Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package helmfile for openSUSE:Factory checked in at 2021-02-15 23:18:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/helmfile (Old) and /work/SRC/openSUSE:Factory/.helmfile.new.28504 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "helmfile" Mon Feb 15 23:18:31 2021 rev:18 rq:871650 version:0.138.4 Changes: -------- --- /work/SRC/openSUSE:Factory/helmfile/helmfile.changes 2021-01-30 13:58:05.314429551 +0100 +++ /work/SRC/openSUSE:Factory/.helmfile.new.28504/helmfile.changes 2021-02-15 23:20:46.439796715 +0100 @@ -1,0 +2,18 @@ +Sat Feb 13 11:28:22 UTC 2021 - Manfred Hollstein <manfre...@gmx.net> + +- v0.138.4 + * f24b61f (HEAD, tag: v0.138.4, origin/master, origin/HEAD, master) + Fix error on concurrent go-getter on same URL (#1669) + +- v0.138.3 + * 257c1f6 (HEAD, tag: v0.138.3, origin/master, origin/HEAD, master) + Fix OCI support (#1667) + * 4e1ecb5 Bump variantdev/vals to 0.13.0 (#1666) + +- v0.138.2 + * ad5fba5 (HEAD, tag: v0.138.2, origin/master, origin/HEAD, master) + Bump Helm to v3.5.0. (#1656) + * 0ad62b5 docs: update helm command name (#1635) + * 8487970 fix: dont sent RegistryLogin password via args (#1662) + +------------------------------------------------------------------- Old: ---- helmfile-0.138.1.tar.gz New: ---- helmfile-0.138.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ helmfile.spec ++++++ --- /var/tmp/diff_new_pack.3a4Zqj/_old 2021-02-15 23:20:47.411798166 +0100 +++ /var/tmp/diff_new_pack.3a4Zqj/_new 2021-02-15 23:20:47.415798172 +0100 @@ -16,9 +16,9 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # -%define git_commit 8212b630ff694b300b77cab0d87ca0053a08525e +%define git_commit f24b61f1008702a71eb81d559192fc080c6132ad Name: helmfile -Version: 0.138.1 +Version: 0.138.4 Release: 0 Summary: Deploy Kubernetes Helm Charts License: MIT ++++++ _service ++++++ --- /var/tmp/diff_new_pack.3a4Zqj/_old 2021-02-15 23:20:47.455798232 +0100 +++ /var/tmp/diff_new_pack.3a4Zqj/_new 2021-02-15 23:20:47.455798232 +0100 @@ -5,7 +5,7 @@ <param name="exclude">.git</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> - <param name="revision">v0.138.1</param> + <param name="revision">v0.138.4</param> <param name="changesgenerate">enable</param> </service> <service name="recompress" mode="disabled"> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.3a4Zqj/_old 2021-02-15 23:20:47.475798262 +0100 +++ /var/tmp/diff_new_pack.3a4Zqj/_new 2021-02-15 23:20:47.475798262 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/roboll/helmfile.git</param> - <param name="changesrevision">8212b630ff694b300b77cab0d87ca0053a08525e</param></service></servicedata> + <param name="changesrevision">f24b61f1008702a71eb81d559192fc080c6132ad</param></service></servicedata> ++++++ helmfile-0.138.1.tar.gz -> helmfile-0.138.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/Dockerfile.helm3 new/helmfile-0.138.4/Dockerfile.helm3 --- old/helmfile-0.138.1/Dockerfile.helm3 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/Dockerfile.helm3 2021-02-05 01:02:21.000000000 +0100 @@ -11,10 +11,10 @@ RUN apk add --no-cache ca-certificates git bash curl jq -ARG HELM_VERSION="v3.4.2" +ARG HELM_VERSION="v3.5.0" ARG HELM_LOCATION="https://get.helm.sh"; ARG HELM_FILENAME="helm-${HELM_VERSION}-linux-amd64.tar.gz" -ARG HELM_SHA256="cacde7768420dd41111a4630e047c231afa01f67e49cc0c6429563e024da4b98" +ARG HELM_SHA256="3fff0354d5fba4c73ebd5db59a59db72f8a5bbe1117a0b355b0c2983e98db95b" RUN set -x && \ wget ${HELM_LOCATION}/${HELM_FILENAME} && \ echo Verifying ${HELM_FILENAME}... && \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/README.md new/helmfile-0.138.4/README.md --- old/helmfile-0.138.1/README.md 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/README.md 2021-02-05 01:02:21.000000000 +0100 @@ -461,7 +461,7 @@ apply apply all resources from state file only when there are changes status retrieve status of releases in state file delete DEPRECATED: delete releases from state file (helm delete) - destroy deletes and then purges releases + destroy uninstalls and then purges releases test test releases from state file (helm test) build output compiled helmfile state(s) as YAML list list releases defined in state file @@ -531,11 +531,11 @@ ### destroy -The `helmfile destroy` sub-command deletes and purges all the releases defined in the manifests. +The `helmfile destroy` sub-command uninstalls and purges all the releases defined in the manifests. `helmfile --interactive destroy` instructs Helmfile to request your confirmation before actually deleting releases. -`destroy` basically runs `helm delete --purge` on all the targeted releases. If you don't want purging, use `helmfile delete` instead. +`destroy` basically runs `helm uninstall --purge` on all the targeted releases. If you don't want purging, use `helmfile delete` instead. ### delete (DEPRECATED) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/go.mod new/helmfile-0.138.4/go.mod --- old/helmfile-0.138.1/go.mod 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/go.mod 2021-02-05 01:02:21.000000000 +0100 @@ -26,7 +26,7 @@ github.com/urfave/cli v1.22.5 github.com/variantdev/chartify v0.6.0 github.com/variantdev/dag v0.0.0-20191028002400-bb0b3c785363 - github.com/variantdev/vals v0.12.0 + github.com/variantdev/vals v0.13.0 go.uber.org/multierr v1.6.0 go.uber.org/zap v1.16.0 golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/go.sum new/helmfile-0.138.4/go.sum --- old/helmfile-0.138.1/go.sum 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/go.sum 2021-02-05 01:02:21.000000000 +0100 @@ -630,6 +630,8 @@ github.com/variantdev/dag v0.0.0-20191028002400-bb0b3c785363/go.mod h1:pH1TQsNSLj2uxMo9NNl9zdGy01Wtn+/2MT96BrKmVyE= github.com/variantdev/vals v0.12.0 h1:1fk2nlSzGkoY5/Ij7dyIB6r0eemFGWQMa5TD2ZhDSB8= github.com/variantdev/vals v0.12.0/go.mod h1:KHSazZ2M3pFiwu6mw4O56YdjNatCZpJZkk4s23rexW8= +github.com/variantdev/vals v0.13.0 h1:zdtTBjoWKkUGdFauxETkDVjqWXdjUNwI+ggWcUmpxv8= +github.com/variantdev/vals v0.13.0/go.mod h1:pBwm+vPLQALN6otkNqiT1fUKdWHfjAm4070UkrNLsVA= github.com/vektra/mockery v1.1.2/go.mod h1:VcfZjKaFOPO+MpN4ZvwPjs4c48lkq1o3Ym8yHZJu0jU= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/pkg/helmexec/exec.go new/helmfile-0.138.4/pkg/helmexec/exec.go --- old/helmfile-0.138.1/pkg/helmexec/exec.go 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/pkg/helmexec/exec.go 2021-02-05 01:02:21.000000000 +0100 @@ -166,8 +166,7 @@ repository, "--username", username, - "--password", - password, + "--password-stdin", } buffer := bytes.Buffer{} buffer.Write([]byte(fmt.Sprintf("%s\n", password))) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/pkg/remote/remote.go new/helmfile-0.138.4/pkg/remote/remote.go --- old/helmfile-0.138.1/pkg/remote/remote.go 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/pkg/remote/remote.go 2021-02-05 01:02:21.000000000 +0100 @@ -149,7 +149,7 @@ }, nil } -func (r *Remote) Fetch(goGetterSrc string) (string, error) { +func (r *Remote) Fetch(goGetterSrc string, cacheDirOpt ...string) (string, error) { u, err := Parse(goGetterSrc) if err != nil { return "", err @@ -167,6 +167,11 @@ // This should be shared across variant commands, so that they can share cache for the shared imports cacheBaseDir := DefaultCacheDir + if len(cacheDirOpt) == 1 { + cacheBaseDir = cacheDirOpt[0] + } else if len(cacheDirOpt) > 0 { + return "", fmt.Errorf("[bug] cacheDirOpt's length: want 0 or 1, got %d", len(cacheDirOpt)) + } query := u.RawQuery diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/pkg/state/helmx.go new/helmfile-0.138.4/pkg/state/helmx.go --- old/helmfile-0.138.1/pkg/state/helmx.go 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/pkg/state/helmx.go 2021-02-05 01:02:21.000000000 +0100 @@ -39,7 +39,27 @@ Clean func() } -func (st *HelmState) goGetterChart(chart, dir string, force bool) (string, error) { +func (st *HelmState) downloadChartWithGoGetter(r *ReleaseSpec) (string, error) { + pathElems := []string{ + remote.DefaultCacheDir, + } + + if r.Namespace != "" { + pathElems = append(pathElems, r.Namespace) + } + + if r.KubeContext != "" { + pathElems = append(pathElems, r.KubeContext) + } + + pathElems = append(pathElems, r.Name, r.Chart) + + cacheDir := filepath.Join(pathElems...) + + return st.goGetterChart(r.Chart, r.Directory, cacheDir, r.ForceGoGetter) +} + +func (st *HelmState) goGetterChart(chart, dir, cacheDir string, force bool) (string, error) { if dir != "" && chart == "" { chart = dir } @@ -52,7 +72,7 @@ } else { r := remote.NewRemote(st.logger, st.basePath, st.readFile, directoryExistsAt, fileExistsAt) - fetchedDir, err := r.Fetch(chart) + fetchedDir, err := r.Fetch(chart, cacheDir) if err != nil { return "", fmt.Errorf("fetching %q: %v", chart, err) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/pkg/state/state.go new/helmfile-0.138.4/pkg/state/state.go --- old/helmfile-0.138.1/pkg/state/state.go 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/pkg/state/state.go 2021-02-05 01:02:21.000000000 +0100 @@ -979,17 +979,24 @@ chartName := release.Chart - chartPath, err := st.goGetterChart(chartName, release.Directory, release.ForceGoGetter) + chartPath, err := st.downloadChartWithGoGetter(release) if err != nil { results <- &chartPrepareResult{err: fmt.Errorf("release %q: %w", release.Name, err)} return } chartFetchedByGoGetter := chartPath != chartName - isOCI, chartPath, err := st.getOCIChart(release, dir, helm) - if err != nil { - results <- &chartPrepareResult{err: fmt.Errorf("release %q: %w", release.Name, err)} - return + if !chartFetchedByGoGetter { + ociChartPath, err := st.getOCIChart(release, dir, helm) + if err != nil { + results <- &chartPrepareResult{err: fmt.Errorf("release %q: %w", release.Name, err)} + + return + } + + if ociChartPath != nil { + chartPath = *ociChartPath + } } isLocal := st.directoryExistsAt(normalizeChart(st.basePath, chartName)) @@ -1006,7 +1013,7 @@ skipDepsGlobal := opts.SkipDeps skipDepsRelease := release.SkipDeps != nil && *release.SkipDeps skipDepsDefault := release.SkipDeps == nil && st.HelmDefaults.SkipDeps - skipDeps := !isLocal || skipDepsGlobal || skipDepsRelease || skipDepsDefault || !isOCI + skipDeps := !isLocal || skipDepsGlobal || skipDepsRelease || skipDepsDefault if chartification != nil { c := chartify.New( @@ -2978,21 +2985,14 @@ } } -func (st *HelmState) getOCIChart(release *ReleaseSpec, tempDir string, helm helmexec.Interface) (bool, string, error) { - - isOCI := false - +func (st *HelmState) getOCIChart(release *ReleaseSpec, tempDir string, helm helmexec.Interface) (*string, error) { repo, name := st.GetRepositoryAndNameFromChartName(release.Chart) if repo == nil { - return false, release.Chart, nil - } - - if repo.OCI { - isOCI = true + return nil, nil } - if !isOCI { - return isOCI, release.Chart, nil + if !repo.OCI { + return nil, nil } chartVersion := "latest" @@ -3004,7 +3004,7 @@ err := helm.ChartPull(qualifiedChartName) if err != nil { - return isOCI, release.Chart, err + return nil, err } pathElems := []string{ @@ -3026,9 +3026,10 @@ fullChartPath, err := findChartDirectory(chartPath) if err != nil { - return isOCI, release.Chart, err + return nil, err } chartPath = filepath.Dir(fullChartPath) - return isOCI, chartPath, nil + + return &chartPath, nil } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/helmfile-0.138.1/pkg/state/state_gogetter_test.go new/helmfile-0.138.4/pkg/state/state_gogetter_test.go --- old/helmfile-0.138.1/pkg/state/state_gogetter_test.go 2021-01-28 11:11:12.000000000 +0100 +++ new/helmfile-0.138.4/pkg/state/state_gogetter_test.go 2021-02-05 01:02:21.000000000 +0100 @@ -41,7 +41,7 @@ basePath: d, } - out, err := st.goGetterChart(tc.chart, tc.dir, false) + out, err := st.goGetterChart(tc.chart, tc.dir, "", false) if diff := cmp.Diff(tc.out, out); diff != "" { t.Fatalf("Unexpected out:\n%s", diff) ++++++ vendor.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/Azure/azure-sdk-for-go/services/keyvault/auth/auth.go new/vendor/github.com/Azure/azure-sdk-for-go/services/keyvault/auth/auth.go --- old/vendor/github.com/Azure/azure-sdk-for-go/services/keyvault/auth/auth.go 2021-01-30 11:01:36.000000000 +0100 +++ new/vendor/github.com/Azure/azure-sdk-for-go/services/keyvault/auth/auth.go 1970-01-01 01:00:00.000000000 +0100 @@ -1,77 +0,0 @@ -package auth - -// Copyright (c) Microsoft and contributors. All rights reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// -// See the License for the specific language governing permissions and -// limitations under the License. - -import ( - "os" - "strings" - - "github.com/Azure/go-autorest/autorest" - "github.com/Azure/go-autorest/autorest/azure" - "github.com/Azure/go-autorest/autorest/azure/auth" -) - -// NewAuthorizerFromEnvironment creates a keyvault dataplane Authorizer configured from environment variables in the order: -// 1. Client credentials -// 2. Client certificate -// 3. Username password -// 4. MSI -func NewAuthorizerFromEnvironment() (autorest.Authorizer, error) { - res, err := getResource() - if err != nil { - return nil, err - } - return auth.NewAuthorizerFromEnvironmentWithResource(*res) -} - -// NewAuthorizerFromFile creates a keyvault dataplane Authorizer configured from a configuration file -func NewAuthorizerFromFile(baseURI string) (autorest.Authorizer, error) { - res, err := getResource() - if err != nil { - return nil, err - } - return auth.NewAuthorizerFromFileWithResource(*res) -} - -// NewAuthorizerFromCLI creates a keyvault dataplane Authorizer configured from Azure CLI 2.0 for local development scenarios. -func NewAuthorizerFromCLI() (autorest.Authorizer, error) { - res, err := getResource() - if err != nil { - return nil, err - } - return auth.NewAuthorizerFromCLIWithResource(*res) -} - -func getResource() (*string, error) { - envName := os.Getenv("AZURE_ENVIRONMENT") - var env azure.Environment - var err error - - if envName == "" { - env = azure.PublicCloud - } else { - env, err = azure.EnvironmentFromName(envName) - if err != nil { - return nil, err - } - } - - resource := os.Getenv("AZURE_KEYVAULT_RESOURCE") - if resource == "" { - resource = strings.TrimSuffix(env.KeyVaultEndpoint, "/") - } - - return &resource, nil -} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/variantdev/vals/README.md new/vendor/github.com/variantdev/vals/README.md --- old/vendor/github.com/variantdev/vals/README.md 2021-01-30 11:01:38.000000000 +0100 +++ new/vendor/github.com/variantdev/vals/README.md 2021-02-13 12:31:22.000000000 +0100 @@ -377,15 +377,26 @@ - `ref+azurekeyvault://VAULT-NAME/SECRET-NAME[/VERSION]` VAULT-NAME is either a simple name if operating in AzureCloud (vault.azure.net) or the full endpoint dns name when operating against non-default azure clouds (US Gov Cloud, China Cloud, German Cloud). - -For authentication, the Azure SDK expects credentials in environment variables (see [auth.go](https://godoc.org/github.com/Azure/go-autorest/autorest/azure/auth#NewAuthorizerFromEnvironment)). For example, if using client credentials the required env vars are AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID and possibly AZURE_ENVIRONMENT in case of accessing an azure gov cloud. - Examples: - - `ref+azurekeyvault://my-vault/secret-a` - `ref+azurekeyvault://my-vault/secret-a/ba4f196b15f644cd9e949896a21bab0d` - `ref+azurekeyvault://gov-cloud-test.vault.usgovcloudapi.net/secret-b` +#### Authentication + +Vals aquires Azure credentials though Azure CLI or from environment variables. The easiest way is to run `az login`. Vals can then aquire the current credentials from `az` without further set up. + +Other authentication methods require information to be passed in environment variables. See [Azure SDK docs](https://docs.microsoft.com/en-us/azure/developer/go/azure-sdk-authorization#use-environment-based-authentication) and [auth.go](https://godoc.org/github.com/Azure/go-autorest/autorest/azure/auth#NewAuthorizerFromEnvironment) for the full list of supported environment variables. + +For example, if using client credentials the required env vars are `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID` and possibly `AZURE_ENVIRONMENT` in case of accessing an Azure GovCloud. + +The order in which authentication methods are checked is: +1. Client credentials +2. Client certificate +3. Username/Password +4. Azure CLI or Managed identity (set environment `AZURE_USE_MSI=true` to enabled MSI) + + ## Advanced Usages ### Discriminating config and secrets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/variantdev/vals/go.mod new/vendor/github.com/variantdev/vals/go.mod --- old/vendor/github.com/variantdev/vals/go.mod 2021-01-30 11:01:38.000000000 +0100 +++ new/vendor/github.com/variantdev/vals/go.mod 2021-02-13 12:31:22.000000000 +0100 @@ -5,8 +5,9 @@ require ( cloud.google.com/go v0.70.0 github.com/Azure/azure-sdk-for-go v33.1.0+incompatible + github.com/Azure/go-autorest/autorest v0.9.2 github.com/Azure/go-autorest/autorest/adal v0.8.0 // indirect - github.com/Azure/go-autorest/autorest/azure/auth v0.4.0 // indirect + github.com/Azure/go-autorest/autorest/azure/auth v0.4.0 github.com/aws/aws-sdk-go v1.35.18 github.com/fujiwara/tfstate-lookup v0.0.14 github.com/google/go-cmp v0.5.2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/variantdev/vals/go.sum new/vendor/github.com/variantdev/vals/go.sum --- old/vendor/github.com/variantdev/vals/go.sum 2021-01-30 11:01:38.000000000 +0100 +++ new/vendor/github.com/variantdev/vals/go.sum 2021-02-13 12:31:22.000000000 +0100 @@ -44,10 +44,13 @@ github.com/Azure/azure-sdk-for-go v33.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= +github.com/Azure/go-autorest v1.1.1 h1:4G9tVCqooRY3vDTB2bA1Z01PlSALtnUbji0AfzthUSs= +github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest/autorest v0.1.0/go.mod h1:AKyIcETwSUFxIcs/Wnq/C+kwCtlEYGUVd7FPNb2slmg= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= github.com/Azure/go-autorest/autorest v0.9.2 h1:6AWuh3uWrsZJcNoCHrCF/+g4aKPCU39kaMO6/qrnK/4= github.com/Azure/go-autorest/autorest v0.9.2/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= +github.com/Azure/go-autorest/autorest v0.11.16 h1:3jkFG3SL0fFXmvmPF9Kc8LscIbeXUhmt3yuzUSqv3pI= github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/adal v0.6.0/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/variantdev/vals/pkg/providers/azurekeyvault/azurekeyvault.go new/vendor/github.com/variantdev/vals/pkg/providers/azurekeyvault/azurekeyvault.go --- old/vendor/github.com/variantdev/vals/pkg/providers/azurekeyvault/azurekeyvault.go 2021-01-30 11:01:38.000000000 +0100 +++ new/vendor/github.com/variantdev/vals/pkg/providers/azurekeyvault/azurekeyvault.go 2021-02-13 12:31:22.000000000 +0100 @@ -3,10 +3,12 @@ import ( "context" "fmt" + "os" "strings" "github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault" - kvauth "github.com/Azure/azure-sdk-for-go/services/keyvault/auth" + autorest "github.com/Azure/go-autorest/autorest" + auth "github.com/Azure/go-autorest/autorest/azure/auth" "github.com/variantdev/vals/pkg/api" "gopkg.in/yaml.v3" ) @@ -57,7 +59,7 @@ if p.client != nil { return p.client, nil } - authorizer, err := kvauth.NewAuthorizerFromEnvironment() + authorizer, err := getAuthorizer() if err != nil { return nil, err } @@ -69,6 +71,43 @@ return p.client, nil } +func getAuthorizer() (autorest.Authorizer, error) { + settings, err := auth.GetSettingsFromEnvironment() + if err != nil { + return nil, err + } + + // set up key vault endpoint + resource := os.Getenv("AZURE_KEYVAULT_RESOURCE") + if resource == "" { + resource = strings.TrimSuffix(settings.Environment.KeyVaultEndpoint, "/") + } + settings.Values[auth.Resource] = resource + + // based on Azure SDK EnvironmentSettings.GetAuthorizer() + //1.Client Credentials + if c, e := settings.GetClientCredentials(); e == nil { + return c.Authorizer() + } + + //2. Client Certificate + if c, e := settings.GetClientCertificate(); e == nil { + return c.Authorizer() + } + + //3. Username Password + if c, e := settings.GetUsernamePassword(); e == nil { + return c.Authorizer() + } + + // 4. MSI or CLI + if v := os.Getenv("AZURE_USE_MSI"); v == "true" { + return settings.GetMSI().Authorizer() + } else { + return auth.NewAuthorizerFromCLIWithResource(settings.Values[auth.Resource]) + } +} + type secretSpec struct { vaultBaseURL string secretName string diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/github.com/variantdev/vals/pkg/providers/vault/vault.go new/vendor/github.com/variantdev/vals/pkg/providers/vault/vault.go --- old/vendor/github.com/variantdev/vals/pkg/providers/vault/vault.go 2021-01-30 11:01:38.000000000 +0100 +++ new/vendor/github.com/variantdev/vals/pkg/providers/vault/vault.go 2021-02-13 12:31:22.000000000 +0100 @@ -209,7 +209,14 @@ "secret_id": p.SecretId, } - resp, err := cli.Logical().Write("auth/approle/login", data) + mount_point, ok := os.LookupEnv("VAULT_LOGIN_MOUNT_POINT") + if !ok { + mount_point = "/approle" + } + + auth_path := filepath.Join("auth", mount_point, "login") + + resp, err := cli.Logical().Write(auth_path, data) if err != nil { return nil, err } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor/modules.txt new/vendor/modules.txt --- old/vendor/modules.txt 2021-01-30 11:01:41.000000000 +0100 +++ new/vendor/modules.txt 2021-02-13 12:31:24.000000000 +0100 @@ -13,7 +13,6 @@ ## explicit github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault -github.com/Azure/azure-sdk-for-go/services/keyvault/auth github.com/Azure/azure-sdk-for-go/version # github.com/Azure/go-autorest/autorest v0.9.2 github.com/Azure/go-autorest/autorest @@ -295,7 +294,7 @@ # github.com/variantdev/dag v0.0.0-20191028002400-bb0b3c785363 ## explicit github.com/variantdev/dag/pkg/dag -# github.com/variantdev/vals v0.12.0 +# github.com/variantdev/vals v0.13.0 ## explicit github.com/variantdev/vals github.com/variantdev/vals/pkg/api
