Commit graph

191 commits

Author SHA1 Message Date
Hamid Ghaf 27bb03bbc0
adding copyright header (#19555)
* adding copyright header

* fix fmt and a test
2023-03-15 09:00:52 -07:00
Anton Averchenkov f19bcd79c5
Remove 'openldap' from gen_openapi.sh (#19401) 2023-02-28 13:24:11 -05:00
Anton Averchenkov e5770359b5
Simplify gen_openapi.sh script (#19245)
* Simplify gen_openapi.sh script

* Update scripts/gen_openapi.sh

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>

* use correct import

---------

Co-authored-by: Daniel Huckins <dhuckins@users.noreply.github.com>
2023-02-17 14:48:05 -05:00
Anton Averchenkov 76d8d2b88a
Stop vault on exit in gen_openapi.sh (#19252) 2023-02-17 13:06:00 -05:00
Anton Averchenkov 6487fe6ae8
Change gen_openapi.sh to generate schema with generic mount paths (#18934) 2023-01-31 23:37:19 +00:00
Ryan Cragun bd5d738ad7
[QT-436] Pseudo random artifact test scenarios (#18056)
Introducing a new approach to testing Vault artifacts before merge
and after merge/notorization/signing. Rather than run a few static
scenarios across the artifacts, we now have the ability to run a
pseudo random sample of scenarios across many different build artifacts.

We've added 20 possible scenarios for the AMD64 and ARM64 binary
bundles, which we've broken into five test groups. On any given push to
a pull request branch, we will now choose a random test group and
execute its corresponding scenarios against the resulting build
artifacts. This gives us greater test coverage but lets us split the
verification across many different pull requests.

The post-merge release testing pipeline behaves in a similar fashion,
however, the artifacts that we use for testing have been notarized and
signed prior to testing. We've also reduce the number of groups so that
we run more scenarios after merge to a release branch.

We intend to take what we've learned building this in Github Actions and
roll it into an easier to use feature that is native to Enos. Until then,
we'll have to manually add scenarios to each matrix file and manually
number the test group. It's important to note that Github requires every
matrix to include at least one vector, so every artifact that is being
tested must include a single scenario in order for all workflows to pass
and thus satisfy branch merge requirements.

* Add support for different artifact types to enos-run
* Add support for different runner type to enos-run
* Add arm64 scenarios to build matrix
* Expand build matrices to include different variants
* Update Consul versions in Enos scenarios and matrices
* Refactor enos-run environment
* Add minimum version filtering support to enos-run. This allows us to
  automatically exclude scenarios that require a more recent version of
  Vault
* Add maximum version filtering support to enos-run. This allows us to
  automatically exclude scenarios that require an older version of
  Vault
* Fix Node 12 deprecation warnings
* Rename enos-verify-stable to enos-release-testing-oss
* Convert artifactory matrix into enos-release-testing-oss matrices
* Add all Vault editions to Enos scenario matrices
* Fix verify version with complex Vault edition metadata
* Rename the crt-builder to ci-helper
* Add more version helpers to ci-helper and Makefile
* Update CODEOWNERS for quality team
* Add support for filtering matrices by group and version constraints
* Add support for pseudo random test scenario execution

Signed-off-by: Ryan Cragun <me@ryan.ec>
2022-12-12 13:46:04 -07:00
Nick Cabatoff 342b61984a
Move version out of SDK. (#14229)
Move version out of SDK.  For now it's a copy rather than move: the part not addressed by this change is sdk/helper/useragent.String, which we'll want to remove in favour of PluginString.  That will have to wait until we've removed uses of useragent.String from all builtins.
2022-12-07 13:29:51 -05:00
Ryan Cragun 4c4798417f
[QT-358] Unify CRT and local builder workflows (#17766)
Here we make the following major changes:

* Centralize CRT builder logic into a script utility so that we can share the
  logic for building artifacts in CI or locally.
* Simplify the build workflow by calling a reusable workflow many times
  instead of repeating the contents.
* Create a workflow that validates whether or not the build workflow and all
  child workflows have succeeded to allow for merge protection.

Motivation

* We need branch requirements for the build workflow and all subsequent
  integration tests (QT-353)
* We need to ensure that the Enos local builder works (QT-558)
* Debugging build failures can be difficult because one has to hand craft the
  steps to recreate the build
* Merge conflicts between Vault OSS and Vault ENT build workflows are quite
  painful. As the build workflow must be the same file and name we'll reduce
  what is contained in each that is unique. Implementations of building
  will be unique per edition so we don't have to worry about conflict
  resolution.
* Since we're going to be touching the build workflow to do the first two
  items we might as well try and improve those other issues at the same time
  to reduce the overhead of backports and conflicts.

Considerations

* Build logic for Vault OSS and Vault ENT differs
* The Enos local builder was duplicating a lot of what we did in the CRT build
  workflow
* Version and other artifact metadata has been an issue before. Debugging it
  has been tedious and error prone.
* The build workflow is full of brittle copy and paste that is hard to
  understand, especially for all of the release editions in Vault Enterprise
* Branch check requirements for workflows are incredibly painful to use for
  workflows that are dynamic or change often. The required workflows have to be
  configured in Github settings by administrators. They would also prevent us
  from having simple docs PRs since required integration workflows always have
  to run to satisfy branch requirements.
* Doormat credentials requirements that are coming will require us to modify
  which event types trigger workflows. This changes those ahead of time since
  we're doing so much to build workflow. The only noticeable impact will be
  that the build workflow no longer runs on pushes to non-main or release
  branches. In order to test other branches it requires a workflow_dispatch
  from the Actions tab or a pull request.

Solutions

* Centralize the logic that determines build metadata and creates releasable
  Vault artifacts. Instead of cargo-culting logic multiple times in the build
  workflow and the Enos local modules, we now have a crt-builder script which
  determines build metadata and also handles building the UI, Vault, and the
  package bundle. There are make targets for all of the available sub-commands.
  Now what we use in the pipeline is the same thing as the local builder, and
  it can be executed locally by developers. The crt-builder script works in OSS
  and Enterprise so we will never have to deal with them being divergent or with
  special casing things in the build workflow.
* Refactor the bulk of the Vault building into a reusable workflow that we can
  call multiple times. This allows us to define Vault builds in a much simpler
  manner and makes resolving merge conflicts much easier.
* Rather than trying to maintain a list and manually configure the branch check
  requirements for build, we'll trigger a single workflow that uses the github
  event system to determine if the build workflow (all of the sub-workflows
  included) have passed. We'll then create branch restrictions on that single
  workflow down the line.

Signed-off-by: Ryan Cragun me@ryan.ec
2022-11-11 13:14:43 -07:00
Anton Averchenkov d6d8006ae8
Fix gen_openapi.sh script to load plugins (#17752) 2022-11-01 17:32:54 -04:00
Nick Cabatoff f1c92200b2
Reduce number of places where go version is set (#17762)
Reduce go version references to two: .go_version and @executors.yml.
2022-11-01 15:37:13 -04:00
Mike Palmiotto 9dc8744885
Update main to go 1.19.2 (#17437)
* Update go version to 1.19.2

This commit updates the default version of go to 1.19.2. This update
includes minor security fixes for archive/tar, net/http/httputil, and
regexp packages.

For more information on the release, see: https://go.dev/doc/devel/release#go1.19.2

* Update Docker versions in CI to 20.10.17

After updating Vault to go version 1.19.2, there were several SIGABRTs
in the vault tests. These were related to a missing `pthread_create`
syscall in Docker. Since CI was using a much older version of Docker,
the fix was to bump it to latest-1 (20.10.17).

While we're at it, add a note in the developer docs encouraging the use
of the latest Docker version.
2022-10-07 14:24:14 -04:00
Josh Black 14c8008181
Enforce a minimum version for protoc (#17122) 2022-09-13 19:46:35 -07:00
akshya96 ab1e264f0b
updating go to 1.19.1 (#17053) 2022-09-07 16:13:33 -07:00
Hamid Ghaf c5df41e750
update to GO 1.18.5 (#16840)
* update to GO 1.18.5

* reverting a change

* feedback
2022-08-23 19:05:43 -04:00
Christopher Swenson 1068a1b528
Update Go to 1.18 (#16522)
Update Go to 1.18

From 1.17.12

1.18.5 was just released, but not all packages have been updated, so I
went with 1.18.4

Co-authored-by: Steven Clark <steven.clark@hashicorp.com>
2022-08-02 10:36:12 -07:00
Christopher Swenson 81b702b918
Remove gox in favor of go build. (#16353)
Remove gox in favor of go build.

`gox` hasn't had a release to update it in many years, so is missing
support for many modern systems, like `darwin/arm64`.

In any case, we only use it for dev builds, where we don't even use
the ability of it to build for multiple platforms. Release builds use
`go build` now.

So, this switches to `go build` everywhere.

I pulled this down and tested it in Windows as well. (Side note: I
couldn't get `gox` to work in Windows, so couldn't build before this
change.)
2022-07-20 10:44:41 -07:00
Chris Capurso 3581811289
Update go to version 1.17.12 (#16336)
* update to go 1.17.12

* update changelog entry

* update readme
2022-07-18 16:28:47 -04:00
Steven Clark a97da32b4b
Update Go to 1.17.11 (#15818)
* Update Go to 1.17.11

 See https://go.dev/doc/devel/release#go1.17.minor for release notes
2022-06-06 13:18:24 -04:00
Matt Schultz a06f9863e7
Don't show the signature for git commits in the build_date script (#15165) 2022-04-25 13:47:55 -05:00
Chris Capurso e69f89c279
Add build date (#14957)
* add BuildDate to version base

* populate BuildDate with ldflags

* include BuildDate in FullVersionNumber

* add BuildDate to seal-status and associated status cmd

* extend core/versions entries to include BuildDate

* include BuildDate in version-history API and CLI

* fix version history tests

* fix sys status tests

* fix TestStatusFormat

* remove extraneous LD_FLAGS from build.sh

* add BuildDate to build.bat

* fix TestSysUnseal_Reset

* attempt to add build-date to release builds

* add branch to github build workflow

* add get-build-date to build-* job needs

* fix release build command vars

* add missing quote in release build command

* Revert "add branch to github build workflow"

This reverts commit b835699ecb7c2c632757fa5fe64b3d5f60d2a886.

* add changelog entry
2022-04-19 14:28:08 -04:00
Alexander Scheel 4a58bc8892
Update to Go 1.17.9 (#15043)
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
2022-04-14 14:41:05 -04:00
Anton Averchenkov e0722ba17c
Fix a few linting errors in gen_openapi.sh script (#14673) 2022-03-23 17:43:02 -04:00
AnPucel 987cef98b1
Create OpenApi spec w/ dynamically generated plugins (#14311)
Editing script to dynamically scrape plugins from "registry.go"
2022-03-23 09:45:39 -07:00
Hridoy Roy 7e0abe3c7e
Add Semgrep Rules to OSS (#14513)
* add semgrep yml

* add semgrep ci job

* remove replication semgrep rule in oss

* fix makefile

* add semgrep to ci

* upwind triple if in ui.go semgrep refactoring
2022-03-18 11:14:03 -07:00
Nick Cabatoff 6a452bc3e6
Update to Go 1.17.7 (#14232) 2022-02-23 15:08:08 -05:00
mickael-hc 987c846edc
Remove --privileged recommendation from entrypoint script message (#14027)
The use of the `--privileged` [flag](https://docs.docker.com/engine/reference/commandline/run/#options) is not recommended, as it does not adhere to the principle of least privilege.
2022-02-18 16:52:21 -05:00
Robert 89b8c84928
Remove old binary before copying new one to GOPATH/bin (#13966) 2022-02-09 08:32:10 -05:00
Meggie c0b962ecfa
Main go version bump (#13408)
* Go 1.17.2 -> 1.17.5
* Switching to cimg
2021-12-14 11:11:13 -05:00
claire labry b59f8b8b4c
adding CRT to main branch (#13088)
* adding CRT to main branch

* cleanup

* um i dont know how that got removed but heres the fix

* add vault.service

Co-authored-by: Kyle Penfound <kpenfound11@gmail.com>
2021-12-06 11:06:22 -05:00
Nick Cabatoff ff74f49047
Move to go 1.17 (#12868)
Also ensure that the go 1.17 breaking changes to net.ParseCIDR don't make us choke on stored CIDRs that were acceptable to older Go versions.
2021-10-21 09:32:03 -04:00
Josh Black 0291e56e83
bump go to 1.16.7 (#12408) 2021-08-24 09:54:26 -07:00
Clint 675e0c1383
Replace go-bindata-assetfs build dependency with native go:embed (#11208)
* copy over the webui

move web_ui to http

remove web ui files, add .gitkeep

updates, messing with gitkeep and ignoring web_ui

update ui scripts

gitkeep

ignore http/web_ui

Remove debugging

remove the jwt reference, that was from something else

restore old jwt plugin

move things around

Revert "move things around"

This reverts commit 2a35121850f5b6b82064ecf78ebee5246601c04f.

Update ui path handling to not need the web_ui name part

add desc

move the http.FS conversion internal to assetFS

update gitignore

remove bindata dep

clean up some comments

remove asset check script that's no longer needed

Update readme

remove more bindata things

restore asset check

update packagespec

update stub

stub the assetFS method and set uiBuiltIn to false for non-ui builds

update packagespec to build ui

* fail if assets aren't found

* tidy up vendor

* go mod tidy

* updating .circleci

* restore tools.go

* re-re-re-run make packages

* re-enable arm64

* Adding change log

* Removing a file

Co-authored-by: hamid ghaf <hamid@hashicorp.com>
2021-08-18 11:05:11 -04:00
Meggie 6a32c01c8a
Updating go version to 1.16.6 for security fix (#12245)
* Updating go version to 1.16.6 for security fix

* Changelog
2021-08-04 11:30:43 -04:00
Arnav Palnitkar c71a6b6312
Update node to latest stable version (#12049)
* Update node to latest stable version

- v10 has reached EOL so upgrading node to v14 which is the latest
stable build

* Added changelog

* Resolve merge conflicts
2021-07-22 14:09:12 -07:00
Jim Kalafut 3d9036e663
Rename some references from master to main (#11897)
* Rename some references from master to main

* Update changelog-checker
2021-06-18 11:24:54 -07:00
Vishal Nayak c11c771737
Udate to Go 1.16.5 (#11802)
* Udate to Go 1.16.5

* Add CL

* Update packages-oss.yml

* Update go_test.yml
2021-06-09 10:38:52 -04:00
Theron Voran 9f1b5ce6f1
Passing BUILD_TAGS to the docker-dev commands (#11769)
Adds BUILD_TAGS to the docker build commands for docker-dev and
docker-dev-ui. Also changes the respective Dockerfile's to use double
quotes with ${BUILD_TAGS} so that it's interpolated.
2021-06-04 08:51:55 -07:00
Sam Salisbury 43aeac63c7
upgrade-packagespec script: open browser for PR (#11486) 2021-04-28 11:35:25 +01:00
Sam Salisbury bcecb885ff
add scripts/upgrade-packagespec (#10276)
* add scripts/upgrade-packagespec

* upgrade-packagespec script: docs + actionable logs

* upgrade-packagespec script: escape branch name

- This is now more accurate and handles branch names with
  slashes and pluses better.

* Update scripts/upgrade-packagespec

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>

Co-authored-by: Nick Cabatoff <ncabatoff@hashicorp.com>
2021-04-26 11:53:00 +01:00
Scott Miller 3dfe5176ee
Darwin/ARM64 build target (#11321)
* Update to Go 1.16.2 for build/dev

* Update SDK version_base

* 1st attempt

* Update docker images

* wip

* wip
2021-04-09 09:53:03 -05:00
Shahar Danus bcf72c5143
bumping alpine version, improving security (#11271) 2021-04-08 10:45:03 -07:00
Scott Miller 6f084b75f1
Update Go to 1.16.2 for the 1.8-dev cycle (#11267)
* Update to Go 1.16.2 for build/dev

* Update SDK version_base

* Update docker images

* make packages
2021-04-07 15:46:42 -05:00
Sam Salisbury a81f6683d2
Revert "Remove use of go cache from go test CI", bump Go to 1.15.11 (#11279)
* Revert "Saving and restoring the go cache was an experiment to reduce build times, but it worked too inconsistently. (#10493)"

This reverts commit 1e72bb1c41aef6648e9e219f6e44ae7942f463fe.

* make ci-config

* ci: update default go image to use docker mirror

* bump to go1.15.11

- Previously there was version skew: 1.15.10 and 1.15.4 were in use.
2021-04-06 14:42:14 +01:00
Calvin Leung Huang 786196f5ae
go: update references to go1.15.10 (#11233) 2021-03-30 09:15:48 -07:00
Hridoy Roy 2da7de2fec
Minimal changes to solve Dependency CVEs [VAULT-871] (#11015)
* minimal changes to solve most of the cves

* cleanup

* finished go mod vendor upgrades
2021-03-01 14:35:40 -08:00
Clint 2aff402279
Bundle new Vault plugin: Terraform secrets (#10931)
* Bundle Terraform secrets engine

* update go.mod/sum

* vendor update

* add changelog entry

* add secrets terraform
2021-02-19 16:38:56 -06:00
Josh Black 2cc9e2d914
Update to go 1.15.7 (#10730)
* Update to go 1.15.6

* Just kidding, how about 1.15.7

* And the associated CI config

* Add changelog and update go version in more places
2021-01-20 11:02:33 -08:00
Nick Cabatoff 792ea778dc
Use 1.15.4 in CI and Dockerfile. (#10587) 2021-01-15 12:39:33 -05:00
Brian Kassouf 10668331e4
Update go version to 1.15.3 (#10279)
* Update go version to 1.15.3

* Fix OU ordering for go1.15.x testing

* Fix CI version

* Update docker image

* Fix test

* packagespec upgrade -version 0.1.8

Co-authored-by: Sam Salisbury <samsalisbury@gmail.com>
2020-10-30 16:44:06 -04:00
Jason O'Donnell 6cf7da3153
docker-dev: add go version as build arg (#10117) 2020-10-08 14:30:31 -04:00