Add user configurable password policies available to secret engines

api/go.mod

@@ -12,8 +12,8 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.6.2
 	github.com/hashicorp/go-rootcerts v1.0.1
 	github.com/hashicorp/hcl v1.0.0
-	github.com/hashicorp/vault/sdk v0.1.14-0.20200519221530-14615acda45f
-	github.com/mitchellh/mapstructure v1.1.2
+	github.com/hashicorp/vault/sdk v0.1.14-0.20200514144402-4bfac290c352
+	github.com/mitchellh/mapstructure v1.2.2
 	golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7
 	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
 	gopkg.in/square/go-jose.v2 v2.3.1

api/go.sum

@@ -75,8 +75,8 @@ github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrk
 github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.2.2 h1:dxe5oCinTXiTIcfgmZecdCzPmAJKd46KsCWc35r0TV4=
+github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/oklog/run v1.0.0/go.mod h1:dlhp/R75TPv97u0XWUtDeV/lRKWPKSdTuV0TZvrmrQA=
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
@@ -95,6 +95,7 @@ github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFo
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=

go.mod

@@ -109,7 +109,7 @@ require (
 	github.com/mitchellh/go-homedir v1.1.0
 	github.com/mitchellh/go-testing-interface v1.0.0
 	github.com/mitchellh/gox v1.0.1
-	github.com/mitchellh/mapstructure v1.1.2
+	github.com/mitchellh/mapstructure v1.2.2
 	github.com/mitchellh/reflectwalk v1.0.1
 	github.com/natefinch/atomic v0.0.0-20150920032501-a62ce929ffcc
 	github.com/ncw/swift v1.0.47

go.sum

@@ -305,6 +305,7 @@ github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18h
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
 github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
@@ -635,6 +636,8 @@ github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0Qu
 github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
 github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
 github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.2.2 h1:dxe5oCinTXiTIcfgmZecdCzPmAJKd46KsCWc35r0TV4=
+github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/pointerstructure v0.0.0-20190430161007-f252a8fd71c8 h1:1CO5wil3HuiVLrUQ2ovSTO+6AfNOA5EMkHHVyHE9IwA=
 github.com/mitchellh/pointerstructure v0.0.0-20190430161007-f252a8fd71c8/go.mod h1:k4XwG94++jLVsSiTxo7qdIfXA9pj9EAeo0QsNNJOLZ8=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=

sdk/go.mod

@@ -24,8 +24,9 @@ require (
 	github.com/hashicorp/hcl v1.0.0
 	github.com/mitchellh/copystructure v1.0.0
 	github.com/mitchellh/go-testing-interface v1.0.0
-	github.com/mitchellh/mapstructure v1.1.2
+	github.com/mitchellh/mapstructure v1.2.2
 	github.com/pierrec/lz4 v2.0.5+incompatible
+	github.com/pkg/errors v0.8.1
 	github.com/ryanuber/go-glob v1.0.0
 	golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480
 	golang.org/x/sys v0.0.0-20191008105621-543471e840be

sdk/go.sum

@@ -82,8 +82,8 @@ github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.
 github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0=
 github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI=
 github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
-github.com/mitchellh/mapstructure v1.1.2 h1:fmNYVwqnSfB9mZU6OS2O6GsXM+wcskZDuKQzvN1EDeE=
-github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y=
+github.com/mitchellh/mapstructure v1.2.2 h1:dxe5oCinTXiTIcfgmZecdCzPmAJKd46KsCWc35r0TV4=
+github.com/mitchellh/mapstructure v1.2.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/IfikLNY=
 github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
 github.com/oklog/run v1.0.0 h1:Ru7dDtJNOyC66gQ5dQmaCa0qIsAUFY3sFpK1Xk8igrw=
@@ -92,6 +92,7 @@ github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0Mw
 github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
 github.com/pierrec/lz4 v2.0.5+incompatible h1:2xWsjqPFWcplujydGg4WmhC/6fZqK42wMM8aXeqhl0I=
 github.com/pierrec/lz4 v2.0.5+incompatible/go.mod h1:pdkljMzZIN41W+lC3N2tnIh5sFi+IEE17M5jbnwPHcY=
+github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=

sdk/helper/random/parser.go

@@ -0,0 +1,150 @@
+package random
+
+import (
+	"fmt"
+	"reflect"
+	"unicode/utf8"
+
+	"github.com/hashicorp/hcl"
+	"github.com/mitchellh/mapstructure"
+)
+
+// ParsePolicy is a convenience function for parsing HCL into a StringGenerator.
+// See PolicyParser.ParsePolicy for details.
+func ParsePolicy(raw string) (gen StringGenerator, err error) {
+	parser := PolicyParser{
+		RuleRegistry: Registry{
+			Rules: defaultRuleNameMapping,
+		},
+	}
+	return parser.ParsePolicy(raw)
+}
+
+// ParsePolicyBytes is a convenience function for parsing HCL into a StringGenerator.
+// See PolicyParser.ParsePolicy for details.
+func ParsePolicyBytes(raw []byte) (gen StringGenerator, err error) {
+	return ParsePolicy(string(raw))
+}
+
+// PolicyParser parses string generator configuration from HCL.
+type PolicyParser struct {
+	// RuleRegistry maps rule names in HCL to Rule constructors.
+	RuleRegistry Registry
+}
+
+// ParsePolicy parses the provided HCL into a StringGenerator.
+func (p PolicyParser) ParsePolicy(raw string) (sg StringGenerator, err error) {
+	rawData := map[string]interface{}{}
+	err = hcl.Decode(&rawData, raw)
+	if err != nil {
+		return sg, fmt.Errorf("unable to decode: %w", err)
+	}
+
+	// Decode the top level items
+	gen := StringGenerator{}
+	decoder, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{
+		Result:     &gen,
+		DecodeHook: stringToRunesFunc,
+	})
+	if err != nil {
+		return sg, fmt.Errorf("unable to decode configuration: %w", err)
+	}
+
+	err = decoder.Decode(rawData)
+	if err != nil {
+		return sg, fmt.Errorf("failed to decode configuration: %w", err)
+	}
+
+	// Decode & parse rules
+	rawRules, err := getMapSlice(rawData, "rule")
+	if err != nil {
+		return sg, fmt.Errorf("unable to retrieve rules: %w", err)
+	}
+
+	rules, err := parseRules(p.RuleRegistry, rawRules)
+	if err != nil {
+		return sg, fmt.Errorf("unable to parse rules: %w", err)
+	}
+
+	gen = StringGenerator{
+		Length: gen.Length,
+		Rules:  rules,
+	}
+
+	err = gen.validateConfig()
+	if err != nil {
+		return sg, err
+	}
+
+	return gen, nil
+}
+
+func parseRules(registry Registry, rawRules []map[string]interface{}) (rules []Rule, err error) {
+	for _, rawRule := range rawRules {
+		info, err := getRuleInfo(rawRule)
+		if err != nil {
+			return nil, fmt.Errorf("unable to get rule info: %w", err)
+		}
+
+		rule, err := registry.parseRule(info.ruleType, info.data)
+		if err != nil {
+			return nil, fmt.Errorf("unable to parse rule %s: %w", info.ruleType, err)
+		}
+		rules = append(rules, rule)
+	}
+
+	return rules, nil
+}
+
+// getMapSlice from the provided map. This will retrieve and type-assert a []map[string]interface{} from the map
+// This will not error if the key does not exist
+// This will return an error if the value at the provided key is not of type []map[string]interface{}
+func getMapSlice(m map[string]interface{}, key string) (mapSlice []map[string]interface{}, err error) {
+	rawSlice, exists := m[key]
+	if !exists {
+		return nil, nil
+	}
+
+	mapSlice = []map[string]interface{}{}
+	err = mapstructure.Decode(rawSlice, &mapSlice)
+	if err != nil {
+		return nil, err
+	}
+	return mapSlice, nil
+}
+
+type ruleInfo struct {
+	ruleType string
+	data     map[string]interface{}
+}
+
+// getRuleInfo splits the provided HCL-decoded rule into its rule type along with the data associated with it
+func getRuleInfo(rule map[string]interface{}) (data ruleInfo, err error) {
+	// There should only be one key, but it's a dynamic key yay!
+	for key := range rule {
+		slice, err := getMapSlice(rule, key)
+		if err != nil {
+			return data, fmt.Errorf("unable to get rule data: %w", err)
+		}
+		data = ruleInfo{
+			ruleType: key,
+			data:     slice[0],
+		}
+		return data, nil
+	}
+	return data, fmt.Errorf("rule is empty")
+}
+
+// stringToRunesFunc converts a string to a []rune for use in the mapstructure library
+func stringToRunesFunc(from reflect.Kind, to reflect.Kind, data interface{}) (interface{}, error) {
+	if from != reflect.String || to != reflect.Slice {
+		return data, nil
+	}
+
+	raw := data.(string)
+
+	if !utf8.ValidString(raw) {
+		return nil, fmt.Errorf("invalid UTF8 string")
+	}
+	return []rune(raw), nil
+}