resolve conflicts with main

.github/workflows/actionlint.yaml

@@ -0,0 +1,10 @@
+name: Lint GitHub Actions Workflows
+on:
+  push:
+    paths:
+    - '.github/workflows/**'
+jobs:
+  actionlint:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/actionlint.yaml@main
+

.github/workflows/bulk-dep-upgrades.yaml

@@ -0,0 +1,16 @@
+name: Upgrade dependencies
+on:
+  workflow_dispatch:
+  schedule:
+    # Runs 12:00AM on the first of every month
+    - cron: '0 0 1 * *'
+jobs:
+  upgrade:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/bulk-dependency-updates.yaml@main
+    secrets:
+      VAULT_ECO_GITHUB_TOKEN: ${{ secrets.VAULT_ECO_GITHUB_TOKEN }}
+    with:
+      reviewer-team: hashicorp/vault-ecosystem-applications
+      repository: ${{ github.repository }}
+      run-id: ${{ github.run_id }}

.github/workflows/jira.yaml

@@ -1,72 +1,19 @@
+name: Jira Sync
 on:
   issues:
     types: [opened, closed, deleted, reopened]
   pull_request_target:
     types: [opened, closed, reopened]
   issue_comment: # Also triggers when commenting on a PR from the conversation view
     types: [created]
-
-name: Jira Sync
-
 jobs:
   sync:
-    runs-on: ubuntu-latest
-    name: Jira sync
-    steps:
-    - name: Login
-      uses: atlassian/[email protected]
-      env:
-        JIRA_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
-        JIRA_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
-        JIRA_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
-
-    - name: Preprocess
-      if: github.event.action == 'opened' || github.event.action == 'created'
-      id: preprocess
-      run: |
-        if [[ "${{ github.event_name }}" == "pull_request_target" ]]; then
-          echo "::set-output name=type::PR"
-        else
-          echo "::set-output name=type::ISS"
-        fi
-
-    - name: Create ticket
-      if: github.event.action == 'opened'
-      uses: tomhjp/[email protected]
-      with:
-        project: VAULT
-        issuetype: "GH Issue"
-        summary: "${{ github.event.repository.name }} [${{ steps.preprocess.outputs.type }} #${{ github.event.issue.number || github.event.pull_request.number }}]: ${{ github.event.issue.title || github.event.pull_request.title }}"
-        description: "${{ github.event.issue.body || github.event.pull_request.body }}\n\n_Created from GitHub Action for ${{ github.event.issue.html_url || github.event.pull_request.html_url }} from ${{ github.actor }}_"
-        # customfield_10089 is Issue Link custom field
-        # customfield_10091 is team custom field
-        extraFields: '{"fixVersions": [{"name": "TBD"}], "customfield_10091": ["ecosystem", "applications"], "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"}'
-
-    - name: Search
-      if: github.event.action != 'opened'
-      id: search
-      uses: tomhjp/[email protected]
-      with:
-        # cf[10089] is Issue Link custom field
-        jql: 'project = "VAULT" and cf[10089]="${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
-
-    - name: Sync comment
-      if: github.event.action == 'created' && steps.search.outputs.issue
-      uses: tomhjp/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
-
-    - name: Close ticket
-      if: (github.event.action == 'closed' || github.event.action == 'deleted') && steps.search.outputs.issue
-      uses: atlassian/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: Closed
-
-    - name: Reopen ticket
-      if: github.event.action == 'reopened' && steps.search.outputs.issue
-      uses: atlassian/[email protected]
-      with:
-        issue: ${{ steps.search.outputs.issue }}
-        transition: "Pending Triage"
+    uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main
+    # assuming you use Vault to get secrets
+    # if you use GitHub secrets, use secrets.XYZ instead of steps.secrets.outputs.XYZ
+    secrets:
+      JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }}
+      JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }}
+      JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }}
+    with:
+      teams-array: '["ecosystem", "applications"]'

.github/workflows/tests.yaml

@@ -1,32 +1,7 @@
-name: Tests
-
-# Run this workflow on pushes and manually
-on: [push, workflow_dispatch]
-
+name: Run Tests
+on:
+  push:
 jobs:
-  build:
-    runs-on: ubuntu-latest
-    env:
-      GO111MODULE: on
-    steps:
-      - uses: actions/checkout@v2
-
-      # cache/restore go mod
-      - uses: actions/cache@v2
-        with:
-          path: |
-            ~/.cache/go-build
-            ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - uses: actions/setup-go@v2
-        with:
-          go-version: 1.18.1
-
-      - name: Build
-        run: go build
-
-      - name: Test
-        run: make test
+  run-tests:
+    # using `main` as the ref will keep your workflow up-to-date
+    uses: hashicorp/vault-workflows-common/.github/workflows/tests.yaml@main

.gitignore

@@ -78,3 +78,12 @@ ui/testem.log
 
 # IAM
 vault-tester.json
+local_environment_setup.sh
+
+# Local .terraform directories
+**/.terraform/*
+.terraform.lock.hcl
+
+# .tfstate files
+*.tfstate
+*.tfstate.*

.go-version

@@ -0,0 +1 @@
+1.20.4

CHANGELOG.md

@@ -1,5 +1,62 @@
 ## Unreleased
 
+IMPROVEMENTS:
+* Bump github.com/hashicorp/go-plugin from v1.5.2 to v1.6.0 to enable running the plugin in containers: [GH-207](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/207)
+
+## v0.18.0
+
+IMPROVEMENTS:
+* Updated dependencies [[GH-198](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/198)]:
+   * `github.com/hashicorp/go-hclog` v1.5.0 -> v1.6.2
+   * `github.com/hashicorp/vault/api` v1.9.2 -> v1.11.0
+   * `github.com/hashicorp/vault/sdk` v0.9.2 -> v0.10.2
+   * `golang.org/x/oauth2` v0.11.0 -> v0.16.0
+   * `google.golang.org/api` v0.138.0 -> v0.161.0
+* Bump golang.org/x/crypto from 0.12.0 to 0.17.0: [GH-197](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/197)
+* Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1: [GH-196](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/196)
+* Bump google.golang.org/grpc from 1.57.0 to 1.57.1: [GH-195](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/195)
+* Bump golang.org/x/net from 0.14.0 to 0.17.0: [GH-194](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/194)
+* Bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+incompatible: [GH-199](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/199)
+
+## v0.17.0
+
+CHANGES:
+* Shuffle around operation IDs to present the best generated client library interface [[GH-190](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/190)]
+
+IMPROVEMENTS:
+* Add missing `Query: true` metadata to API definitions [[GH-189](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/189)]
+* Updated dependencies [[GH-191](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/191)]:
+   * `github.com/hashicorp/hcl` v1.0.0 -> v1.0.1-vault-5
+   * `github.com/hashicorp/vault/api` v1.9.1 -> v1.9.2
+   * `github.com/hashicorp/vault/sdk` v0.9.0 -> v0.9.2
+   * `golang.org/x/oauth2` v0.8.0 -> v0.11.0
+   * `google.golang.org/api` v0.124.0 -> v0.138.0
+
+## v0.16.0
+
+IMPROVEMENTS:
+* Enable multiplexing [[GH-172](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/172)]
+* Updated dependencies:
+   * `github.com/hashicorp/go-hclog` v1.4.0 -> v1.5.0
+   * `github.com/hashicorp/vault/api` v1.8.3 -> v1.9.1
+   * `github.com/hashicorp/vault/sdk` v0.7.0 -> v0.9.0
+   * `golang.org/x/oauth2` v0.4.0 -> v0.8.0
+   * `google.golang.org/api` v0.109.0 -> v0.124.0
+
+## v0.15.0
+
+IMPROVEMENTS:
+
+* Added support for impersonated accounts [[GH-129](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/129)}
+
+BUG FIXES:
+
+* Fix issue where IAM bindings were not preserved during policy update [[GH-114](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/114)]
+* Fix issue where duplicate service account keys would be created for rotate root
+  on standby or  [[GH-153](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/153)]
+* Changes user-agent header value to use correct Vault version information and include
+  the plugin type and name in the comment section. [[GH-164](https://github.com/hashicorp/vault-plugin-secrets-gcp/pull/164)]
+
 ## v0.14.0
 
 IMPROVEMENTS:

LICENSE

@@ -1,3 +1,5 @@
+Copyright (c) 2018 HashiCorp, Inc.
+
 Mozilla Public License, version 2.0
 
 1. Definitions

Makefile

@@ -1,62 +1,91 @@
 TOOL?=vault-gcp-secrets-plugin
 TEST?=$$(go list ./... | grep -v /vendor/)
 VETARGS?=-asmdecl -atomic -bool -buildtags -copylocks -methods -nilfunc -printf -rangeloops -shift -structtags -unsafeptr
-EXTERNAL_TOOLS=\
-	github.com/mitchellh/gox \
-	github.com/kardianos/govendor
+EXTERNAL_TOOLS=
 BUILD_TAGS?=${TOOL}
 GOFMT_FILES?=$$(find . -name '*.go' | grep -v vendor)
-# bin generates the releaseable binaries for this plugin
+
+PLUGIN_NAME?=$(shell command ls bin/)
+PLUGIN_DIR?=$$GOPATH/vault-plugins
+PLUGIN_PATH?=local-gcp
+
+# bin generates the releasable binaries for this plugin
+.PHONY: bin
 bin: fmtcheck generate
 	@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/build.sh'"
 
+.PHONY: default
 default: dev
 
 # dev creates binaries for testing Vault locally. These are put
 # into ./bin/ as well as $GOPATH/bin, except for quickdev which
 # is only put into /bin/
+.PHONY: quickdev
 quickdev: generate
-	@CGO_ENABLED=0 go build -i -tags='$(BUILD_TAGS)' -o bin/vault-gcp-auth-plugin
+	@CGO_ENABLED=0 go build -tags='$(BUILD_TAGS)' -o bin/vault-plugin-secrets-gcp cmd/vault-plugin-secrets-gcp/main.go
+.PHONY: dev
 dev: fmtcheck generate
 	@CGO_ENABLED=0 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
+.PHONY: dev-dynamic
 dev-dynamic: generate
 	@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
 
+.PHONY: testcompile
 testcompile: fmtcheck generate
 	@for pkg in $(TEST) ; do \
 		go test -v -c -tags='$(BUILD_TAGS)' $$pkg -parallel=4 ; \
 	done
 
+.PHONY: test
 test:
 	@go test -short ./... $(TESTARGS)
 
-test-acc:
+.PHONY: testacc
+testacc:
 	@go test ./... $(TESTARGS)
 
 # generate runs `go generate` to build the dynamically generated
 # source files.
+.PHONY: generate
 generate:
 	@go generate $(go list ./... | grep -v /vendor/)
 
 # bootstrap the build by downloading additional tools
+.PHONY: bootstrap
 bootstrap:
 	@for tool in  $(EXTERNAL_TOOLS) ; do \
 		echo "Installing/Updating $$tool" ; \
 		go get -u $$tool; \
 	done
 
+.PHONY: fmtcheck
 fmtcheck:
 	@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"
 
+.PHONY: fmt
 fmt:
-	gofmt -w $(GOFMT_FILES)
+	gofmt -w $(GOFMT_FILES) && cd bootstrap/terraform && terraform fmt
 
+.PHONY: update-resources
 update-resources:
 	pushd $(CURDIR)/plugin/iamutil && \
 	go build -o generate ./internal && \
 	./generate && \
 	rm generate && \
 	popd
 
+.PHONY: setup-env
+setup-env:
+	cd bootstrap/terraform && terraform init && terraform apply -auto-approve
+
+.PHONY: teardown-env
+teardown-env:
+	cd bootstrap/terraform && terraform init && terraform destroy -auto-approve
 
-.PHONY: bin default generate test vet bootstrap fmt fmtcheck update-resources
+.PHONY: configure
+configure: dev
+	@./bootstrap/configure.sh \
+	$(PLUGIN_DIR) \
+	$(PLUGIN_NAME) \
+	$(PLUGIN_PATH) \
+	$(GOOGLE_TEST_CREDENTIALS)