open-vault/Makefile

281 lines
11 KiB
Makefile
Raw Normal View History

2017-10-23 16:38:30 +00:00
# Determine this makefile's path.
# Be sure to place this BEFORE `include` directives, if any.
THIS_FILE := $(lastword $(MAKEFILE_LIST))
2019-10-17 19:48:45 +00:00
export RELEASE_GPG_KEY_FINGERPRINT := 91A6 E7F8 5D05 C656 30BE F189 5185 2D87 348F FC4C
2017-10-23 16:38:30 +00:00
TEST?=$$(go list ./... | grep -v /vendor/ | grep -v /integ)
TEST_TIMEOUT?=45m
EXTENDED_TEST_TIMEOUT=60m
INTEG_TEST_TIMEOUT=120m
2015-03-04 07:14:18 +00:00
VETARGS?=-asmdecl -atomic -bool -buildtags -copylocks -methods -nilfunc -printf -rangeloops -shift -structtags -unsafeptr
EXTERNAL_TOOLS=\
golang.org/x/tools/cmd/goimports \
2018-04-03 14:46:45 +00:00
github.com/elazarl/go-bindata-assetfs/... \
github.com/hashicorp/go-bindata/... \
2017-06-01 14:18:40 +00:00
github.com/mitchellh/gox \
github.com/kardianos/govendor \
github.com/client9/misspell/cmd/misspell \
github.com/golangci/golangci-lint/cmd/golangci-lint
GOFMT_FILES?=$$(find . -name '*.go' | grep -v pb.go | grep -v vendor)
2015-03-04 07:14:18 +00:00
GO_VERSION_MIN=1.12.7
CGO_ENABLED?=0
2018-07-16 14:18:09 +00:00
ifneq ($(FDB_ENABLED), )
CGO_ENABLED=1
BUILD_TAGS+=foundationdb
endif
2017-02-06 01:30:40 +00:00
default: dev
2015-03-04 07:14:18 +00:00
2018-03-20 18:54:10 +00:00
# bin generates the releasable binaries for Vault
2017-10-23 16:38:30 +00:00
bin: prep
2018-07-16 14:18:09 +00:00
@CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS) ui' sh -c "'$(CURDIR)/scripts/build.sh'"
2015-03-04 07:14:18 +00:00
# dev creates binaries for testing Vault locally. These are put
2018-04-09 21:36:05 +00:00
# into ./bin/ as well as $GOPATH/bin
2017-10-23 16:38:30 +00:00
dev: prep
2018-07-16 14:18:09 +00:00
@CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
dev-ui: assetcheck prep
2018-07-16 14:18:09 +00:00
@CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS) ui' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
2017-09-04 23:16:11 +00:00
dev-dynamic: prep
2016-05-10 03:17:38 +00:00
@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
# *-mem variants will enable memory profiling which will write snapshots of heap usage
# to $TMP/vaultprof every 5 minutes. These can be analyzed using `$ go tool pprof <profile_file>`.
# Note that any build can have profiling added via: `$ BUILD_TAGS=memprofiler make ...`
dev-mem: BUILD_TAGS+=memprofiler
dev-mem: dev
dev-ui-mem: BUILD_TAGS+=memprofiler
dev-ui-mem: assetcheck dev-ui
dev-dynamic-mem: BUILD_TAGS+=memprofiler
dev-dynamic-mem: dev-dynamic
2015-03-04 07:14:18 +00:00
# test runs the unit tests and vets the code
2017-10-23 16:38:30 +00:00
test: prep
2018-07-16 14:18:09 +00:00
@CGO_ENABLED=$(CGO_ENABLED) \
VAULT_ADDR= \
VAULT_TOKEN= \
VAULT_DEV_ROOT_TOKEN_ID= \
VAULT_ACC= \
go test -tags='$(BUILD_TAGS)' $(TEST) $(TESTARGS) -timeout=$(TEST_TIMEOUT) -parallel=20
2015-03-04 07:14:18 +00:00
2017-10-23 16:38:30 +00:00
testcompile: prep
@for pkg in $(TEST) ; do \
go test -v -c -tags='$(BUILD_TAGS)' $$pkg -parallel=4 ; \
done
2015-03-20 16:59:48 +00:00
# testacc runs acceptance tests
2017-10-23 16:38:30 +00:00
testacc: prep
2015-03-20 16:59:48 +00:00
@if [ "$(TEST)" = "./..." ]; then \
echo "ERROR: Set TEST to a specific package"; \
exit 1; \
fi
VAULT_ACC=1 go test -tags='$(BUILD_TAGS)' $(TEST) -v $(TESTARGS) -timeout=$(EXTENDED_TEST_TIMEOUT)
2015-03-20 16:59:48 +00:00
2015-03-04 07:14:18 +00:00
# testrace runs the race checker
2017-10-23 16:38:30 +00:00
testrace: prep
@CGO_ENABLED=1 \
VAULT_ADDR= \
VAULT_TOKEN= \
VAULT_DEV_ROOT_TOKEN_ID= \
VAULT_ACC= \
go test -tags='$(BUILD_TAGS)' -race $(TEST) $(TESTARGS) -timeout=$(EXTENDED_TEST_TIMEOUT) -parallel=20
2015-03-04 07:14:18 +00:00
cover:
./scripts/coverage.sh --html
2015-03-04 07:14:18 +00:00
# vet runs the Go source code static analysis tool `vet` to find
# any common errors.
vet:
@go list -f '{{.Dir}}' ./... | grep -v /vendor/ \
| grep -v '.*github.com/hashicorp/vault$$' \
2019-03-26 20:35:37 +00:00
| xargs go vet ; if [ $$? -eq 1 ]; then \
echo ""; \
echo "Vet found suspicious constructs. Please check the reported constructs"; \
echo "and fix them if necessary before submitting the code for reviewal."; \
fi
2015-03-04 07:14:18 +00:00
# lint runs vet plus a number of other checkers, it is more comprehensive, but louder
lint:
@go list -f '{{.Dir}}' ./... | grep -v /vendor/ \
| xargs golangci-lint run; if [ $$? -eq 1 ]; then \
echo ""; \
echo "Lint found suspicious constructs. Please check the reported constructs"; \
echo "and fix them if necessary before submitting the code for reviewal."; \
fi
# for ci jobs, runs lint against the changed packages in the commit
ci-lint:
@golangci-lint run --deadline 10m --new-from-rev=HEAD~
2017-09-04 23:16:11 +00:00
# prep runs `go generate` to build the dynamically generated
2015-03-04 07:14:18 +00:00
# source files.
2017-10-23 16:38:30 +00:00
prep: fmtcheck
@sh -c "'$(CURDIR)/scripts/goversioncheck.sh' '$(GO_VERSION_MIN)'"
@go generate $(go list ./... | grep -v /vendor/)
@# Remove old (now broken) husky git hooks.
@[ ! -d .git/hooks ] || grep -l '^# husky$$' .git/hooks/* | xargs rm -f
@if [ -d .git/hooks ]; then cp .hooks/* .git/hooks/; fi
2015-03-04 07:14:18 +00:00
.PHONY: ci-config
ci-config:
@$(MAKE) -C .circleci ci-config
.PHONY: ci-verify
ci-verify:
@$(MAKE) -C .circleci ci-verify
# bootstrap the build by downloading additional tools
bootstrap:
@for tool in $(EXTERNAL_TOOLS) ; do \
2017-06-01 14:18:40 +00:00
echo "Installing/Updating $$tool" ; \
GO111MODULE=off go get -u $$tool; \
done
# Note: if you have plugins in GOPATH you can update all of them via something like:
# for i in $(ls | grep vault-plugin-); do cd $i; git remote update; git reset --hard origin/master; dep ensure -update; git add .; git commit; git push; cd ..; done
2018-04-10 06:32:41 +00:00
update-plugins:
grep vault-plugin- vendor/vendor.json | cut -d '"' -f 4 | xargs govendor fetch
static-assets-dir:
@mkdir -p ./pkg/web_ui
static-assets: static-assets-dir
2018-04-03 14:46:45 +00:00
@echo "--> Generating static assets"
@go-bindata-assetfs -o bindata_assetfs.go -pkg http -prefix pkg -modtime 1480000000 -tags ui ./pkg/web_ui/...
2018-04-03 14:46:45 +00:00
@mv bindata_assetfs.go http
@$(MAKE) -f $(THIS_FILE) fmt
test-ember:
@echo "--> Installing JavaScript assets"
2019-10-17 19:48:45 +00:00
@cd ui && yarn --ignore-optional
2018-04-03 14:46:45 +00:00
@echo "--> Running ember tests"
2019-10-17 19:48:45 +00:00
@cd ui && yarn run test-oss
2018-04-03 14:46:45 +00:00
ember-ci-test: # Deprecated, to be removed soon.
@echo "ember-ci-test is deprecated in favour of test-ui-browserstack"
@exit 1
check-vault-in-path:
@VAULT_BIN=$$(command -v vault) || { echo "vault command not found"; exit 1; }; \
[ -x "$$VAULT_BIN" ] || { echo "$$VAULT_BIN not executable"; exit 1; }; \
printf "Using Vault at %s:\n\$$ vault version\n%s\n" "$$VAULT_BIN" "$$(vault version)"
check-browserstack-creds:
@[ -n "$$BROWSERSTACK_ACCESS_KEY" ] || { echo "BROWSERSTACK_ACCESS_KEY not set"; exit 1; }
@[ -n "$$BROWSERSTACK_USERNAME" ] || { echo "BROWSERSTACK_USERNAME not set"; exit 1; }
test-ui-browserstack: check-vault-in-path check-browserstack-creds
@echo "--> Installing JavaScript assets"
2019-10-17 19:48:45 +00:00
@cd ui && yarn --ignore-optional
@echo "--> Running ember tests in Browserstack"
@cd ui && yarn run test:browserstack
2018-04-03 14:46:45 +00:00
ember-dist:
@echo "--> Installing JavaScript assets"
2019-10-17 19:48:45 +00:00
@cd ui && yarn --ignore-optional
2018-04-03 14:46:45 +00:00
@cd ui && npm rebuild node-sass
@echo "--> Building Ember application"
@cd ui && yarn run build
2018-04-03 14:46:45 +00:00
@rm -rf ui/if-you-need-to-delete-this-open-an-issue-async-disk-cache
ember-dist-dev:
@echo "--> Installing JavaScript assets"
2019-10-17 19:48:45 +00:00
@cd ui && yarn --ignore-optional
@cd ui && npm rebuild node-sass
@echo "--> Building Ember application"
2019-10-17 19:48:45 +00:00
@cd ui && yarn run build-dev
2018-04-03 14:46:45 +00:00
static-dist: ember-dist static-assets
static-dist-dev: ember-dist-dev static-assets
2018-04-03 14:46:45 +00:00
2016-10-20 16:39:19 +00:00
proto:
protoc vault/*.proto --go_out=plugins=grpc,paths=source_relative:.
protoc helper/storagepacker/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc helper/forwarding/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc sdk/logical/*.proto --go_out=plugins=grpc,paths=source_relative:.
protoc sdk/physical/types.proto --go_out=plugins=grpc,paths=source_relative:.
Raft Storage Backend (#6888) * Work on raft backend * Add logstore locally * Add encryptor and unsealable interfaces * Add clustering support to raft * Remove client and handler * Bootstrap raft on init * Cleanup raft logic a bit * More raft work * Work on TLS config * More work on bootstrapping * Fix build * More work on bootstrapping * More bootstrapping work * fix build * Remove consul dep * Fix build * merged oss/master into raft-storage * Work on bootstrapping * Get bootstrapping to work * Clean up FMS and node-id * Update local node ID logic * Cleanup node-id change * Work on snapshotting * Raft: Add remove peer API (#906) * Add remove peer API * Add some comments * Fix existing snapshotting (#909) * Raft get peers API (#912) * Read raft configuration * address review feedback * Use the Leadership Transfer API to step-down the active node (#918) * Raft join and unseal using Shamir keys (#917) * Raft join using shamir * Store AEAD instead of master key * Split the raft join process to answer the challenge after a successful unseal * get the follower to standby state * Make unseal work * minor changes * Some input checks * reuse the shamir seal access instead of new default seal access * refactor joinRaftSendAnswer function * Synchronously send answer in auto-unseal case * Address review feedback * Raft snapshots (#910) * Fix existing snapshotting * implement the noop snapshotting * Add comments and switch log libraries * add some snapshot tests * add snapshot test file * add TODO * More work on raft snapshotting * progress on the ConfigStore strategy * Don't use two buckets * Update the snapshot store logic to hide the file logic * Add more backend tests * Cleanup code a bit * [WIP] Raft recovery (#938) * Add recovery functionality * remove fmt.Printfs * Fix a few fsm bugs * Add max size value for raft backend (#942) * Add max size value for raft backend * Include physical.ErrValueTooLarge in the message * Raft snapshot Take/Restore API (#926) * Inital work on raft snapshot APIs * Always redirect snapshot install/download requests * More work on the snapshot APIs * Cleanup code a bit * On restore handle special cases * Use the seal to encrypt the sha sum file * Add sealer mechanism and fix some bugs * Call restore while state lock is held * Send restore cb trigger through raft log * Make error messages nicer * Add test helpers * Add snapshot test * Add shamir unseal test * Add more raft snapshot API tests * Fix locking * Change working to initalize * Add underlying raw object to test cluster core * Move leaderUUID to core * Add raft TLS rotation logic (#950) * Add TLS rotation logic * Cleanup logic a bit * Add/Remove from follower state on add/remove peer * add comments * Update more comments * Update request_forwarding_service.proto * Make sure we populate all nodes in the followerstate obj * Update times * Apply review feedback * Add more raft config setting (#947) * Add performance config setting * Add more config options and fix tests * Test Raft Recovery (#944) * Test raft recovery * Leave out a node during recovery * remove unused struct * Update physical/raft/snapshot_test.go * Update physical/raft/snapshot_test.go * fix vendoring * Switch to new raft interface * Remove unused files * Switch a gogo -> proto instance * Remove unneeded vault dep in go.sum * Update helper/testhelpers/testhelpers.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update vault/cluster/cluster.go * track active key within the keyring itself (#6915) * track active key within the keyring itself * lookup and store using the active key ID * update docstring * minor refactor * Small text fixes (#6912) * Update physical/raft/raft.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * review feedback * Move raft logical system into separate file * Update help text a bit * Enforce cluster addr is set and use it for raft bootstrapping * Fix tests * fix http test panic * Pull in latest raft-snapshot library * Add comment
2019-06-20 19:14:58 +00:00
protoc physical/raft/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc helper/identity/mfa/types.proto --go_out=plugins=grpc,paths=source_relative:.
protoc helper/identity/types.proto --go_out=plugins=grpc,paths=source_relative:.
2019-04-15 18:10:07 +00:00
protoc sdk/database/dbplugin/*.proto --go_out=plugins=grpc,paths=source_relative:.
protoc sdk/plugin/pb/*.proto --go_out=plugins=grpc,paths=source_relative:.
Raft Storage Backend (#6888) * Work on raft backend * Add logstore locally * Add encryptor and unsealable interfaces * Add clustering support to raft * Remove client and handler * Bootstrap raft on init * Cleanup raft logic a bit * More raft work * Work on TLS config * More work on bootstrapping * Fix build * More work on bootstrapping * More bootstrapping work * fix build * Remove consul dep * Fix build * merged oss/master into raft-storage * Work on bootstrapping * Get bootstrapping to work * Clean up FMS and node-id * Update local node ID logic * Cleanup node-id change * Work on snapshotting * Raft: Add remove peer API (#906) * Add remove peer API * Add some comments * Fix existing snapshotting (#909) * Raft get peers API (#912) * Read raft configuration * address review feedback * Use the Leadership Transfer API to step-down the active node (#918) * Raft join and unseal using Shamir keys (#917) * Raft join using shamir * Store AEAD instead of master key * Split the raft join process to answer the challenge after a successful unseal * get the follower to standby state * Make unseal work * minor changes * Some input checks * reuse the shamir seal access instead of new default seal access * refactor joinRaftSendAnswer function * Synchronously send answer in auto-unseal case * Address review feedback * Raft snapshots (#910) * Fix existing snapshotting * implement the noop snapshotting * Add comments and switch log libraries * add some snapshot tests * add snapshot test file * add TODO * More work on raft snapshotting * progress on the ConfigStore strategy * Don't use two buckets * Update the snapshot store logic to hide the file logic * Add more backend tests * Cleanup code a bit * [WIP] Raft recovery (#938) * Add recovery functionality * remove fmt.Printfs * Fix a few fsm bugs * Add max size value for raft backend (#942) * Add max size value for raft backend * Include physical.ErrValueTooLarge in the message * Raft snapshot Take/Restore API (#926) * Inital work on raft snapshot APIs * Always redirect snapshot install/download requests * More work on the snapshot APIs * Cleanup code a bit * On restore handle special cases * Use the seal to encrypt the sha sum file * Add sealer mechanism and fix some bugs * Call restore while state lock is held * Send restore cb trigger through raft log * Make error messages nicer * Add test helpers * Add snapshot test * Add shamir unseal test * Add more raft snapshot API tests * Fix locking * Change working to initalize * Add underlying raw object to test cluster core * Move leaderUUID to core * Add raft TLS rotation logic (#950) * Add TLS rotation logic * Cleanup logic a bit * Add/Remove from follower state on add/remove peer * add comments * Update more comments * Update request_forwarding_service.proto * Make sure we populate all nodes in the followerstate obj * Update times * Apply review feedback * Add more raft config setting (#947) * Add performance config setting * Add more config options and fix tests * Test Raft Recovery (#944) * Test raft recovery * Leave out a node during recovery * remove unused struct * Update physical/raft/snapshot_test.go * Update physical/raft/snapshot_test.go * fix vendoring * Switch to new raft interface * Remove unused files * Switch a gogo -> proto instance * Remove unneeded vault dep in go.sum * Update helper/testhelpers/testhelpers.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * Update vault/cluster/cluster.go * track active key within the keyring itself (#6915) * track active key within the keyring itself * lookup and store using the active key ID * update docstring * minor refactor * Small text fixes (#6912) * Update physical/raft/raft.go Co-Authored-By: Calvin Leung Huang <cleung2010@gmail.com> * review feedback * Move raft logical system into separate file * Update help text a bit * Enforce cluster addr is set and use it for raft bootstrapping * Fix tests * fix http test panic * Pull in latest raft-snapshot library * Add comment
2019-06-20 19:14:58 +00:00
sed -i -e 's/Id/ID/' vault/request_forwarding_service.pb.go
sed -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/protobuf:"/sentinel:"" protobuf:"/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' helper/identity/types.pb.go helper/identity/mfa/types.pb.go helper/storagepacker/types.pb.go sdk/plugin/pb/backend.pb.go sdk/logical/identity.pb.go
sed -i -e 's/Iv/IV/' -e 's/Hmac/HMAC/' sdk/physical/types.pb.go
2016-10-20 16:39:19 +00:00
fmtcheck:
2018-09-01 15:10:29 +00:00
@true
#@sh -c "'$(CURDIR)/scripts/gofmtcheck.sh'"
fmt:
goimports -w $(GOFMT_FILES)
assetcheck:
@echo "==> Checking compiled UI assets..."
@sh -c "'$(CURDIR)/scripts/assetcheck.sh'"
spellcheck:
@echo "==> Spell checking website..."
@misspell -error -source=text website/source
mysql-database-plugin:
@CGO_ENABLED=0 go build -o bin/mysql-database-plugin ./plugins/database/mysql/mysql-database-plugin
mysql-legacy-database-plugin:
@CGO_ENABLED=0 go build -o bin/mysql-legacy-database-plugin ./plugins/database/mysql/mysql-legacy-database-plugin
cassandra-database-plugin:
@CGO_ENABLED=0 go build -o bin/cassandra-database-plugin ./plugins/database/cassandra/cassandra-database-plugin
2019-01-18 01:14:57 +00:00
influxdb-database-plugin:
@CGO_ENABLED=0 go build -o bin/influxdb-database-plugin ./plugins/database/influxdb/influxdb-database-plugin
postgresql-database-plugin:
@CGO_ENABLED=0 go build -o bin/postgresql-database-plugin ./plugins/database/postgresql/postgresql-database-plugin
mssql-database-plugin:
@CGO_ENABLED=0 go build -o bin/mssql-database-plugin ./plugins/database/mssql/mssql-database-plugin
hana-database-plugin:
@CGO_ENABLED=0 go build -o bin/hana-database-plugin ./plugins/database/hana/hana-database-plugin
mongodb-database-plugin:
@CGO_ENABLED=0 go build -o bin/mongodb-database-plugin ./plugins/database/mongodb/mongodb-database-plugin
2019-10-17 19:48:45 +00:00
# GPG_KEY_VARS sets FPR to the fingerprint with no spaces and GIT_GPG_KEY_ID to a git compatible gpg key id.
define GPG_KEY_VARS
FPR=$$(echo "$(RELEASE_GPG_KEY_FINGERPRINT)" | sed 's/ //g') && GIT_GPG_KEY_ID="0x$$(printf $$FPR | tail -c 16)"
endef
define FAIL_IF_GPG_KEY_MISSING
@$(GPG_KEY_VARS) && echo "Checking for key '$$FPR' (git key id: $$GIT_GPG_KEY_ID)"; \
gpg --list-secret-keys "$$FPR" >/dev/null 2>&1 || { \
echo "ERROR: Secret GPG key missing: $$FPR"; \
exit 1; \
}
endef
define FAIL_IF_UNCOMMITTED_CHANGES
@{ git diff --exit-code && git diff --cached --exit-code; } >/dev/null 2>&1 || { \
echo "ERROR: Uncommitted changes detected."; \
exit 1; \
}
endef
stage-commit:
$(FAIL_IF_GPG_KEY_MISSING)
$(FAIL_IF_UNCOMMITTED_CHANGES)
@[ -n "$(STAGE_VERSION)" ] || { echo "You must set STAGE_VERSION to the version in semver-like format."; exit 1; }
set -x; $(GPG_KEY_VARS) && git commit --allow-empty --gpg-sign=$$GIT_GPG_KEY_ID -m 'release: stage v$(STAGE_VERSION)'
publish-commit:
$(FAIL_IF_GPG_KEY_MISSING)
$(FAIL_IF_UNCOMMITTED_CHANGES)
@[ -n "$(PUBLISH_VERSION)" ] || { echo "You must set PUBLISH_VERSION to the version in semver-like format."; exit 1; }
set -x; $(GPG_KEY_VARS) && git commit --allow-empty --gpg-sign=$$GIT_GPG_KEY_ID -m 'release: publish v$(PUBLISH_VERSION)'
.PHONY: bin default prep test vet bootstrap fmt fmtcheck mysql-database-plugin mysql-legacy-database-plugin cassandra-database-plugin influxdb-database-plugin postgresql-database-plugin mssql-database-plugin hana-database-plugin mongodb-database-plugin static-assets ember-dist ember-dist-dev static-dist static-dist-dev assetcheck check-vault-in-path check-browserstack-creds test-ui-browserstack stage-commit publish-commit
.NOTPARALLEL: ember-dist ember-dist-dev static-assets