.com/go/monitoring v1.17.0 // indirect
github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
github.com/Azure/azure-sdk-for-go/sdk/keyvault/azkeys v0.10.0 // indirect
github.com/Azure/azure-sdk-for-go/sdk/keyvault/internal v0.7.1 // indirect
github.com/Azure/go-autorest v14.2.0+incompatible // indirect
github.com/Azure/go-autorest/autorest v0.11.29 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/BurntSushi/toml v1.2.1 // indirect
github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
github.com/BurntSushi/toml v1.3.2 // indirect
github.com/DataDog/datadog-go v3.2.0+incompatible // indirect
github.com/Jeffail/gabs v1.1.1 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver v1.5.0 // indirect
github.com/Masterminds/sprig v2.22.0+incompatible // indirect
github.com/NYTimes/gziphandler v1.1.1 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230626094100-7e9e0395ebec // indirect
github.com/aliyun/alibaba-cloud-sdk-go v1.62.301 // indirect
github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
github.com/Microsoft/go-winio v0.6.1 // indirect
github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
github.com/aliyun/alibaba-cloud-sdk-go v1.62.676 // indirect
github.com/armon/go-metrics v0.4.1 // indirect
github.com/armon/go-radix v1.0.0 // indirect
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
github.com/aws/aws-sdk-go v1.44.268 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/aws/aws-sdk-go v1.49.22 // indirect
github.com/axiomhq/hyperloglog v0.0.0-20220105174342-98591331716a // indirect
github.com/benbjohnson/immutable v0.4.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
github.com/bgentry/speakeasy v0.1.0 // indirect
github.com/boltdb/bolt v1.3.1 // indirect
github.com/boombuler/barcode v1.0.1 // indirect
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
github.com/cenkalti/backoff/v4 v4.2.0 // indirect
github.com/cenkalti/backoff/v4 v4.2.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
github.com/circonus-labs/circonusllhist v0.1.3 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
github.com/coreos/etcd v3.3.27+incompatible // indirect
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
github.com/coreos/pkg v0.0.0-20220810130054-c7d1c02cb6cf // indirect
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
github.com/denverdino/aliyungo v0.0.0-20190125010748-a747050bb1ba // indirect
github.com/dgryski/go-metro v0.0.0-20180109044635-280f6062b5bc // indirect
github.com/digitalocean/godo v1.7.5 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/reference v0.5.0 // indirect
github.com/docker/docker v25.0.2+incompatible // indirect
github.com/docker/go-connections v0.4.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74 // indirect
github.com/emicklei/go-restful/v3 v3.10.1 // indirect
github.com/emicklei/go-restful/v3 v3.11.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
github.com/fatih/color v1.15.0 // indirect
github.com/go-jose/go-jose/v3 v3.0.0 // indirect
github.com/go-logr/logr v1.2.3 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
github.com/gammazero/deque v0.2.1 // indirect
github.com/gammazero/workerpool v1.1.3 // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-logr/logr v1.4.1 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
github.com/go-ole/go-ole v1.2.6 // indirect
github.com/go-openapi/analysis v0.20.0 // indirect
github.com/go-openapi/errors v0.20.1 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.1 // indirect
github.com/go-openapi/loads v0.20.2 // indirect
github.com/go-openapi/runtime v0.19.24 // indirect
github.com/go-openapi/spec v0.20.3 // indirect
github.com/go-openapi/strfmt v0.20.0 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-openapi/validate v0.20.2 // indirect
github.com/go-openapi/analysis v0.21.4 // indirect
github.com/go-openapi/errors v0.20.4 // indirect
github.com/go-openapi/jsonpointer v0.20.0 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/loads v0.21.2 // indirect
github.com/go-openapi/spec v0.20.9 // indirect
github.com/go-openapi/strfmt v0.21.7 // indirect
github.com/go-openapi/swag v0.22.4 // indirect
github.com/go-openapi/validate v0.22.2 // indirect
github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect
github.com/go-sql-driver/mysql v1.6.0 // indirect
github.com/go-sql-driver/mysql v1.7.1 // indirect
github.com/go-test/deep v1.1.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/golang/snappy v0.0.4 // indirect
github.com/google/gnostic v0.5.7-v3refs // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/go-metrics-stackdriver v0.2.0 // indirect
github.com/google/go-querystring v1.1.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/s2a-go v0.1.4 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect
github.com/googleapis/gax-go/v2 v2.9.1 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/google/tink/go v1.7.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/gophercloud/gophercloud v0.1.0 // indirect
github.com/hashicorp-forge/bbolt v1.3.8-hc3 // indirect
github.com/hashicorp/cli v1.1.6 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/eventlogger v0.2.1 // indirect
github.com/hashicorp/eventlogger v0.2.8 // indirect
github.com/hashicorp/go-bexpr v0.1.12 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-discover v0.0.0-20210818145131-c573d69da192 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0 // indirect
github.com/hashicorp/go-kms-wrapping/v2 v2.0.9 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/aead/v2 v2.0.7-1 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2 v2.0.1 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.7 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.7 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.8 // indirect
github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.1 // indirect
github.com/hashicorp/go-kms-wrapping/v2 v2.0.16 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/aead/v2 v2.0.9 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2 v2.0.3 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.9 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.11 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.11 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2 v2.0.7 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/transit/v2 v2.0.7 // indirect
github.com/hashicorp/go-memdb v1.3.3 // indirect
github.com/hashicorp/go-msgpack v1.1.5 // indirect
github.com/hashicorp/go-kms-wrapping/wrappers/transit/v2 v2.0.11 // indirect
github.com/hashicorp/go-memdb v1.3.4 // indirect
github.com/hashicorp/go-msgpack/v2 v2.1.1 // indirect
github.com/hashicorp/go-multierror v1.1.1 // indirect
github.com/hashicorp/go-plugin v1.4.9 // indirect
github.com/hashicorp/go-plugin v1.6.0 // indirect
github.com/hashicorp/go-raftchunking v0.6.3-0.20191002164813-7e9e8525653a // indirect
github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
github.com/hashicorp/go-secure-stdlib/awsutil v0.2.3 // indirect
github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect
github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect
github.com/hashicorp/go-secure-stdlib/mlock v0.1.3 // indirect
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect
github.com/hashicorp/go-secure-stdlib/plugincontainer v0.3.0 // indirect
github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 // indirect
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 // indirect
github.com/hashicorp/go-sockaddr v1.0.2 // indirect
github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.3 // indirect
github.com/hashicorp/go-sockaddr v1.0.6 // indirect
github.com/hashicorp/go-syslog v1.0.0 // indirect
github.com/hashicorp/go-uuid v1.0.3 // indirect
github.com/hashicorp/go-version v1.6.0 // indirect
github.com/hashicorp/golang-lru v0.5.4 // indirect
github.com/hashicorp/golang-lru v1.0.2 // indirect
github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
github.com/hashicorp/hcp-sdk-go v0.23.0 // indirect
github.com/hashicorp/hcp-sdk-go v0.75.0 // indirect
github.com/hashicorp/mdns v1.0.4 // indirect
github.com/hashicorp/raft v1.3.10 // indirect
github.com/hashicorp/raft v1.6.0 // indirect
github.com/hashicorp/raft-autopilot v0.2.0 // indirect
github.com/hashicorp/raft-boltdb/v2 v2.0.0-20210421194847-a7e34179d62c // indirect
github.com/hashicorp/raft-boltdb/v2 v2.3.0 // indirect
github.com/hashicorp/raft-snapshot v1.0.4 // indirect
github.com/hashicorp/raft-wal v0.4.0 // indirect
github.com/hashicorp/vault-plugin-secrets-kv v0.17.0 // indirect
github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443 // indirect
github.com/hashicorp/yamux v0.1.1 // indirect
github.com/huandu/xstrings v1.4.0 // indirect
github.com/imdario/mergo v0.3.15 // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
github.com/jackc/pgconn v1.14.0 // indirect
github.com/jackc/pgio v1.0.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgproto3/v2 v2.3.2 // indirect
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
github.com/jackc/pgtype v1.14.0 // indirect
github.com/jackc/pgx/v4 v4.18.1 // indirect
github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f // indirect
github.com/jefferai/jsonx v1.0.0 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/joshlf/go-acl v0.0.0-20200411065538-eae00ae38531 // indirect
github.com/joyent/triton-go v1.7.1-0.20200416154420-6801d15b779f // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kelseyhightower/envconfig v1.4.0 // indirect
github.com/klauspost/compress v1.16.5 // indirect
github.com/klauspost/compress v1.16.7 // indirect
github.com/kylelemons/godebug v1.1.0 // indirect
github.com/linode/linodego v0.7.1 // indirect
github.com/lufia/plan9stats v0.0.0-20211012122336-39d0f177ccd0 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
github.com/mattn/go-isatty v0.0.19 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/miekg/dns v1.1.43 // indirect
github.com/mitchellh/cli v1.1.2 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/go-homedir v1.1.0 // indirect
github.com/mitchellh/go-testing-interface v1.14.1 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/pointerstructure v1.2.1 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 // indirect
github.com/oklog/run v1.1.0 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/okta/okta-sdk-golang/v2 v2.12.1 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect
github.com/oracle/oci-go-sdk/v60 v60.0.0 // indirect
github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c // indirect
@ -168,24 +209,29 @@ require (
github.com/petermattis/goid v0.0.0-20180202154549-b0b1615b78e5 // indirect
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
github.com/pires/go-proxyproto v0.6.1 // indirect
github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/platinummonkey/go-concurrency-limits v0.7.0 // indirect
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
github.com/posener/complete v1.2.3 // indirect
github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
github.com/pquerna/otp v1.2.1-0.20191009055518-468c2dd2b58d // indirect
github.com/prometheus/client_golang v1.14.0 // indirect
github.com/prometheus/client_model v0.3.0 // indirect
github.com/prometheus/client_model v0.4.0 // indirect
github.com/prometheus/common v0.37.0 // indirect
github.com/prometheus/procfs v0.8.0 // indirect
github.com/rboyer/safeio v0.2.1 // indirect
github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 // indirect
github.com/ryanuber/go-glob v1.0.0 // indirect
github.com/sasha-s/go-deadlock v0.2.0 // indirect
github.com/segmentio/fasthash v1.0.3 // indirect
github.com/sethvargo/go-limiter v0.7.1 // indirect
github.com/shirou/gopsutil/v3 v3.22.6 // indirect
github.com/sirupsen/logrus v1.9.0 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/sirupsen/logrus v1.9.3 // indirect
github.com/softlayer/softlayer-go v0.0.0-20180806151055-260589d94c7d // indirect
github.com/sony/gobreaker v0.4.2-0.20210216022020-dd874f9dd33b // indirect
github.com/sony/gobreaker v0.5.0 // indirect
github.com/spf13/cast v1.5.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stretchr/objx v0.5.0 // indirect
github.com/tencentcloud/tencentcloud-sdk-go v1.0.162 // indirect
@ -195,35 +241,47 @@ require (
github.com/vmware/govmomi v0.18.0 // indirect
github.com/yusufpapurcu/wmi v1.2.2 // indirect
go.etcd.io/bbolt v1.3.7 // indirect
go.mongodb.org/mongo-driver v1.11.6 // indirect
go.mongodb.org/mongo-driver v1.13.1 // indirect
go.opencensus.io v0.24.0 // indirect
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
go.opentelemetry.io/otel v1.23.1 // indirect
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.23.1 // indirect
go.opentelemetry.io/otel/metric v1.23.1 // indirect
go.opentelemetry.io/otel/sdk v1.23.1 // indirect
go.opentelemetry.io/otel/trace v1.23.1 // indirect
go.uber.org/atomic v1.11.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/sync v0.2.0 // indirect
golang.org/x/sys v0.15.0 // indirect
golang.org/x/term v0.15.0 // indirect
golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect
golang.org/x/mod v0.15.0 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/oauth2 v0.16.0 // indirect
golang.org/x/sync v0.6.0 // indirect
golang.org/x/sys v0.16.0 // indirect
golang.org/x/term v0.16.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/time v0.3.0 // indirect
google.golang.org/api v0.124.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20230525154841-bd750badd5c6 // indirect
google.golang.org/grpc v1.56.3 // indirect
google.golang.org/protobuf v1.30.0 // indirect
golang.org/x/time v0.5.0 // indirect
golang.org/x/tools v0.16.1 // indirect
google.golang.org/api v0.161.0 // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
google.golang.org/grpc v1.61.0 // indirect
google.golang.org/protobuf v1.32.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.66.2 // indirect
gopkg.in/resty.v1 v1.12.0 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/api v0.27.2 // indirect
k8s.io/apimachinery v0.27.2 // indirect
k8s.io/client-go v0.27.2 // indirect
k8s.io/klog/v2 v2.90.1 // indirect
k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 // indirect
k8s.io/api v0.29.1 // indirect
k8s.io/apimachinery v0.29.1 // indirect
k8s.io/client-go v0.29.1 // indirect
k8s.io/klog/v2 v2.110.1 // indirect
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
nhooyr.io/websocket v1.8.7 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

1116
go.sum

File diff suppressed because it is too large Load diff

View file

@ -2,15 +2,13 @@
// Copyright (c) HashiCorp, Inc.
// Copyright (c) Matter Labs
package tee
package vault_auth_tee
import (
"context"
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/logical"
"github.com/matter-labs/vault-auth-tee/version"
)
func pathInfo(b *backend) *framework.Path {
@ -33,8 +31,8 @@ get help.
func (b *backend) pathInfoRead(ctx context.Context, req *logical.Request, _ *framework.FieldData) (*logical.Response, error) {
return &logical.Response{
Data: map[string]interface{}{
"name": version.Name,
"version": version.Version,
"name": Name,
"version": Version,
},
}, nil
}

View file

@ -2,7 +2,7 @@
// Copyright (c) HashiCorp, Inc.
// Copyright (c) Matter Labs
package tee
package vault_auth_tee
import (
"bytes"
@ -21,8 +21,6 @@ import (
"github.com/hashicorp/vault/sdk/helper/cidrutil"
"github.com/hashicorp/vault/sdk/helper/policyutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/matter-labs/vault-auth-tee/ratee"
)
var timeNowFunc = time.Now
@ -81,7 +79,7 @@ func (b *backend) pathLoginResolveRole(ctx context.Context, req *logical.Request
return logical.ErrorResponse("quote decode error"), nil
}
var quote = ratee.Quote{}
var quote = Quote{}
var byteReader = bytes.NewReader(quoteBytes)
err = binary.Read(byteReader, binary.BigEndian, &quote)
if err != nil {
@ -228,7 +226,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
}
// Do a quick check of the quote before doing the expensive verification
var quoteStart = ratee.Quote{}
var quoteStart = Quote{}
var byteReader = bytes.NewReader(quoteBytes)
err = binary.Read(byteReader, binary.BigEndian, &quoteStart)
if err != nil {
@ -258,14 +256,14 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
// Decode the collateral
jsonCollateralBlob := data.Get("collateral").(string)
var collateral ratee.TeeQvCollateral
var collateral TeeQvCollateral
err = json.Unmarshal([]byte(jsonCollateralBlob), &collateral)
if err != nil {
return logical.ErrorResponse("collateral unmarshal error"), nil
}
// Do the actual remote attestation verification
result, err := ratee.SgxVerifyRemoteReportCollateral(quoteBytes, collateral, timeNowFunc().Unix())
result, err := SgxVerifyRemoteReportCollateral(quoteBytes, collateral, timeNowFunc().Unix())
if err != nil {
return logical.ErrorResponse("sgx verify error"), nil
}
@ -274,7 +272,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
return logical.ErrorResponse("collateral expired"), nil
}
if result.VerificationResult != ratee.SgxQlQvResultOk {
if result.VerificationResult != SgxQlQvResultOk {
if entry.SgxAllowedTcbLevels[result.VerificationResult] != true {
return logical.ErrorResponse("invalid TCB state %v", result.VerificationResult), nil
}
@ -324,7 +322,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
return logical.ErrorResponse("challenge decode error"), nil
}
ourQuote, err := ratee.SgxGetQuote(challengeBytes)
ourQuote, err := SgxGetQuote(challengeBytes)
if err != nil {
return logical.ErrorResponse("vault quote error"), nil
}
@ -333,7 +331,7 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
respData["quote"] = quoteBase64
collateral, err := ratee.SgxGetCollateral(ourQuote)
collateral, err := SgxGetCollateral(ourQuote)
if err != nil {
return logical.ErrorResponse("vault collateral error"), nil
}

View file

@ -2,7 +2,7 @@
// Copyright (c) HashiCorp, Inc.
// Copyright (c) Matter Labs
package tee
package vault_auth_tee
import (
"context"

View file

@ -2,7 +2,7 @@
// Copyright (c) HashiCorp, Inc.
// Copyright (c) Matter Labs
package tee
package vault_auth_tee
import "C"
import (
@ -15,8 +15,6 @@ import (
"github.com/hashicorp/vault/sdk/framework"
"github.com/hashicorp/vault/sdk/helper/tokenutil"
"github.com/hashicorp/vault/sdk/logical"
"github.com/matter-labs/vault-auth-tee/ratee"
)
func pathListTees(b *backend) *framework.Path {
@ -280,22 +278,22 @@ func handleSGXConfig(d *framework.FieldData, tee *TeeEntry) (*logical.Response,
}
if sgxAllowedTcbLevelsRaw, ok := d.GetOk("sgx_allowed_tcb_levels"); ok {
tee.SgxAllowedTcbLevels = make(map[ratee.SgxQlQvResult]bool)
tee.SgxAllowedTcbLevels = make(map[SgxQlQvResult]bool)
for _, v := range sgxAllowedTcbLevelsRaw.([]string) {
var state ratee.SgxQlQvResult
var state SgxQlQvResult
switch v {
case "Ok":
state = ratee.SgxQlQvResultOk
state = SgxQlQvResultOk
case "ConfigNeeded":
state = ratee.SgxQlQvResultConfigNeeded
state = SgxQlQvResultConfigNeeded
case "OutOfDate":
state = ratee.SgxQlQvResultOutOfDate
state = SgxQlQvResultOutOfDate
case "OutOfDateConfigNeeded":
state = ratee.SgxQlQvResultOutOfDateConfigNeeded
state = SgxQlQvResultOutOfDateConfigNeeded
case "SwHardeningNeeded":
state = ratee.SgxQlQvResultSwHardeningNeeded
state = SgxQlQvResultSwHardeningNeeded
case "ConfigAndSwHardeningNeeded":
state = ratee.SgxQlQvResultConfigAndSwHardeningNeeded
state = SgxQlQvResultConfigAndSwHardeningNeeded
default:
return logical.ErrorResponse("invalid sgx_allowed_tcb_levels value"), logical.ErrInvalidRequest
}
@ -315,7 +313,7 @@ type TeeEntry struct {
SgxMrenclave string
SgxIsvProdid int
SgxMinIsvSvn int
SgxAllowedTcbLevels map[ratee.SgxQlQvResult]bool
SgxAllowedTcbLevels map[SgxQlQvResult]bool
}
const pathTeeHelpSyn = `

View file

@ -1,7 +1,7 @@
// SPDX-License-Identifier: MPL-2.0
// Copyright (c) Matter Labs
package ratee
package vault_auth_tee
// #cgo LDFLAGS: -lsgx_dcap_quoteverify -ldl
/*

View file

@ -1,7 +1,7 @@
// SPDX-License-Identifier: MPL-2.0
// Copyright (c) Matter Labs
package ratee
package vault_auth_tee
import (
"encoding/base64"

View file

@ -11,7 +11,7 @@
//
// From https://github.com/cloudflare/cfssl/blob/master/ocsp/responder.go
package tee
package vault_auth_tee
import (
"crypto"

View file

@ -1,7 +1,7 @@
// SPDX-License-Identifier: MPL-2.0
// Copyright (c) Matter Labs
package version
package vault_auth_tee
const Version = "0.1.0+dev"
const Name = "vault-auth-tee"