Clean up JWT plugin after split

.github/workflows/verify-commits.yml

@@ -0,0 +1,9 @@
+name: Ensure Verified Commits
+
+on:
+  pull_request:
+  types: [opened, synchronize]
+
+jobs:
+  verify_commits:
+    uses: openbao/openbao/.github/workflows/verify-commits.yml@main

.gitignore

@@ -82,4 +82,4 @@ tmp/
 scripts/custom.sh
 
 # binary
-cmd/vault-plugin-auth-jwt/vault-plugin-auth-jwt
+cmd/openbao-plugin-auth-jwt/openbao-plugin-auth-jwt

.go-version

@@ -1 +1 @@
-1.20.4
+1.23.2

Makefile

@@ -1,4 +1,4 @@
-TOOL?=vault-plugin-auth-jwt
+TOOL?=openbao-plugin-auth-jwt
 TEST?=$$(go list ./... | grep -v /vendor/)
 EXTERNAL_TOOLS=
 BUILD_TAGS?=${TOOL}

README.md

@@ -1,39 +1,37 @@
-# Vault Plugin: JWT Auth Backend
+# OpenBao Plugin: JWT Auth Backend
 
-This is a standalone backend plugin for use with [Hashicorp Vault](https://www.github.com/hashicorp/vault).
-This plugin allows for JWTs (including OIDC tokens) to authenticate with Vault.
+This is a standalone backend plugin for use with [OpenBao](https://openbao.org/).
+This plugin allows for JWTs (including OIDC tokens) to authenticate with OpenBao.
 
 **Please note**: We take OpenBao's security and our users' trust very seriously. If you believe you have found a security issue in OpenBao, _please responsibly disclose_ by contacting us at [[email protected]](mailto:[email protected]).
 
 ## Quick Links
-    - Vault Website: https://www.vaultproject.io
-    - JWT Auth Docs: https://developer.hashicorp.com/vault/docs/auth/jwt
-    - Main Project Github: https://www.github.com/hashicorp/vault
+    - OpenBao Website: https://openbao.org/
+    - JWT Auth Docs: https://openbao.org/docs/auth/jwt
+    - Main Project Github: https://www.github.com/openbao/openbao
 
 ## Getting Started
 
-This is a [Vault plugin](https://developer.hashicorp.com/vault/docs/plugins)
-and is meant to work with Vault. This guide assumes you have already installed Vault
-and have a basic understanding of how Vault works.
+This is an [OpenBao plugin](https://openbao.org/docs/plugins)
+and is meant to work with OpenBao. This guide assumes you have already installed OpenBao
+and have a basic understanding of how OpenBao works.
 
-Otherwise, first read this guide on how to [get started with Vault](https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-install).
-
-To learn specifically about how plugins work, see documentation on [Vault plugins](https://developer.hashicorp.com/vault/docs/plugins).
+To learn specifically about how plugins work, see documentation on [OpenBao plugins](https://openbao.org/docs/plugins).
 
 ## Usage
 
-Please see [documentation for the plugin](https://developer.hashicorp.com/vault/docs/auth/jwt)
-on the Vault website.
+Please see [documentation for the plugin](https://openbao.org/docs/auth/jwt)
+on the OpenBao website.
 
-This plugin is currently built into Vault and by default is accessed
-at `auth/jwt`. To enable this in a running Vault server:
+This plugin is currently built into OpenBao and by default is accessed
+at `auth/jwt`. To enable this in a running OpenBao server:
 
 ```sh
-$ vault auth enable jwt
+$ bao auth enable jwt
 Successfully enabled 'jwt' at 'jwt'!
 ```
 
-To see all the supported paths, see the [JWT auth backend docs](https://developer.hashicorp.com/vault/docs/auth/jwt).
+To see all the supported paths, see the [JWT auth backend docs](https://openbao.org/docs/auth/jwt).
 
 ## Developing
 
@@ -43,7 +41,7 @@ If you wish to work on this plugin, you'll first need
 For local dev first make sure Go is properly installed, including
 setting up a [GOPATH](https://golang.org/doc/code.html#GOPATH).
 Next, clone this repository into
-`$GOPATH/src/github.com/hashicorp/vault-plugin-auth-jwt`.
+`$GOPATH/src/github.com/openbao/openbao-plugin-auth-jwt`.
 You can then download any required build tools by bootstrapping your
 environment:
 
@@ -61,28 +59,28 @@ $ make dev
 ```
 
 Put the plugin binary into a location of your choice. This directory
-will be specified as the [`plugin_directory`](https://developer.hashicorp.com/vault/docs/configuration#plugin_directory)
-in the Vault config used to start the server.
+will be specified as the [`plugin_directory`](https://openbao.org/docs/configuration#plugin_directory)
+in the OpenBao config used to start the server.
 
 ```hcl
 plugin_directory = "path/to/plugin/directory"
 ```
 
-Start a Vault server with this config file:
+Start an OpenBao server with this config file:
 ```sh
-$ vault server -config=path/to/config.hcl ...
+$ bao server -config=path/to/config.hcl ...
 ...
 ```
 
-Once the server is started, register the plugin in the Vault server's [plugin catalog](https://developer.hashicorp.com/vault/docs/plugins/plugin-architecture#plugin-catalog):
+Once the server is started, register the plugin in the OpenBao server's [plugin catalog](https://openbao.org/docs/plugins/plugin-architecture#plugin-catalog):
 
 ```sh
 
-$ vault plugin register \
-        -sha256=<SHA256 Hex value of the plugin binary> \
-        -command="vault-plugin-auth-jwt" \
-        auth \
-        jwt
+$ bao plugin register \
+      -sha256=<SHA256 Hex value of the plugin binary> \
+      -command="openbao-plugin-auth-jwt" \
+      auth \
+      jwt
 ...
 Success! Data written to: sys/plugins/catalog/jwt
 ```
@@ -91,15 +89,15 @@ Note you should generate a new sha256 checksum if you have made changes
 to the plugin. Example using openssl:
 
 ```sh
-openssl dgst -sha256 $GOPATH/vault-plugin-auth-jwt
+openssl dgst -sha256 $GOPATH/openbao-plugin-auth-jwt
 ...
-SHA256(.../go/bin/vault-plugin-auth-jwt)= 896c13c0f5305daed381952a128322e02bc28a57d0c862a78cbc2ea66e8c6fa1
+SHA256(.../go/bin/openbao-plugin-auth-jwt)= 896c13c0f5305daed381952a128322e02bc28a57d0c862a78cbc2ea66e8c6fa1
 ```
 
 Enable the auth plugin backend using the JWT auth plugin:
 
 ```sh
-$ vault auth enable -plugin-name='jwt' plugin
+$ bao auth enable -plugin-name='jwt' plugin
 ...
 
 Successfully enabled 'plugin' at 'jwt'!
@@ -149,22 +147,21 @@ Additionally, there are some BATs tests in the `tests` dir.
 #### Prerequisites
 
 - [Install Bats Core](https://bats-core.readthedocs.io/en/stable/installation.html#homebrew)
-- Docker or a vault binary in the `tests` directory.
+- Docker or a bao binary in the `tests` directory.
 
 #### Setup
 
-- [Configure an OIDC provider](https://developer.hashicorp.com/vault/docs/auth/jwt/oidc-providers)
+- [Configure an OIDC provider](https://openbao.org/docs/auth/jwt/oidc-providers/)
 - Save and export the following values to your shell:
   - `CLIENT_ID`
   - `CLIENT_SECRET`
   - `ISSUER`
-- Export `VAULT_IMAGE` to test the image of your choice or place a vault binary
+- Export `BAO_IMAGE` to test the image of your choice or place a bao binary
   in the `tests` directory.
-- Export `VAULT_LICENSE`. This test will only work for HashiCorp's Vault images.
 
 #### Logs
 
-Vault logs will be written to `VAULT_OUTFILE`. BATs test logs will be written to
+Bao logs will be written to `BAO_OUTFILE`. BATs test logs will be written to
 `SETUP_TEARDOWN_OUTFILE`.
 
 #### Run Bats tests

cmd/jwt/main.go → cmd/openbao-plugin-auth-jwt/main.go

@@ -7,8 +7,8 @@ import (
 	"log"
 	"os"
 
+	jwtauth "github.com/openbao/openbao-plugin-auth-jwt"
 	"github.com/openbao/openbao/api/v2"
-	jwtauth "github.com/openbao/openbao/builtin/credential/jwt"
 	"github.com/openbao/openbao/sdk/v2/plugin"
 )
 

go.mod

@@ -0,0 +1,87 @@
+module github.com/openbao/openbao-plugin-auth-jwt
+
+go 1.23
+
+require (
+	github.com/go-jose/go-jose/v3 v3.0.1
+	github.com/go-test/deep v1.1.1
+	github.com/hashicorp/cap v0.3.0
+	github.com/hashicorp/errwrap v1.1.0
+	github.com/hashicorp/go-cleanhttp v0.5.2
+	github.com/hashicorp/go-hclog v1.6.3
+	github.com/hashicorp/go-secure-stdlib/base62 v0.1.2
+	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2
+	github.com/hashicorp/go-sockaddr v1.0.7
+	github.com/mitchellh/mapstructure v1.5.0
+	github.com/mitchellh/pointerstructure v1.2.1
+	github.com/openbao/openbao/api/v2 v2.0.1
+	github.com/openbao/openbao/sdk/v2 v2.0.1
+	github.com/patrickmn/go-cache v2.1.0+incompatible
+	github.com/ryanuber/go-glob v1.0.0
+	github.com/stretchr/testify v1.9.0
+	golang.org/x/oauth2 v0.21.0
+	golang.org/x/sync v0.8.0
+	google.golang.org/api v0.190.0
+)
+
+require (
+	cloud.google.com/go/auth v0.9.0 // indirect
+	cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
+	cloud.google.com/go/compute/metadata v0.5.2 // indirect
+	github.com/armon/go-metrics v0.4.1 // indirect
+	github.com/armon/go-radix v1.0.0 // indirect
+	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
+	github.com/coreos/go-oidc/v3 v3.5.0 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
+	github.com/fatih/color v1.17.0 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
+	github.com/go-logr/stdr v1.2.2 // indirect
+	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
+	github.com/golang/snappy v0.0.4 // indirect
+	github.com/google/s2a-go v0.1.8 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect
+	github.com/googleapis/gax-go/v2 v2.13.0 // indirect
+	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
+	github.com/hashicorp/go-multierror v1.1.1 // indirect
+	github.com/hashicorp/go-plugin v1.4.8 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.7 // indirect
+	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
+	github.com/hashicorp/golang-lru v0.5.4 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
+	github.com/mitchellh/go-homedir v1.1.0 // indirect
+	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
+	github.com/oklog/run v1.1.0 // indirect
+	github.com/openbao/go-kms-wrapping/entropy/v2 v2.1.0 // indirect
+	github.com/openbao/go-kms-wrapping/v2 v2.1.0 // indirect
+	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
+	go.opentelemetry.io/otel v1.29.0 // indirect
+	go.opentelemetry.io/otel/metric v1.29.0 // indirect
+	go.opentelemetry.io/otel/trace v1.29.0 // indirect
+	go.uber.org/atomic v1.9.0 // indirect
+	golang.org/x/crypto v0.28.0 // indirect
+	golang.org/x/net v0.30.0 // indirect
+	golang.org/x/sys v0.26.0 // indirect
+	golang.org/x/text v0.19.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect
+	google.golang.org/grpc v1.67.0-dev // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+)