Merge pull request #19 from newcontext-oss/feature/access-token

.gitignore

@@ -1,4 +1,37 @@
-# Ignore our binary and log file from test runs
+# Ignore our binary, conf and log file from test runs
 cv
-cv.log
+*.log
+*.conf
 cover.out
+
+# Ignore editor configurations
+.idea
+.vscode
+
+# Examples
+examples/simple/simple
+examples/random/random
+
+# Typical backup/temporary files of editors
+*~
+*#
+
+# Never include any accidentally created vendor dirs.
+# This is a library!
+vendor/
+
+# The remainder of this file is taken from
+# https://github.com/github/gitignore/blob/master/Go.gitignore
+
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool, specifically when used with LiteIDE
+*.out

README.md

@@ -23,18 +23,80 @@ CV logs in the User Account and Authentication (UAA) Server by first contacting
 ### Config File
 The config file is read from the  `.cv.conf` in the $HOME directory.
 
+### Venafi Cloud
+```
+apikey: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+zone: zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz
+connector_type: cloud
+credhub_username: credhub
+credhub_password: topsecret
+credhub_endpoint: https://127.0.0.1:9000
+skip_tls_validation: true
+log_level: status
+```
+### Venafi Platform
 ```
 vcert_username: tppadmin
 vcert_password: topsecret
 vcert_zone: \Certificates
 vcert_base_url: https://yourvenafiinstall.com/vedsdk/
+vcert_access_token: WkDQ/zJsFOXzLEWQQ51mlw== (optional)
+connector_type: tpp
+credhub_username: credhub
+credhub_password: topsecret
+credhub_endpoint: https://127.0.0.1:9000
+skip_tls_validation: true
+log_level: status
+```
+
+##### Direct Access Token Support
+```
+vcert_access_token: WkDQ/zJsFOXzLEWQQ51mlw== (bearer access token)
+vcert_zone: \Certificates
+vcert_base_url: https://yourvenafiinstall.com/vedsdk/
 connector_type: tpp
 credhub_username: credhub
 credhub_password: topsecret
 credhub_endpoint: https://127.0.0.1:9000
 skip_tls_validation: true
 log_level: status
 ```
+##### Legacy APIKey Support
+
+```
+vcert_username: tppadmin
+vcert_password: topsecret
+vcert_legacy_auth: true
+vcert_zone: \Certificates
+vcert_base_url: https://yourvenafiinstall.com/vedsdk/
+connector_type: tpp
+credhub_username: credhub
+credhub_password: topsecret
+credhub_endpoint: https://127.0.0.1:9000
+skip_tls_validation: true
+log_level: status
+```
+
+```
+Where:
+vcert_username/vcert_password: will be credentials of the user to log into Venafi TPP
+vcert_legacy_auth: if true then API-key authentication will be used (pre TPP v19.2)
+vcert_zone: policy path in Venafi TPP to store certificates, this path MUST pre-created
+vcert_base_url: the URL to Venafi TPP
+vcert_access_token: bearer token obtained from Venafi TPP, used for token-based authentication in v19.2+ (optional)
+connector_type: Venafi tpp or cloud
+vault_token: access token to be used for Vault
+vault_base_url: the URL to the Vault instance
+vault_kv_path: the path in Vault where the key-value pair Venafi certificates are stored
+vault_pki_path: the path in Vault where the Vault certificates are stored
+vault_role: the role to use in Vault when creating certificates
+Log_level: STATUS, VERBOSE, INFO or ERROR
+skip_tls_validation: true (when using self-signed certificates)
+```
+
+**NOTE**: The vcert_access_token is optional as the Vault-Venafi tool will obtain a token on the fly for the username if one is not specified.
+
+Previous to Venafi Trust Protection Platform (TPP) v19.2 all authentication was handled via username/password with an API-Key. With TPP v19.2 token-based authentication was introduced and Venafi plans to deprecate the API-Key authentication method at the end of 2020. TPP v20.4 will be the last release that supports API-Key authentication.
 
 ### CredHub Login Example
 
@@ -81,6 +143,11 @@ Create a certificate on the Credhub and upload to Venafi
 
 Uses -credhub flag.
 
+**Note:** The above command requires the certifate authority to preexist. For simple testing purposes you can replace the -ca option with the -self-sign option.
+
+```
+./cv create -credhub -name mycredname29 -cn mycredname29 -key-usage data_encipherment -self-sign
+```
 
 ### CV Create Help Usage</h2>
 Adding the `-h` flag to command reveals the help associated with that command.

commands.go

@@ -149,6 +149,8 @@ func (v *ListCommand) execute() error {
 			Username:      configYAML.VcertUsername,
 			Password:      configYAML.VcertPassword,
 			Zone:          configYAML.VcertZone,
+			AccessToken:   configYAML.VcertAccessToken,
+			LegacyAuth:    configYAML.VcertLegacyAuth,
 			BaseURL:       configYAML.VcertBaseURL,
 			ConnectorType: configYAML.ConnectorType,
 		},
@@ -327,6 +329,8 @@ func (v *GenerateAndStoreCommand) execute() error {
 		vcert: &vcclient.VcertProxy{
 			Username:      configYAML.VcertUsername,
 			Password:      configYAML.VcertPassword,
+			AccessToken:   configYAML.VcertAccessToken,
+			LegacyAuth:    configYAML.VcertLegacyAuth,
 			Zone:          configYAML.VcertZone,
 			BaseURL:       configYAML.VcertBaseURL,
 			ConnectorType: configYAML.ConnectorType,
@@ -515,6 +519,8 @@ func (v *DeleteCommand) execute() error {
 			Username:      configYAML.VcertUsername,
 			Password:      configYAML.VcertPassword,
 			Zone:          configYAML.VcertZone,
+			AccessToken:   configYAML.VcertAccessToken,
+			LegacyAuth:    configYAML.VcertLegacyAuth,
 			BaseURL:       configYAML.VcertBaseURL,
 			ConnectorType: configYAML.ConnectorType,
 		},

compare_test.go

@@ -467,6 +467,9 @@ func (v *VcertProxyMock) PutCertificate(certName string, cert string, privateKey
 func (v *VcertProxyMock) Login() error {
 	return nil
 }
+func (v *VcertProxyMock) Logout() error {
+	return nil
+}
 
 func TestCVListBoth(t *testing.T) {
 	tests := []struct {

config/config.go

@@ -47,17 +47,19 @@ var Quiet bool = false
 
 // YAMLConfig contains the configuration values and yaml tags for the config file
 type YAMLConfig struct {
-	VcertUsername   string `yaml:"vcert_username"`
-	VcertPassword   string `yaml:"vcert_password"`
-	VcertZone       string `yaml:"vcert_zone"`
-	VcertBaseURL    string `yaml:"vcert_base_url"`
-	ConnectorType   string `yaml:"connector_type"`
-	ClientID        string `yaml:"credhub_client_id"`
-	ClientSecret    string `yaml:"credhub_client_secret"`
-	CredhubUsername string `yaml:"credhub_username"`
-	CredhubPassword string `yaml:"credhub_password"`
-	CredhubEndpoint string `yaml:"credhub_endpoint"`
-	LogLevel        string `yaml:"log_level"`
+	VcertUsername    string `yaml:"vcert_username"`
+	VcertPassword    string `yaml:"vcert_password"`
+	VcertZone        string `yaml:"vcert_zone"`
+	VcertAccessToken string `yaml:"vcert_access_token"`
+	VcertLegacyAuth  bool   `yaml:"vcert_legacy_auth"`
+	VcertBaseURL     string `yaml:"vcert_base_url"`
+	ConnectorType    string `yaml:"connector_type"`
+	ClientID         string `yaml:"credhub_client_id"`
+	ClientSecret     string `yaml:"credhub_client_secret"`
+	CredhubUsername  string `yaml:"credhub_username"`
+	CredhubPassword  string `yaml:"credhub_password"`
+	CredhubEndpoint  string `yaml:"credhub_endpoint"`
+	LogLevel         string `yaml:"log_level"`
 
 	SkipTLSValidation bool `yaml:"skip_tls_validation"`
 }

config/config_test.go

@@ -26,17 +26,19 @@ var dataDir string = "../testdata/config"
 
 func TestReadConfigWithValidFile(t *testing.T) {
 	desired := &config.YAMLConfig{
-		VcertUsername:   "test",
-		VcertPassword:   "test",
-		VcertZone:       "some_zone",
-		VcertBaseURL:    "some_url",
-		ConnectorType:   "tpp",
-		ClientID:        "some_id",
-		ClientSecret:    "some_secret",
-		CredhubUsername: "test2",
-		CredhubPassword: "test2",
-		CredhubEndpoint: "some_other_url",
-		LogLevel:        "info",
+		VcertUsername:    "test",
+		VcertPassword:    "test",
+		VcertZone:        "some_zone",
+		VcertBaseURL:     "some_url",
+		VcertAccessToken: "access_token",
+		VcertLegacyAuth:  false,
+		ConnectorType:    "tpp",
+		ClientID:         "some_id",
+		ClientSecret:     "some_secret",
+		CredhubUsername:  "test2",
+		CredhubPassword:  "test2",
+		CredhubEndpoint:  "some_other_url",
+		LogLevel:         "info",
 	}
 	actual, err := config.ReadConfig(dataDir, "test_config.yml")
 	if err != nil {

cv.go

@@ -79,6 +79,11 @@ func (c *CV) generateAndStoreCredhub(name string, v *GenerateAndStoreCommand, st
 		return err
 	}
 
+	err = c.vcert.Logout()
+	if err != nil {
+		output.Errorf("error with cleanup. %s\n", err)
+	}
+
 	return nil
 }
 
@@ -108,6 +113,11 @@ func (c *CV) generateAndStore(name string, v *GenerateAndStoreCommand, store boo
 		return nil
 	}
 
+	err = c.vcert.Logout()
+	if err != nil {
+		output.Errorf("error with cleanup. %s\n", err)
+	}
+
 	output.Status("NOW UPLOADING TO CREDHUB '%s'\n", name)
 	certName := name
 	ca := ""
@@ -134,6 +144,11 @@ func (c *CV) deleteCert(name string) error {
 		return err
 	}
 
+	err = c.vcert.Logout()
+	if err != nil {
+		output.Errorf("error with cleanup. %s\n", err)
+	}
+
 	output.Status("NOW DELETING FROM CREDHUB '%s'\n", name)
 	return c.credhub.DeleteCert(name)
 }
@@ -179,6 +194,11 @@ func (c *CV) listBoth(args *ListCommand) ([]CertCompareData, error) {
 		output.Errorf("The Venafi limit was hit, consider increasing -vlimit to increase the number of allowed records.\n")
 	}
 
+	err = c.vcert.Logout()
+	if err != nil {
+		output.Errorf("error with cleanup. %s\n", err)
+	}
+
 	return data, nil
 }
 

go.mod

@@ -5,10 +5,12 @@ go 1.12
 require (
 	code.cloudfoundry.org/credhub-cli v0.0.0-20191230184144-6e537b521d9d
 	github.com/Venafi/vcert v0.0.0-20200110160249-46ed6e7db59c
+	github.com/kr/pretty v0.1.0 // indirect
 	github.com/stretchr/testify v1.4.0
+	golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 // indirect
+	golang.org/x/net v0.0.0-20190620200207-3b0461eec859 // indirect
 	golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e // indirect
-	golang.org/x/tools v0.0.0-20200122194906-0a06c699527e // indirect
+	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 // indirect
 	gopkg.in/ini.v1 v1.51.1 // indirect
 	gopkg.in/yaml.v2 v2.2.7
-	honnef.co/go/tools v0.0.1-2019.2.3 // indirect
 )

go.sum

@@ -1,7 +1,5 @@
 code.cloudfoundry.org/credhub-cli v0.0.0-20191230184144-6e537b521d9d h1:dVWZLkpuKr9CGe9AZ7/XpZoMd9Xn6kGCp5GPxS4dRhs=
 code.cloudfoundry.org/credhub-cli v0.0.0-20191230184144-6e537b521d9d/go.mod h1:502BrJv21CY4FT748a8/iLboZ7lRPp6EXn5NmJBQZiM=
-github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/Venafi/vcert v0.0.0-20200110160249-46ed6e7db59c h1:ZhaaMuk7Smqq8+g0v3WChQU9WNq3mWWIBbR5VUVqETg=
 github.com/Venafi/vcert v0.0.0-20200110160249-46ed6e7db59c/go.mod h1:5T4bFPhcgGXbdz8nVVRuE2gXSRDlZVL+9T5CwZZ3Yk4=
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
@@ -19,7 +17,6 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs
 github.com/fatih/color v1.6.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/golang/protobuf v1.0.0 h1:lsek0oXi8iFE9L+EXARyHIjU5rlWIhhTkjDz3vHhWWQ=
 github.com/golang/protobuf v1.0.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
 github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/hashicorp/go-version v0.0.0-20171129150820-4fe82ae3040f h1:QnRipjW3Mm+sgD+vyO87cb+1RLzoM0mGVTYClil7mQg=
@@ -28,9 +25,10 @@ github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJ
 github.com/jessevdk/go-flags v1.3.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
-github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
 github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
@@ -40,7 +38,6 @@ github.com/onsi/gomega v1.3.0 h1:yPHEatyQC4jN3vdfvqJXG7O9vfC6LhaAV1NEdYpP+h0=
 github.com/onsi/gomega v1.3.0/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs=
@@ -53,19 +50,15 @@ golang.org/x/crypto v0.0.0-20180319061731-c3a3ad6d03f7/go.mod h1:6SG95UA2DQfeDnf
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20190424203555-c05e17bb3b2d h1:adrbvkTDn9rGnXg2IJDKozEpXXLZN89pdIA+Syt4/u0=
 golang.org/x/crypto v0.0.0-20190424203555-c05e17bb3b2d/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550 h1:ObdrDkeb4kJdCP557AjRjq69pTHfNouLtWZG7j9rPN8=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
 golang.org/x/net v0.0.0-20180319151425-92b859f39abd h1:2sKGOpMUjIt+fJ/nFpDa8IAMMryxtVhHGq0ezUTczhU=
 golang.org/x/net v0.0.0-20180319151425-92b859f39abd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859 h1:R/3boaszxrf1GEUWTVDzSKVwLmSJpwZ1yqXm8j0v2QI=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e h1:vcxGaoTs7kV8m5Np9uUNQin4BrLOthgV7252N8V+FwY=
 golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20180319153314-d8e400bc7db4/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -76,22 +69,15 @@ golang.org/x/sys v0.0.0-20190425045458-9f0b1ff7b46a/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac h1:MQEvx39qSf8vyrx3XRaOe+j1UDIzKwkYOVObRgGPVqI=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20200122194906-0a06c699527e h1:+sGtimV7POZIy10L8ghYe7wib6m/eOnl4Ck5Vq2gs9E=
-golang.org/x/tools v0.0.0-20200122194906-0a06c699527e/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
 gopkg.in/ini.v1 v1.38.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/ini.v1 v1.51.1 h1:GyboHr4UqMiLUybYjd22ZjQIKEJEpgtLXtuGbR21Oho=
 gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v2 v2.0.0-20190319135612-7b8349ac747c/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
 gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-honnef.co/go/tools v0.0.1-2019.2.3 h1:3JgtbtFHMiCmsznwGVTUWbgGov+pVqnlf1dEJTNAXeM=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ=

testdata/config/test_config.yml

@@ -1,6 +1,8 @@
 vcert_username: test
 vcert_password: test
 vcert_zone: some_zone
+vcert_access_token: access_token
+vcert_legacy_auth: false
 vcert_base_url: some_url
 credhub_client_id: some_id
 credhub_client_secret: some_secret