diff --git a/COVERAGE b/COVERAGE index 9777bb15..5afe8055 100644 --- a/COVERAGE +++ b/COVERAGE @@ -1 +1 @@ -65.47 \ No newline at end of file +68.71 \ No newline at end of file diff --git a/Gopkg.lock b/Gopkg.lock index 59ccba63..4ad99dbd 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -2,7 +2,7 @@ [[projects]] - digest = "1:8840f2c1bb4c70a6abca0029dbc7e1117c13910e974e335baf1ad2a1b7bb59e9" + digest = "1:5f9e51efe4c04e8a002e998bda5ab202abcf269e386b8f22f6db448c59ea60fb" name = "github.com/aws/aws-sdk-go" packages = [ "aws", @@ -52,8 +52,8 @@ "service/sts/stsiface", ] pruneopts = "UT" - revision = "a93d31c26045c00c52f58dda4dcad02a3e622534" - version = "v1.15.39" + revision = "0d5157217e4c72d0fc7fabad8e0501d3d5cb768d" + version = "v1.15.41" [[projects]] branch = "master" @@ -73,19 +73,19 @@ [[projects]] branch = "master" - digest = "1:b7084ab24ca47e1563a00b1a8069c6b85f04af9a79f64cfedefeb34ca232b5c6" + digest = "1:6105bbd7d3160cec835e80348bb2c1bc98fb6dc493767fb51c67789d01a0f696" name = "github.com/chanzuckerberg/go-kmsauth" packages = ["."] pruneopts = "UT" - revision = "e3f0a4587e5c8efa985dc42dded379ffcb157242" + revision = "e3137094b7051367282cc65d3987e6030535f66f" [[projects]] branch = "master" - digest = "1:130005f1c9d0aef367f351759a9564f6db3f395d7d8232d59fe88b0aba780549" + digest = "1:8c7c01c627f48355552e75369926bae615cdaa659aab85023612116f60ea4619" name = "github.com/chanzuckerberg/go-misc" packages = ["aws"] pruneopts = "UT" - revision = "2c4bce6e68dfdaecf368785fa51d6162636aca8e" + revision = "fff4f5944f96378315187fa77fe94340d9ebdfb7" [[projects]] digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec" @@ -313,14 +313,14 @@ [[projects]] branch = "master" - digest = "1:4d2869b8df54b3a687c426758d0891720e8bedfa6ff5d472671ce1d31d29bdfb" + digest = "1:75cb7164c3c9e028922e69b10842159549ab96ffc4800ea189c4a6865dc3bc08" name = "golang.org/x/sys" packages = [ "unix", "windows", ] pruneopts = "UT" - revision = "d47a0f3392421c5624713c9a19fe781f651f8a50" + revision = "90868a75fefd03942536221d7c0e2f84ec62a668" [[projects]] digest = "1:e2f64cca6e235f32cd4c2f9be9ae0cda1f8608fc6fdb68936e8d10e4e0bb074d" @@ -351,6 +351,7 @@ "github.com/blang/semver", "github.com/chanzuckerberg/go-kmsauth", "github.com/chanzuckerberg/go-misc/aws", + "github.com/davecgh/go-spew/spew", "github.com/hashicorp/go-getter", "github.com/hashicorp/go-multierror", "github.com/mitchellh/go-homedir", diff --git a/cmd/run.go b/cmd/run.go index 584e0f6c..c0e7b08e 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -1,6 +1,8 @@ package cmd import ( + "context" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials/stscreds" @@ -11,6 +13,7 @@ import ( "github.com/chanzuckerberg/blessclient/pkg/util" kmsauth "github.com/chanzuckerberg/go-kmsauth" cziAWS "github.com/chanzuckerberg/go-misc/aws" + "github.com/davecgh/go-spew/spew" multierror "github.com/hashicorp/go-multierror" homedir "github.com/mitchellh/go-homedir" "github.com/pkg/errors" @@ -29,6 +32,8 @@ var runCmd = &cobra.Command{ SilenceErrors: true, RunE: func(cmd *cobra.Command, args []string) error { log.Debugf("Running blessclient v%s", util.VersionCacheKey()) + ctx := context.Background() + configFile, err := cmd.Flags().GetString("config") if err != nil { return errs.ErrMissingConfig @@ -37,11 +42,13 @@ var runCmd = &cobra.Command{ if err != nil { return errors.Wrapf(err, "Could not expand %s", configFile) } + log.Debugf("Reading config from %s", expandedConfigFile) conf, err := config.FromFile(expandedConfigFile) if err != nil { return err } + log.Debugf("Parsed config is: %s", spew.Sdump(conf)) sess, err := session.NewSessionWithOptions( session.Options{ @@ -57,6 +64,7 @@ var runCmd = &cobra.Command{ mfaTokenProvider := util.TokenProvider("AWS MFA token:") var regionErrors error for _, region := range conf.LambdaConfig.Regions { + log.Debugf("Attempting region %s", region.AWSRegion) awsUserSessionProviderConf := &aws.Config{ Region: aws.String(region.AWSRegion), } @@ -84,7 +92,8 @@ var runCmd = &cobra.Command{ WithSTS(userConf). WithLambda(roleConf) - user, err := awsClient.IAM.GetCurrentUser() + log.Debugf("Getting current aws iam user") + user, err := awsClient.IAM.GetCurrentUser(ctx) if err != nil { return err } @@ -108,7 +117,7 @@ var runCmd = &cobra.Command{ ) client := bless.New(conf).WithAwsClient(awsClient).WithTokenGenerator(tg).WithUsername(*user.UserName) - err = client.RequestCert() + err = client.RequestCert(ctx) if err != nil { log.Errorf("Error in region %s: %s. Attempting other regions is available.", region.AWSRegion, err.Error()) regionErrors = multierror.Append(regionErrors, err) diff --git a/pkg/bless/COVERAGE b/pkg/bless/COVERAGE index 29d753e6..7c6f5285 100644 --- a/pkg/bless/COVERAGE +++ b/pkg/bless/COVERAGE @@ -1 +1 @@ -78.7 \ No newline at end of file +81.1 \ No newline at end of file diff --git a/pkg/bless/client.go b/pkg/bless/client.go index 6a3d1856..6642f803 100644 --- a/pkg/bless/client.go +++ b/pkg/bless/client.go @@ -1,6 +1,7 @@ package bless import ( + "context" "encoding/json" "strings" @@ -9,6 +10,7 @@ import ( "github.com/chanzuckerberg/blessclient/pkg/ssh" "github.com/chanzuckerberg/go-kmsauth" cziAWS "github.com/chanzuckerberg/go-misc/aws" + "github.com/davecgh/go-spew/spew" "github.com/pkg/errors" log "github.com/sirupsen/logrus" ) @@ -65,13 +67,14 @@ type LambdaResponse struct { } // RequestKMSAuthToken requests a new kmsauth token -func (c *Client) RequestKMSAuthToken() (*kmsauth.EncryptedToken, error) { - token, err := c.tg.GetEncryptedToken() +func (c *Client) RequestKMSAuthToken(ctx context.Context) (*kmsauth.EncryptedToken, error) { + token, err := c.tg.GetEncryptedToken(ctx) return token, errors.Wrap(err, "Error requesting kmsauth token") } // RequestCert requests a cert -func (c *Client) RequestCert() error { +func (c *Client) RequestCert(ctx context.Context) error { + log.Debugf("Requesting certificate") payload := &LambdaPayload{ BastionUser: c.username, RemoteUsernames: strings.Join(c.conf.ClientConfig.RemoteUsers, ","), @@ -90,41 +93,46 @@ func (c *Client) RequestCert() error { return err } if isFresh { - log.Info("Cert is already fresh - using it") + log.Debug("Cert is already fresh - using it") return nil } - log.Debug("Requesting new cert") + pubKey, err := s.ReadPublicKey() if err != nil { return err } + log.Debugf("Using public key: %s", string(pubKey)) - token, err := c.RequestKMSAuthToken() + token, err := c.RequestKMSAuthToken(ctx) if err != nil { return err } if token == nil { return errs.ErrMissingKMSAuthToken } + log.Debugf("With KMSAuthToken %s", token.String()) payload.KMSAuthToken = token.String() payload.PublicKeyToSign = string(pubKey) + log.Debugf("Requesting cert with lambda payload %s", spew.Sdump(payload)) payloadB, err := json.Marshal(payload) if err != nil { return errors.Wrap(err, "Could not serialize lambda payload") } - responseBytes, err := c.Aws.Lambda.Execute(c.conf.LambdaConfig.FunctionName, payloadB) + responseBytes, err := c.Aws.Lambda.Execute(ctx, c.conf.LambdaConfig.FunctionName, payloadB) if err != nil { return err } - + log.Debugf("Raw lambda response %s", string(responseBytes)) lambdaReponse := &LambdaResponse{} err = json.Unmarshal(responseBytes, lambdaReponse) if err != nil { return errors.Wrap(err, "Could not deserialize lambda reponse") } + log.Debugf("Parsed lambda response %s", spew.Sdump(lambdaReponse)) + if lambdaReponse.ErrorType != nil { if lambdaReponse.ErrorMessage != nil { return errors.Errorf("bless error: %s: %s", *lambdaReponse.ErrorType, *lambdaReponse.ErrorMessage) diff --git a/pkg/bless/client_test.go b/pkg/bless/client_test.go index 41e6f085..b463cfb7 100644 --- a/pkg/bless/client_test.go +++ b/pkg/bless/client_test.go @@ -1,6 +1,7 @@ package bless_test import ( + "context" "encoding/json" "fmt" "io/ioutil" @@ -34,6 +35,7 @@ type TestSuite struct { encryptOut *kms.EncryptOutput lambdaExecuteOut *lambda.InvokeOutput conf *config.Config + ctx context.Context // cleanup pathsToRemove []string server *httptest.Server @@ -48,6 +50,7 @@ func (ts *TestSuite) TearDownTest() { func (ts *TestSuite) SetupTest() { t := ts.T() a := assert.New(t) + ts.ctx = context.Background() conf, pathsToRemove := testConfig(t) ts.pathsToRemove = pathsToRemove @@ -113,10 +116,10 @@ func (ts *TestSuite) TestEverythingOk() { t := ts.T() a := assert.New(t) - ts.mockKMS.On("Encrypt", mock.Anything).Return(ts.encryptOut, nil) - ts.mockLambda.On("Invoke", mock.Anything).Return(ts.lambdaExecuteOut, nil) + ts.mockKMS.On("EncryptWithContext", mock.Anything).Return(ts.encryptOut, nil) + ts.mockLambda.On("InvokeWithContext", mock.Anything).Return(ts.lambdaExecuteOut, nil) - err := ts.client.RequestCert() + err := ts.client.RequestCert(ts.ctx) a.Nil(err) } @@ -130,7 +133,7 @@ func (ts *TestSuite) TestErrOnMalformedCert() { a.Nil(err) defer os.RemoveAll(certPath) - err = ts.client.RequestCert() + err = ts.client.RequestCert(ts.ctx) a.NotNil(err) a.Contains(err.Error(), "Could not parse cert") } @@ -142,17 +145,17 @@ func (ts *TestSuite) TestFreshCert() { // cert generated as follows: // ssh-keygen -t rsa -f test_key // ssh-keygen -s test_key -I test-cert -O critical:source-address:0.0.0.0/0 -n test-principal -V -520w:-510w test_key.pub - ts.mockKMS.On("Encrypt", mock.Anything).Return(ts.encryptOut, nil) - ts.mockLambda.On("Invoke", mock.Anything).Return(ts.lambdaExecuteOut, nil) + ts.mockKMS.On("EncryptWithContext", mock.Anything).Return(ts.encryptOut, nil) + ts.mockLambda.On("InvokeWithContext", mock.Anything).Return(ts.lambdaExecuteOut, nil) certPath := fmt.Sprintf("%s-cert.pub", ts.conf.ClientConfig.SSHPrivateKey) cert, err := ioutil.ReadFile("testdata/cert") a.Nil(err) err = ioutil.WriteFile(certPath, cert, 0644) a.Nil(err) defer os.RemoveAll(certPath) - err = ts.client.RequestCert() + err = ts.client.RequestCert(ts.ctx) a.Nil(err) - a.True(ts.mockLambda.Mock.AssertNotCalled(t, "Invoke")) + a.True(ts.mockLambda.Mock.AssertNotCalled(t, "InvokeWithContext")) } func (ts *TestSuite) TestBadPrincipalsCert() { @@ -161,17 +164,17 @@ func (ts *TestSuite) TestBadPrincipalsCert() { // cert generated as follows: // ssh-keygen -t rsa -f test_key // ssh-keygen -s test_key -I test-cert -O critical:source-address:0.0.0.0/0 -n test-principal -V -520w:-510w test_key.pub - ts.mockKMS.On("Encrypt", mock.Anything).Return(ts.encryptOut, nil) - ts.mockLambda.On("Invoke", mock.Anything).Return(ts.lambdaExecuteOut, nil) + ts.mockKMS.On("EncryptWithContext", mock.Anything).Return(ts.encryptOut, nil) + ts.mockLambda.On("InvokeWithContext", mock.Anything).Return(ts.lambdaExecuteOut, nil) certPath := fmt.Sprintf("%s-cert.pub", ts.conf.ClientConfig.SSHPrivateKey) cert, err := ioutil.ReadFile("testdata/bad-principal") a.Nil(err) err = ioutil.WriteFile(certPath, cert, 0644) a.Nil(err) defer os.RemoveAll(certPath) - err = ts.client.RequestCert() + err = ts.client.RequestCert(ts.ctx) a.Nil(err) - a.True(ts.mockLambda.Mock.AssertCalled(t, "Invoke", mock.Anything)) + a.True(ts.mockLambda.Mock.AssertCalled(t, "InvokeWithContext", mock.Anything)) } func (ts *TestSuite) TestBadCriticalOptionsCert() { @@ -180,17 +183,17 @@ func (ts *TestSuite) TestBadCriticalOptionsCert() { // cert generated as follows: // ssh-keygen -t rsa -f test_key // ssh-keygen -s test_key -I test-cert -O critical:source-address:0.0.0.0/0 -n test-principal -V -520w:-510w test_key.pub - ts.mockKMS.On("Encrypt", mock.Anything).Return(ts.encryptOut, nil) - ts.mockLambda.On("Invoke", mock.Anything).Return(ts.lambdaExecuteOut, nil) + ts.mockKMS.On("EncryptWithContext", mock.Anything).Return(ts.encryptOut, nil) + ts.mockLambda.On("InvokeWithContext", mock.Anything).Return(ts.lambdaExecuteOut, nil) certPath := fmt.Sprintf("%s-cert.pub", ts.conf.ClientConfig.SSHPrivateKey) cert, err := ioutil.ReadFile("testdata/bad-critical-options") a.Nil(err) err = ioutil.WriteFile(certPath, cert, 0644) a.Nil(err) defer os.RemoveAll(certPath) - err = ts.client.RequestCert() + err = ts.client.RequestCert(ts.ctx) a.Nil(err) - a.True(ts.mockLambda.Mock.AssertCalled(t, "Invoke", mock.Anything)) + a.True(ts.mockLambda.Mock.AssertCalled(t, "InvokeWithContext", mock.Anything)) } func (ts *TestSuite) TestReportsLambdaErrors() { @@ -208,10 +211,10 @@ func (ts *TestSuite) TestReportsLambdaErrors() { Payload: lambdaBytes, } - ts.mockKMS.On("Encrypt", mock.Anything).Return(ts.encryptOut, nil) - ts.mockLambda.On("Invoke", mock.Anything).Return(ts.lambdaExecuteOut, nil) + ts.mockKMS.On("EncryptWithContext", mock.Anything).Return(ts.encryptOut, nil) + ts.mockLambda.On("InvokeWithContext", mock.Anything).Return(ts.lambdaExecuteOut, nil) - err = ts.client.RequestCert() + err = ts.client.RequestCert(ts.ctx) a.NotNil(err) a.Contains(err.Error(), "bless error") a.Contains(err.Error(), *lambdaResponse.ErrorMessage) @@ -233,10 +236,10 @@ func (ts *TestSuite) TestNoCertificateInResponse() { Payload: lambdaBytes, } - ts.mockKMS.On("Encrypt", mock.Anything).Return(ts.encryptOut, nil) - ts.mockLambda.On("Invoke", mock.Anything).Return(ts.lambdaExecuteOut, nil) + ts.mockKMS.On("EncryptWithContext", mock.Anything).Return(ts.encryptOut, nil) + ts.mockLambda.On("InvokeWithContext", mock.Anything).Return(ts.lambdaExecuteOut, nil) - err = ts.client.RequestCert() + err = ts.client.RequestCert(ts.ctx) a.NotNil(err) a.Equal(err, errs.ErrNoCertificateInResponse) } diff --git a/pkg/ssh/ssh.go b/pkg/ssh/ssh.go index 9dac8cfd..3129ee06 100644 --- a/pkg/ssh/ssh.go +++ b/pkg/ssh/ssh.go @@ -13,6 +13,7 @@ import ( "github.com/chanzuckerberg/blessclient/pkg/errs" homedir "github.com/mitchellh/go-homedir" "github.com/pkg/errors" + log "github.com/sirupsen/logrus" "golang.org/x/crypto/ssh" ) @@ -108,7 +109,8 @@ func (s *SSH) IsCertFresh(c *config.Config) (bool, error) { // WriteCert writes a cert to disk func (s *SSH) WriteCert(b []byte) error { - cert := path.Join(s.sshDirectory, fmt.Sprintf("%s-cert.pub", s.keyName)) - err := ioutil.WriteFile(cert, b, 0644) - return errors.Wrapf(err, "Could not write cert to %s", cert) + certPath := path.Join(s.sshDirectory, fmt.Sprintf("%s-cert.pub", s.keyName)) + log.Debugf("Writing cert to %s", certPath) + err := ioutil.WriteFile(certPath, b, 0644) + return errors.Wrapf(err, "Could not write cert to %s", certPath) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go index a4cec5c5..ace51313 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/credentials/endpointcreds/provider.go @@ -65,6 +65,10 @@ type Provider struct { // // If ExpiryWindow is 0 or less it will be ignored. ExpiryWindow time.Duration + + // Optional authorization token value if set will be used as the value of + // the Authorization header of the endpoint credential request. + AuthorizationToken string } // NewProviderClient returns a credentials Provider for retrieving AWS credentials @@ -152,6 +156,9 @@ func (p *Provider) getCredentials() (*getCredentialsOutput, error) { out := &getCredentialsOutput{} req := p.Client.NewRequest(op, nil, out) req.HTTPRequest.Header.Set("Accept", "application/json") + if authToken := p.AuthorizationToken; len(authToken) != 0 { + req.HTTPRequest.Header.Set("Authorization", authToken) + } return out, req.Send() } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go index 5040a2f6..6cd84cd9 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/defaults/defaults.go @@ -112,8 +112,9 @@ func CredProviders(cfg *aws.Config, handlers request.Handlers) []credentials.Pro } const ( - httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" - ecsCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" + httpProviderAuthorizationEnvVar = "AWS_CONTAINER_AUTHORIZATION_TOKEN" + httpProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_FULL_URI" + ecsCredsProviderEnvVar = "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" ) // RemoteCredProvider returns a credentials provider for the default remote @@ -187,6 +188,7 @@ func httpCredProvider(cfg aws.Config, handlers request.Handlers, u string) crede return endpointcreds.NewProviderClient(cfg, handlers, u, func(p *endpointcreds.Provider) { p.ExpiryWindow = 5 * time.Minute + p.AuthorizationToken = os.Getenv(httpProviderAuthorizationEnvVar) }, ) } diff --git a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go index ef5f7329..53457cac 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/ec2metadata/service.go @@ -72,6 +72,7 @@ func NewClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegio cfg, metadata.ClientInfo{ ServiceName: ServiceName, + ServiceID: ServiceName, Endpoint: endpoint, APIVersion: "latest", }, diff --git a/vendor/github.com/aws/aws-sdk-go/aws/version.go b/vendor/github.com/aws/aws-sdk-go/aws/version.go index bdac1de1..13eb1060 100644 --- a/vendor/github.com/aws/aws-sdk-go/aws/version.go +++ b/vendor/github.com/aws/aws-sdk-go/aws/version.go @@ -5,4 +5,4 @@ package aws const SDKName = "aws-sdk-go" // SDKVersion is the version of this SDK -const SDKVersion = "1.15.39" +const SDKVersion = "1.15.41" diff --git a/vendor/github.com/chanzuckerberg/go-kmsauth/Gopkg.lock b/vendor/github.com/chanzuckerberg/go-kmsauth/Gopkg.lock index 537697ce..54b96a5f 100644 --- a/vendor/github.com/chanzuckerberg/go-kmsauth/Gopkg.lock +++ b/vendor/github.com/chanzuckerberg/go-kmsauth/Gopkg.lock @@ -2,7 +2,7 @@ [[projects]] - digest = "1:1b6e1d225ca722f1b19a3116be37f9e1293b76fa564da2fa3c3b8a884f8c64d1" + digest = "1:ecc1f0675a6f2782a68ddded9a7f3c0ddc39c38074fcab9e9ee3992a45313377" name = "github.com/aws/aws-sdk-go" packages = [ "aws", @@ -27,33 +27,41 @@ "internal/sdkuri", "internal/shareddefaults", "private/protocol", + "private/protocol/ec2query", + "private/protocol/eventstream", + "private/protocol/eventstream/eventstreamapi", "private/protocol/json/jsonutil", "private/protocol/jsonrpc", "private/protocol/query", "private/protocol/query/queryutil", "private/protocol/rest", "private/protocol/restjson", + "private/protocol/restxml", "private/protocol/xml/xmlutil", + "service/ec2", + "service/ec2/ec2iface", "service/iam", "service/iam/iamiface", "service/kms", "service/kms/kmsiface", "service/lambda", "service/lambda/lambdaiface", + "service/s3", + "service/s3/s3iface", "service/sts", "service/sts/stsiface", ] pruneopts = "UT" - revision = "3dd4f56d3cb9d194293525540562216f81bd3f27" - version = "v1.15.37" + revision = "d8ab6d22cfd270ded73e7d59feba528ffd963edd" + version = "v1.15.40" [[projects]] branch = "master" - digest = "1:f9f2efde46b70cfd1542eac836f5c3461200c299858f3116de58da4305abc552" + digest = "1:8c7c01c627f48355552e75369926bae615cdaa659aab85023612116f60ea4619" name = "github.com/chanzuckerberg/go-misc" packages = ["aws"] pruneopts = "UT" - revision = "f873512ea14aede5fb0c66af456ea3cea3899579" + revision = "fff4f5944f96378315187fa77fe94340d9ebdfb7" [[projects]] digest = "1:ffe9824d294da03b391f44e1ae8281281b4afc1bdaa9588c9097785e3af10cec" @@ -150,14 +158,14 @@ [[projects]] branch = "master" - digest = "1:e10551220bea6da5274318545537df1012268056be6484b83a3338328050cde0" + digest = "1:575e6cd3c8c00d02a978e6e2ca66f58b013d09bbae6e3b1e37fca9f87b2d8ece" name = "golang.org/x/sys" packages = [ "unix", "windows", ] pruneopts = "UT" - revision = "ee1b12c67af419cf5a9be3bdbeea7fc1c5f32f11" + revision = "f02c79500a9c629cd7cf2f3abadbbf2f5a9161d3" [[projects]] digest = "1:e2f64cca6e235f32cd4c2f9be9ae0cda1f8608fc6fdb68936e8d10e4e0bb074d" diff --git a/vendor/github.com/chanzuckerberg/go-kmsauth/generator.go b/vendor/github.com/chanzuckerberg/go-kmsauth/generator.go index 46ed880f..cccdfa30 100644 --- a/vendor/github.com/chanzuckerberg/go-kmsauth/generator.go +++ b/vendor/github.com/chanzuckerberg/go-kmsauth/generator.go @@ -1,6 +1,7 @@ package kmsauth import ( + "context" "encoding/json" "fmt" "io/ioutil" @@ -143,7 +144,7 @@ func (tg *TokenGenerator) getToken() (*Token, error) { } // GetEncryptedToken returns the encrypted kmsauth token -func (tg *TokenGenerator) GetEncryptedToken() (*EncryptedToken, error) { +func (tg *TokenGenerator) GetEncryptedToken(ctx context.Context) (*EncryptedToken, error) { token, err := tg.getToken() if err != nil { return nil, err @@ -155,6 +156,7 @@ func (tg *TokenGenerator) GetEncryptedToken() (*EncryptedToken, error) { } encryptedStr, err := tg.awsClient.KMS.EncryptBytes( + ctx, tg.AuthKey, tokenBytes, tg.AuthContext.GetKMSContext()) diff --git a/vendor/github.com/chanzuckerberg/go-kmsauth/validator.go b/vendor/github.com/chanzuckerberg/go-kmsauth/validator.go index 8c765217..c0f07189 100644 --- a/vendor/github.com/chanzuckerberg/go-kmsauth/validator.go +++ b/vendor/github.com/chanzuckerberg/go-kmsauth/validator.go @@ -1,6 +1,7 @@ package kmsauth import ( + "context" "encoding/base64" "encoding/json" "time" @@ -45,8 +46,8 @@ func (tv *TokenValidator) validate() error { } // ValidateToken validates a token -func (tv *TokenValidator) ValidateToken(tokenb64 string) error { - token, err := tv.decryptToken(tokenb64) +func (tv *TokenValidator) ValidateToken(ctx context.Context, tokenb64 string) error { + token, err := tv.decryptToken(ctx, tokenb64) if err != nil { return err } @@ -54,12 +55,12 @@ func (tv *TokenValidator) ValidateToken(tokenb64 string) error { } // decryptToken decrypts a token -func (tv *TokenValidator) decryptToken(tokenb64 string) (*Token, error) { +func (tv *TokenValidator) decryptToken(ctx context.Context, tokenb64 string) (*Token, error) { ciphertext, err := base64.StdEncoding.DecodeString(tokenb64) if err != nil { return nil, errors.Wrap(err, "Could not base64 decode token") } - plaintext, keyID, err := tv.AwsClient.KMS.Decrypt(ciphertext, tv.AuthContext.GetKMSContext()) + plaintext, keyID, err := tv.AwsClient.KMS.Decrypt(ctx, ciphertext, tv.AuthContext.GetKMSContext()) if err != nil { return nil, err } diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/COVERAGE b/vendor/github.com/chanzuckerberg/go-misc/aws/COVERAGE index 26291030..0de3e1e8 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/COVERAGE +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/COVERAGE @@ -1 +1 @@ -43.7 \ No newline at end of file +38.2 \ No newline at end of file diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/ec2.go b/vendor/github.com/chanzuckerberg/go-misc/aws/ec2.go index e11adb76..c1ddbb3f 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/ec2.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/ec2.go @@ -1,6 +1,8 @@ package aws import ( + "context" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/service/ec2" @@ -19,10 +21,10 @@ func NewEC2(c client.ConfigProvider, config *aws.Config) *EC2 { } // GetAllInstances will walk all instances and call func for each -func (e *EC2) GetAllInstances(f func(*ec2.Instance)) error { +func (e *EC2) GetAllInstances(ctx context.Context, f func(*ec2.Instance)) error { var err error input := &ec2.DescribeInstancesInput{} - err = e.Svc.DescribeInstancesPages(input, func(output *ec2.DescribeInstancesOutput, lastPage bool) bool { + err = e.Svc.DescribeInstancesPagesWithContext(ctx, input, func(output *ec2.DescribeInstancesOutput, lastPage bool) bool { for _, reservation := range output.Reservations { if reservation == nil { continue diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/ec2_mock.go b/vendor/github.com/chanzuckerberg/go-misc/aws/ec2_mock.go new file mode 100644 index 00000000..ed608ff2 --- /dev/null +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/ec2_mock.go @@ -0,0 +1,32 @@ +package aws + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/ec2" + "github.com/aws/aws-sdk-go/service/ec2/ec2iface" + "github.com/stretchr/testify/mock" +) + +// MockEC2Svc is a mock of the ec2 service +type MockEC2Svc struct { + ec2iface.EC2API + mock.Mock +} + +// NewMockEC2 returns a mock of ec2 +func NewMockEC2() *MockEC2Svc { + return &MockEC2Svc{} +} + +// DescribeInstancesPagesWithContext is a mock +func (m *MockEC2Svc) DescribeInstancesPagesWithContext(ctx aws.Context, in *ec2.DescribeInstancesInput, fn func(*ec2.DescribeInstancesOutput, bool) bool, ro ...request.Option) error { + args := m.Called(in) + out := args.Get(0).(*ec2.DescribeInstancesOutput) + err := args.Error(1) + if err != nil { + return err + } + fn(out, true) + return nil +} diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/iam.go b/vendor/github.com/chanzuckerberg/go-misc/aws/iam.go index 4e716dea..f200160b 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/iam.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/iam.go @@ -1,6 +1,8 @@ package aws import ( + "context" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/client" @@ -20,13 +22,13 @@ func NewIAM(c client.ConfigProvider, config *aws.Config) *IAM { } // GetCurrentUser describes the calling user -func (i *IAM) GetCurrentUser() (*iam.User, error) { - return i.GetUser(nil) +func (i *IAM) GetCurrentUser(ctx context.Context) (*iam.User, error) { + return i.GetUser(ctx, nil) } // GetUser returns the caller aws user -func (i *IAM) GetUser(username *string) (*iam.User, error) { - output, err := i.Svc.GetUser(&iam.GetUserInput{UserName: username}) +func (i *IAM) GetUser(ctx context.Context, username *string) (*iam.User, error) { + output, err := i.Svc.GetUserWithContext(ctx, &iam.GetUserInput{UserName: username}) if err != nil { return nil, errors.Wrap(err, "Can't get your user information from AWS.") } @@ -37,12 +39,12 @@ func (i *IAM) GetUser(username *string) (*iam.User, error) { } // GetMFASerials gets the mfaSerials for the username -func (i *IAM) GetMFASerials(username *string) ([]string, error) { +func (i *IAM) GetMFASerials(ctx context.Context, username *string) ([]string, error) { input := &iam.ListMFADevicesInput{ UserName: username, } serialNumbers := []string{} - err := i.Svc.ListMFADevicesPages(input, func(output *iam.ListMFADevicesOutput, lastPage bool) bool { + err := i.Svc.ListMFADevicesPagesWithContext(ctx, input, func(output *iam.ListMFADevicesOutput, lastPage bool) bool { if output == nil { return true } @@ -68,8 +70,8 @@ func (i *IAM) GetMFASerials(username *string) ([]string, error) { } // GetAnMFASerial returns the first MFA serial on the user, errors if no MFA found -func (i *IAM) GetAnMFASerial(username *string) (string, error) { - serials, err := i.GetMFASerials(username) +func (i *IAM) GetAnMFASerial(ctx context.Context, username *string) (string, error) { + serials, err := i.GetMFASerials(ctx, username) if err != nil { return "", err } @@ -80,21 +82,21 @@ func (i *IAM) GetAnMFASerial(username *string) (string, error) { } // ListAllUsers will get all users in the current account and invoke f for each -func (i *IAM) ListAllUsers(f func(*iam.User)) error { +func (i *IAM) ListAllUsers(ctx context.Context, f func(*iam.User)) error { input := &iam.ListUsersInput{} - i.Svc.ListUsersPages(input, func(output *iam.ListUsersOutput, lastPage bool) bool { + err := i.Svc.ListUsersPagesWithContext(ctx, input, func(output *iam.ListUsersOutput, lastPage bool) bool { for _, u := range output.Users { f(u) } return true }) - return nil + return errors.Wrap(err, "Could not list users") } // GetLoginProfile gets the login profile for this user if it exists -func (i *IAM) GetLoginProfile(username string) (*iam.LoginProfile, error) { +func (i *IAM) GetLoginProfile(ctx context.Context, username string) (*iam.LoginProfile, error) { input := &iam.GetLoginProfileInput{UserName: &username} - output, err := i.Svc.GetLoginProfile(input) + output, err := i.Svc.GetLoginProfileWithContext(ctx, input) if err != nil { return nil, errors.Wrapf(err, "could not get login profile for %s", username) } diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/iam_mock.go b/vendor/github.com/chanzuckerberg/go-misc/aws/iam_mock.go index a061afa4..1ceb68d4 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/iam_mock.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/iam_mock.go @@ -1,6 +1,8 @@ package aws import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/service/iam" "github.com/aws/aws-sdk-go/service/iam/iamiface" "github.com/stretchr/testify/mock" @@ -19,15 +21,15 @@ func NewMockIAM() *MockIAMSvc { return &MockIAMSvc{} } -// GetUser mocks getuser -func (i *MockIAMSvc) GetUser(in *iam.GetUserInput) (*iam.GetUserOutput, error) { +// GetUserWithContext mocks getUserWithContext +func (i *MockIAMSvc) GetUserWithContext(ctx aws.Context, in *iam.GetUserInput, ro ...request.Option) (*iam.GetUserOutput, error) { args := i.Called(in) out := args.Get(0).(*iam.GetUserOutput) return out, args.Error(1) } -// ListMFADevicesPages lists -func (i *MockIAMSvc) ListMFADevicesPages(in *iam.ListMFADevicesInput, fn func(*iam.ListMFADevicesOutput, bool) bool) error { +// ListMFADevicesPagesWithContext lists +func (i *MockIAMSvc) ListMFADevicesPagesWithContext(ctx aws.Context, in *iam.ListMFADevicesInput, fn func(*iam.ListMFADevicesOutput, bool) bool, ro ...request.Option) error { args := i.Called(in) out := args.Get(0).(*iam.ListMFADevicesOutput) err := args.Error(1) @@ -37,3 +39,22 @@ func (i *MockIAMSvc) ListMFADevicesPages(in *iam.ListMFADevicesInput, fn func(*i fn(out, true) return nil } + +// ListUsersPagesWithContext lists +func (i *MockIAMSvc) ListUsersPagesWithContext(ctx aws.Context, in *iam.ListUsersInput, fn func(*iam.ListUsersOutput, bool) bool, ro ...request.Option) error { + args := i.Called(in) + out := args.Get(0).(*iam.ListUsersOutput) + err := args.Error(1) + if err != nil { + return err + } + fn(out, true) + return nil +} + +// GetLoginProfileWithContext gets +func (i *MockIAMSvc) GetLoginProfileWithContext(ctx aws.Context, in *iam.GetLoginProfileInput, ro ...request.Option) (*iam.GetLoginProfileOutput, error) { + args := i.Called(in) + out := args.Get(0).(*iam.GetLoginProfileOutput) + return out, args.Error(1) +} diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/kms.go b/vendor/github.com/chanzuckerberg/go-misc/aws/kms.go index 00160c44..818c62fe 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/kms.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/kms.go @@ -1,6 +1,7 @@ package aws import ( + "context" "encoding/base64" "github.com/aws/aws-sdk-go/aws" @@ -22,10 +23,10 @@ func NewKMS(s *session.Session, conf *aws.Config) *KMS { // EncryptBytes encrypts the plaintext using the keyID key and the given context // result is base64 encoded string -func (k *KMS) EncryptBytes(keyID string, plaintext []byte, context map[string]*string) (string, error) { +func (k *KMS) EncryptBytes(ctx context.Context, keyID string, plaintext []byte, context map[string]*string) (string, error) { input := &kms.EncryptInput{} input.SetKeyId(keyID).SetPlaintext(plaintext).SetEncryptionContext(context) - response, err := k.Svc.Encrypt(input) + response, err := k.Svc.EncryptWithContext(ctx, input) if err != nil { return "", errors.Wrap(err, "KMS encryption failed") } @@ -36,10 +37,10 @@ func (k *KMS) EncryptBytes(keyID string, plaintext []byte, context map[string]*s } // Decrypt decrypts -func (k *KMS) Decrypt(ciphertext []byte, context map[string]*string) ([]byte, string, error) { +func (k *KMS) Decrypt(ctx context.Context, ciphertext []byte, context map[string]*string) ([]byte, string, error) { input := &kms.DecryptInput{} input.SetCiphertextBlob(ciphertext).SetEncryptionContext(context) - response, err := k.Svc.Decrypt(input) + response, err := k.Svc.DecryptWithContext(ctx, input) if err != nil { return nil, "", errors.Wrap(err, "KMS decryption failed") } diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/kms_mock.go b/vendor/github.com/chanzuckerberg/go-misc/aws/kms_mock.go index 38f9aead..80966941 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/kms_mock.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/kms_mock.go @@ -1,6 +1,8 @@ package aws import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/service/kms" "github.com/aws/aws-sdk-go/service/kms/kmsiface" "github.com/stretchr/testify/mock" @@ -17,15 +19,15 @@ func NewMockKMS() *MockKMSSvc { return &MockKMSSvc{} } -// Encrypt mocks Encrypt -func (k *MockKMSSvc) Encrypt(in *kms.EncryptInput) (*kms.EncryptOutput, error) { +// EncryptWithContext mocks Encrypt +func (k *MockKMSSvc) EncryptWithContext(ctx aws.Context, in *kms.EncryptInput, ro ...request.Option) (*kms.EncryptOutput, error) { args := k.Called(in) out := args.Get(0).(*kms.EncryptOutput) return out, args.Error(1) } -// Decrypt decrypts -func (k *MockKMSSvc) Decrypt(in *kms.DecryptInput) (*kms.DecryptOutput, error) { +// DecryptWithContext decrypts +func (k *MockKMSSvc) DecryptWithContext(ctx aws.Context, in *kms.DecryptInput, ro ...request.Option) (*kms.DecryptOutput, error) { args := k.Called(in) out := args.Get(0).(*kms.DecryptOutput) return out, args.Error(1) diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/lambda.go b/vendor/github.com/chanzuckerberg/go-misc/aws/lambda.go index 388a0f9e..a7d5dffb 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/lambda.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/lambda.go @@ -1,6 +1,8 @@ package aws import ( + "context" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/service/lambda" @@ -19,7 +21,7 @@ func NewLambda(c client.ConfigProvider, config *aws.Config) *Lambda { } // Execute executes the given function with the given payload and returns the output -func (l *Lambda) Execute(functionName string, payload []byte) ([]byte, error) { +func (l *Lambda) Execute(ctx context.Context, functionName string, payload []byte) ([]byte, error) { input := &lambda.InvokeInput{} input. SetPayload(payload). @@ -27,7 +29,7 @@ func (l *Lambda) Execute(functionName string, payload []byte) ([]byte, error) { SetInvocationType(lambda.InvocationTypeRequestResponse). SetLogType(lambda.LogTypeTail) - output, err := l.Svc.Invoke(input) + output, err := l.Svc.InvokeWithContext(ctx, input) if err != nil { return nil, errors.Wrapf(err, "Error invoking lambda function %s", functionName) } diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/lambda_mock.go b/vendor/github.com/chanzuckerberg/go-misc/aws/lambda_mock.go index 4723115c..1fdab1d0 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/lambda_mock.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/lambda_mock.go @@ -1,6 +1,8 @@ package aws import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/service/lambda" "github.com/aws/aws-sdk-go/service/lambda/lambdaiface" "github.com/stretchr/testify/mock" @@ -17,8 +19,8 @@ func NewMockLambda() *MockLambdaSvc { return &MockLambdaSvc{} } -// Invoke mocks invoke -func (l *MockLambdaSvc) Invoke(in *lambda.InvokeInput) (*lambda.InvokeOutput, error) { +// InvokeWithContext mocks invoke +func (l *MockLambdaSvc) InvokeWithContext(ctx aws.Context, in *lambda.InvokeInput, ro ...request.Option) (*lambda.InvokeOutput, error) { args := l.Called(in) out := args.Get(0).(*lambda.InvokeOutput) return out, args.Error(1) diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/s3.go b/vendor/github.com/chanzuckerberg/go-misc/aws/s3.go index c442a576..6be8b96b 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/s3.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/s3.go @@ -1,6 +1,8 @@ package aws import ( + "context" + "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/client" "github.com/aws/aws-sdk-go/service/s3" @@ -19,19 +21,19 @@ func NewS3(c client.ConfigProvider, config *aws.Config) *S3 { } // ListBuckets lists buckets -func (s *S3) ListBuckets() (*s3.ListBucketsOutput, error) { +func (s *S3) ListBuckets(ctx context.Context) (*s3.ListBucketsOutput, error) { input := &s3.ListBucketsInput{} - out, err := s.Svc.ListBuckets(input) + out, err := s.Svc.ListBucketsWithContext(ctx, input) return out, errors.Wrap(err, "Error listing s3 buckets") } // GetBucketLocation gets the bucket's location (region) -func (s *S3) GetBucketLocation(bucketName string) (string, error) { +func (s *S3) GetBucketLocation(ctx context.Context, bucketName string) (string, error) { input := &s3.GetBucketLocationInput{ Bucket: aws.String(bucketName), } - out, err := s.Svc.GetBucketLocation(input) + out, err := s.Svc.GetBucketLocationWithContext(ctx, input) if err != nil { return "", errors.Wrapf(err, "Error getting bucket %s location", bucketName) } @@ -47,19 +49,19 @@ func (s *S3) GetBucketLocation(bucketName string) (string, error) { } // GetBucketTagging returns the bucket's tags -func (s *S3) GetBucketTagging(bucketName string) (*s3.GetBucketTaggingOutput, error) { +func (s *S3) GetBucketTagging(ctx context.Context, bucketName string) (*s3.GetBucketTaggingOutput, error) { input := &s3.GetBucketTaggingInput{ Bucket: aws.String(bucketName), } - out, err := s.Svc.GetBucketTagging(input) + out, err := s.Svc.GetBucketTaggingWithContext(ctx, input) return out, errors.Wrapf(err, "Error getting bucket tags for %s", bucketName) } // GetBucketACL gets the bucket's ACL -func (s *S3) GetBucketACL(bucketName string) (*s3.GetBucketAclOutput, error) { +func (s *S3) GetBucketACL(ctx context.Context, bucketName string) (*s3.GetBucketAclOutput, error) { input := &s3.GetBucketAclInput{} input.SetBucket(bucketName) - out, err := s.Svc.GetBucketAcl(input) + out, err := s.Svc.GetBucketAclWithContext(ctx, input) return out, errors.Wrapf(err, "Error getting bucket %s ACL", bucketName) } diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/s3_mock.go b/vendor/github.com/chanzuckerberg/go-misc/aws/s3_mock.go new file mode 100644 index 00000000..2a93c531 --- /dev/null +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/s3_mock.go @@ -0,0 +1,48 @@ +package aws + +import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" + "github.com/aws/aws-sdk-go/service/s3" + "github.com/aws/aws-sdk-go/service/s3/s3iface" + "github.com/stretchr/testify/mock" +) + +// MockS3Svc mocks s3 +type MockS3Svc struct { + s3iface.S3API + mock.Mock +} + +// NewMockS3 mocks s3 +func NewMockS3() *MockS3Svc { + return &MockS3Svc{} +} + +// ListBucketsWithContext lits +func (s *MockS3Svc) ListBucketsWithContext(ctx aws.Context, in *s3.ListBucketsInput, ro ...request.Option) (*s3.ListBucketsOutput, error) { + args := s.Called(in) + out := args.Get(0).(*s3.ListBucketsOutput) + return out, args.Error(1) +} + +// GetBucketLocationWithContext gets +func (s *MockS3Svc) GetBucketLocationWithContext(ctx aws.Context, in *s3.GetBucketLocationInput, ro ...request.Option) (*s3.GetBucketLocationOutput, error) { + args := s.Called(in) + out := args.Get(0).(*s3.GetBucketLocationOutput) + return out, args.Error(1) +} + +// GetBucketTaggingWithContext tags +func (s *MockS3Svc) GetBucketTaggingWithContext(ctx aws.Context, in *s3.GetBucketTaggingInput, ro ...request.Option) (*s3.GetBucketTaggingOutput, error) { + args := s.Called(in) + out := args.Get(0).(*s3.GetBucketTaggingOutput) + return out, args.Error(1) +} + +// GetBucketAclWithContext gets +func (s *MockS3Svc) GetBucketAclWithContext(ctx aws.Context, in *s3.GetBucketAclInput, ro ...request.Option) (*s3.GetBucketAclOutput, error) { + args := s.Called(in) + out := args.Get(0).(*s3.GetBucketAclOutput) + return out, args.Error(1) +} diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/sts.go b/vendor/github.com/chanzuckerberg/go-misc/aws/sts.go index 92460210..05598a1c 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/sts.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/sts.go @@ -1,6 +1,7 @@ package aws import ( + "context" "encoding/json" "io/ioutil" "os" @@ -29,8 +30,8 @@ func NewSTS(c client.ConfigProvider, config *aws.Config) *STS { } // GetSTSToken gets an sts token -func (s *STS) GetSTSToken(input *sts.GetSessionTokenInput) (*sts.Credentials, error) { - output, err := s.Svc.GetSessionToken(input) +func (s *STS) GetSTSToken(ctx context.Context, input *sts.GetSessionTokenInput) (*sts.Credentials, error) { + output, err := s.Svc.GetSessionTokenWithContext(ctx, input) if err != nil { return nil, errors.Wrap(err, "Could not request sts tokens") } @@ -55,6 +56,7 @@ type UserTokenProviderCache struct { } // UserTokenProvider is a token provider that gets sts tokens for a user +// Implementes the credentials.Provider interface type UserTokenProvider struct { credentials.Expiry Client *Client @@ -147,11 +149,12 @@ func (p *UserTokenProvider) Retrieve() (credentials.Value, error) { } if stsCreds == nil { - user, err := p.Client.IAM.GetCurrentUser() + // TODO: is there no better way than context.Background? + user, err := p.Client.IAM.GetCurrentUser(context.Background()) if err != nil { return creds, err } - mfaSerial, err := p.Client.IAM.GetAnMFASerial(user.UserName) + mfaSerial, err := p.Client.IAM.GetAnMFASerial(context.Background(), user.UserName) if err != nil { return creds, err } @@ -161,7 +164,7 @@ func (p *UserTokenProvider) Retrieve() (credentials.Value, error) { } stsTokenInput := &sts.GetSessionTokenInput{} stsTokenInput.SetSerialNumber(mfaSerial).SetTokenCode(token) - stsCreds, err = p.Client.STS.GetSTSToken(stsTokenInput) + stsCreds, err = p.Client.STS.GetSTSToken(context.Background(), stsTokenInput) if err != nil { return creds, err } diff --git a/vendor/github.com/chanzuckerberg/go-misc/aws/sts_mock.go b/vendor/github.com/chanzuckerberg/go-misc/aws/sts_mock.go index 116e6dd4..6351e28d 100644 --- a/vendor/github.com/chanzuckerberg/go-misc/aws/sts_mock.go +++ b/vendor/github.com/chanzuckerberg/go-misc/aws/sts_mock.go @@ -1,6 +1,8 @@ package aws import ( + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/service/sts" "github.com/aws/aws-sdk-go/service/sts/stsiface" "github.com/stretchr/testify/mock" @@ -19,8 +21,8 @@ func NewMockSTS() *MockSTSSvc { return &MockSTSSvc{} } -// GetSessionToken mocks GetSessionToken -func (s *MockSTSSvc) GetSessionToken(in *sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error) { +// GetSessionTokenWithContext mocks GetSessionToken +func (s *MockSTSSvc) GetSessionTokenWithContext(ctx aws.Context, in *sts.GetSessionTokenInput, ro ...request.Option) (*sts.GetSessionTokenOutput, error) { args := s.Called(in) out := args.Get(0).(*sts.GetSessionTokenOutput) return out, args.Error(1) diff --git a/vendor/golang.org/x/sys/unix/mkerrors.sh b/vendor/golang.org/x/sys/unix/mkerrors.sh index 6f4467f3..d6127d17 100755 --- a/vendor/golang.org/x/sys/unix/mkerrors.sh +++ b/vendor/golang.org/x/sys/unix/mkerrors.sh @@ -87,6 +87,7 @@ includes_DragonFly=' #include #include #include +#include #include #include #include @@ -265,6 +266,7 @@ includes_NetBSD=' #include #include #include +#include #include #include #include @@ -391,6 +393,7 @@ ccflags="$@" $2 ~ /^EXTATTR_NAMESPACE_NAMES/ || $2 ~ /^EXTATTR_NAMESPACE_[A-Z]+_STRING/ {next} + $2 !~ /^ECCAPBITS/ && $2 !~ /^ETH_/ && $2 !~ /^EPROC_/ && $2 !~ /^EQUIV_/ && diff --git a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go index 1de69989..bbe6089b 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go @@ -880,6 +880,40 @@ const ( MAP_VPAGETABLE = 0x2000 MCL_CURRENT = 0x1 MCL_FUTURE = 0x2 + MNT_ASYNC = 0x40 + MNT_AUTOMOUNTED = 0x20 + MNT_CMDFLAGS = 0xf0000 + MNT_DEFEXPORTED = 0x200 + MNT_DELEXPORT = 0x20000 + MNT_EXKERB = 0x800 + MNT_EXPORTANON = 0x400 + MNT_EXPORTED = 0x100 + MNT_EXPUBLIC = 0x20000000 + MNT_EXRDONLY = 0x80 + MNT_FORCE = 0x80000 + MNT_IGNORE = 0x800000 + MNT_LAZY = 0x4 + MNT_LOCAL = 0x1000 + MNT_NOATIME = 0x10000000 + MNT_NOCLUSTERR = 0x40000000 + MNT_NOCLUSTERW = 0x80000000 + MNT_NODEV = 0x10 + MNT_NOEXEC = 0x4 + MNT_NOSUID = 0x8 + MNT_NOSYMFOLLOW = 0x400000 + MNT_NOWAIT = 0x2 + MNT_QUOTA = 0x2000 + MNT_RDONLY = 0x1 + MNT_RELOAD = 0x40000 + MNT_ROOTFS = 0x4000 + MNT_SOFTDEP = 0x200000 + MNT_SUIDDIR = 0x100000 + MNT_SYNCHRONOUS = 0x2 + MNT_TRIM = 0x1000000 + MNT_UPDATE = 0x10000 + MNT_USER = 0x8000 + MNT_VISFLAGMASK = 0xf1f0ffff + MNT_WAIT = 0x1 MSG_CMSG_CLOEXEC = 0x1000 MSG_CTRUNC = 0x20 MSG_DONTROUTE = 0x4 diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go index 19316b1d..11472b75 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go +++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go @@ -1020,6 +1020,43 @@ const ( MAP_WIRED = 0x800 MCL_CURRENT = 0x1 MCL_FUTURE = 0x2 + MNT_ASYNC = 0x40 + MNT_BASIC_FLAGS = 0xe782807f + MNT_DEFEXPORTED = 0x200 + MNT_DISCARD = 0x800000 + MNT_EXKERB = 0x800 + MNT_EXNORESPORT = 0x8000000 + MNT_EXPORTANON = 0x400 + MNT_EXPORTED = 0x100 + MNT_EXPUBLIC = 0x10000000 + MNT_EXRDONLY = 0x80 + MNT_EXTATTR = 0x1000000 + MNT_FORCE = 0x80000 + MNT_GETARGS = 0x400000 + MNT_IGNORE = 0x100000 + MNT_LAZY = 0x3 + MNT_LOCAL = 0x1000 + MNT_LOG = 0x2000000 + MNT_NOATIME = 0x4000000 + MNT_NOCOREDUMP = 0x8000 + MNT_NODEV = 0x10 + MNT_NODEVMTIME = 0x40000000 + MNT_NOEXEC = 0x4 + MNT_NOSUID = 0x8 + MNT_NOWAIT = 0x2 + MNT_OP_FLAGS = 0x4d0000 + MNT_QUOTA = 0x2000 + MNT_RDONLY = 0x1 + MNT_RELATIME = 0x20000 + MNT_RELOAD = 0x40000 + MNT_ROOTFS = 0x4000 + MNT_SOFTDEP = 0x80000000 + MNT_SYMPERM = 0x20000000 + MNT_SYNCHRONOUS = 0x2 + MNT_UNION = 0x20 + MNT_UPDATE = 0x10000 + MNT_VISFLAGMASK = 0xff90ffff + MNT_WAIT = 0x1 MSG_BCAST = 0x100 MSG_CMSG_CLOEXEC = 0x800 MSG_CONTROLMBUF = 0x2000000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go index f2cf500f..b207e1cf 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go +++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go @@ -1010,6 +1010,43 @@ const ( MAP_WIRED = 0x800 MCL_CURRENT = 0x1 MCL_FUTURE = 0x2 + MNT_ASYNC = 0x40 + MNT_BASIC_FLAGS = 0xe782807f + MNT_DEFEXPORTED = 0x200 + MNT_DISCARD = 0x800000 + MNT_EXKERB = 0x800 + MNT_EXNORESPORT = 0x8000000 + MNT_EXPORTANON = 0x400 + MNT_EXPORTED = 0x100 + MNT_EXPUBLIC = 0x10000000 + MNT_EXRDONLY = 0x80 + MNT_EXTATTR = 0x1000000 + MNT_FORCE = 0x80000 + MNT_GETARGS = 0x400000 + MNT_IGNORE = 0x100000 + MNT_LAZY = 0x3 + MNT_LOCAL = 0x1000 + MNT_LOG = 0x2000000 + MNT_NOATIME = 0x4000000 + MNT_NOCOREDUMP = 0x8000 + MNT_NODEV = 0x10 + MNT_NODEVMTIME = 0x40000000 + MNT_NOEXEC = 0x4 + MNT_NOSUID = 0x8 + MNT_NOWAIT = 0x2 + MNT_OP_FLAGS = 0x4d0000 + MNT_QUOTA = 0x2000 + MNT_RDONLY = 0x1 + MNT_RELATIME = 0x20000 + MNT_RELOAD = 0x40000 + MNT_ROOTFS = 0x4000 + MNT_SOFTDEP = 0x80000000 + MNT_SYMPERM = 0x20000000 + MNT_SYNCHRONOUS = 0x2 + MNT_UNION = 0x20 + MNT_UPDATE = 0x10000 + MNT_VISFLAGMASK = 0xff90ffff + MNT_WAIT = 0x1 MSG_BCAST = 0x100 MSG_CMSG_CLOEXEC = 0x800 MSG_CONTROLMBUF = 0x2000000 diff --git a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go index 858e2999..fb3ff9bb 100644 --- a/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go +++ b/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go @@ -1000,6 +1000,43 @@ const ( MAP_STACK = 0x2000 MAP_TRYFIXED = 0x400 MAP_WIRED = 0x800 + MNT_ASYNC = 0x40 + MNT_BASIC_FLAGS = 0xe782807f + MNT_DEFEXPORTED = 0x200 + MNT_DISCARD = 0x800000 + MNT_EXKERB = 0x800 + MNT_EXNORESPORT = 0x8000000 + MNT_EXPORTANON = 0x400 + MNT_EXPORTED = 0x100 + MNT_EXPUBLIC = 0x10000000 + MNT_EXRDONLY = 0x80 + MNT_EXTATTR = 0x1000000 + MNT_FORCE = 0x80000 + MNT_GETARGS = 0x400000 + MNT_IGNORE = 0x100000 + MNT_LAZY = 0x3 + MNT_LOCAL = 0x1000 + MNT_LOG = 0x2000000 + MNT_NOATIME = 0x4000000 + MNT_NOCOREDUMP = 0x8000 + MNT_NODEV = 0x10 + MNT_NODEVMTIME = 0x40000000 + MNT_NOEXEC = 0x4 + MNT_NOSUID = 0x8 + MNT_NOWAIT = 0x2 + MNT_OP_FLAGS = 0x4d0000 + MNT_QUOTA = 0x2000 + MNT_RDONLY = 0x1 + MNT_RELATIME = 0x20000 + MNT_RELOAD = 0x40000 + MNT_ROOTFS = 0x4000 + MNT_SOFTDEP = 0x80000000 + MNT_SYMPERM = 0x20000000 + MNT_SYNCHRONOUS = 0x2 + MNT_UNION = 0x20 + MNT_UPDATE = 0x10000 + MNT_VISFLAGMASK = 0xff90ffff + MNT_WAIT = 0x1 MSG_BCAST = 0x100 MSG_CMSG_CLOEXEC = 0x800 MSG_CONTROLMBUF = 0x2000000 diff --git a/vendor/golang.org/x/sys/windows/asm_windows_arm.s b/vendor/golang.org/x/sys/windows/asm_windows_arm.s new file mode 100644 index 00000000..55d8b91a --- /dev/null +++ b/vendor/golang.org/x/sys/windows/asm_windows_arm.s @@ -0,0 +1,11 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +#include "textflag.h" + +TEXT ·getprocaddress(SB),NOSPLIT,$0 + B syscall·getprocaddress(SB) + +TEXT ·loadlibrary(SB),NOSPLIT,$0 + B syscall·loadlibrary(SB) diff --git a/vendor/golang.org/x/sys/windows/types_windows_arm.go b/vendor/golang.org/x/sys/windows/types_windows_arm.go new file mode 100644 index 00000000..74571e36 --- /dev/null +++ b/vendor/golang.org/x/sys/windows/types_windows_arm.go @@ -0,0 +1,22 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package windows + +type WSAData struct { + Version uint16 + HighVersion uint16 + Description [WSADESCRIPTION_LEN + 1]byte + SystemStatus [WSASYS_STATUS_LEN + 1]byte + MaxSockets uint16 + MaxUdpDg uint16 + VendorInfo *byte +} + +type Servent struct { + Name *byte + Aliases **byte + Port uint16 + Proto *byte +}