chore(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.9 to 1.8.10 #3852
verify-codegen.yaml
on: pull_request
Verify codegen
2m 52s
Annotations
9 errors and 1 warning
Verify codegen:
third_party/VENDOR-LICENSE/github.com/cenkalti/backoff/v3/LICENSE#L1
Please run ./hack/update-codegen.sh.
|
Verify codegen:
third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/client.go#L1
Please run ./hack/update-codegen.sh.
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/client.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/client.go
index 52c991b1..0090321c 100644
--- a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/client.go
+++ b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/client.go
@@ -10,6 +10,7 @@ import (
"crypto/tls"
"encoding/base64"
"encoding/hex"
+ "encoding/json"
"fmt"
"net"
"net/http"
@@ -41,6 +42,7 @@ const (
EnvVaultClientCert = "VAULT_CLIENT_CERT"
EnvVaultClientKey = "VAULT_CLIENT_KEY"
EnvVaultClientTimeout = "VAULT_CLIENT_TIMEOUT"
+ EnvVaultHeaders = "VAULT_HEADERS"
EnvVaultSRVLookup = "VAULT_SRV_LOOKUP"
EnvVaultSkipVerify = "VAULT_SKIP_VERIFY"
EnvVaultNamespace = "VAULT_NAMESPACE"
@@ -665,6 +667,30 @@ func NewClient(c *Config) (*Client, error) {
client.setNamespace(namespace)
}
+ if envHeaders := os.Getenv(EnvVaultHeaders); envHeaders != "" {
+ var result map[string]any
+ err := json.Unmarshal([]byte(envHeaders), &result)
+ if err != nil {
+ return nil, fmt.Errorf("could not unmarshal environment-supplied headers")
+ }
+ var forbiddenHeaders []string
+ for key, value := range result {
+ if strings.HasPrefix(key, "X-Vault-") {
+ forbiddenHeaders = append(forbiddenHeaders, key)
+ continue
+ }
+
+ value, ok := value.(string)
+ if !ok {
+ return nil, fmt.Errorf("environment-supplied headers include non-string values")
+ }
+ client.AddHeader(key, value)
+ }
+ if len(forbiddenHeaders) > 0 {
+ return nil, fmt.Errorf("failed to setup Headers[%s]: Header starting by 'X-Vault-' are for internal usage only", strings.Join(forbiddenHeaders, ", "))
+ }
+ }
+
return client, nil
}
@@ -705,7 +731,7 @@ func (c *Client) SetAddress(addr string) error {
parsedAddr, err := c.config.ParseAddress(addr)
if err != nil {
- return errwrap.Wrapf("failed to set address: {{err}}", err)
+ return fmt.Errorf("failed to set address: %w", err)
}
c.addr = parsedAddr
|
Verify codegen:
third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/lifetime_watcher.go#L1
Please run ./hack/update-codegen.sh.
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/lifetime_watcher.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/lifetime_watcher.go
index 4bc1390b..bdb8fb64 100644
--- a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/lifetime_watcher.go
+++ b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/lifetime_watcher.go
@@ -10,7 +10,7 @@ import (
"sync"
"time"
- "github.com/cenkalti/backoff/v3"
+ "github.com/cenkalti/backoff/v4"
)
var (
|
Verify codegen:
third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/request.go#L1
Please run ./hack/update-codegen.sh.
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/request.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/request.go
index a2d912c6..c0c8dea7 100644
--- a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/request.go
+++ b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/request.go
@@ -7,7 +7,6 @@ import (
"bytes"
"encoding/json"
"io"
- "io/ioutil"
"net/http"
"net/url"
@@ -77,13 +76,13 @@ func (r *Request) ToHTTP() (*http.Request, error) {
// No body
case r.BodyBytes != nil:
- req.Request.Body = ioutil.NopCloser(bytes.NewReader(r.BodyBytes))
+ req.Request.Body = io.NopCloser(bytes.NewReader(r.BodyBytes))
default:
if c, ok := r.Body.(io.ReadCloser); ok {
req.Request.Body = c
} else {
- req.Request.Body = ioutil.NopCloser(r.Body)
+ req.Request.Body = io.NopCloser(r.Body)
}
}
|
Verify codegen:
third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/response.go#L1
Please run ./hack/update-codegen.sh.
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/response.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/response.go
index 2842c125..23246bf7 100644
--- a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/response.go
+++ b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/response.go
@@ -8,7 +8,6 @@ import (
"encoding/json"
"fmt"
"io"
- "io/ioutil"
"net/http"
)
@@ -44,7 +43,7 @@ func (r *Response) Error() error {
}
r.Body.Close()
- r.Body = ioutil.NopCloser(bodyBuf)
+ r.Body = io.NopCloser(bodyBuf)
ns := r.Header.Get(NamespaceHeaderName)
// Build up the error object
|
Verify codegen:
third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/secret.go#L1
Please run ./hack/update-codegen.sh.
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/secret.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/secret.go
index d37bf3cf..7df9f66a 100644
--- a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/secret.go
+++ b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/secret.go
@@ -159,6 +159,10 @@ TOKEN_DONE:
goto DONE
}
+ if s.Data["identity_policies"] == nil {
+ goto DONE
+ }
+
sList, ok := s.Data["identity_policies"].([]string)
if ok {
identityPolicies = sList
|
Verify codegen:
third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sudo_paths.go#L1
Please run ./hack/update-codegen.sh.
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sudo_paths.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sudo_paths.go
index 24beb4bb..d458cbde 100644
--- a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sudo_paths.go
+++ b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sudo_paths.go
@@ -28,6 +28,7 @@ var sudoPaths = map[string]*regexp.Regexp{
"/sys/config/ui/headers": regexp.MustCompile(`^/sys/config/ui/headers/?$`),
"/sys/config/ui/headers/{header}": regexp.MustCompile(`^/sys/config/ui/headers/.+$`),
"/sys/internal/inspect/router/{tag}": regexp.MustCompile(`^/sys/internal/inspect/router/.+$`),
+ "/sys/internal/counters/activity/export": regexp.MustCompile(`^/sys/internal/counters/activity/export$`),
"/sys/leases": regexp.MustCompile(`^/sys/leases$`),
// This entry is a bit wrong... sys/leases/lookup does NOT require sudo. But sys/leases/lookup/ with a trailing
// slash DOES require sudo. But the part of the Vault CLI that uses this logic doesn't pass operation-appropriate
|
Verify codegen:
third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_raft.go#L1
Please run ./hack/update-codegen.sh.
diff --git a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_raft.go b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_raft.go
index 699f6e9f..f0e89627 100644
--- a/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_raft.go
+++ b/third_party/VENDOR-LICENSE/github.com/hashicorp/vault/api/sys_raft.go
@@ -264,7 +264,7 @@ func (c *Sys) RaftSnapshotWithContext(ctx context.Context, snapWriter io.Writer)
continue
}
var b []byte
- b, err = ioutil.ReadAll(t)
+ b, err = io.ReadAll(t)
if err != nil || len(b) == 0 {
return
}
|
Verify codegen
Process completed with exit code 1.
|
Verify codegen
Restore cache failed: Dependencies file is not found in /home/runner/work/policy-controller/policy-controller. Supported file pattern: go.sum
|