Rename PCF auth plugin to CF

command/agent.go

@@ -23,10 +23,10 @@ import (
 	"github.com/hashicorp/vault/command/agent/auth/aws"
 	"github.com/hashicorp/vault/command/agent/auth/azure"
 	"github.com/hashicorp/vault/command/agent/auth/cert"
+	"github.com/hashicorp/vault/command/agent/auth/cf"
 	"github.com/hashicorp/vault/command/agent/auth/gcp"
 	"github.com/hashicorp/vault/command/agent/auth/jwt"
 	"github.com/hashicorp/vault/command/agent/auth/kubernetes"
-	"github.com/hashicorp/vault/command/agent/auth/pcf"
 	"github.com/hashicorp/vault/command/agent/cache"
 	"github.com/hashicorp/vault/command/agent/config"
 	"github.com/hashicorp/vault/command/agent/sink"
@@ -342,6 +342,8 @@ func (c *AgentCommand) Run(args []string) int {
 			method, err = azure.NewAzureAuthMethod(authConfig)
 		case "cert":
 			method, err = cert.NewCertAuthMethod(authConfig)
+		case "cf":
+			method, err = cf.NewCFAuthMethod(authConfig)
 		case "gcp":
 			method, err = gcp.NewGCPAuthMethod(authConfig)
 		case "jwt":
@@ -350,8 +352,8 @@ func (c *AgentCommand) Run(args []string) int {
 			method, err = kubernetes.NewKubernetesAuthMethod(authConfig)
 		case "approle":
 			method, err = approle.NewApproleAuthMethod(authConfig)
-		case "pcf":
-			method, err = pcf.NewPCFAuthMethod(authConfig)
+		case "pcf": // Deprecated.
+			method, err = cf.NewCFAuthMethod(authConfig)
 		default:
 			c.UI.Error(fmt.Sprintf("Unknown auth method %q", config.AutoAuth.Method.Type))
 			return 1

command/agent/auth/pcf/pcf.go → command/agent/auth/cf/cf.go

@@ -1,4 +1,4 @@
-package pcf
+package cf
 
 import (
 	"context"
@@ -8,25 +8,25 @@ import (
 	"os"
 	"time"
 
-	pcf "github.com/hashicorp/vault-plugin-auth-pcf"
-	"github.com/hashicorp/vault-plugin-auth-pcf/signatures"
+	cf "github.com/hashicorp/vault-plugin-auth-cf"
+	"github.com/hashicorp/vault-plugin-auth-cf/signatures"
 	"github.com/hashicorp/vault/api"
 	"github.com/hashicorp/vault/command/agent/auth"
 )
 
-type pcfMethod struct {
+type cfMethod struct {
 	mountPath string
 	roleName  string
 }
 
-func NewPCFAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) {
+func NewCFAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) {
 	if conf == nil {
 		return nil, errors.New("empty config")
 	}
 	if conf.Config == nil {
 		return nil, errors.New("empty config data")
 	}
-	a := &pcfMethod{
+	a := &cfMethod{
 		mountPath: conf.MountPath,
 	}
 	if raw, ok := conf.Config["role"]; ok {
@@ -41,18 +41,18 @@ func NewPCFAuthMethod(conf *auth.AuthConfig) (auth.AuthMethod, error) {
 	return a, nil
 }
 
-func (p *pcfMethod) Authenticate(ctx context.Context, client *api.Client) (string, map[string]interface{}, error) {
-	pathToClientCert := os.Getenv(pcf.EnvVarInstanceCertificate)
+func (p *cfMethod) Authenticate(ctx context.Context, client *api.Client) (string, map[string]interface{}, error) {
+	pathToClientCert := os.Getenv(cf.EnvVarInstanceCertificate)
 	if pathToClientCert == "" {
-		return "", nil, fmt.Errorf("missing %q value", pcf.EnvVarInstanceCertificate)
+		return "", nil, fmt.Errorf("missing %q value", cf.EnvVarInstanceCertificate)
 	}
 	certBytes, err := ioutil.ReadFile(pathToClientCert)
 	if err != nil {
 		return "", nil, err
 	}
-	pathToClientKey := os.Getenv(pcf.EnvVarInstanceKey)
+	pathToClientKey := os.Getenv(cf.EnvVarInstanceKey)
 	if pathToClientKey == "" {
-		return "", nil, fmt.Errorf("missing %q value", pcf.EnvVarInstanceKey)
+		return "", nil, fmt.Errorf("missing %q value", cf.EnvVarInstanceKey)
 	}
 	signingTime := time.Now().UTC()
 	signatureData := &signatures.SignatureData{
@@ -73,10 +73,10 @@ func (p *pcfMethod) Authenticate(ctx context.Context, client *api.Client) (strin
 	return fmt.Sprintf("%s/login", p.mountPath), data, nil
 }
 
-func (p *pcfMethod) NewCreds() chan struct{} {
+func (p *cfMethod) NewCreds() chan struct{} {
 	return nil
 }
 
-func (p *pcfMethod) CredSuccess() {}
+func (p *cfMethod) CredSuccess() {}
 
-func (p *pcfMethod) Shutdown() {}
+func (p *cfMethod) Shutdown() {}

command/agent/pcf_end_to_end_test.go → command/agent/cf_end_to_end_test.go

@@ -9,12 +9,12 @@ import (
 
 	hclog "github.com/hashicorp/go-hclog"
 	log "github.com/hashicorp/go-hclog"
-	credPCF "github.com/hashicorp/vault-plugin-auth-pcf"
-	"github.com/hashicorp/vault-plugin-auth-pcf/testing/certificates"
-	pcfAPI "github.com/hashicorp/vault-plugin-auth-pcf/testing/pcf"
+	credCF "github.com/hashicorp/vault-plugin-auth-cf"
+	"github.com/hashicorp/vault-plugin-auth-cf/testing/certificates"
+	cfAPI "github.com/hashicorp/vault-plugin-auth-cf/testing/cf"
 	"github.com/hashicorp/vault/api"
 	"github.com/hashicorp/vault/command/agent/auth"
-	agentpcf "github.com/hashicorp/vault/command/agent/auth/pcf"
+	agentcf "github.com/hashicorp/vault/command/agent/auth/cf"
 	"github.com/hashicorp/vault/command/agent/sink"
 	"github.com/hashicorp/vault/command/agent/sink/file"
 	vaulthttp "github.com/hashicorp/vault/http"
@@ -23,15 +23,15 @@ import (
 	"github.com/hashicorp/vault/vault"
 )
 
-func TestPCFEndToEnd(t *testing.T) {
+func TestCFEndToEnd(t *testing.T) {
 	logger := logging.NewVaultLogger(hclog.Trace)
 
 	coreConfig := &vault.CoreConfig{
 		DisableMlock: true,
 		DisableCache: true,
 		Logger:       log.NewNullLogger(),
 		CredentialBackends: map[string]logical.Factory{
-			"pcf": credPCF.Factory,
+			"cf": credCF.Factory,
 		},
 	}
 
@@ -45,60 +45,60 @@ func TestPCFEndToEnd(t *testing.T) {
 	cores := cluster.Cores
 	vault.TestWaitActive(t, cores[0].Core)
 	client := cores[0].Client
-	if err := client.Sys().EnableAuthWithOptions("pcf", &api.EnableAuthOptions{
-		Type: "pcf",
+	if err := client.Sys().EnableAuthWithOptions("cf", &api.EnableAuthOptions{
+		Type: "cf",
 	}); err != nil {
 		t.Fatal(err)
 	}
 
 	testIPAddress := "127.0.0.1"
 
-	// Generate some valid certs that look like the ones we get from PCF.
-	testPCFCerts, err := certificates.Generate(pcfAPI.FoundServiceGUID, pcfAPI.FoundOrgGUID, pcfAPI.FoundSpaceGUID, pcfAPI.FoundAppGUID, testIPAddress)
+	// Generate some valid certs that look like the ones we get from CF.
+	testCFCerts, err := certificates.Generate(cfAPI.FoundServiceGUID, cfAPI.FoundOrgGUID, cfAPI.FoundSpaceGUID, cfAPI.FoundAppGUID, testIPAddress)
 	if err != nil {
 		t.Fatal(err)
 	}
 	defer func() {
-		if err := testPCFCerts.Close(); err != nil {
+		if err := testCFCerts.Close(); err != nil {
 			t.Fatal(err)
 		}
 	}()
 
 	// Start a mock server representing their API.
-	mockPCFAPI := pcfAPI.MockServer(false)
-	defer mockPCFAPI.Close()
-
-	// Configure a CA certificate like a Vault operator would in setting up PCF.
-	if _, err := client.Logical().Write("auth/pcf/config", map[string]interface{}{
-		"identity_ca_certificates": testPCFCerts.CACertificate,
-		"pcf_api_addr":             mockPCFAPI.URL,
-		"pcf_username":             pcfAPI.AuthUsername,
-		"pcf_password":             pcfAPI.AuthPassword,
+	mockCFAPI := cfAPI.MockServer(false)
+	defer mockCFAPI.Close()
+
+	// Configure a CA certificate like a Vault operator would in setting up CF.
+	if _, err := client.Logical().Write("auth/cf/config", map[string]interface{}{
+		"identity_ca_certificates": testCFCerts.CACertificate,
+		"cf_api_addr":             mockCFAPI.URL,
+		"cf_username":             cfAPI.AuthUsername,
+		"cf_password":             cfAPI.AuthPassword,
 	}); err != nil {
 		t.Fatal(err)
 	}
 
 	// Configure a role to be used for logging in, another thing a Vault operator would do.
-	if _, err := client.Logical().Write("auth/pcf/roles/test-role", map[string]interface{}{
-		"bound_instance_ids":     pcfAPI.FoundServiceGUID,
-		"bound_organization_ids": pcfAPI.FoundOrgGUID,
-		"bound_space_ids":        pcfAPI.FoundSpaceGUID,
-		"bound_application_ids":  pcfAPI.FoundAppGUID,
+	if _, err := client.Logical().Write("auth/cf/roles/test-role", map[string]interface{}{
+		"bound_instance_ids":     cfAPI.FoundServiceGUID,
+		"bound_organization_ids": cfAPI.FoundOrgGUID,
+		"bound_space_ids":        cfAPI.FoundSpaceGUID,
+		"bound_application_ids":  cfAPI.FoundAppGUID,
 	}); err != nil {
 		t.Fatal(err)
 	}
 
-	os.Setenv(credPCF.EnvVarInstanceCertificate, testPCFCerts.PathToInstanceCertificate)
-	os.Setenv(credPCF.EnvVarInstanceKey, testPCFCerts.PathToInstanceKey)
+	os.Setenv(credCF.EnvVarInstanceCertificate, testCFCerts.PathToInstanceCertificate)
+	os.Setenv(credCF.EnvVarInstanceKey, testCFCerts.PathToInstanceKey)
 
 	ctx, cancelFunc := context.WithCancel(context.Background())
 	timer := time.AfterFunc(30*time.Second, func() {
 		cancelFunc()
 	})
 	defer timer.Stop()
 
-	am, err := agentpcf.NewPCFAuthMethod(&auth.AuthConfig{
-		MountPath: "auth/pcf",
+	am, err := agentcf.NewCFAuthMethod(&auth.AuthConfig{
+		MountPath: "auth/cf",
 		Config: map[string]interface{}{
 			"role": "test-role",
 		},

command/auth_enable_test.go

@@ -178,6 +178,10 @@ func TestAuthEnableCommand_Run(t *testing.T) {
 				backends = append(backends, strings.TrimPrefix(potPlug, "vault-plugin-auth-"))
 			}
 		}
+		// Since "pcf" plugin in the Vault registry is also pointed at the "vault-plugin-auth-cf"
+		// repository, we need to manually append it here so it'll tie out with our expected number
+		// of credential backends.
+		backends = append(backends, "pcf")
 
 		// Add 1 to account for the "token" backend, which is visible when you walk the filesystem but
 		// is treated as special and excluded from the registry.

command/base_predict_test.go

@@ -333,6 +333,7 @@ func TestPredict_Plugins(t *testing.T) {
 				"cassandra-database-plugin",
 				"centrify",
 				"cert",
+				"cf",
 				"consul",
 				"elasticsearch-database-plugin",
 				"gcp",
@@ -357,7 +358,7 @@ func TestPredict_Plugins(t *testing.T) {
 				"nomad",
 				"oidc",
 				"okta",
-				"pcf",
+				"pcf", // Deprecated.
 				"pki",
 				"postgresql",
 				"postgresql-database-plugin",

command/commands.go

@@ -25,9 +25,9 @@ import (
 
 	credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
 	credCentrify "github.com/hashicorp/vault-plugin-auth-centrify"
+	credCF "github.com/hashicorp/vault-plugin-auth-cf"
 	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
 	credOIDC "github.com/hashicorp/vault-plugin-auth-jwt"
-	credPCF "github.com/hashicorp/vault-plugin-auth-pcf"
 	credAws "github.com/hashicorp/vault/builtin/credential/aws"
 	credCert "github.com/hashicorp/vault/builtin/credential/cert"
 	credGitHub "github.com/hashicorp/vault/builtin/credential/github"
@@ -160,12 +160,13 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) {
 		"aws":      &credAws.CLIHandler{},
 		"centrify": &credCentrify.CLIHandler{},
 		"cert":     &credCert.CLIHandler{},
+		"cf":      &credCF.CLIHandler{},
 		"gcp":      &credGcp.CLIHandler{},
 		"github":   &credGitHub.CLIHandler{},
 		"ldap":     &credLdap.CLIHandler{},
 		"oidc":     &credOIDC.CLIHandler{},
 		"okta":     &credOkta.CLIHandler{},
-		"pcf":      &credPCF.CLIHandler{},
+		"pcf":      &credCF.CLIHandler{}, // Deprecated.
 		"radius": &credUserpass.CLIHandler{
 			DefaultMount: "radius",
 		},

go.mod

@@ -67,10 +67,10 @@ require (
 	github.com/hashicorp/vault-plugin-auth-alicloud v0.5.2-0.20190814210027-93970f08f2ec
 	github.com/hashicorp/vault-plugin-auth-azure v0.5.2-0.20190814210035-08e00d801115
 	github.com/hashicorp/vault-plugin-auth-centrify v0.5.2-0.20190814210042-090ec2ed93ce
+	github.com/hashicorp/vault-plugin-auth-cf v0.0.0-20190821162840-1c2205826fee
 	github.com/hashicorp/vault-plugin-auth-gcp v0.5.2-0.20190814210049-1ccb3dc10102
 	github.com/hashicorp/vault-plugin-auth-jwt v0.5.2-0.20190814210057-5e4c92d2b835
 	github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.2-0.20190814210103-f64f0cb4d8cf
-	github.com/hashicorp/vault-plugin-auth-pcf v0.0.0-20190814210109-476d6beb6ec0
 	github.com/hashicorp/vault-plugin-database-elasticsearch v0.0.0-20190814210117-e079e01fbb93
 	github.com/hashicorp/vault-plugin-secrets-ad v0.5.3-0.20190814210122-0f2fd536b250
 	github.com/hashicorp/vault-plugin-secrets-alicloud v0.5.2-0.20190814210129-4d18bec92f56

go.sum

@@ -326,6 +326,8 @@ github.com/hashicorp/vault-plugin-auth-azure v0.5.2-0.20190814210035-08e00d80111
 github.com/hashicorp/vault-plugin-auth-azure v0.5.2-0.20190814210035-08e00d801115/go.mod h1:sRhTnkcbjJgPeES0ddCTq8S2waSakyMiWLUwO5J/Wjk=
 github.com/hashicorp/vault-plugin-auth-centrify v0.5.2-0.20190814210042-090ec2ed93ce h1:X8umWdCqSVk/75ZjEBDxYL+V8i+jK3KbJbFoyOryCww=
 github.com/hashicorp/vault-plugin-auth-centrify v0.5.2-0.20190814210042-090ec2ed93ce/go.mod h1:WstOCHERNbk2dblnY5MV9Qeh/hzTSQpVs5xPuyAzlBo=
+github.com/hashicorp/vault-plugin-auth-cf v0.0.0-20190821162840-1c2205826fee h1:gJG1PJGiqi+0M0HTYlwDyV5CyetLhFl9DxyMJre5H9Y=
+github.com/hashicorp/vault-plugin-auth-cf v0.0.0-20190821162840-1c2205826fee/go.mod h1:zOag32+pm1R4FFNhXMLP506Oesjoai3gHEEpxqUaTr0=
 github.com/hashicorp/vault-plugin-auth-gcp v0.5.1 h1:8DR00s+Wmc21i3sfzvsqW88VMdf6NI2ue+onGoHshww=
 github.com/hashicorp/vault-plugin-auth-gcp v0.5.1/go.mod h1:eLj92eX8MPI4vY1jaazVLF2sVbSAJ3LRHLRhF/pUmlI=
 github.com/hashicorp/vault-plugin-auth-gcp v0.5.2-0.20190814210049-1ccb3dc10102 h1:RTHVdxCDwxTq/4zZFkV+b8zexkSU5EOXkY2D/kAvyFU=
@@ -334,8 +336,6 @@ github.com/hashicorp/vault-plugin-auth-jwt v0.5.2-0.20190814210057-5e4c92d2b835
 github.com/hashicorp/vault-plugin-auth-jwt v0.5.2-0.20190814210057-5e4c92d2b835/go.mod h1:Ti2NPndKhSGpSL6gWg11n7TkmuI7318BIPeojayIVRU=
 github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.2-0.20190814210103-f64f0cb4d8cf h1:JnBSA5CnZps9JEX9RJZAdJ5tUVogWMIvVvatNmzGe38=
 github.com/hashicorp/vault-plugin-auth-kubernetes v0.5.2-0.20190814210103-f64f0cb4d8cf/go.mod h1:qkrONCr71ckSCTItJQ1j9uet/faieZJ5c7+GZugTm7s=
-github.com/hashicorp/vault-plugin-auth-pcf v0.0.0-20190814210109-476d6beb6ec0 h1:d12XATwgTmHBAF5LLnpv4dSl3bEXjAU9Ahtf9gKDDFg=
-github.com/hashicorp/vault-plugin-auth-pcf v0.0.0-20190814210109-476d6beb6ec0/go.mod h1:d4nD8sbyQmb1XspLqkZkJzqmrdA2CoaFFRTRd3jHu0s=
 github.com/hashicorp/vault-plugin-database-elasticsearch v0.0.0-20190814210117-e079e01fbb93 h1:kXTV1ImOPgDGZxAlbEQfiXgnZY/34vfgnZVhI/tscmg=
 github.com/hashicorp/vault-plugin-database-elasticsearch v0.0.0-20190814210117-e079e01fbb93/go.mod h1:N9XpfMXjeLHBgUd8iy4avOC4mCSqUC7B/R8AtCYhcfE=
 github.com/hashicorp/vault-plugin-secrets-ad v0.5.3-0.20190814210122-0f2fd536b250 h1:+mm2cM5msg/USImbvnMS2yzCMBYMCO3CrvsATWGtHtY=

helper/builtinplugins/registry.go

@@ -8,10 +8,10 @@ import (
 	credAliCloud "github.com/hashicorp/vault-plugin-auth-alicloud"
 	credAzure "github.com/hashicorp/vault-plugin-auth-azure"
 	credCentrify "github.com/hashicorp/vault-plugin-auth-centrify"
+	credCF "github.com/hashicorp/vault-plugin-auth-cf"
 	credGcp "github.com/hashicorp/vault-plugin-auth-gcp/plugin"
 	credJWT "github.com/hashicorp/vault-plugin-auth-jwt"
 	credKube "github.com/hashicorp/vault-plugin-auth-kubernetes"
-	credPCF "github.com/hashicorp/vault-plugin-auth-pcf"
 	credAppId "github.com/hashicorp/vault/builtin/credential/app-id"
 	credAppRole "github.com/hashicorp/vault/builtin/credential/approle"
 	credAws "github.com/hashicorp/vault/builtin/credential/aws"
@@ -72,14 +72,15 @@ func newRegistry() *registry {
 			"azure":      credAzure.Factory,
 			"centrify":   credCentrify.Factory,
 			"cert":       credCert.Factory,
+			"cf":         credCF.Factory,
 			"gcp":        credGcp.Factory,
 			"github":     credGitHub.Factory,
 			"jwt":        credJWT.Factory,
 			"kubernetes": credKube.Factory,
 			"ldap":       credLdap.Factory,
 			"oidc":       credJWT.Factory,
 			"okta":       credOkta.Factory,
-			"pcf":        credPCF.Factory,
+			"pcf":        credCF.Factory, // Deprecated.
 			"radius":     credRadius.Factory,
 			"userpass":   credUserpass.Factory,
 		},