diff --git a/.golangci.yml b/.golangci.yml deleted file mode 100644 index e9d1870a..00000000 --- a/.golangci.yml +++ /dev/null @@ -1,11 +0,0 @@ -run: - tests: false - modules-download-mode: readonly - -linters: - disable: - - deadcode - - varcheck - - unused - enable: - - gosec \ No newline at end of file diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 34232e1a..00000000 --- a/.travis.yml +++ /dev/null @@ -1,33 +0,0 @@ -dist: xenial -sudo: required -services: - - docker -language: go -go: - - "1.12.x" -env: GOFLAGS=-mod=vendor - -git: - depth: 1 - -install: - # This script is used by the Travis build to install a cookie for - # go.googlesource.com so rate limits are higher when using `go get` to fetch - # packages that live there. - # See: https://github.com/golang/go/issues/12933 - - bash scripts/gogetcookies.sh - - make tools - -script: - - make lint - - make test - - make website-lint - - make website-test - -branches: - only: - - master -matrix: - fast_finish: true - allow_failures: - - go: tip diff --git a/CHANGELOG.md b/CHANGELOG.md index d6484efe..64647713 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,6 @@ +## 0.16.0 (May 16, 2022) +Upgraded plugin to SDKv2 + ## 0.15.5 (April 14, 2022) Fixed a bug in backward compatibility with PKCS#1 Keys diff --git a/GNUmakefile b/GNUmakefile deleted file mode 100644 index 27c60c3b..00000000 --- a/GNUmakefile +++ /dev/null @@ -1,68 +0,0 @@ -SWEEP?=us-east-1,us-west-2 -TEST?=./... -GOFMT_FILES?=$$(find . -name '*.go' |grep -v vendor) -PKG_NAME=venafi -WEBSITE_REPO=github.com/hashicorp/terraform-website - -default: build - -build: fmtcheck - go install - -sweep: - @echo "WARNING: This will destroy infrastructure. Use only in development accounts." - go test $(TEST) -v -sweep=$(SWEEP) $(SWEEPARGS) - -test: fmtcheck - go test $(TEST) -timeout=30s -parallel=4 - -testacc: fmtcheck - TF_ACC=1 go test $(TEST) -v -parallel 20 $(TESTARGS) -timeout 120m - -fmt: - @echo "==> Fixing source code with gofmt..." - gofmt -s -w ./$(PKG_NAME) - -# Currently required by tf-deploy compile -fmtcheck: - @sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'" - -websitefmtcheck: - @sh -c "'$(CURDIR)/scripts/websitefmtcheck.sh'" - -lint: - @echo "==> Checking source code against linters..." - @GOGC=30 golangci-lint run --timeout 5m ./$(PKG_NAME) - -tools: - GO111MODULE=on go install github.com/client9/misspell/cmd/misspell - GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint - -test-compile: - @if [ "$(TEST)" = "./..." ]; then \ - echo "ERROR: Set TEST to a specific package. For example,"; \ - echo " make test-compile TEST=./$(PKG_NAME)"; \ - exit 1; \ - fi - go test -c $(TEST) $(TESTARGS) - -website: -ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO))) - echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..." - git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO) -endif - @$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME) - -website-lint: - @echo "==> Checking website against linters..." - @misspell -error -source=text website/ - -website-test: -ifeq (,$(wildcard $(GOPATH)/src/$(WEBSITE_REPO))) - echo "$(WEBSITE_REPO) not found in your GOPATH (necessary for layouts and assets), get-ting..." - git clone https://$(WEBSITE_REPO) $(GOPATH)/src/$(WEBSITE_REPO) -endif - @$(MAKE) -C $(GOPATH)/src/$(WEBSITE_REPO) website-provider-test PROVIDER_PATH=$(shell pwd) PROVIDER_NAME=$(PKG_NAME) - -.PHONY: build sweep test testacc fmt fmtcheck lint tools test-compile website website-lint website-test - diff --git a/README.md b/README.md index e46f63de..56199a73 100644 --- a/README.md +++ b/README.md @@ -134,6 +134,9 @@ this transition in [here](https://github.com/Venafi/vcert/releases/tag/v4.17.0)) For backward compatibility during Terraform state refresh please update to version 0.15.5 or above. +> :warning: As a part for upgrading our provider to SDK version 2, we dropped support +for Terraform version 0.11 and below. + 1. Declare that the Venafi Provider is required: ```text diff --git a/go.mod b/go.mod index fb4ec159..dc241af7 100644 --- a/go.mod +++ b/go.mod @@ -3,11 +3,16 @@ module github.com/terraform-providers/terraform-provider-venafi go 1.12 require ( - github.com/Venafi/vcert/v4 v4.18.2 + github.com/Venafi/vcert/v4 v4.19.0 github.com/client9/misspell v0.3.4 github.com/golangci/golangci-lint v1.21.0 - github.com/hashicorp/terraform-plugin-sdk v1.1.0 - github.com/pkg/errors v0.8.1 + github.com/hashicorp/terraform-plugin-log v0.3.0 + github.com/hashicorp/terraform-plugin-sdk/v2 v2.14.0 + github.com/pkg/errors v0.9.1 + github.com/spf13/afero v1.2.2 // indirect github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a + golang.org/x/tools v0.0.0-20201028111035-eafbe7b904eb // indirect + google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d // indirect + honnef.co/go/tools v0.0.1-2020.1.4 // indirect software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237 ) diff --git a/go.sum b/go.sum index bf65da93..3b13428d 100644 --- a/go.sum +++ b/go.sum @@ -4,62 +4,69 @@ cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSR cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= -cloud.google.com/go v0.46.3 h1:AVXDdKsrtX33oR9fbCMu/+c1o8Ofjq6Ku/MInaLVg5Y= cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= -cloud.google.com/go/bigquery v1.0.1 h1:hL+ycaJpVE9M7nLoiXb/Pn10ENE2u+oddxbD8uu0ZVU= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= -cloud.google.com/go/datastore v1.0.0 h1:Kt+gOPPp2LEPWp8CSfxhsM8ik9CcyE/gYu+0r+RnZvM= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/firestore v1.1.0/go.mod h1:ulACoGHTpvq5r8rxGJ4ddJZBZqakUQqClKRT5SZwBmk= -cloud.google.com/go/pubsub v1.0.1 h1:W9tAK3E57P75u0XLLR82LZyw8VpAnhmyTOxW9qzmyj8= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= -cloud.google.com/go/storage v1.0.0 h1:VV2nUM3wwLLGh9lSABFgZMjInyUbJeaRSE64WuAIQ+4= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= +github.com/Microsoft/go-winio v0.4.16 h1:FtSW/jqD+l4ba5iPBj9CODVtgfYAD8w2wS923g/cFDk= +github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OpenPeeDeeP/depguard v1.0.1 h1:VlW4R6jmBIv3/u1JNlawEvJMM4J+dPORPaZasQee8Us= github.com/OpenPeeDeeP/depguard v1.0.1/go.mod h1:xsIw86fROiiwelg+jB2uM9PiKihMMmUx/1V+TNhjQvM= +github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 h1:YoJbenK9C67SkzkDfmQuVln04ygHj3vjZfd9FL+GmQQ= +github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7/go.mod h1:z4/9nQmJSSwwds7ejkxaJwO37dru3geImFUdJlaLzQo= github.com/StackExchange/wmi v0.0.0-20180116203802-5d049714c4a6/go.mod h1:3eOhrUMpNV+6aFIbp5/iudMxNCF27Vw2OZgy4xEx0Fg= -github.com/Venafi/vcert/v4 v4.18.2 h1:pOX2AEDp5ozErcDC7dh9f32J3UJPBrQIJQaEnqijbHc= -github.com/Venafi/vcert/v4 v4.18.2/go.mod h1:VcojF47VAzBnYHSRrb0SwOCmMpWJczajTuPiZNDJJSo= +github.com/Venafi/vcert/v4 v4.19.0 h1:/zIl9+s6uIjtI/LazPplrcSgThbwJkUx1XbyET3u8Iw= +github.com/Venafi/vcert/v4 v4.19.0/go.mod h1:VcojF47VAzBnYHSRrb0SwOCmMpWJczajTuPiZNDJJSo= +github.com/acomagu/bufpipe v1.0.3 h1:fxAGrHZTgQ9w5QqVItgzwj235/uYZYgbXitB+dLupOk= +github.com/acomagu/bufpipe v1.0.3/go.mod h1:mxdxdup/WdsKVreO5GpW4+M/1CE2sMG4jeGJ2sYmHc4= github.com/agext/levenshtein v1.2.1/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/agext/levenshtein v1.2.2 h1:0S/Yg6LYmFJ5stwQeRp6EeOcCbj7xiqQSdNelsXvaqE= github.com/agext/levenshtein v1.2.2/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= -github.com/agl/ed25519 v0.0.0-20170116200512-5312a6153412/go.mod h1:WPjqKcmVOxf0XSf3YxCJs6N6AOSrOx3obionmG7T0y0= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= -github.com/apparentlymart/go-cidr v1.0.1 h1:NmIwLZ/KdsjIUlhf+/Np40atNXm/+lZ5txfTJ/SpF+U= -github.com/apparentlymart/go-cidr v1.0.1/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= -github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3 h1:ZSTrOEhiM5J5RFxEaFvMZVEAM1KvT1YzbEOwB2EAGjA= +github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA= +github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= +github.com/apparentlymart/go-cidr v1.1.0/go.mod h1:EBcsNrHc3zQeuaeCeCtQruQm+n9/YjEn/vI25Lg7Gwc= github.com/apparentlymart/go-dump v0.0.0-20180507223929-23540a00eaa3/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= +github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0 h1:MzVXffFUye+ZcSR6opIgz9Co7WcDx6ZcY+RjfFHoA0I= +github.com/apparentlymart/go-dump v0.0.0-20190214190832-042adf3cf4a0/go.mod h1:oL81AME2rN47vu18xqj1S1jPIPuN7afo62yKTNn3XMM= github.com/apparentlymart/go-textseg v1.0.0 h1:rRmlIsPEEhUTIKQb7T++Nz/A5Q6C9IuX2wFoYVvnCs0= github.com/apparentlymart/go-textseg v1.0.0/go.mod h1:z96Txxhf3xSFMPmb5X/1W05FF/Nj9VFpLOpjS5yuumk= +github.com/apparentlymart/go-textseg/v12 v12.0.0/go.mod h1:S/4uRK2UtaQttw1GenVJEynmyUenKwP++x/+DdGV/Ec= +github.com/apparentlymart/go-textseg/v13 v13.0.0 h1:Y+KvPE1NYz0xl601PVImeQfFyEy6iT90AvPUL1NNfNw= +github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= -github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= -github.com/aws/aws-sdk-go v1.15.78/go.mod h1:E3/ieXAlvM0XWO57iftYVDLLvQ824smPP3ATZkfNZeM= -github.com/aws/aws-sdk-go v1.19.39 h1:pIez14zQWSd/TER2Scohm7aCEG2TgoyXSOX6srOKt6o= -github.com/aws/aws-sdk-go v1.19.39/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= -github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= -github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= -github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84= github.com/bombsimon/wsl v1.2.5 h1:9gTOkIwVtoDZywvX802SDHokeX4kW1cKnV8ZTVAPkRs= github.com/bombsimon/wsl v1.2.5/go.mod h1:43lEF/i0kpXbLCeDXL9LMT8c92HyBywXb0AsgMHYngM= -github.com/bsm/go-vlq v0.0.0-20150828105119-ec6e8d4f5f4e/go.mod h1:N+BjUcTjSxc2mtRGSCPsat1kze3CUtvJN3/jTXlp29k= +github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cheggaaa/pb v1.0.27/go.mod h1:pQciLPpbU0oxA0h+VJYYLxO+XeDQb5pZijXscXHm81s= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= @@ -71,18 +78,40 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= +github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ= +github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/gliderlabs/ssh v0.2.2 h1:6zsha5zo/TWhRhwqCD3+EarCAgZ2yN28ipRnGPnwkI0= +github.com/gliderlabs/ssh v0.2.2/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0= github.com/go-critic/go-critic v0.3.5-0.20190904082202-d79a9f0c64db h1:GYXWx7Vr3+zv833u+8IoXbNnQY0AdXsxAgI0kX7xcwA= github.com/go-critic/go-critic v0.3.5-0.20190904082202-d79a9f0c64db/go.mod h1:+sE8vrLDS2M0pZkBk0wy6+nLdKexVDrl/jBqQOTDThA= +github.com/go-git/gcfg v1.5.0 h1:Q5ViNfGF8zFgyJWPqYwA7qGFoMTEiBmdlkcfRmpIMa4= +github.com/go-git/gcfg v1.5.0/go.mod h1:5m20vg6GwYabIxaOonVkTdrILxQMpEShl1xiMF4ua+E= +github.com/go-git/go-billy/v5 v5.2.0/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-billy/v5 v5.3.1 h1:CPiOUAzKtMRvolEKw+bG1PLRpT7D3LIs3/3ey4Aiu34= +github.com/go-git/go-billy/v5 v5.3.1/go.mod h1:pmpqyWchKfYfrkb/UVH4otLvyi/5gJlGI4Hb3ZqZ3W0= +github.com/go-git/go-git-fixtures/v4 v4.2.1 h1:n9gGL1Ct/yIw+nfsfr8s4+sbhT+Ncu2SubfXjIWgci8= +github.com/go-git/go-git-fixtures/v4 v4.2.1/go.mod h1:K8zd3kDUAykwTdDCr+I0per6Y6vMiRR/nnVTBtavnB0= +github.com/go-git/go-git/v5 v5.4.2 h1:BXyZu9t0VkbiHtqrsvdq39UDhGJTl1h55VW6CSC4aY4= +github.com/go-git/go-git/v5 v5.4.2/go.mod h1:gQ1kArt6d+n+BGd+/B/I74HwRTLhth2+zti4ihgckDc= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-lintpack/lintpack v0.5.2 h1:DI5mA3+eKdWeJ40nU4d6Wc26qmdG8RCi/btYq0TuRN0= @@ -121,19 +150,28 @@ github.com/gofrs/flock v0.0.0-20190320160742-5135e617513b/go.mod h1:F1TvTiK9OcQq github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= -github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= -github.com/golang/mock v1.3.1 h1:qGJ6qTW+x6xX/my+8YUVl4WNpX9B7+/l2tRsHGZ7f2s= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= github.com/golang/protobuf v1.1.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.2 h1:ROPKBNFfQgOUMifHyP+KYbvpjbdoFNs+aK7DXlji0Tw= +github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2 h1:23T5iq8rbUYlhpt5DB4XJkc6BU31uODLD1o1gKvZmD0= github.com/golangci/check v0.0.0-20180506172741-cfe4005ccda2/go.mod h1:k9Qvh+8juN+UKMCS/3jFtGICgW8O96FVaZsaxdzDkR4= github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a h1:w8hkcTqaFpzKqonE9uMCefW1WDie15eSP/4MssdenaM= @@ -167,17 +205,20 @@ github.com/golangci/unconvert v0.0.0-20180507085042-28b1c447d1f4/go.mod h1:Izgrg github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= -github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= -github.com/google/martian v2.1.0+incompatible h1:/CP5g8u/VJHijgedC/Legn3BAbAaWPgecwXBIDzw5no= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7 h1:81/ik6ipDQS2aGcBfIN5dHDB36BwrStyeAQquSYCV4o= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= -github.com/googleapis/gax-go/v2 v2.0.5 h1:sjZBwGj9Jlw33ImPtvFviGYvseOtDM7hkSKB7+Tv3SM= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= @@ -188,77 +229,91 @@ github.com/gostaticanalysis/analysisutil v0.0.0-20190318220348-4088753ea4d3/go.m github.com/grpc-ecosystem/go-grpc-middleware v1.0.0/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= +github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= -github.com/hashicorp/errwrap v0.0.0-20180715044906-d6c0cd880357/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= +github.com/hashicorp/go-checkpoint v0.5.0 h1:MFYpPZCnQqQTE18jFwSII6eUQrD/oxMFp3mlgcqk5mU= +github.com/hashicorp/go-checkpoint v0.5.0/go.mod h1:7nfLNL10NsxqO4iWuW6tWW0HjZuDrwkBuEQsVcpCOgg= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-cleanhttp v0.5.1 h1:dH3aiDG9Jvb5r5+bYHsikaOUIpcM0xvgMXVoDkXMzJM= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= -github.com/hashicorp/go-getter v1.4.0 h1:ENHNi8494porjD0ZhIrjlAHnveSFhY7hvOJrV/fsKkw= -github.com/hashicorp/go-getter v1.4.0/go.mod h1:7qxyCd8rBfcShwsvxgIguu4KbS3l8bUCwg2Umn7RjeY= -github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= -github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320 h1:1/D3zfFHttUKaCaGKZ/dR2roBXv0vKbSCnssIldfQdI= +github.com/hashicorp/go-cty v1.4.1-0.20200414143053-d3edf31b6320/go.mod h1:EiZBMaudVLy8fmjf9Npq1dq9RalhveqZG5w/yz3mHWs= +github.com/hashicorp/go-hclog v0.14.1/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= +github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM= +github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-multierror v0.0.0-20180717150148-3d5d8f294aa0/go.mod h1:JMRHfdO9jKNzS/+BTlxCjKNQHg/jZAft8U7LloJvN7I= -github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= -github.com/hashicorp/go-plugin v1.0.1 h1:4OtAfUGbnKC6yS48p0CtMX2oFYtzFZVv6rok3cRWgnE= -github.com/hashicorp/go-plugin v1.0.1/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= +github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= +github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= +github.com/hashicorp/go-plugin v1.4.3 h1:DXmvivbWD5qdiBts9TpBC7BYL1Aia5sxbRgQB+v6UZM= +github.com/hashicorp/go-plugin v1.4.3/go.mod h1:5fGEH17QVwTTcR0zV7yhDPLLmFX9YSZ38b18Udy6vYQ= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= -github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= -github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.1 h1:fv1ep09latC32wFoVwnqcnKJGnMSdBanPczbHAYm1BE= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-version v1.1.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+dIzX/E= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.3.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.4.0 h1:aAQzgqIrRKRa7w75CKpbBxYsmUoPjzVm1W59ca1L0J4= +github.com/hashicorp/go-version v1.4.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v0.0.0-20170504190234-a4b07c25de5f/go.mod h1:oZtUIOe8dh44I2q6ScRibXws4Ajl+d+nod3AaR9vL5w= +github.com/hashicorp/hc-install v0.3.1 h1:VIjllE6KyAI1A244G8kTaHXy+TL5/XYzvrtFi8po/Yk= +github.com/hashicorp/hc-install v0.3.1/go.mod h1:3LCdWcCDS1gaHC9mhHCGbkYfoY6vdsKohGjugbZdZak= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= -github.com/hashicorp/hcl2 v0.0.0-20190821123243-0c888d1241f6 h1:JImQpEeUQ+0DPFMaWzLA0GdUNPaUlCXLpfiqkSZBUfc= -github.com/hashicorp/hcl2 v0.0.0-20190821123243-0c888d1241f6/go.mod h1:Cxv+IJLuBiEhQ7pBYGEuORa0nr4U994pE8mYLuFd7v0= -github.com/hashicorp/hil v0.0.0-20190212112733-ab17b08d6590 h1:2yzhWGdgQUWZUCNK+AoO35V+HTsgEmcM4J9IkArh7PI= -github.com/hashicorp/hil v0.0.0-20190212112733-ab17b08d6590/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE= +github.com/hashicorp/hcl/v2 v2.11.1 h1:yTyWcXcm9XB0TEkyU/JCRU6rYy4K+mgLtzn2wlrJbcc= +github.com/hashicorp/hcl/v2 v2.11.1/go.mod h1:FwWsfWEjyV/CMj8s/gqAuiviY72rJ1/oayI9WftqcKg= github.com/hashicorp/logutils v1.0.0 h1:dLEQVugN8vlakKOUE3ihGLTZJRB4j+M2cdTm/ORI65Y= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= -github.com/hashicorp/terraform-config-inspect v0.0.0-20190821133035-82a99dc22ef4 h1:fTkL0YwjohGyN7AqsDhz6bwcGBpT+xBqi3Qhpw58Juw= -github.com/hashicorp/terraform-config-inspect v0.0.0-20190821133035-82a99dc22ef4/go.mod h1:JDmizlhaP5P0rYTTZB0reDMefAiJyfWPEtugV4in1oI= -github.com/hashicorp/terraform-plugin-sdk v1.1.0 h1:fFn2JYcwTnIuRKgc3pX2SJDsrc1FckfaJ8aStN1HInw= -github.com/hashicorp/terraform-plugin-sdk v1.1.0/go.mod h1:NuwtLpEpPsFaKJPJNGtMcn9vlhe6Ofe+Y6NqXhJgV2M= +github.com/hashicorp/terraform-exec v0.16.1 h1:NAwZFJW2L2SaCBVZoVaH8LPImLOGbPLkSHy0IYbs2uE= +github.com/hashicorp/terraform-exec v0.16.1/go.mod h1:aj0lVshy8l+MHhFNoijNHtqTJQI3Xlowv5EOsEaGO7M= +github.com/hashicorp/terraform-json v0.13.0 h1:Li9L+lKD1FO5RVFRM1mMMIBDoUHslOniyEi5CM+FWGY= +github.com/hashicorp/terraform-json v0.13.0/go.mod h1:y5OdLBCT+rxbwnpxZs9kGL7R9ExU76+cpdY8zHwoazk= +github.com/hashicorp/terraform-plugin-go v0.9.0 h1:FvLY/3z4SNVatPZdoFcyrlNbCar+WyyOTv5X4Tp+WZc= +github.com/hashicorp/terraform-plugin-go v0.9.0/go.mod h1:EawBkgjBWNf7jiKnVoyDyF39OSV+u6KUX+Y73EPj3oM= +github.com/hashicorp/terraform-plugin-log v0.3.0 h1:NPENNOjaJSVX0f7JJTl4f/2JKRPQ7S2ZN9B4NSqq5kA= +github.com/hashicorp/terraform-plugin-log v0.3.0/go.mod h1:EjueSP/HjlyFAsDqt+okpCPjkT4NDynAe32AeDC4vps= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.14.0 h1:GZ8NY74rxObB7QHE/JiuBW0ZEr04rlplR/TVrkgw3rw= +github.com/hashicorp/terraform-plugin-sdk/v2 v2.14.0/go.mod h1:+m4FDQ8h1ulz7zpWtqmZn2JSZQDXUVibhUShbkQVId4= +github.com/hashicorp/terraform-registry-address v0.0.0-20210412075316-9b2996cce896 h1:1FGtlkJw87UsTMg5s8jrekrHmUPUJaMcu6ELiVhQrNw= +github.com/hashicorp/terraform-registry-address v0.0.0-20210412075316-9b2996cce896/go.mod h1:bzBPnUIkI0RxauU8Dqo+2KrZZ28Cf48s8V6IHt3p4co= +github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 h1:HKLsbzeOsfXmKNpr3GiT18XAblV0BjCbzL8KQAMZGa0= +github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734/go.mod h1:kNDNcF7sN4DocDLBkQYz73HGKwN1ANB1blq4lIYLYvg= github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d h1:kJCB4vdITiW1eC1vq2e6IsrXKrZit1bv/TDYFGMp4BQ= github.com/hashicorp/yamux v0.0.0-20181012175058-2f1d1f20f75d/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= +github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0 h1:Z8tu5sraLXCXIcARxBp/8cbvlwVa7Z1NHg9XEKhtSvM= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= -github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= -github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af h1:pmfjZENx5imkbgOkpRUYLnmbU7UEFbjtDA2hxJ1ichM= -github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= +github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= +github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4= +github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= +github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= -github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024 h1:rBMNdlhTLzJjJSDIjNEXX1Pz3Hmwmz91v+zycvx9PJc= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= -github.com/keybase/go-crypto v0.0.0-20161004153544-93f5b35093ba/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M= +github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 h1:DowS9hvgyYSX4TO5NpyC606/Z4SxnNYbT+WX27or6Ck= +github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= @@ -269,12 +324,14 @@ github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgo github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= -github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1 h1:Fmg33tUaq4/8ym9TJN1x7sLJnHVwhP33CNkpYV/7rwI= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.8/go.mod h1:O1sed60cT9XZ5uDucP5qwvh+TE3NnUj51EiZO/lmSfw= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= @@ -285,74 +342,73 @@ github.com/magiconair/properties v1.8.1 h1:ZC2Vc7/ZFkGmsVC9KvOjumD+G5lXy2RtTKyzR github.com/magiconair/properties v1.8.1/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb h1:RHba4YImhrUVQDHUCe2BNSOz4tVy2yGyXhvYDvxGgeE= github.com/matoous/godox v0.0.0-20190911065817-5d6d842e92eb/go.mod h1:1BELzlh859Sh1c6+90blK8lbYy0kwQf1bYlBhBysy1s= +github.com/matryer/is v1.2.0 h1:92UTHpy8CDwaJ08GqLDzhhuixiBUUD1p3AU6PHddz4A= +github.com/matryer/is v1.2.0/go.mod h1:2fLPjFQM9rhQ15aVEtbuwhJinnOqrmgXPNdZsdwlWXA= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4 h1:snbPLB8fVfU9iwbbo30TPtbLRzwWu6aJS6Xh4eaaviA= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= -github.com/mattn/go-isatty v0.0.8 h1:HLtExJ+uU2HOZ+wI0Tt5DtUDrx8yhUqDcp7fYERX4CE= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= +github.com/mattn/go-isatty v0.0.10 h1:qxFzApOv4WsAL965uUPIsXzAKCZxN2p9UqdhFS4ZW10= +github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/goveralls v0.0.2/go.mod h1:8d1ZMHsd7fW6IRPKQh46F2WRpyib5/X4FOpevwGNQEw= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= -github.com/mitchellh/cli v1.0.0 h1:iGBIsUe3+HZ/AD/Vd7DErOt5sU9fa8Uj7A2s1aggv1Y= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db h1:62I3jR2EmQ4l5rM/4FEfDWcRD+abF5XlKShorW5LRoQ= -github.com/mitchellh/colorstring v0.0.0-20190213212951-d06e56a500db/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= -github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMKeZ+mmkFQ= -github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= +github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= +github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-ps v0.0.0-20190716172923-621e5597135b/go.mod h1:r1VsdOzOPt1ZSrGZWFoNhsAedKnEd6r9Np1+5blZCWk= github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= +github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/go-wordwrap v0.0.0-20150314170334-ad45545899c7/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/mitchellh/reflectwalk v1.0.1 h1:FVzMWA5RllMAKIdUSC8mdWo3XtwoecrH79BY70sEEpE= -github.com/mitchellh/reflectwalk v1.0.1/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= +github.com/mitchellh/mapstructure v1.4.3 h1:OVowDSCllw/YjdLkam3/sm7wEtOy59d8ndGgCcyj8cs= +github.com/mitchellh/mapstructure v1.4.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= +github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/mozilla/tls-observatory v0.0.0-20190404164649-a3c1b6cfecfd/go.mod h1:SrKMQvPiws7F7iqYp8/TX+IhxCYhzr6N/1yb8cwHsGk= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d h1:AREM5mwr4u1ORQBMvzfzBgpsctsbQikCVpvC+tX285E= github.com/nbutton23/zxcvbn-go v0.0.0-20180912185939-ae427f1e4c1d/go.mod h1:o96djdrsSGy3AWPyBgZMAGfxZNfgntdJG+11KU4QvbU= +github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= +github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce h1:RPclfga2SEJmgMmz2k+Mg7cowZ8yv4Trqw9UsJby758= +github.com/nsf/jsondiff v0.0.0-20200515183724-f29ed568f4ce/go.mod h1:uFMI8w+ref4v2r9jz+c9i1IfIttS/OkmLfrk1jne5hs= github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw= github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo= github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pavel-v-chernykh/keystore-go/v4 v4.1.0/go.mod h1:2ejgys4qY+iNVW1IittZhyRYA6MNv8TgM6VHqojbB9g= github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= -github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/posener/complete v1.2.1 h1:LrvDIY//XNo65Lq84G/akBuMGlawHvGBABv8f/ZN6DI= -github.com/posener/complete v1.2.1/go.mod h1:6gapUrK/U1TAN7ciCoNRIdVC5sbdBTUh1DKN0g6uH7E= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro= github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= @@ -360,15 +416,19 @@ github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7z github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU= github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:5STLWrekHfjyYwxBRVRXNOSewLJ3PWfDJd1VyTS21fI= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/sebdah/goldie v1.0.0/go.mod h1:jXP4hmWywNEwZzhMuv2ccnqTSFpuq8iyQhtQdkkZBH4= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d h1:BzRvVq1EHuIjxpijCEKpAxzKUUMurOQ4sknehIATRh8= github.com/securego/gosec v0.0.0-20191002120514-e680875ea14d/go.mod h1:w5+eXa0mYznDkHaMCXA4XYffjlH+cy1oyKbfzJXa2Do= -github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= +github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ= +github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shirou/gopsutil v0.0.0-20190901111213-e4ec7b275ada/go.mod h1:WWnYX4lzhCH5h/3YBfyVA3VbLYjlMZZAQcW9ojMexNc= github.com/shirou/w32 v0.0.0-20160930032740-bb4de0191aa4/go.mod h1:qsXQc7+bwAM3Q1u/4XEfrquwF8Lw7D7y5cD8CuHnfIc= github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e h1:MZM7FHLqUHYI0Y/mQAt3d2aYa0SiNms/hFqC9qJYolM= @@ -377,6 +437,7 @@ github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041 h1:llrF3Fs4018ePo github.com/shurcooL/go-goon v0.0.0-20170922171312-37c2f522c041/go.mod h1:N5mDOmsrJOB+vfqUK+7DmDyjhSLIIBnXo9lvZJj3MWQ= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= +github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM= @@ -410,8 +471,10 @@ github.com/stretchr/objx v0.2.0 h1:Hbg2NidpLE8veEBkEZTL3CvlkUIVzuU9jDplZO54c48= github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s= github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e h1:RumXZ56IrCj4CL+g1b9OL/oH0QnsF976bC8xQFYUD5Q= @@ -419,8 +482,6 @@ github.com/timakin/bodyclose v0.0.0-20190930140734-f7f2e9bca95e/go.mod h1:Qimiff github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.4/go.mod h1:uQMGLiO92mf5W77hV/PUCpI3pbzQx3CRekS0kk+RGrc= github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= -github.com/ulikunitz/xz v0.5.5 h1:pFrO0lVpTBXLpYw+pnLj6TbvHuyjXMfjGeCwSqCVwok= -github.com/ulikunitz/xz v0.5.5/go.mod h1:2bypXElzHzzJZwzH67Y6wb67pO62Rzfn7BSiF4ABRW8= github.com/ultraware/funlen v0.0.2 h1:Av96YVBwwNSe4MLR7iI/BIa3VyI7/djnto/pK3Uxbdo= github.com/ultraware/funlen v0.0.2/go.mod h1:Dp4UiAus7Wdb9KUZsYWZEWiRzGuM2kXM1lPbfaF6xhA= github.com/ultraware/whitespace v0.0.4 h1:If7Va4cM03mpgrNH9k49/VOicWpGoG70XPBFFODYDsg= @@ -432,41 +493,56 @@ github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyC github.com/valyala/fasthttp v1.2.0/go.mod h1:4vX61m6KN+xDduDNwXrhIAVZaZaZiQ1luJk8LWSxF3s= github.com/valyala/quicktemplate v1.2.0/go.mod h1:EH+4AkTd43SvgIbQHYu59/cJyxDoOVRUAfrukLPuGJ4= github.com/valyala/tcplisten v0.0.0-20161114210144-ceec8f93295a/go.mod h1:v3UYOV9WzVtRmSR+PDvWpU/qWl4Wa5LApYYX4ZtKbio= -github.com/vmihailenco/msgpack v3.3.3+incompatible h1:wapg9xDUZDzGCNFlwc5SqI1rvcciqcxEHac4CYj89xI= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack v4.0.4+incompatible h1:dSLoQfGFAo3F6OoNhwUmLwVgaUXK79GlxNBwueZn0xI= +github.com/vmihailenco/msgpack v4.0.4+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= +github.com/vmihailenco/msgpack/v4 v4.3.12 h1:07s4sz9IReOgdikxLTKNbBdqDMLsjPKXwvCazn8G65U= +github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= +github.com/vmihailenco/tagparser v0.1.1 h1:quXMXlA39OCbd2wAdTsGDlK9RkOk6Wuw+x37wVyIuWY= +github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= +github.com/xanzy/ssh-agent v0.3.0 h1:wUMzuKtKilRgBAD1sUb8gOwwRr2FGoBVumcjoOACClI= +github.com/xanzy/ssh-agent v0.3.0/go.mod h1:3s9xbODqPuuhK9JV1R321M/FlMZSBvE5aY6eAcqrDh0= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk= github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4= -github.com/zclconf/go-cty v1.0.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= -github.com/zclconf/go-cty v1.1.0 h1:uJwc9HiBOCpoKIObTQaLR+tsEXx1HBHnOsOOpcdhZgw= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/zclconf/go-cty v1.1.0/go.mod h1:xnAOWiHeOqg2nWS62VtQ7pbOu17FtxJNW8RLEih+O3s= -github.com/zclconf/go-cty-yaml v1.0.1 h1:up11wlgAaDvlAGENcFDnZgkn0qUJurso7k6EpURKNF8= -github.com/zclconf/go-cty-yaml v1.0.1/go.mod h1:IP3Ylp0wQpYm50IHK8OZWKMu6sPJIUgKa8XhiVHura0= +github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= +github.com/zclconf/go-cty v1.8.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty v1.9.1/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty v1.10.0 h1:mp9ZXQeIcN8kAwuqorjH+Q+njbJKjLrvB2yIh4q7U+0= +github.com/zclconf/go-cty v1.10.0/go.mod h1:vVKLxnk3puL4qRAv72AO+W99LUD4da90g3uUAzyuvAk= +github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190426145343-a29dc8fdc734/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190923035154-9ee001bba392/go.mod h1:/lpIB1dKB+9EgE3H3cr1v9wB50oz8l4C4h62xy7jSTY= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= +golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519 h1:7I4JAnoQBe7ZtJcBaYHi5UtiO8tQHbUSXxL+pnGRANg= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= -golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136 h1:A1gGSx58LAGVHUUsOf7IiR0u8Xb6W51gRwfDBhkdcaw= golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= @@ -476,12 +552,14 @@ golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTk golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de h1:5hukYrvBGR8/eNkX5mdUezrA6JiaEZDtJb9Ei+1LlBs= golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/net v0.0.0-20180530234432-1e491301e022/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -496,25 +574,31 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190502183928-7f726cade0ab/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190522155817-f3200d17e092/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110 h1:qWPm9rbaAMKs8Bq/9LRpbMqxWRVUAQwMI9fVrssnTfw= +golang.org/x/net v0.0.0-20191009170851-d66e71096ffb/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210326060303-6b1517762897 h1:KrsHThm5nFk34YtATK1LsThyGhGbGe1olrte/HInHvs= +golang.org/x/net v0.0.0-20210326060303-6b1517762897/go.mod h1:uSPa2vr4CLtc/ILN5odXGNXS6mhrKVzTaCXzk9m6W3k= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -523,7 +607,6 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -534,8 +617,16 @@ golang.org/x/sys v0.0.0-20190502175342-a43fa875dd82/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210324051608-47abb6519492/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210502180810-71e4cd670f79/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1 h1:SrN+KX8Art/Sf4HNj6Zcz06G7VEz+7w9tdXTPOZ7+l4= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E= @@ -543,8 +634,9 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/text v0.3.3 h1:cokOdA+Jmi5PJGXLlLllQSgYigAEfHXJAERHVMaCc2k= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5 h1:i6eZZ+zk0SOf0xgBpEpPD18qWcJda6q1sxt3S0kzyUQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -574,20 +666,30 @@ golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190930201159-7c411dea38b0/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191010075000-0337d82405ff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= -golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc h1:NCy3Ohtk6Iny5V/reW2Ktypo4zIpWBdRJ1uFMjBxdg8= golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200713011307-fd294ab11aed/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20201028111035-eafbe7b904eb h1:KVWk3RW1AZlxWum4tYqegLgwJHb5oouozcGM8HfNQaw= +golang.org/x/tools v0.0.0-20201028111035-eafbe7b904eb/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE= +golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= -google.golang.org/api v0.13.0 h1:Q3Ui3V3/CVinFWFiW39Iw0kMuVrRzYX0wN6OPFp0lTA= google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.1 h1:QzqyMA1tlu6CgqCDUtU9V+ZKhLFT2dkJuANu5QaxI3I= google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6 h1:lMO5rYAqUxkmaj76jAkRUvt5JZgFymx/+Q5Mzfivuhc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/genproto v0.0.0-20170818010345-ee236bd376b0/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -596,21 +698,48 @@ google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRn google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= -google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a h1:Ob5/580gVHBJZgXnff1cZDbG+xLtMVE5mDRTe+nIsX4= google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= -google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200711021454-869866162049/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d h1:92D1fum1bJLKSdr11OJ+54YeCMCGYIygTA7R/YZxH5M= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= -google.golang.org/grpc v1.23.0 h1:AzbTB6ux+okLTzP8Ru1Xs41C303zdcfEht7MQnYJt5A= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.45.0 h1:NEpgUqV3Z+ZjkqMsxMg11IaDrXY4RY6CQukSGK0uI1M= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.2.0/go.mod h1:DNq5QpG7LJqD2AamLZ7zvKE0DEpVl2BSEVjFycAAjRY= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= +gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= @@ -619,19 +748,25 @@ gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= +gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= +gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= -howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= +honnef.co/go/tools v0.0.1-2020.1.4 h1:UoveltGrhghAA7ePc+e+QYDHXrBps2PqFZiHkGR/xK8= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I= mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphDJbHOQO1DFFFTeBo= diff --git a/main.go b/main.go index 06858375..13942e89 100644 --- a/main.go +++ b/main.go @@ -1,12 +1,29 @@ package main import ( - "github.com/hashicorp/terraform-plugin-sdk/plugin" + "flag" + "github.com/hashicorp/terraform-plugin-sdk/v2/plugin" "github.com/terraform-providers/terraform-provider-venafi/venafi" + "log" ) func main() { - plugin.Serve(&plugin.ServeOpts{ - ProviderFunc: venafi.Provider, - }) + // remove date and time stamp from log output as the plugin SDK already adds its own + log.SetFlags(log.Flags() &^ (log.Ldate | log.Ltime)) + + var debugMode bool + + flag.BoolVar(&debugMode, "debuggable", false, "set to true to run the provider with support for debuggers like delve") + flag.Parse() + + if debugMode { + plugin.Serve(&plugin.ServeOpts{ + ProviderFunc: venafi.Provider, + Debug: true, + }) + } else { + plugin.Serve(&plugin.ServeOpts{ + ProviderFunc: venafi.Provider, + }) + } } diff --git a/venafi/provider.go b/venafi/provider.go index 7e4958c8..51262ef9 100644 --- a/venafi/provider.go +++ b/venafi/provider.go @@ -1,11 +1,13 @@ package venafi import ( + "context" "fmt" "github.com/Venafi/vcert/v4" "github.com/Venafi/vcert/v4/pkg/endpoint" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "log" "strings" ) @@ -13,7 +15,7 @@ import ( const ( messageVenafiPingFailed = "Failed to ping Venafi endpoint: " messageVenafiPingSuccessful = "Venafi ping successful" - messageVenafiClientInitFailed = "Failed to initialize Venafi client: " + messageVenafiClientInitFailed = "Failed to initialize Venafi client" messageVenafiConfigFailed = "Failed to build config for Venafi issuer: " messageUseDevMode = "Using dev mode to issue certificate" messageUseVaas = "Using VaaS to issue certificate" @@ -22,7 +24,7 @@ const ( ) // Provider returns a terraform.ResourceProvider. -func Provider() terraform.ResourceProvider { +func Provider() *schema.Provider { return &schema.Provider{ Schema: map[string]*schema.Schema{ "url": &schema.Schema{ @@ -31,7 +33,6 @@ func Provider() terraform.ResourceProvider { DefaultFunc: schema.EnvDefaultFunc("VENAFI_URL", nil), Description: `The Venafi Web Service URL.. Example: https://tpp.venafi.example/vedsdk`, }, - "zone": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -40,7 +41,6 @@ func Provider() terraform.ResourceProvider { Example for Platform: testpolicy\\vault Example for Venafi as a Service: Default`, }, - "tpp_username": &schema.Schema{ Type: schema.TypeString, Optional: true, @@ -81,43 +81,44 @@ Example: Description: `When set to true, the resulting certificate will be issued by an ephemeral, no trust CA rather than enrolling using Venafi as a Service or Trust Protection Platform. Useful for development and testing.`, }, }, - ResourcesMap: map[string]*schema.Resource{ "venafi_certificate": resourceVenafiCertificate(), "venafi_policy": resourceVenafiPolicy(), "venafi_ssh_certificate": resourceVenafiSshCertificate(), "venafi_ssh_config": resourceVenafiSshConfig(), }, - - ConfigureFunc: providerConfigure, + ConfigureContextFunc: providerConfigure, } } -func providerConfigure(d *schema.ResourceData) (interface{}, error) { +func providerConfigure(ctx context.Context, d *schema.ResourceData) (interface{}, diag.Diagnostics) { - log.Printf("Configuring provider\n") + tflog.Info(ctx, "Configuring provider\n") apiKey := d.Get("api_key").(string) url := d.Get("url").(string) tppUser := d.Get("tpp_username").(string) tppPassword := d.Get("tpp_password").(string) accessToken := d.Get("access_token").(string) zone := d.Get("zone").(string) - log.Printf("====ZONE==== : %s", zone) + tflog.Info(ctx, fmt.Sprintf("====ZONE==== : %s", zone)) devMode := d.Get("dev_mode").(bool) trustBundle := d.Get("trust_bundle").(string) + // Warning or errors can be collected in a slice type + var diags diag.Diagnostics + var cfg vcert.Config zone = normalizeZone(zone) if devMode { - log.Print(messageUseDevMode) + tflog.Info(ctx, messageUseDevMode) cfg = vcert.Config{ ConnectorType: endpoint.ConnectorTypeFake, LogVerbose: true, } } else if tppUser != "" && tppPassword != "" && accessToken == "" { - log.Printf("Using Platform with url %s to issue certificate\n", url) + tflog.Info(ctx, fmt.Sprintf("Using Platform with url %s to issue certificate\n", url)) cfg = vcert.Config{ ConnectorType: endpoint.ConnectorTypeTPP, BaseUrl: url, @@ -129,7 +130,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { LogVerbose: true, } } else if accessToken != "" { - log.Printf("Using Platform with url %s to issue certificate\n", url) + tflog.Info(ctx, fmt.Sprintf("Using Platform with url %s to issue certificate\n", url)) cfg = vcert.Config{ ConnectorType: endpoint.ConnectorTypeTPP, BaseUrl: url, @@ -141,7 +142,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { } } else if apiKey != "" { if url != "" { - log.Println(messageUseVaas) + tflog.Info(ctx, messageUseVaas) cfg = vcert.Config{ ConnectorType: endpoint.ConnectorTypeCloud, BaseUrl: url, @@ -152,7 +153,7 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { LogVerbose: true, } } else { - log.Println(messageUseVaas) + tflog.Info(ctx, messageUseVaas) cfg = vcert.Config{ ConnectorType: endpoint.ConnectorTypeCloud, Credentials: &endpoint.Authentication{ @@ -163,25 +164,38 @@ func providerConfigure(d *schema.ResourceData) (interface{}, error) { } } } else { - return nil, fmt.Errorf(messageVenafiConfigFailed) + diags = append(diags, diag.Diagnostic{ + Severity: diag.Error, + Summary: messageVenafiClientInitFailed, + Detail: messageVenafiConfigFailed, + }) + return nil, diags } if trustBundle != "" { - log.Printf("Importing trusted certificate: \n %s", trustBundle) + tflog.Info(ctx, fmt.Sprintf("Importing trusted certificate: \n %s", trustBundle)) cfg.ConnectionTrust = trustBundle } cl, err := vcert.NewClient(&cfg) if err != nil { - log.Printf(messageVenafiClientInitFailed + err.Error()) - return nil, err + diags = append(diags, diag.Diagnostic{ + Severity: diag.Error, + Summary: messageVenafiClientInitFailed, + Detail: messageVenafiConfigFailed + ": " + err.Error(), + }) + return nil, diags } err = cl.Ping() if err != nil { - log.Printf(messageVenafiPingFailed + err.Error()) - return nil, err + diags = append(diags, diag.Diagnostic{ + Severity: diag.Error, + Summary: messageVenafiPingFailed, + Detail: messageVenafiConfigFailed + ": " + err.Error(), + }) + return nil, diags } - return &cfg, nil + return &cfg, diags } func normalizeZone(zone string) string { @@ -205,6 +219,6 @@ func normalizeZone(zone string) string { newZone = "\\" + newZone } - log.Printf("Normalized zone : %s", newZone) + log.Printf("[INFO] Normalized zone : %s", newZone) return newZone } diff --git a/venafi/provider_test.go b/venafi/provider_test.go index 5d57ffc9..96e51943 100644 --- a/venafi/provider_test.go +++ b/venafi/provider_test.go @@ -2,33 +2,30 @@ package venafi import ( "fmt" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "regexp" "testing" - - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "github.com/hashicorp/terraform-plugin-sdk/terraform" ) -var testAccProvider *schema.Provider - -var testProvider *schema.Provider -var testProviders map[string]terraform.ResourceProvider +var testAccProviderFactories map[string]func() (*schema.Provider, error) func init() { - testProvider = Provider().(*schema.Provider) - testProviders = map[string]terraform.ResourceProvider{ - "venafi": testProvider, + testAccProviderFactories = map[string]func() (*schema.Provider, error){ + "venafi": func() (*schema.Provider, error) { + return Provider(), nil + }, } } func TestProvider(t *testing.T) { - if err := Provider().(*schema.Provider).InternalValidate(); err != nil { + provider := Provider() + if err := provider.InternalValidate(); err != nil { t.Fatalf("err: %s", err) } } func TestProvider_impl(t *testing.T) { - var _ terraform.ResourceProvider = Provider() + var _ = *Provider() } func TestNormalizedZones(t *testing.T) { @@ -41,7 +38,8 @@ func TestNormalizedZones(t *testing.T) { "\\VED\\Policy\\One\\Two\\Three", "\\\\VED\\\\Policy\\\\One\\\\Two\\\\Three", } - var re, _ = regexp.Compile("^(\\\\VED|[\\w\\-]+)(\\s?[\\w\\-]+)*(\\\\[\\w\\-]+(\\s?[\\w\\-]+)*)*$") + + var re, _ = regexp.Compile("^(\\\\VED|[\\w\\-]+)(\\s?[\\w\\-]+)*(\\\\[\\w\\-]+(\\s?[\\w\\-]+)*)*$") //nolint for _, zone := range zones { newZone := normalizeZone(zone) @@ -51,7 +49,3 @@ func TestNormalizedZones(t *testing.T) { } } } -func testAccPreCheck(t *testing.T) { - // We will use this function later on to make sure our test environment is valid. - // For example, you can make sure here that some environment variables are set. -} diff --git a/venafi/resource_venafi_certificate.go b/venafi/resource_venafi_certificate.go index 041dad32..55dcfcbd 100644 --- a/venafi/resource_venafi_certificate.go +++ b/venafi/resource_venafi_certificate.go @@ -1,30 +1,32 @@ package venafi import ( + "context" "crypto/ecdsa" "crypto/rand" "crypto/rsa" "crypto/tls" + "crypto/x509" "encoding/base64" + "encoding/pem" "fmt" + "github.com/Venafi/vcert/v4" + "github.com/Venafi/vcert/v4/pkg/certificate" "github.com/Venafi/vcert/v4/pkg/endpoint" "github.com/Venafi/vcert/v4/pkg/policy" "github.com/Venafi/vcert/v4/pkg/util" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/youmark/pkcs8" + "log" "math" "net" "net/url" "software.sslmate.com/src/go-pkcs12" "strconv" - "time" - - "crypto/x509" - "encoding/pem" - "github.com/Venafi/vcert/v4" - "github.com/Venafi/vcert/v4/pkg/certificate" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "log" "strings" + "time" ) const ( @@ -34,15 +36,15 @@ const ( importPickupIdFailEmpty = "empty pickupID for VaaS or common_name for TPP during import method" importKeyPasswordFailEmpty = "empty key_password for import method" //#nosec importZoneFailEmpty = "zone cannot be empty when importing certificate" + terraformStateTainted = "terraform state was modified by another party" ) func resourceVenafiCertificate() *schema.Resource { return &schema.Resource{ - Create: resourceVenafiCertificateCreate, - Read: resourceVenafiCertificateRead, - Delete: resourceVenafiCertificateDelete, - Exists: resourceVenafiCertificateExists, - Update: resourceVenafiCertificateUpdate, + CreateContext: resourceVenafiCertificateCreate, + ReadContext: resourceVenafiCertificateRead, + DeleteContext: resourceVenafiCertificateDelete, + UpdateContext: resourceVenafiCertificateUpdate, Schema: map[string]*schema.Schema{ "csr_origin": &schema.Schema{ @@ -173,70 +175,131 @@ func resourceVenafiCertificate() *schema.Resource { }, }, Importer: &schema.ResourceImporter{ - State: resourceVenafiCertificateImport, + StateContext: resourceVenafiCertificateImport, }, } } -func resourceVenafiCertificateCreate(d *schema.ResourceData, meta interface{}) error { - log.Printf("Creating certificate\n") +func resourceVenafiCertificateCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + tflog.Info(ctx, "Creating certificate\n") + + // Warning or errors can be collected in a slice type + var diags diag.Diagnostics + + cl, err := getConnection(ctx, meta) + if err != nil { + return diag.FromErr(err) + } + tflog.Info(ctx, messageVenafiPingSuccessful) + + err = enrollVenafiCertificate(ctx, d, cl) + if err != nil { + return diag.FromErr(err) + } + + //resourceVenafiCertificateRead(ctx, d, meta) + return diags +} + +func resourceVenafiCertificateRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + cfg := meta.(*vcert.Config) cl, err := vcert.NewClient(cfg) if err != nil { - log.Printf(messageVenafiClientInitFailed + err.Error()) - return err + tflog.Error(ctx, messageVenafiClientInitFailed+err.Error()) + return diag.FromErr(err) } err = cl.Ping() if err != nil { - log.Printf(messageVenafiPingFailed + err.Error()) - return err + tflog.Error(ctx, messageVenafiPingFailed+err.Error()) + return diag.FromErr(err) } - log.Println(messageVenafiPingSuccessful) + tflog.Info(ctx, messageVenafiPingSuccessful) + // Warning or errors can be collected in a slice type + var diags diag.Diagnostics - err = enrollVenafiCertificate(d, cl) - if err != nil { - return err + certID := d.Id() + parameters := strings.Split(certID, ",") + + var keyPassword string + var keyPasswordFromImport string + var pickupID string + + // When retrieving the certID we have to watch for to cases: when certificate is imported and when is not + // For both cases we get the pickupID from the first parameter and the key password from state + pickupID = parameters[0] + + keyPasswordUntyped, ok := d.GetOk("key_password") + if ok { + keyPassword = keyPasswordUntyped.(string) + } + + // But we need to make extra verifications if state was tainted by a third party. + // We ignore the case when parameters length is equal to 1, since that's standard accepted case when certificate is not imported. + if len(parameters) < 1 { + return buildStantardDiagError(fmt.Sprintf("%s: certID was not found from terraform state", terraformStateTainted)) + } else if len(parameters) == 2 { + // since the key password is also within the certID, we want to verify if it differs from the one defined at state + keyPasswordFromImport = parameters[1] + if keyPassword != "" { + if keyPassword != keyPasswordFromImport { + return buildStantardDiagError(fmt.Sprintf("%s: key passwords mismatch! the key_password defined in the id,, differs from the attribute key_password defined at terraform state", terraformStateTainted)) + } + } + } else if len(parameters) > 2 { + return buildStantardDiagError(fmt.Sprintf("%s: many values were found defined at certID from terraform state", terraformStateTainted)) } - return nil -} -func resourceVenafiCertificateUpdate(d *schema.ResourceData, meta interface{}) error { - if d.HasChange("expiration_window") { - // Getting expiration_window from state - expiration_window := d.Get("expiration_window").(int) - // Getting certificate - certUntyped, ok := d.GetOk("certificate") + zone := cfg.Zone + if cl.GetType() == endpoint.ConnectorTypeTPP { + zone = buildAbsoluteZoneTPP(zone) + ok := strings.Contains(pickupID, zone) if !ok { - return fmt.Errorf("cert is nil") + pickupID = fmt.Sprintf("%s\\%s", zone, pickupID) } - certPEM := certUntyped.(string) - // validating expiration_window - _, _, err := validExpirationWindowCert(certPEM, expiration_window) - if err != nil { - return err + + } + + origin := d.Get("csr_origin").(string) + pickupReq := fillRetrieveRequest(pickupID, keyPassword, cl.GetType(), origin) + + data, err := cl.RetrieveCertificate(pickupReq) + if err != nil { + // if certificate does not exist, we get the following error message: + var notFoundMsg string + // For VaaS + if cl.GetType() == endpoint.ConnectorTypeCloud { + notFoundMsg = "Not Found" + } else { + // For TPP + // "Certificate \\VED\\Policy\\test\\cert_id does not exist." + notFoundMsg = "does not exist" } - err = d.Set("expiration_window", expiration_window) - if err != nil { - return err + strErr := (err).Error() + + ok := strings.Contains(strErr, notFoundMsg) + if ok { + tflog.Warn(ctx, fmt.Sprintf("certificate (%s) not found, removing from state", d.Id())) + d.SetId("") + return nil } + return diag.FromErr(err) } - return nil -} - -func resourceVenafiCertificateRead(d *schema.ResourceData, meta interface{}) error { - return nil -} -func resourceVenafiCertificateExists(d *schema.ResourceData, meta interface{}) (bool, error) { - certUntyped, ok := d.GetOk("certificate") + stateCertUntyped, ok := d.GetOk("certificate") if !ok { - return false, nil + return diag.FromErr(fmt.Errorf("certificate is not defined at state")) + } + + stateCertPEM := stateCertUntyped.(string) + certPEM := data.Certificate + if certPEM != stateCertPEM { + diag.FromErr(fmt.Errorf("certificate (%s) from remote differs from the one defined at state", d.Id())) } - certPEM := certUntyped.(string) block, _ := pem.Decode([]byte(certPEM)) cert, err := x509.ParseCertificate(block.Bytes) if err != nil { - return false, fmt.Errorf("error parsing cert: %s", err) + return diag.FromErr(fmt.Errorf("error parsing cert: %s", err)) } //Checking Private Key var pk8PEMBytes []byte @@ -246,30 +309,63 @@ func resourceVenafiCertificateExists(d *schema.ResourceData, meta interface{}) ( if err != nil { pk1PEMBytes, err = getPrivateKey([]byte(pkUntyped.(string)), d.Get("key_password").(string)) if err != nil { - return false, err + return diag.FromErr(err) } } pk8PEMBytes = []byte(pk8PEM) } else { - return false, fmt.Errorf("error getting key") + return diag.FromErr(fmt.Errorf("error getting key")) } _, err = tls.X509KeyPair([]byte(certPEM), pk8PEMBytes) if err != nil { _, err = tls.X509KeyPair([]byte(certPEM), pk1PEMBytes) if err != nil { - return false, fmt.Errorf("error comparing certificate and key: %s", err) + return diag.FromErr(fmt.Errorf("error comparing certificate and key: %s", err)) } } - //TODO: maybe this check should be up on CSR creation renewRequired := checkForRenew(*cert, d.Get("expiration_window").(int)) if renewRequired { - //TODO: get request id from resource id - log.Printf("Certificate expires %s and should be renewed because it`s less than %d hours at this date. Requesting", cert.NotAfter, d.Get("expiration_window").(int)) - return false, nil + detailMsg := fmt.Sprintf("Certificate %s expires %s and should be renewed because it`s less than %d hours at this date", d.Id(), cert.NotAfter, d.Get("expiration_window").(int)) + diags = append(diags, diag.Diagnostic{ + Severity: diag.Warning, + Summary: "Certificate About to Expire", + Detail: detailMsg, + }) + d.SetId("") + return diags + } + return nil +} + +func resourceVenafiCertificateUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + + if d.HasChange("expiration_window") { + // Getting expiration_window from state + expirationWindow := d.Get("expiration_window").(int) + // Getting certificate + certUntyped, ok := d.GetOk("certificate") + if !ok { + return diag.FromErr(fmt.Errorf("cert is nil")) + } + certPEM := certUntyped.(string) + // validating expiration_window + _, _, err := validExpirationWindowCert(certPEM, expirationWindow) + if err != nil { + return diag.FromErr(err) + } + err = d.Set("expiration_window", expirationWindow) + if err != nil { + return diag.FromErr(err) + } } + return nil +} - return true, nil +func resourceVenafiCertificateDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + // We don't support deletion for created certificates from TPP, so we just remove it from state + d.SetId("") + return nil } // validExpirationWindowCert checks if the expiration_window the expiration_window is greater than the validity_period @@ -296,7 +392,7 @@ func getCertDuration(cert *x509.Certificate) (duration time.Duration) { // returns a boolean value of true if expiration_window is greater and logs it in a message, else returns false and doesn't log a message func validExpirationWindow(certDuration time.Duration, expirationWindowHours time.Duration) (boolean bool) { if certDuration < expirationWindowHours { - log.Printf("certificate validity duration %s is less than configured expiration window %s", certDuration, expirationWindowHours) + log.Printf("[INFO] certificate validity duration %s is less than configured expiration window %s", certDuration, expirationWindowHours) return true } return false @@ -310,12 +406,7 @@ func checkForRenew(cert x509.Certificate, expirationWindow int) (renewRequired b return renewRequired } -func resourceVenafiCertificateDelete(d *schema.ResourceData, meta interface{}) error { - d.SetId("") - return nil -} - -func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) error { +func enrollVenafiCertificate(ctx context.Context, d *schema.ResourceData, cl endpoint.Connector) error { req := &certificate.Request{ CsrOrigin: certificate.LocalGeneratedCSR, @@ -365,12 +456,12 @@ func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) erro //Setting up Subject commonName := d.Get("common_name").(string) //Adding alt names if exists - dnsnum := d.Get("san_dns.#").(int) - if dnsnum > 0 { - for i := 0; i < dnsnum; i++ { + dnsNum := d.Get("san_dns.#").(int) + if dnsNum > 0 { + for i := 0; i < dnsNum; i++ { key := fmt.Sprintf("san_dns.%d", i) val := d.Get(key).(string) - log.Printf("Adding SAN %s.", val) + tflog.Info(ctx, fmt.Sprintf("Adding SAN %s.", val)) req.DNSNames = append(req.DNSNames, val) } } @@ -382,26 +473,26 @@ func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) erro commonName = req.DNSNames[0] } if !sliceContains(req.DNSNames, commonName) { - log.Printf("Adding CN %s to SAN %s because it wasn't included.", commonName, req.DNSNames) + tflog.Info(ctx, fmt.Sprintf("Adding CN %s to SAN %s because it wasn't included.", commonName, req.DNSNames)) req.DNSNames = append(req.DNSNames, commonName) } //Obtain a certificate from the Venafi server - log.Printf("Using CN %s and SAN %s", commonName, req.DNSNames) + tflog.Info(ctx, fmt.Sprintf("Using CN %s and SAN %s", commonName, req.DNSNames)) req.Subject.CommonName = commonName - emailnum := d.Get("san_email.#").(int) - if emailnum > 0 { - for i := 0; i < emailnum; i++ { + emailNum := d.Get("san_email.#").(int) + if emailNum > 0 { + for i := 0; i < emailNum; i++ { key := fmt.Sprintf("san_email.%d", i) val := d.Get(key).(string) req.EmailAddresses = append(req.EmailAddresses, val) } } - ipnum := d.Get("san_ip.#").(int) - if ipnum > 0 { - ipList := make([]string, 0, ipnum) - for i := 0; i < ipnum; i++ { + ipNum := d.Get("san_ip.#").(int) + if ipNum > 0 { + ipList := make([]string, 0, ipNum) + for i := 0; i < ipNum; i++ { key := fmt.Sprintf("san_ip.%d", i) val := d.Get(key).(string) ipList = append(ipList, val) @@ -433,11 +524,11 @@ func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) erro //Appending common name to the DNS names if it is not there if !sliceContains(req.DNSNames, commonName) { - log.Printf("Adding CN %s to SAN because it wasn't included.", commonName) + tflog.Info(ctx, fmt.Sprintf("Adding CN %s to SAN because it wasn't included.", commonName)) req.DNSNames = append(req.DNSNames, commonName) } - log.Printf("Requested SAN: %s", req.DNSNames) + tflog.Info(ctx, fmt.Sprintf("Requested SAN: %s", req.DNSNames)) if origin != csrService { switch req.KeyType { @@ -446,9 +537,8 @@ func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) erro case certificate.KeyTypeRSA: req.PrivateKey, err = certificate.GenerateRSAPrivateKey(req.KeyLength) default: - return fmt.Errorf("Unable to generate certificate request, key type %s is not supported", req.KeyType.String()) + return fmt.Errorf("unable to generate certificate request, key type %s is not supported", req.KeyType.String()) } - if err != nil { return fmt.Errorf("error generating key: %s", err) } @@ -484,11 +574,11 @@ func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) erro } } req.ValidityHours = validity - issuer_hint := d.Get("issuer_hint").(string) - req.IssuerHint = getIssuerHint(issuer_hint) + issuerHint := d.Get("issuer_hint").(string) + req.IssuerHint = getIssuerHint(issuerHint) } - log.Println("Making certificate request") + tflog.Info(ctx, "Making certificate request") err = cl.GenerateRequest(nil, req) if err != nil { return err @@ -520,7 +610,7 @@ func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) erro // validate expiration_window against cert validity period ok, duration, err := validExpirationWindowCert(pcc.Certificate, expirationWindow) - durationHoursInt := int64(*duration / time.Hour) + durationHoursInt := int(*duration / time.Hour) if err != nil { return err } @@ -544,15 +634,15 @@ func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) erro if err = d.Set("certificate", pcc.Certificate); err != nil { return fmt.Errorf("Error setting certificate: %s", err) } - log.Println("Certificate set to ", pcc.Certificate) + tflog.Info(ctx, fmt.Sprintf("Certificate set to %s", pcc.Certificate)) - if err = d.Set("chain", strings.Join((pcc.Chain), "")); err != nil { + if err = d.Set("chain", strings.Join(pcc.Chain, "")); err != nil { return fmt.Errorf("error setting chain: %s", err) } - log.Println("Certificate chain set to", pcc.Chain) + tflog.Info(ctx, fmt.Sprintf("Certificate chain set to %s", pcc.Chain)) d.SetId(req.PickupID) - log.Println("Setting up private key") + tflog.Info(ctx, "Setting up private key") KeyPassword := d.Get("key_password").(string) @@ -572,7 +662,11 @@ func enrollVenafiCertificate(d *schema.ResourceData, cl endpoint.Connector) erro return fmt.Errorf("error setting pkcs12: %s", err) } - return d.Set("private_key_pem", pcc.PrivateKey) + if err = d.Set("private_key_pem", pcc.PrivateKey); err != nil { + return fmt.Errorf("error setting private key: %s", err) + } + + return nil } func AsPKCS12(certificate string, privateKey string, chain []string, keyPassword string) ([]byte, error) { @@ -590,14 +684,14 @@ func AsPKCS12(certificate string, privateKey string, chain []string, keyPassword } // chain? - var chain_list = []*x509.Certificate{} - for _, chain_cert := range chain { - crt, _ := pem.Decode([]byte(chain_cert)) + var chainList = []*x509.Certificate{} + for _, chainCert := range chain { + crt, _ := pem.Decode([]byte(chainCert)) cert, err := x509.ParseCertificate(crt.Bytes) if err != nil { return nil, fmt.Errorf("chain certificate parse error") } - chain_list = append(chain_list, cert) + chainList = append(chainList, cert) } // key? @@ -633,7 +727,7 @@ func AsPKCS12(certificate string, privateKey string, chain []string, keyPassword return nil, fmt.Errorf("private key error(3): %s", err) } - bytes, err := pkcs12.Encode(rand.Reader, privKey, cert, chain_list, keyPassword) + bytes, err := pkcs12.Encode(rand.Reader, privKey, cert, chainList, keyPassword) if err != nil { return nil, fmt.Errorf("encode error: %s", err) } @@ -641,7 +735,7 @@ func AsPKCS12(certificate string, privateKey string, chain []string, keyPassword return bytes, nil } -func resourceVenafiCertificateImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { +func resourceVenafiCertificateImport(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { id := d.Id() if id == "" { @@ -670,7 +764,7 @@ func resourceVenafiCertificateImport(d *schema.ResourceData, meta interface{}) ( return nil, fmt.Errorf(importZoneFailEmpty) } - cl, err := getConnection(meta) + cl, err := getConnection(ctx, meta) if err != nil { return nil, err } diff --git a/venafi/resource_venafi_certificate_test.go b/venafi/resource_venafi_certificate_test.go index dcce6e89..318f7bc0 100644 --- a/venafi/resource_venafi_certificate_test.go +++ b/venafi/resource_venafi_certificate_test.go @@ -1,19 +1,14 @@ package venafi import ( - "crypto/tls" "crypto/x509" "encoding/pem" "fmt" - "github.com/Venafi/vcert/v4/pkg/util" - r "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "os" "regexp" - "strconv" - "strings" "testing" - "time" ) var ( @@ -109,11 +104,6 @@ provider "venafi" { zone = "${var.CLOUD_ZONE}" } ` - rsa2048 = `algorithm = "RSA" - rsa_bits = "2048"` - - ecdsa521 = `algorithm = "ECDSA" - ecdsa_curve = "P521"` devConfig = ` provider "venafi" { @@ -141,6 +131,7 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.dev_certificate.private_key_pem}" + sensitive = true }` vaasConfig = ` @@ -157,6 +148,7 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.vaas_certificate.private_key_pem}" + sensitive = true } output "expiration_window" { value = "${venafi_certificate.vaas_certificate.expiration_window}" @@ -184,6 +176,7 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.tpp_certificate.private_key_pem}" + sensitive = true }` tokenConfig = ` %s @@ -208,6 +201,7 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.token_certificate.private_key_pem}" + sensitive = true } output "expiration_window" { value = "${venafi_certificate.token_certificate.expiration_window}" @@ -238,6 +232,7 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.token_certificate_custom_fields.private_key_pem}" + sensitive = true }` tokenValidDaysConfig = ` %s @@ -264,6 +259,7 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.token_certificate.private_key_pem}" + sensitive = true } output "expiration_window" { value = "${venafi_certificate.token_certificate.expiration_window}" @@ -284,6 +280,7 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.token_certificate.private_key_pem}" + sensitive = true }` tppCsrServiceConfigWithSans = ` @@ -308,6 +305,7 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.token_certificate.private_key_pem}" + sensitive = true } output "san_ip" { value = "${venafi_certificate.token_certificate.san_ip}" @@ -342,16 +340,10 @@ output "certificate" { } output "private_key" { value = "${venafi_certificate.vaas_certificate.private_key_pem}" + sensitive = true }` ) -type KeyFormat int - -const ( - issuer_hint = "MICROSOFT" - valid_days = 30 -) - func TestDevSignedCert(t *testing.T) { t.Log("Testing Dev RSA certificate") data := testData{} @@ -360,10 +352,10 @@ func TestDevSignedCert(t *testing.T) { data.key_algo = rsa2048 config := fmt.Sprintf(devConfig, data.cn, data.key_algo, data.dns_ns) t.Logf("Testing dev certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { err := checkStandardCert(t, &data, s) @@ -385,10 +377,10 @@ func TestDevSignedCertECDSA(t *testing.T) { data.key_algo = ecdsa521 config := fmt.Sprintf(devConfig, data.cn, data.key_algo, data.dns_ns) t.Logf("Testing dev certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { err := checkStandardCert(t, &data, s) @@ -412,10 +404,10 @@ func TestVaasSignedCert(t *testing.T) { data.expiration_window = 48 config := fmt.Sprintf(vaasConfig, vaasProvider, data.cn, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing Vaas certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { err := checkStandardCert(t, &data, s) @@ -426,7 +418,7 @@ func TestVaasSignedCert(t *testing.T) { }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing VaaS certificate second run") @@ -471,10 +463,10 @@ func TestVaasSignedCertUpdateRenew(t *testing.T) { // config := fmt.Sprintf(vaasConfig, vaasProvider, data.cn, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing Cloud certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { err := checkStandardCert(t, &data, s) @@ -487,7 +479,7 @@ func TestVaasSignedCertUpdateRenew(t *testing.T) { }, ExpectNonEmptyPlan: true, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate update") @@ -524,51 +516,25 @@ func TestVaasSignedCertUpdateWithCertDurationFromZoneWithGreaterExpWindow(t *tes data.private_key_password = "123xxx" data.key_algo = rsa2048 data.expiration_window = 170 - currentExpirationWindow := data.expiration_window config := fmt.Sprintf(vaasConfig, vaasProvider, data.cn, data.key_algo, data.private_key_password, data.expiration_window) - t.Logf("Testing Cloud certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + t.Logf("Testing VaaS certificate with config:\n %s", config) + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, - Check: func(s *terraform.State) error { - - err := checkStandardCert(t, &data, s) - if err != nil { - return err - } - err = checkCertExpirationWindow(t, &data, s) - if err != nil { - return err - } - if currentExpirationWindow == data.expiration_window { - return fmt.Errorf(fmt.Sprintf("expiration window should have changed during enroll. current: %s got from zone: %s", strconv.Itoa(currentExpirationWindow), strconv.Itoa(data.expiration_window))) - } - return nil - - }, + Check: resource.ComposeTestCheckFunc( + checkStandardCertNew("venafi_certificate.vaas_certificate", t, &data), + checkCertExpirationWindowChange("venafi_certificate.vaas_certificate", t, &data), + ), ExpectNonEmptyPlan: true, }, - r.TestStep{ - Config: config, + resource.TestStep{ + Config: config, + Check: resource.ComposeTestCheckFunc( + checkStandardCertNew("venafi_certificate.vaas_certificate", t, &data), + ), ExpectNonEmptyPlan: true, - Check: func(s *terraform.State) error { - t.Log("Testing TPP certificate update") - gotSerial := data.serial - err := checkStandardCert(t, &data, s) - if err != nil { - return err - } else { - t.Logf("Compare updated original certificate serial %s with updated %s", gotSerial, data.serial) - if gotSerial == data.serial { - return fmt.Errorf("serial number from updated certificate %s is the same as "+ - "in original number %s", data.serial, gotSerial) - } else { - return nil - } - } - }, }, }, }) @@ -588,49 +554,27 @@ func TestVaasSignedCertUpdateSetGreaterExpWindow(t *testing.T) { data.private_key_password = "123xxx" data.key_algo = rsa2048 data.expiration_window = 100 - oldExpirationWindow := data.expiration_window config := fmt.Sprintf(vaasConfig, vaasProvider, data.cn, data.key_algo, data.private_key_password, data.expiration_window) data.expiration_window = 180 configUpdate := fmt.Sprintf(vaasConfig, vaasProvider, data.cn, data.key_algo, data.private_key_password, data.expiration_window) - t.Logf("Testing Cloud certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + t.Logf("Testing VaaS certificate with config:\n %s", config) + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, - Check: func(s *terraform.State) error { - err := checkStandardCert(t, &data, s) - if err != nil { - return err - } - return nil - }, + Check: resource.ComposeTestCheckFunc( + checkStandardCertNew("venafi_certificate.vaas_certificate", t, &data), + resource.TestCheckResourceAttr("venafi_certificate.vaas_certificate", "expiration_window", "100"), + ), }, - r.TestStep{ - Config: configUpdate, + resource.TestStep{ + Config: configUpdate, + Check: resource.ComposeTestCheckFunc( + checkStandardCertNew("venafi_certificate.vaas_certificate", t, &data), + resource.TestCheckResourceAttr("venafi_certificate.vaas_certificate", "expiration_window", "180"), + ), ExpectNonEmptyPlan: true, - Check: func(s *terraform.State) error { - t.Log("Testing TPP certificate update") - gotSerial := data.serial - err := checkStandardCert(t, &data, s) - if err != nil { - return err - } - t.Logf("Compare updated original certificate serial %s with expiration_window updated serial %s", gotSerial, data.serial) - if gotSerial != data.serial { - return fmt.Errorf("serial number from updated resource %s is not the same as "+ - "in original number %s", data.serial, gotSerial) - } - err = checkCertExpirationWindow(t, &data, s) - if err != nil { - return err - } - if oldExpirationWindow == data.expiration_window { - return fmt.Errorf(fmt.Sprintf("expiration window should have changed during enroll. current: %s got from zone: %s", strconv.Itoa(oldExpirationWindow), strconv.Itoa(data.expiration_window))) - } - return nil - - }, }, }, }) @@ -644,17 +588,17 @@ func TestTPPSignedCertUpdate(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 // we have two checks: not_after - not_before >= expiration window [should raise error and exit] and now + expiration windows < not_after [should update cert] // tpp signs certificates on 8 years. so we make windows the same size. data.expiration_window = 70080 config := fmt.Sprintf(tppConfig, tppProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing TPP certificate with RSA key with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) @@ -662,7 +606,7 @@ func TestTPPSignedCertUpdate(t *testing.T) { }, ExpectNonEmptyPlan: true, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate update") @@ -694,22 +638,22 @@ func TestTPPSignedCert(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 data.expiration_window = 168 config := fmt.Sprintf(tppConfig, tppProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing TPP certificate with RSA key with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) return checkStandardCert(t, &data, s) }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate second run") @@ -740,22 +684,22 @@ func TestTPPECDSASignedCert(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = ecdsa521 data.expiration_window = 168 config := fmt.Sprintf(tppConfig, tppProviderECDSA, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing TPP certificate with ECDSA key with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) return checkStandardCert(t, &data, s) }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate second run") @@ -797,15 +741,15 @@ func TestTokenSignedCertUpdateRenew(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 data.expiration_window = 70080 config := fmt.Sprintf(tokenConfig, tokenProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing TPP Token certificate with RSA key with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) @@ -813,7 +757,7 @@ func TestTokenSignedCertUpdateRenew(t *testing.T) { }, ExpectNonEmptyPlan: true, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP Token certificate update") @@ -845,22 +789,22 @@ func TestTokenSignedCert(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 data.expiration_window = 168 config := fmt.Sprintf(tokenConfig, tokenProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing TPP Token certificate with RSA key with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) return checkStandardCert(t, &data, s) }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate second run") @@ -891,22 +835,22 @@ func TestTokenECDSASignedCert(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = ecdsa521 data.expiration_window = 168 config := fmt.Sprintf(tokenConfig, tokenProviderECDSA, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing TPP Token certificate with ECDSA key with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) return checkStandardCert(t, &data, s) }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate second run") @@ -937,24 +881,24 @@ func TestSignedCertCustomFields(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 data.expiration_window = 168 cfEnvVarName := "TPP_CUSTOM_FIELDS" data.custom_fields = getCustomFields(cfEnvVarName) config := fmt.Sprintf(tokenConfigWithCustomFields, tokenProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window, data.custom_fields) t.Logf("Testing TPP Token certificate with Custom Fields with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) return checkStandardCert(t, &data, s) }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate second run") @@ -985,25 +929,25 @@ func TestTokenSignedCertValidDays(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 data.expiration_window = 168 - data.issuer_hint = issuer_hint - data.valid_days = valid_days + data.issuer_hint = issuerHint + data.valid_days = validDays config := fmt.Sprintf(tokenValidDaysConfig, tokenProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window, data.issuer_hint, data.valid_days) t.Logf("Testing TPP Token certificate's valid days with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN and valid days", data.cn) return checkCertValidDays(t, &data, s) }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate second run") @@ -1032,36 +976,23 @@ func TestTokenSignedCertValidDaysWithGreaterExpirationWindow(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 data.expiration_window = 730 - data.issuer_hint = issuer_hint - data.valid_days = valid_days - currentExpirationWindow := data.expiration_window - + data.issuer_hint = issuerHint + data.valid_days = validDays config := fmt.Sprintf(tokenValidDaysConfig, tokenProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window, data.issuer_hint, data.valid_days) t.Logf("Testing TPP Token certificate's valid days with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ - Config: config, + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ + Config: config, + Check: resource.ComposeTestCheckFunc( + checkStandardCertNew("venafi_certificate.token_certificate", t, &data), + checkCertExpirationWindowChange("venafi_certificate.token_certificate", t, &data), + ), ExpectNonEmptyPlan: true, - Check: func(s *terraform.State) error { - t.Log("Issuing TPP certificate with CN and valid days", data.cn) - err := checkStandardCert(t, &data, s) - if err != nil { - return err - } - err = checkCertExpirationWindow(t, &data, s) - if err != nil { - return err - } - if currentExpirationWindow == data.expiration_window { - return fmt.Errorf(fmt.Sprintf("expiration window should have changed. current: %s got from zone: %s", strconv.Itoa(currentExpirationWindow), strconv.Itoa(data.expiration_window))) - } - return err - }, }, }, }) @@ -1078,196 +1009,40 @@ func TestTokenSignedCertUpdateSetGreaterExpWindow(t *testing.T) { rand := randSeq(9) domain := "venafi.example.com" data.cn = rand + "." + domain - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" data.expiration_window = 100 - oldExpirationWindow := data.expiration_window config := fmt.Sprintf(tokenConfig, tokenProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) data.expiration_window = 70080 configUpdate := fmt.Sprintf(tokenConfig, tokenProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing TPP Token certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, - Check: func(s *terraform.State) error { - err := checkStandardCert(t, &data, s) - if err != nil { - return err - } - return nil - }, + Check: resource.ComposeTestCheckFunc( + checkStandardCertNew("venafi_certificate.token_certificate", t, &data), + resource.TestCheckResourceAttr("venafi_certificate.token_certificate", "expiration_window", "100"), + ), }, - r.TestStep{ - Config: configUpdate, + resource.TestStep{ + Config: configUpdate, + Check: resource.ComposeTestCheckFunc( + checkStandardCertNew("venafi_certificate.token_certificate", t, &data), + resource.TestCheckResourceAttr("venafi_certificate.token_certificate", "expiration_window", "70080"), + ), ExpectNonEmptyPlan: true, - Check: func(s *terraform.State) error { - t.Log("Testing TPP certificate update") - gotSerial := data.serial - err := checkStandardCert(t, &data, s) - if err != nil { - return err - } - t.Logf("Compare updated original certificate serial %s with expiration_window updated serial %s", gotSerial, data.serial) - if gotSerial != data.serial { - return fmt.Errorf("serial number from updated resource %s is not the same as "+ - "in original number %s", data.serial, gotSerial) - } - err = checkCertExpirationWindow(t, &data, s) - if err != nil { - return err - } - if oldExpirationWindow == data.expiration_window { - return fmt.Errorf(fmt.Sprintf("expiration window should have changed during enroll. current: %s got from zone: %s", strconv.Itoa(oldExpirationWindow), strconv.Itoa(data.expiration_window))) - } - return nil - - }, }, }, }) } -func getCustomFields(variableName string) string { - formattedData := "" - - data := os.Getenv(variableName) - entries := strings.Split(data, ",") - for _, value := range entries { - formattedData = formattedData + value + ",\n" - } - return formattedData -} - //TODO: make test with invalid key //TODO: make test on invalid options fo RSA, ECSA keys -//TODO: make test with too big expiration window - -func checkStandardCert(t *testing.T, data *testData, s *terraform.State) error { - t.Log("Testing certificate with cn", data.cn) - certUntyped := s.RootModule().Outputs["certificate"].Value - certificate, ok := certUntyped.(string) - if !ok { - return fmt.Errorf("output for \"certificate\" is not a string") - } - - t.Logf("Testing certificate PEM:\n %s", certificate) - if !strings.HasPrefix(certificate, "-----BEGIN CERTIFICATE----") { - return fmt.Errorf("key is missing cert PEM preamble") - } - keyUntyped := s.RootModule().Outputs["private_key"].Value - privateKey, ok := keyUntyped.(string) - if !ok { - return fmt.Errorf("output for \"private_key\" is not a string") - } - - err := checkStandardCertInfo(t, data, certificate, privateKey) - if err != nil { - return err - } - return nil -} - -func checkStandardCertInfo(t *testing.T, data *testData, certificate string, privateKey string) error { - block, _ := pem.Decode([]byte(certificate)) - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return fmt.Errorf("error parsing cert: %s", err) - } - if expected, got := data.cn, cert.Subject.CommonName; got != expected { - return fmt.Errorf("incorrect subject common name: expected %v, certificate %v", expected, got) - } - if len(data.dns_ns) > 0 { - if expected, got := []string{data.cn, data.dns_ns}, cert.DNSNames; !sameStringSlice(got, expected) { - return fmt.Errorf("incorrect DNSNames: expected %v, certificate %v", expected, got) - } - } else { - if expected, got := []string{data.cn}, cert.DNSNames; !sameStringSlice(got, expected) { - return fmt.Errorf("incorrect DNSNames: expected %v, certificate %v", expected, got) - } - } - - data.serial = cert.SerialNumber.String() - data.timeCheck = time.Now().String() - - t.Logf("Testing private key PEM:\n %s", privateKey) - privKeyPEMbytes := make([]byte, 0) - privateKeyString, err := util.DecryptPkcs8PrivateKey(privateKey, data.private_key_password) - if err != nil { - return fmt.Errorf("error trying to decrypt key: %s", err) - } - privKeyPEMbytes = []byte(privateKeyString) - - _, err = tls.X509KeyPair([]byte(certificate), privKeyPEMbytes) - if err != nil { - return fmt.Errorf("error comparing certificate and key: %s", err) - } - return nil -} - -func checkCertValidDays(t *testing.T, data *testData, s *terraform.State) error { - t.Log("Testing certificate with cn", data.cn) - certUntyped := s.RootModule().Outputs["certificate"].Value - certificate, ok := certUntyped.(string) - if !ok { - return fmt.Errorf("output for \"certificate\" is not a string") - } - - t.Logf("Testing certificate PEM:\n %s", certificate) - if !strings.HasPrefix(certificate, "-----BEGIN CERTIFICATE----") { - return fmt.Errorf("key is missing cert PEM preamble") - } - block, _ := pem.Decode([]byte(certificate)) - cert, err := x509.ParseCertificate(block.Bytes) - if err != nil { - return fmt.Errorf("error parsing cert: %s", err) - } - - certValidUntil := cert.NotAfter.Format("2006-01-02") - - //need to convert local date on utc, since the certificate' NotAfter value we got on previous step, is on utc - //so for comparing them we need to have both dates on utc. - loc, _ := time.LoadLocation("UTC") - utcNow := time.Now().In(loc) - expectedValidDate := utcNow.AddDate(0, 0, valid_days).Format("2006-01-02") - - if expectedValidDate != certValidUntil { - return fmt.Errorf("Expiration date is different than expected, expected: %s, but got %s: ", expectedValidDate, certValidUntil) - } - - return nil -} - -func checkCertExpirationWindow(t *testing.T, data *testData, s *terraform.State) error { - t.Log("Getting expiration_window from terraform state", data.cn) - expirationWindowUntyped := s.RootModule().Outputs["expiration_window"].Value - expirationWindow, ok := expirationWindowUntyped.(int) - if !ok { - return fmt.Errorf("output for \"expiration_window\" is not an integer") - } - data.expiration_window = expirationWindow - return nil -} - -func checkCertSans(t *testing.T, data *testData, s *terraform.State) error { - t.Log("Getting expiration_window from terraform state", data.cn) - sanUriUntyped := s.RootModule().Outputs["san_uri"].Value - err := validateStringListFromSchemaAttribute(sanUriUntyped, "san_uri") - if err != nil { - return err - } - - sanIpUntyped := s.RootModule().Outputs["san_ip"].Value - err = validateStringListFromSchemaAttribute(sanIpUntyped, "san_ip") - if err != nil { - return err - } - return nil -} func TestCheckForRenew(t *testing.T) { checkingCert := ` @@ -1330,11 +1105,8 @@ xA== renew := checkForRenew(*cert, 24) if renew { t.Log("Certificate should be renewed in", renew) - } else { - t.Log("It's enough time until renew:", renew) } - - //return nil + t.Log("It's enough time until renew:", renew) } func TestTppCsrService(t *testing.T) { @@ -1347,10 +1119,10 @@ func TestTppCsrService(t *testing.T) { config := fmt.Sprintf(tppCsrServiceConfig, tokenProvider, data.cn, data.dns_ns, data.private_key_password) t.Logf("Testing TPP Token certificate with Service CSR generated and config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CSR Service Generated", data.cn) @@ -1366,16 +1138,16 @@ func TestVaasCsrService(t *testing.T) { rand := randSeq(9) domain := "venafi.example.com" data.cn = rand + "." + domain - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.expiration_window = 48 data.key_algo = rsa2048 config := fmt.Sprintf(vaasCsrServiceConfig, vaasProvider, data.cn, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing VaaS certificate with CSR service and config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { err := checkStandardCert(t, &data, s) @@ -1389,45 +1161,16 @@ func TestVaasCsrService(t *testing.T) { }) } -func getCertTppImportConfig(name string) *testData { - data := testData{} - domain := "venafi.example.com" - data.cn = name + "." + domain - data.dns_ns = "alt-" + data.cn - data.private_key_password = "FooB4rNew4$x" - return &data -} - -func getCertTppImportConfigWithCustomFields() *testData { - data := testData{} - domain := "venafi.example.com" - data.cn = "import.custom_fields" + "." + domain - data.dns_ns = "alt-" + data.cn - data.private_key_password = "FooB4rNew4$x" - cfEnvVarName := "TPP_CUSTOM_FIELDS" - data.custom_fields = getCustomFields(cfEnvVarName) - return &data -} - -func getCertVaasImportConfig() *testData { - data := testData{} - domain := "venafi.example.com" - data.cn = "new.import.vaas" + "." + domain - data.key_algo = rsa2048 - data.private_key_password = "123xxx" - return &data -} - func TestImportCertificateTpp(t *testing.T) { name := "import" data := getCertTppImportConfig(name) config := fmt.Sprintf(tppCsrServiceConfigImport, tppTokenProviderImport) importId := fmt.Sprintf("%s,%s", data.cn, data.private_key_password) t.Logf("Testing importing TPP cert:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_certificate.token_tpp_certificate_import", ImportStateId: importId, @@ -1448,10 +1191,10 @@ func TestImportCertificateTppWithCustomFields(t *testing.T) { config := fmt.Sprintf(tppCsrServiceConfigImport, tppTokenProviderImport) importId := fmt.Sprintf("%s,%s", data.cn, data.private_key_password) t.Logf("Testing importing TPP cert with custom fields:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_certificate.token_tpp_certificate_import", ImportStateId: importId, @@ -1465,77 +1208,16 @@ func TestImportCertificateTppWithCustomFields(t *testing.T) { }) } -func checkStandardImportCert(t *testing.T, data *testData, states []*terraform.InstanceState) error { - st := states[0] - attributes := st.Attributes - err := checkImportCert(t, data, attributes) - if err != nil { - return err - } - return nil - -} - -func checkImportTppCertWithCustomFields(t *testing.T, data *testData, states []*terraform.InstanceState) error { - st := states[0] - attributes := st.Attributes - err := checkImportCert(t, data, attributes) - if err != nil { - return err - } - err = checkImportedCustomFields(t, data.custom_fields, attributes) - if err != nil { - return err - } - return nil -} - -func checkImportCert(t *testing.T, data *testData, attr map[string]string) error { - certificate := attr["certificate"] - privateKey := attr["private_key_pem"] - err := checkStandardCertInfo(t, data, certificate, privateKey) - if err != nil { - return err - } - return nil -} - -func checkImportedCustomFields(t *testing.T, dataCf string, attr map[string]string) error { - t.Logf("Comparing imported custom fields with the ones in the test file") - - // creating map from string - var customFieldsMap map[string]string - // cleaning data string from special characters - if strings.HasSuffix(dataCf, ",\n") { - dataCf = strings.TrimSuffix(dataCf, ",\n") - } - dataCf = strings.ReplaceAll(dataCf, "\n", "") - dataCf = strings.ReplaceAll(dataCf, "\"", "") - customFieldsRow := strings.Split(dataCf, ",") - customFieldsMap = make(map[string]string) - for _, pair := range customFieldsRow { - z := strings.Split(pair, "=") - customFieldsMap[z[0]] = z[1] - } - for key, value := range customFieldsMap { - keyAttr := fmt.Sprintf("custom_fields.%s", key) - if attr[keyAttr] != value { - return fmt.Errorf("\"%s\" custom field is different, expected: %s, got: %s", key, value, attr[keyAttr]) - } - } - return nil -} - func TestImportCertificateECDSA(t *testing.T) { name := "import.ecdsa" data := getCertTppImportConfig(name) config := fmt.Sprintf(tppCsrServiceConfigImport, tppTokenProviderImportECDSA) importId := fmt.Sprintf("%s,%s", data.cn, data.private_key_password) t.Logf("Testing importing TPP cert:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_certificate.token_tpp_certificate_import", ImportStateId: importId, @@ -1557,10 +1239,10 @@ func TestImportCertificateVaas(t *testing.T) { config := fmt.Sprintf(vaasCsrServiceConfigImport, vaasProviderImport) importId := fmt.Sprintf("%s,%s", pickupId, data.private_key_password) t.Logf("Testing importing VaaS cert:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_certificate.token_vaas_certificate_import", ImportStateId: importId, @@ -1580,38 +1262,38 @@ func TestValidateWrongImportEntries(t *testing.T) { config := fmt.Sprintf(tppCsrServiceConfigImport, tppTokenProviderImport) configWithoutZone := fmt.Sprintf(tppCsrServiceConfigImport, tppTokenProviderImportEmptyZone) t.Logf("Testing importing TPP cert:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_certificate.token_tpp_certificate_import", ImportStateId: fmt.Sprintf("%s,%s,exceeded", data.cn, data.private_key_password), ImportState: true, ExpectError: regexp.MustCompile(importIdFailExceededValues), }, - r.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_certificate.token_tpp_certificate_import", - ImportStateId: fmt.Sprintf("%s", data.cn), + ImportStateId: data.cn, ImportState: true, ExpectError: regexp.MustCompile(importIdFailMissingValues), }, - r.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_certificate.token_tpp_certificate_import", ImportStateId: fmt.Sprintf("%s,", data.cn), ImportState: true, ExpectError: regexp.MustCompile(importKeyPasswordFailEmpty), }, - r.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_certificate.token_tpp_certificate_import", ImportStateId: fmt.Sprintf(",%s", data.private_key_password), ImportState: true, ExpectError: regexp.MustCompile(importPickupIdFailEmpty), }, - r.TestStep{ + resource.TestStep{ Config: configWithoutZone, ResourceName: "venafi_certificate.token_tpp_certificate_import", ImportStateId: fmt.Sprintf("%s,%s", data.cn, data.private_key_password), @@ -1632,21 +1314,21 @@ func TestManyCertsTpp(t *testing.T) { data.dns_ns = "alt-" + data.cn data.dns_ip = "192.168.1.1" data.dns_email = "venafi@example.com" - data.private_key_password = "123xxx" + data.private_key_password = "FooB4rNew4$x" data.key_algo = rsa2048 config := fmt.Sprintf(tppConfig, tppProvider, data.cn, data.dns_ns, data.dns_ip, data.dns_email, data.key_algo, data.private_key_password, data.expiration_window) t.Logf("Testing TPP certificate with RSA key with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) return checkStandardCert(t, &data, s) }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate second run") @@ -1665,7 +1347,7 @@ func TestManyCertsTpp(t *testing.T) { } }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate third run") @@ -1684,7 +1366,7 @@ func TestManyCertsTpp(t *testing.T) { } }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate fourth run") @@ -1703,7 +1385,7 @@ func TestManyCertsTpp(t *testing.T) { } }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate fifth run") @@ -1738,17 +1420,17 @@ func TestManyCertsTppCsrService(t *testing.T) { config := fmt.Sprintf(tppCsrServiceConfig, tokenProvider, data.cn, data.dns_ns, data.private_key_password) t.Logf("Testing TPP certificate with RSA key with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) return checkStandardCert(t, &data, s) }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate second run") @@ -1767,7 +1449,7 @@ func TestManyCertsTppCsrService(t *testing.T) { } }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate third run") @@ -1786,7 +1468,7 @@ func TestManyCertsTppCsrService(t *testing.T) { } }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate fourth run") @@ -1805,7 +1487,7 @@ func TestManyCertsTppCsrService(t *testing.T) { } }, }, - r.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Testing TPP certificate fifth run") @@ -1842,10 +1524,10 @@ func TestTppSansCsrService(t *testing.T) { data.expiration_window = 168 config := fmt.Sprintf(tppCsrServiceConfigWithSans, tokenProvider, data.cn, data.dns_ns, data.dns_ip, data.san_uri, data.private_key_password) t.Logf("Testing TPP Token certificate with Custom Fields with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Issuing TPP certificate with CN", data.cn) diff --git a/venafi/resource_venafi_policy.go b/venafi/resource_venafi_policy.go index d5a79c64..f0c4f7cd 100644 --- a/venafi/resource_venafi_policy.go +++ b/venafi/resource_venafi_policy.go @@ -1,21 +1,22 @@ package venafi import ( + "context" "encoding/json" "fmt" "github.com/Venafi/vcert/v4/pkg/policy" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "io/ioutil" - "log" "regexp" ) func resourceVenafiPolicy() *schema.Resource { return &schema.Resource{ - Create: resourceVenafiPolicyCreate, - Read: resourceVenafiPolicyRead, - Delete: resourceVenafiPolicyDelete, - Exists: resourceVenafiPolicyExists, + CreateContext: resourceVenafiPolicyCreate, + ReadContext: resourceVenafiPolicyRead, + DeleteContext: resourceVenafiPolicyDelete, Schema: map[string]*schema.Schema{ "zone": &schema.Schema{ @@ -32,28 +33,28 @@ func resourceVenafiPolicy() *schema.Resource { }, }, Importer: &schema.ResourceImporter{ - State: resourceVenafiPolicyImport, + StateContext: resourceVenafiPolicyImport, }, } } -func resourceVenafiPolicyCreate(d *schema.ResourceData, meta interface{}) error { - log.Printf("Creating policy\n") +func resourceVenafiPolicyCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + tflog.Info(ctx, "Creating policy\n") - cl, err := getConnection(meta) + cl, err := getConnection(ctx, meta) if err != nil { - return err + return diag.FromErr(err) } zoneName := d.Get("zone").(string) if zoneName == "" { - return fmt.Errorf("zone is empty") + return buildStantardDiagError("zone is empty") } ps := d.Get("policy_specification").(string) if ps == "" { - return fmt.Errorf("policy specification file is empty") + return buildStantardDiagError("policy specification file is empty") } bytes := []byte(ps) @@ -61,12 +62,12 @@ func resourceVenafiPolicyCreate(d *schema.ResourceData, meta interface{}) error var policySpecification policy.PolicySpecification err = json.Unmarshal(bytes, &policySpecification) if err != nil { - return err + return diag.FromErr(err) } _, err = cl.SetPolicy(zoneName, &policySpecification) if err != nil { - return err + return diag.FromErr(err) } d.SetId(zoneName) @@ -76,21 +77,24 @@ func resourceVenafiPolicyCreate(d *schema.ResourceData, meta interface{}) error err = d.Set("policy_specification", stringPS) if err != nil { - return err + return diag.FromErr(err) } return nil } -func resourceVenafiPolicyExists(d *schema.ResourceData, meta interface{}) (bool, error) { +func resourceVenafiPolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + // verify if since policy have been update, if we need to update it in the state our delete it ps, ok := d.GetOk("policy_specification") if !ok { - return false, nil + d.SetId("") + return nil } if ps == nil { - return false, nil + d.SetId("") + return nil } data := []byte(ps.(string)) @@ -98,33 +102,28 @@ func resourceVenafiPolicyExists(d *schema.ResourceData, meta interface{}) (bool, var policySpecification policy.PolicySpecification err := json.Unmarshal(data, &policySpecification) if err != nil { - return false, err + return diag.FromErr(err) } - return true, nil - -} - -func resourceVenafiPolicyRead(d *schema.ResourceData, meta interface{}) error { return nil } -func resourceVenafiPolicyDelete(d *schema.ResourceData, meta interface{}) error { +func resourceVenafiPolicyDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { d.SetId("") return nil } -func resourceVenafiPolicyImport(d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { +func resourceVenafiPolicyImport(ctx context.Context, d *schema.ResourceData, meta interface{}) ([]*schema.ResourceData, error) { id := d.Id() - cl, err := getConnection(meta) + cl, err := getConnection(ctx, meta) if err != nil { return nil, err } - log.Printf("Getting policy\n") + tflog.Info(ctx, "Getting policy\n") ps, err := cl.GetPolicy(id) diff --git a/venafi/resource_venafi_policy_test.go b/venafi/resource_venafi_policy_test.go index b50c0214..c343f73b 100644 --- a/venafi/resource_venafi_policy_test.go +++ b/venafi/resource_venafi_policy_test.go @@ -4,8 +4,8 @@ import ( "encoding/json" "fmt" "github.com/Venafi/vcert/v4/pkg/policy" - r "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "io/ioutil" "os" "strconv" @@ -13,6 +13,7 @@ import ( "testing" ) +//#nosec var ( envVariables = fmt.Sprintf(` variable "TPP_USER" {default = "%s"} @@ -37,7 +38,7 @@ variable "TPP_ACCESS_TOKEN" {default = "%s"} os.Getenv("CLOUD_ZONE"), os.Getenv("TPP_ACCESS_TOKEN")) - tokenProv = environmentVariables + ` + tokenProv = envVariables + ` provider "venafi" { url = "${var.TPP_URL}" access_token = "${var.TPP_ACCESS_TOKEN}" @@ -45,7 +46,7 @@ provider "venafi" { trust_bundle = "${file(var.TRUST_BUNDLE)}" }` - vaasProv = environmentVariables + ` + vaasProv = envVariables + ` provider "venafi" { url = "${var.CLOUD_URL}" api_key = "${var.CLOUD_APIKEY}" @@ -93,10 +94,10 @@ func TestCreateVaasEmptyPolicy(t *testing.T) { config := fmt.Sprintf(vaasPolicyResourceTest, vaasProv, data.zone, data.filePath) t.Logf("Testing Creating empty Zone:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Creating VaaS empty zone: ", data.zone) @@ -115,10 +116,10 @@ func TestCreateVaasPolicy(t *testing.T) { config := fmt.Sprintf(vaasPolicyResourceTest, vaasProv, data.zone, data.filePath) t.Logf("Testing creating VaaS Zone:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Creating VaaS zone: ", data.zone) @@ -201,10 +202,10 @@ func checkCreateVaasPolicy(t *testing.T, data *testData, s *terraform.State, val func TestImportVaasPolicy(t *testing.T) { config := getImportVaasConfig() t.Logf("Testing importing VaaS Zone:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_policy.read_policy", ImportStateId: os.Getenv("CLOUD_POLICY_SAMPLE"), @@ -301,10 +302,10 @@ func TestCreateTppEmptyPolicy(t *testing.T) { config := fmt.Sprintf(tppPolicyResourceTest, tokenProv, data.zone, data.filePath) t.Logf("Testing creating TPP empty Zone:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Creating empty zone: ", data.zone) @@ -325,10 +326,10 @@ func TestCreateTppPolicy(t *testing.T) { config := fmt.Sprintf(tppPolicyResourceTest, tokenProv, data.zone, data.filePath) t.Logf("Testing creating TPP Zone:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { t.Log("Creating TPP zone: ", data.zone) @@ -342,10 +343,10 @@ func TestCreateTppPolicy(t *testing.T) { func TestImportTppPolicy(t *testing.T) { config := getPolicyImportTppConfig() t.Logf("Testing importing TPP Zone:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, ResourceName: "venafi_policy.read_policy", ImportStateId: os.Getenv("TPP_PM_ROOT"), diff --git a/venafi/resource_venafi_ssh_certificate.go b/venafi/resource_venafi_ssh_certificate.go index 50121878..8ddf5c53 100644 --- a/venafi/resource_venafi_ssh_certificate.go +++ b/venafi/resource_venafi_ssh_certificate.go @@ -1,21 +1,22 @@ package venafi import ( + "context" "fmt" "github.com/Venafi/vcert/v4/pkg/certificate" "github.com/Venafi/vcert/v4/pkg/util" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" - "log" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "strings" "time" ) func resourceVenafiSshCertificate() *schema.Resource { return &schema.Resource{ - Create: resourceVenafiSshCertCreate, - Read: resourceVenafiSshCertRead, - Delete: resourceVenafiSshCertDelete, - Exists: resourceVenafiSshCertExists, + CreateContext: resourceVenafiSshCertCreate, + ReadContext: resourceVenafiSshCertRead, + DeleteContext: resourceVenafiSshCertDelete, Schema: map[string]*schema.Schema{ "key_id": &schema.Schema{ @@ -168,24 +169,24 @@ func resourceVenafiSshCertificate() *schema.Resource { } } -func resourceVenafiSshCertCreate(d *schema.ResourceData, meta interface{}) error { +func resourceVenafiSshCertCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { err := validateSshCertValues(d) if err != nil { - return err + return diag.FromErr(err) } - log.Printf("Creating policy\n") + tflog.Info(ctx, "Creating SSH certificate\n") id := d.Get("key_id").(string) method := d.Get("public_key_method").(string) keyPassphrase := d.Get("key_passphrase").(string) - cl, err := getConnection(meta) + cl, err := getConnection(ctx, meta) if err != nil { - return err + return diag.FromErr(err) } req := buildSshCertRequest(d) @@ -202,7 +203,7 @@ func resourceVenafiSshCertCreate(d *schema.ResourceData, meta interface{}) error privateKey, publicKey, err = util.GenerateSshKeyPair(keySize, keyPassphrase, id) if err != nil { - return err + return diag.FromErr(err) } sPubKey = string(publicKey) @@ -213,7 +214,7 @@ func resourceVenafiSshCertCreate(d *schema.ResourceData, meta interface{}) error if pubKeyS == "" { - return fmt.Errorf("public key is empty") + return buildStantardDiagError("public key is empty") } @@ -221,9 +222,8 @@ func resourceVenafiSshCertCreate(d *schema.ResourceData, meta interface{}) error } reqData, err := cl.RequestSSHCertificate(&req) - if err != nil { - return err + return diag.FromErr(err) } d.SetId(reqData.DN) @@ -240,7 +240,7 @@ func resourceVenafiSshCertCreate(d *schema.ResourceData, meta interface{}) error retReq.Timeout = time.Duration(10) * time.Second data, err := cl.RetrieveSSHCertificate(&retReq) if err != nil { - return fmt.Errorf("failed to retrieve certificate: %s", err) + return diag.FromErr(fmt.Errorf("failed to retrieve certificate: %s", err)) } //this case is when the keypair is local generated @@ -255,7 +255,7 @@ func resourceVenafiSshCertCreate(d *schema.ResourceData, meta interface{}) error err = d.Set("public_key", data.PublicKeyData) if err != nil { - return err + return diag.FromErr(err) } if data.PrivateKeyData != "" { @@ -269,70 +269,67 @@ func resourceVenafiSshCertCreate(d *schema.ResourceData, meta interface{}) error err = d.Set("private_key", privKeyS) if err != nil { - return err + return diag.FromErr(err) } } } err = d.Set("certificate", data.CertificateData) if err != nil { - return err + return diag.FromErr(err) } err = d.Set("certificate_type", data.CertificateDetails.CertificateType) if err != nil { - return err + return diag.FromErr(err) } pubKey := fmt.Sprintf("%s:%s", "SHA256", data.CertificateDetails.PublicKeyFingerprintSHA256) err = d.Set("public_key_fingerprint", pubKey) if err != nil { - return err + return diag.FromErr(err) } signingCa := fmt.Sprintf("%s:%s", "SHA256", data.CertificateDetails.CAFingerprintSHA256) err = d.Set("signing_ca", signingCa) if err != nil { - return err + return diag.FromErr(err) } err = d.Set("serial", data.CertificateDetails.SerialNumber) if err != nil { - return err + return diag.FromErr(err) } err = d.Set("valid_from", util.ConvertSecondsToTime(data.CertificateDetails.ValidFrom).String()) if err != nil { - return err + return diag.FromErr(err) } err = d.Set("valid_to", util.ConvertSecondsToTime(data.CertificateDetails.ValidTo).String()) if err != nil { - return err + return diag.FromErr(err) } return nil } -func resourceVenafiSshCertExists(d *schema.ResourceData, meta interface{}) (bool, error) { +func resourceVenafiSshCertRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { certUntyped, ok := d.GetOk("certificate") if !ok { - return false, nil + d.SetId("") + return nil } - certstr := certUntyped.(string) - if certstr == "" { - return false, nil + certStr := certUntyped.(string) + if certStr == "" { + d.SetId("") + return nil } - - return true, nil -} - -func resourceVenafiSshCertRead(d *schema.ResourceData, meta interface{}) error { return nil } -func resourceVenafiSshCertDelete(d *schema.ResourceData, meta interface{}) error { +func resourceVenafiSshCertDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { d.SetId("") return nil } diff --git a/venafi/resource_venafi_ssh_certificate_test.go b/venafi/resource_venafi_ssh_certificate_test.go index 9a39c36c..449562b9 100644 --- a/venafi/resource_venafi_ssh_certificate_test.go +++ b/venafi/resource_venafi_ssh_certificate_test.go @@ -2,9 +2,10 @@ package venafi import ( "fmt" - r "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "os" + "strconv" "strings" "testing" ) @@ -25,7 +26,7 @@ variable "TPP_ACCESS_TOKEN" {default = "%s"} os.Getenv("TRUST_BUNDLE"), os.Getenv("TPP_ACCESS_TOKEN")) - tokenSshCertProv = environmentVariables + ` + tokenSshCertProv = envSshCertVariables + ` provider "venafi" { url = "${var.TPP_URL}" access_token = "${var.TPP_ACCESS_TOKEN}" @@ -34,7 +35,7 @@ provider "venafi" { tppSshCertResourceTest = ` %s -resource "venafi_ssh_certificate" "test1" { +resource "venafi_ssh_certificate" "test" { provider = "venafi" key_id="%s" template="%s" @@ -46,23 +47,10 @@ resource "venafi_ssh_certificate" "test1" { source_address=[ "%s" ] -} - -output "certificate"{ - value = venafi_ssh_certificate.test1.certificate -} -output "public_key"{ - value = venafi_ssh_certificate.test1.public_key -} -output "private_key"{ - value = venafi_ssh_certificate.test1.private_key -} -output "principals"{ - value = venafi_ssh_certificate.test1.principal }` tppSshCertResourceTestNewAttrPrincipals = ` %s -resource "venafi_ssh_certificate" "test2" { +resource "venafi_ssh_certificate" "test-new-principals" { provider = "venafi" key_id="%s" template="%s" @@ -74,23 +62,11 @@ resource "venafi_ssh_certificate" "test2" { source_address=[ "%s" ] -} - -output "certificate"{ - value = venafi_ssh_certificate.test2.certificate -} -output "public_key"{ - value = venafi_ssh_certificate.test2.public_key -} -output "private_key"{ - value = venafi_ssh_certificate.test2.private_key -} -output "principals"{ - value = venafi_ssh_certificate.test2.principals }` ) func TestSshCert(t *testing.T) { + t.Log("Testing creating ssh certificate") data := getTestData() @@ -99,18 +75,14 @@ func TestSshCert(t *testing.T) { // data.principals only holds the values for principals, actually we are testing "principal" attribute defined at the resource. config := fmt.Sprintf(tppSshCertResourceTest, tokenSshCertProv, data.keyId, data.template, data.publicKeyMethod, data.validityPeriod, data.principals, data.sourceAddress) t.Logf("Testing SSH certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, - Check: func(s *terraform.State) error { - err := checkSshCertificate(t, &data, s) - if err != nil { - return err - } - return nil - }, + Check: resource.ComposeTestCheckFunc( + checkSshCertificate("venafi_ssh_certificate.test", t, &data), + ), ExpectNonEmptyPlan: true, }, }, @@ -125,18 +97,14 @@ func TestSshCertNewAttrPrincipals(t *testing.T) { config := fmt.Sprintf(tppSshCertResourceTestNewAttrPrincipals, tokenSshCertProv, data.keyId, data.template, data.publicKeyMethod, data.validityPeriod, data.principals, data.sourceAddress) t.Logf("Testing SSH certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, - Check: func(s *terraform.State) error { - err := checkSshCertificate(t, &data, s) - if err != nil { - return err - } - return nil - }, + Check: resource.ComposeTestCheckFunc( + checkSshCertificate("venafi_ssh_certificate.test-new-principals", t, &data), + ), ExpectNonEmptyPlan: true, }, }, @@ -152,18 +120,14 @@ func TestSshCertLocalPublicKey(t *testing.T) { // data.principals only holds the values for principals, actually we are testing "principal" attribute defined at the resource. config := fmt.Sprintf(tppSshCertResourceTest, tokenSshCertProv, data.keyId, data.template, data.publicKeyMethod, data.validityPeriod, data.principals, data.sourceAddress) t.Logf("Testing SSH certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, - Check: func(s *terraform.State) error { - err := checkSshCertificate(t, &data, s) - if err != nil { - return err - } - return nil - }, + Check: resource.ComposeTestCheckFunc( + checkSshCertificate("venafi_ssh_certificate.test", t, &data), + ), ExpectNonEmptyPlan: true, }, }, @@ -178,71 +142,68 @@ func TestSshCertLocalPublicKeyNewAttrPrincipals(t *testing.T) { config := fmt.Sprintf(tppSshCertResourceTestNewAttrPrincipals, tokenSshCertProv, data.keyId, data.template, data.publicKeyMethod, data.validityPeriod, data.principals, data.sourceAddress) t.Logf("Testing SSH certificate with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, - Check: func(s *terraform.State) error { - err := checkSshCertificate(t, &data, s) - if err != nil { - return err - } - return nil - }, + Check: resource.ComposeTestCheckFunc( + checkSshCertificate("venafi_ssh_certificate.test-new-principals", t, &data), + ), ExpectNonEmptyPlan: true, }, }, }) } -func checkSshCertificate(t *testing.T, data *testData, s *terraform.State) error { - t.Log("Testing SSH certificate with key-id", data.keyId) - certUntyped := s.RootModule().Outputs["certificate"].Value - certificate, ok := certUntyped.(string) - if !ok { - return fmt.Errorf("output for \"certificate\" is not a string") - } - if certificate == "" { - return fmt.Errorf("certificate is empty") - } - - privKeyUntyped := s.RootModule().Outputs["private_key"].Value - privateKey, ok := privKeyUntyped.(string) - if !ok { - return fmt.Errorf("output for \"private key\" is not a string") - } - if privateKey == "" { - return fmt.Errorf("private key is empty") - } +func checkSshCertificate(resourceName string, t *testing.T, data *testData) resource.TestCheckFunc { + return func(s *terraform.State) error { + t.Log("Testing SSH certificate with key-id", data.keyId) + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Not found: %s", resourceName) + } + certificate := rs.Primary.Attributes["certificate"] + if certificate == "" { + return fmt.Errorf("certificate is empty") + } + privateKey := rs.Primary.Attributes["private_key"] + if privateKey == "" { + return fmt.Errorf("private key is empty") + } - pubKeyUntyped := s.RootModule().Outputs["public_key"].Value - publicKey, ok := pubKeyUntyped.(string) - if !ok { - return fmt.Errorf("output for \"certificate\" is not a string") - } - if publicKey == "" { - return fmt.Errorf("certificate is empty") - } + publicKey := rs.Primary.Attributes["public_key"] + if publicKey == "" { + return fmt.Errorf("certificate is empty") + } - principalsUntyped := s.RootModule().Outputs["principals"].Value - principals, ok := principalsUntyped.([]interface{}) - if !ok { - if len(principals) <= 0 { - fmt.Errorf("\"principals\" list is empty") + principalsLengthString := rs.Primary.Attributes["principals.#"] + var principalsLength int + var err error + principalsLength = 0 + if principalsLengthString != "" { + principalsLength, err = strconv.Atoi(principalsLengthString) + if err != nil { + return fmt.Errorf("error getting length: %s", err) + } } - for _, principal := range principals { - principalString, ok := principal.(string) - if !ok { - fmt.Errorf("value inside \"principals\" returned not string value") + if principalsLength == 0 { + var principalLength int + var err error + principalLength = 0 + principalLengthString := rs.Primary.Attributes["principal.#"] + if principalLengthString != "" { + principalLength, err = strconv.Atoi(principalLengthString) + if err != nil { + return fmt.Errorf("error getting length: %s", err) + } } - if principalString == "" { - fmt.Errorf("value inside principals\" is empty string") + if principalLength == 0 && data.principals != "" { + return fmt.Errorf("principal list is empty") } } + return nil } - - return nil } func getTestData() testData { diff --git a/venafi/resource_venafi_ssh_config.go b/venafi/resource_venafi_ssh_config.go index a399fc41..86b5bd7e 100644 --- a/venafi/resource_venafi_ssh_config.go +++ b/venafi/resource_venafi_ssh_config.go @@ -1,16 +1,17 @@ package venafi import ( + "context" "github.com/Venafi/vcert/v4/pkg/certificate" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" ) func resourceVenafiSshConfig() *schema.Resource { return &schema.Resource{ - Create: resourceVenafiSshConfigCreate, - Read: resourceVenafiSshConfigRead, - Delete: resourceVenafiSshConfigDelete, - Exists: resourceVenafiSshConfigExists, + CreateContext: resourceVenafiSshConfigCreate, + ReadContext: resourceVenafiSshConfigRead, + DeleteContext: resourceVenafiSshConfigDelete, Schema: map[string]*schema.Schema{ "template": &schema.Schema{ @@ -34,10 +35,10 @@ func resourceVenafiSshConfig() *schema.Resource { } } -func resourceVenafiSshConfigCreate(d *schema.ResourceData, meta interface{}) error { - cl, err := getConnection(meta) +func resourceVenafiSshConfigCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { + cl, err := getConnection(ctx, meta) if err != nil { - return err + return diag.FromErr(err) } template := d.Get("template").(string) req := &certificate.SshCaTemplateRequest{} @@ -45,55 +46,59 @@ func resourceVenafiSshConfigCreate(d *schema.ResourceData, meta interface{}) err conf, err := cl.RetrieveSshConfig(req) if err != nil { - return err + return diag.FromErr(err) } d.SetId(template) err = d.Set("ca_public_key", conf.CaPublicKey) if err != nil { - return err + return diag.FromErr(err) } if conf.Principals != nil { err = d.Set("principals", conf.Principals) if err != nil { - return err + return diag.FromErr(err) } } return nil } -func resourceVenafiSshConfigExists(d *schema.ResourceData, meta interface{}) (bool, error) { - caPubKeyUntyped, ok := d.GetOk("public_key") - if !ok { - return false, nil - } - - caPubKeyStr := caPubKeyUntyped.(string) - if caPubKeyStr == "" { - return false, nil - } +func resourceVenafiSshConfigRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { principalsUntyped, ok := d.GetOk("principals") if !ok { - return false, nil + d.SetId("") + return nil } - - err := validateStringListFromSchemaAttribute(principalsUntyped, "principals") - if err != nil { - return false, nil + principals, ok := principalsUntyped.([]interface{}) + if !ok { + d.SetId("") + return nil } - return true, nil -} + if len(principals) <= 0 { + d.SetId("") + return nil + } -func resourceVenafiSshConfigRead(d *schema.ResourceData, meta interface{}) error { + for _, principal := range principals { + principalString, ok := principal.(string) + if !ok { + d.SetId("") + return nil + } + if principalString == "" { + d.SetId("") + return nil + } + } return nil } -func resourceVenafiSshConfigDelete(d *schema.ResourceData, meta interface{}) error { +func resourceVenafiSshConfigDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics { d.SetId("") return nil } diff --git a/venafi/resource_venafi_ssh_config_test.go b/venafi/resource_venafi_ssh_config_test.go index 040bc166..ebbed188 100644 --- a/venafi/resource_venafi_ssh_config_test.go +++ b/venafi/resource_venafi_ssh_config_test.go @@ -2,8 +2,8 @@ package venafi import ( "fmt" - r "github.com/hashicorp/terraform-plugin-sdk/helper/resource" - "github.com/hashicorp/terraform-plugin-sdk/terraform" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "os" "testing" ) @@ -24,30 +24,24 @@ variable "TPP_ACCESS_TOKEN" {default = "%s"} os.Getenv("TRUST_BUNDLE"), os.Getenv("TPP_ACCESS_TOKEN")) - tokenSshConfigProv = environmentVariables + ` + tokenSshConfigProv = envSshConfigVariables + ` provider "venafi" { url = "${var.TPP_URL}" access_token = "${var.TPP_ACCESS_TOKEN}" trust_bundle = "${file(var.TRUST_BUNDLE)}" }` - tokenSshConfigProvWihoutAccessToken = environmentVariables + ` -provider "venafi" { - url = "${var.TPP_URL}" - trust_bundle = "${file(var.TRUST_BUNDLE)}" -}` - tppSshConfigResourceTest = ` %s -resource "venafi_ssh_config" "test1" { +resource "venafi_ssh_config" "test" { provider = "venafi" template="%s" } output "ca_public_key"{ - value = venafi_ssh_config.test1.ca_public_key + value = venafi_ssh_config.test.ca_public_key } output "principals"{ - value = venafi_ssh_config.test1.principals + value = venafi_ssh_config.test.principals }` ) @@ -58,10 +52,10 @@ func TestSshConfig(t *testing.T) { config := fmt.Sprintf(tppSshConfigResourceTest, tokenSshConfigProv, data.template) t.Logf("Testing SSH config with config:\n %s", config) - r.Test(t, r.TestCase{ - Providers: testProviders, - Steps: []r.TestStep{ - r.TestStep{ + resource.Test(t, resource.TestCase{ + ProviderFactories: testAccProviderFactories, + Steps: []resource.TestStep{ + resource.TestStep{ Config: config, Check: func(s *terraform.State) error { err := checkSshCaPubKey(t, &data, s) @@ -74,7 +68,6 @@ func TestSshConfig(t *testing.T) { } return nil }, - ExpectNonEmptyPlan: true, }, }, }) diff --git a/venafi/test_util.go b/venafi/test_util.go index b8e0b27e..b58cabd3 100644 --- a/venafi/test_util.go +++ b/venafi/test_util.go @@ -1,11 +1,21 @@ package venafi import ( + "crypto/tls" + "crypto/x509" + "encoding/pem" "fmt" + "github.com/Venafi/vcert/v4/pkg/util" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/v2/terraform" "math/rand" + "os" "path" "path/filepath" "runtime" + "strconv" + "strings" + "testing" "time" ) @@ -14,6 +24,16 @@ const ( policySpecVaas = "/test_files/policy_specification_vaas.json" policySpecTpp = "/test_files/policy_specification_tpp.json" policyReadSpecTpp = "/test_files/policy_specification_tpp_management.json" + issuerHint = "MICROSOFT" + validDays = 30 +) + +var ( + rsa2048 = `algorithm = "RSA" + rsa_bits = "2048"` + + ecdsa521 = `algorithm = "ECDSA" + ecdsa_curve = "P521"` ) func RandAppName() string { @@ -72,3 +92,252 @@ func GetAbsoluteFIlePath(filePath string) string { func RandTppSshCertName() string { return fmt.Sprintf("terraform-provider-%d-%sSSH-cert", time.Now().Unix(), randRunes(4)) } + +func checkStandardCert(t *testing.T, data *testData, s *terraform.State) error { + t.Log("Testing certificate with cn", data.cn) + certUntyped := s.RootModule().Outputs["certificate"].Value + certificate, ok := certUntyped.(string) + if !ok { + return fmt.Errorf("output for \"certificate\" is not a string") + } + + t.Logf("Testing certificate PEM:\n %s", certificate) + if !strings.HasPrefix(certificate, "-----BEGIN CERTIFICATE----") { + return fmt.Errorf("key is missing cert PEM preamble") + } + keyUntyped := s.RootModule().Outputs["private_key"].Value + privateKey, ok := keyUntyped.(string) + if !ok { + return fmt.Errorf("output for \"private_key\" is not a string") + } + + err := checkStandardCertInfo(t, data, certificate, privateKey) + if err != nil { + return err + } + return nil +} + +func checkStandardCertNew(resourceName string, t *testing.T, data *testData) resource.TestCheckFunc { + return func(s *terraform.State) error { + t.Log("Testing certificate with cn", data.cn) + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Not found: %s", resourceName) + } + certificate := rs.Primary.Attributes["certificate"] + + t.Logf("Testing certificate PEM:\n %s", certificate) + if !strings.HasPrefix(certificate, "-----BEGIN CERTIFICATE----") { + return fmt.Errorf("key is missing cert PEM preamble") + } + privateKey := rs.Primary.Attributes["private_key_pem"] + err := checkStandardCertInfo(t, data, certificate, privateKey) + if err != nil { + return err + } + return nil + } +} + +func checkStandardCertInfo(t *testing.T, data *testData, certificate string, privateKey string) error { + block, _ := pem.Decode([]byte(certificate)) + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return fmt.Errorf("error parsing cert: %s", err) + } + if expected, got := data.cn, cert.Subject.CommonName; got != expected { + return fmt.Errorf("incorrect subject common name: expected %v, certificate %v", expected, got) + } + if len(data.dns_ns) > 0 { + if expected, got := []string{data.cn, data.dns_ns}, cert.DNSNames; !sameStringSlice(got, expected) { + return fmt.Errorf("incorrect DNSNames: expected %v, certificate %v", expected, got) + } + } else { + if expected, got := []string{data.cn}, cert.DNSNames; !sameStringSlice(got, expected) { + return fmt.Errorf("incorrect DNSNames: expected %v, certificate %v", expected, got) + } + } + + data.serial = cert.SerialNumber.String() + data.timeCheck = time.Now().String() + + t.Logf("Testing private key PEM:\n %s", privateKey) + privateKeyString, err := util.DecryptPkcs8PrivateKey(privateKey, data.private_key_password) + if err != nil { + return fmt.Errorf("error trying to decrypt key: %s", err) + } + privKeyPEMbytes := []byte(privateKeyString) + + _, err = tls.X509KeyPair([]byte(certificate), privKeyPEMbytes) + if err != nil { + return fmt.Errorf("error comparing certificate and key: %s", err) + } + return nil +} + +func checkCertValidDays(t *testing.T, data *testData, s *terraform.State) error { + t.Log("Testing certificate with cn", data.cn) + certUntyped := s.RootModule().Outputs["certificate"].Value + certificate, ok := certUntyped.(string) + if !ok { + return fmt.Errorf("output for \"certificate\" is not a string") + } + + t.Logf("Testing certificate PEM:\n %s", certificate) + if !strings.HasPrefix(certificate, "-----BEGIN CERTIFICATE----") { + return fmt.Errorf("key is missing cert PEM preamble") + } + block, _ := pem.Decode([]byte(certificate)) + cert, err := x509.ParseCertificate(block.Bytes) + if err != nil { + return fmt.Errorf("error parsing cert: %s", err) + } + + certValidUntil := cert.NotAfter.Format("2006-01-02") + + //need to convert local date on utc, since the certificate' NotAfter value we got on previous step, is on utc + //so for comparing them we need to have both dates on utc. + loc, _ := time.LoadLocation("UTC") + utcNow := time.Now().In(loc) + expectedValidDate := utcNow.AddDate(0, 0, validDays).Format("2006-01-02") + + if expectedValidDate != certValidUntil { + return fmt.Errorf("Expiration date is different than expected, expected: %s, but got %s: ", expectedValidDate, certValidUntil) + } + + return nil +} + +func checkCertExpirationWindowChange(resourceName string, t *testing.T, data *testData) resource.TestCheckFunc { + return func(s *terraform.State) error { + t.Log("Getting expiration_window from terraform state", data.cn) + //gotExpirationWindow := s.RootModule().Outputs["expiration_window"].Value.(string) + rs, ok := s.RootModule().Resources[resourceName] + if !ok { + return fmt.Errorf("Not found: %s", resourceName) + } + gotExpirationWindow := rs.Primary.Attributes["expiration_window"] + expirationWindow := strconv.Itoa(data.expiration_window) + if gotExpirationWindow == expirationWindow { + return fmt.Errorf(fmt.Sprintf("expiration window should have changed during enroll. current: %s got from zone: %s", expirationWindow, gotExpirationWindow)) + } + return nil + } +} + +func checkCertSans(t *testing.T, data *testData, s *terraform.State) error { + t.Log("Getting expiration_window from terraform state", data.cn) + sanUriUntyped := s.RootModule().Outputs["san_uri"].Value + err := validateStringListFromSchemaAttribute(sanUriUntyped, "san_uri") + if err != nil { + return err + } + + sanIpUntyped := s.RootModule().Outputs["san_ip"].Value + err = validateStringListFromSchemaAttribute(sanIpUntyped, "san_ip") + if err != nil { + return err + } + return nil +} + +func getCertTppImportConfig(name string) *testData { + data := testData{} + domain := "venafi.example.com" + data.cn = name + "." + domain + data.dns_ns = "alt-" + data.cn + data.private_key_password = "FooB4rNew4$x" + return &data +} + +func getCustomFields(variableName string) string { + formattedData := "" + + data := os.Getenv(variableName) + entries := strings.Split(data, ",") + for _, value := range entries { + formattedData = formattedData + value + ",\n" + } + return formattedData +} + +func getCertTppImportConfigWithCustomFields() *testData { + data := testData{} + domain := "venafi.example.com" + data.cn = "import.custom_fields" + "." + domain + data.dns_ns = "alt-" + data.cn + data.private_key_password = "FooB4rNew4$x" + cfEnvVarName := "TPP_CUSTOM_FIELDS" + data.custom_fields = getCustomFields(cfEnvVarName) + return &data +} + +func getCertVaasImportConfig() *testData { + data := testData{} + domain := "venafi.example.com" + data.cn = "new.import.vaas" + "." + domain + data.key_algo = rsa2048 + data.private_key_password = "123xxx" + return &data +} + +func checkStandardImportCert(t *testing.T, data *testData, states []*terraform.InstanceState) error { + st := states[0] + attributes := st.Attributes + err := checkImportCert(t, data, attributes) + if err != nil { + return err + } + return nil + +} + +func checkImportTppCertWithCustomFields(t *testing.T, data *testData, states []*terraform.InstanceState) error { + st := states[0] + attributes := st.Attributes + err := checkImportCert(t, data, attributes) + if err != nil { + return err + } + err = checkImportedCustomFields(t, data.custom_fields, attributes) + if err != nil { + return err + } + return nil +} + +func checkImportCert(t *testing.T, data *testData, attr map[string]string) error { + certificate := attr["certificate"] + privateKey := attr["private_key_pem"] + err := checkStandardCertInfo(t, data, certificate, privateKey) + if err != nil { + return err + } + return nil +} + +func checkImportedCustomFields(t *testing.T, dataCf string, attr map[string]string) error { + t.Logf("Comparing imported custom fields with the ones in the test file") + + // creating map from string + var customFieldsMap map[string]string + // cleaning data string from special characters + + dataCf = strings.TrimSuffix(dataCf, ",\n") + dataCf = strings.ReplaceAll(dataCf, "\n", "") + dataCf = strings.ReplaceAll(dataCf, "\"", "") + customFieldsRow := strings.Split(dataCf, ",") + customFieldsMap = make(map[string]string) + for _, pair := range customFieldsRow { + z := strings.Split(pair, "=") + customFieldsMap[z[0]] = z[1] + } + for key, value := range customFieldsMap { + keyAttr := fmt.Sprintf("custom_fields.%s", key) + if attr[keyAttr] != value { + return fmt.Errorf("\"%s\" custom field is different, expected: %s, got: %s", key, value, attr[keyAttr]) + } + } + return nil +} diff --git a/venafi/util.go b/venafi/util.go index 2eb01c74..a072e827 100644 --- a/venafi/util.go +++ b/venafi/util.go @@ -1,15 +1,17 @@ package venafi import ( + "context" "encoding/pem" "fmt" "github.com/Venafi/vcert/v4" "github.com/Venafi/vcert/v4/pkg/certificate" "github.com/Venafi/vcert/v4/pkg/endpoint" "github.com/Venafi/vcert/v4/pkg/util" - "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "github.com/hashicorp/terraform-plugin-log/tflog" + "github.com/hashicorp/terraform-plugin-sdk/v2/diag" + "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" "github.com/pkg/errors" - "log" "math/rand" "strconv" "strings" @@ -139,20 +141,19 @@ func getIssuerHint(is string) string { } -func getConnection(meta interface{}) (endpoint.Connector, error) { +func getConnection(ctx context.Context, meta interface{}) (endpoint.Connector, error) { cfg := meta.(*vcert.Config) cl, err := vcert.NewClient(cfg) if err != nil { - log.Printf(messageVenafiClientInitFailed + err.Error()) + tflog.Error(ctx, messageVenafiClientInitFailed+err.Error()) return nil, err } err = cl.Ping() if err != nil { - log.Printf(messageVenafiPingFailed + err.Error()) + tflog.Error(ctx, messageVenafiPingFailed+err.Error()) return nil, err } - log.Println(messageVenafiPingSuccessful) - + tflog.Info(ctx, messageVenafiPingSuccessful) return cl, nil } @@ -231,8 +232,8 @@ func validateSshCertValues(d *schema.ResourceData) error { kpMethod := d.Get("public_key_method").(string) if kpMethod == "file" { - public_key := d.Get("public_key").(string) - if public_key == "" { + publicKey := d.Get("public_key").(string) + if publicKey == "" { return fmt.Errorf("file public key method is specified but public_key is empty") } } @@ -261,3 +262,7 @@ func validateStringListFromSchemaAttribute(array interface{}, attr string) error } return nil } + +func buildStantardDiagError(msg string) diag.Diagnostics { + return diag.FromErr(fmt.Errorf(msg)) +} diff --git a/website/docs/index.html.markdown b/website/docs/index.html.markdown index d64f1efb..25c2e991 100644 --- a/website/docs/index.html.markdown +++ b/website/docs/index.html.markdown @@ -8,10 +8,13 @@ Venafi is the enterprise platform for Machine Identity Protection. The Venafi pr # Venafi Provider -!> We dropped support for RSA PKCS#1 formatted keys for TLS certificates in version 15.0 and also for EC Keys in version +!> We dropped support for RSA PKCS#1 formatted keys for TLS certificates in version 15.0 and also for EC Keys in version 0.15.4 (you can find out more about this transition in [here](https://github.com/Venafi/vcert/releases/tag/v4.17.0)). For backward compatibility during Terraform state refresh please update to version 0.15.5 or above. +!> As a part for upgrading our provider to SDK version 2, we dropped support for +Terraform version 0.11 and below. + [Venafi](https://www.venafi.com) is the enterprise platform for Machine Identity Protection. The Venafi provider streamlines the process of acquiring SSL/TLS keys and certificates from Venafi services giving assurance of compliance with @@ -32,13 +35,13 @@ issue certificates. The zone is formed by combining the Application Name and Iss ```hcl # Configure the Venafi provider provider "venafi" { - api_key = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" - zone = "Business App\\Enterprise CIT" + api_key = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + zone = "Business App\\Enterprise CIT" } # Generate a key pair and request a certificate resource "venafi_certificate" "webserver" { - # ... + # ... } ``` @@ -60,15 +63,15 @@ policy using the `venafi_policy` resource. ```hcl # Configure the Venafi provider provider "venafi" { - url = "https://tpp.venafi.example" - trust_bundle = "${file("/opt/venafi/bundle.pem")}" - access_token = "p0WTt3sDPbzm2BDIkoJROQ==" - zone = "DevOps\\Terraform" + url = "https://tpp.venafi.example" + trust_bundle = "${file("/opt/venafi/bundle.pem")}" + access_token = "p0WTt3sDPbzm2BDIkoJROQ==" + zone = "DevOps\\Terraform" } # Generate a key pair and request a certificate resource "venafi_certificate" "webserver" { - # ... + # ... } ```