backport of commit 4e963c4

hashicorp · Aug 31, 2023 · b0aa5b9 · b0aa5b9
1 parent cdf6bf0
commit b0aa5b9
Show file tree

Hide file tree

Showing 6,426 changed files with 249,697 additions and 261,301 deletions.
diff --git a/.copywrite.hcl b/.copywrite.hcl
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 contact_links:
   - name: Ask a question
     url: https://discuss.hashicorp.com/c/vault

diff --git a/.github/ISSUE_TEMPLATE/plugin-submission.md b/.github/ISSUE_TEMPLATE/plugin-submission.md
@@ -7,7 +7,7 @@ assignees: ''
 
 ---
 
-Please provide details for the plugin to be listed. All fields are required for a submission to be included in the [Vault Integrations](https://developer.hashicorp.com/vault/integrations) page.
+Please provide details for the plugin to be listed. All fields are required for a submission to be included in the [Plugin Portal](https://www.vaultproject.io/docs/plugin-portal) page.
 
 **Plugin Information**
 Name as it would appear listed:

diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 self-hosted-runner:
   # Labels of self-hosted runner in array of string

diff --git a/.github/actions/set-up-go/action.yml b/.github/actions/set-up-go/action.yml
@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 ---
 name: Set up Go with a shared module cache
 description: Set up Go with a shared module cache

diff --git a/.github/actions/set-up-gotestsum/action.yml b/.github/actions/set-up-gotestsum/action.yml
@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 ---
 name: Set up gotestsum from Github releases
 description: Set up gotestsum from Github releases

diff --git a/.github/enos-run-matrices/ent.json b/.github/enos-run-matrices/ent.json
@@ -0,0 +1,24 @@
+{
+  "include": [
+    {
+      "scenario": "smoke backend:consul consul_version:1.12.3 distro:ubuntu seal:awskms arch:amd64 builder:crt edition:ent",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "smoke backend:raft consul_version:1.12.3 distro:ubuntu seal:shamir arch:amd64 builder:crt edition:ent",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "upgrade backend:raft consul_version:1.11.7 distro:rhel seal:shamir arch:amd64 builder:crt edition:ent",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "upgrade backend:consul consul_version:1.11.7 distro:rhel seal:awskms arch:amd64 builder:crt edition:ent",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "autopilot distro:ubuntu seal:shamir arch:amd64 builder:crt edition:ent",
+      "aws_region": "us-west-1"
+    }
+  ]
+}
diff --git a/.github/enos-run-matrices/oss.json b/.github/enos-run-matrices/oss.json
@@ -0,0 +1,20 @@
+{
+  "include": [
+    {
+      "scenario": "smoke backend:consul consul_version:1.12.3 distro:ubuntu seal:awskms arch:amd64 builder:crt edition:oss",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "smoke backend:raft consul_version:1.12.3 distro:ubuntu seal:shamir arch:amd64 builder:crt edition:oss",
+      "aws_region": "us-west-2"
+    },
+    {
+      "scenario": "upgrade backend:raft consul_version:1.11.7 distro:rhel seal:shamir arch:amd64 builder:crt edition:oss",
+      "aws_region": "us-west-1"
+    },
+    {
+      "scenario": "upgrade backend:consul consul_version:1.11.7 distro:rhel seal:awskms arch:amd64 builder:crt edition:oss",
+      "aws_region": "us-west-2"
+    }
+  ]
+}
diff --git a/.github/scripts/gh_comment.sh b/.github/scripts/gh_comment.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 
 set -e
 
@@ -19,8 +16,7 @@ function update_or_create_comment {
                  -H "Accept: application/vnd.github+json" \
                  -H "X-GitHub-Api-Version: 2022-11-28" \
                  --paginate \
-                 /repos/hashicorp/"$REPO"/issues/"$PR_NUMBER"/comments |
-                 jq -r --arg SEARCH_KEY "$SEARCH_KEY" '.[] | select (.body | startswith($SEARCH_KEY)) | .id')
+                 /repos/hashicorp/"$REPO"/issues/"$PR_NUMBER"/comments | jq -r --arg SEARCH_KEY "$SEARCH_KEY" '.[] | select (.body | contains($SEARCH_KEY)) | .id')
 
   if [[ "$comment_id" != "" ]]; then
     # update the comment with the new body

diff --git a/.github/scripts/report_failed_builds.sh b/.github/scripts/report_failed_builds.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 
 set -e
 

diff --git a/.github/scripts/report_failed_tests.sh b/.github/scripts/report_failed_tests.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 
 set -e
 MAX_TESTS=10

diff --git a/.github/scripts/verify_changes.sh b/.github/scripts/verify_changes.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 #  This script validates if the git diff contains only docs/ui changes
 
 event_type=$1 # GH event type (pull_request)

diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml
@@ -5,11 +5,6 @@ on:
       - '.github/**'
     types: [opened, synchronize, reopened, ready_for_review]
 
-# cancel existing runs of the same workflow on the same ref
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
-  cancel-in-progress: true
-
 jobs:
   actionlint:
     runs-on: ubuntu-latest

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -11,11 +11,11 @@ jobs:
   backport-targeted-release-branch:
     if: github.event.pull_request.merged
     runs-on: ubuntu-latest
-    container: hashicorpdev/backport-assistant:0.3.3
+    container: hashicorpdev/backport-assistant:0.2.5
     steps:
       - name: Backport changes to targeted release branch
         run: |
-          backport-assistant backport -merge-method=squash -gh-automerge 
+          backport-assistant backport
         env:
           BACKPORT_LABEL_REGEXP: "backport/(?P<target>\\d+\\.\\d+\\.[+\\w]+)"
           BACKPORT_TARGET_TEMPLATE: "release/{{.target}}"

diff --git a/.github/workflows/build-vault-oss.yml b/.github/workflows/build-vault-oss.yml
@@ -59,6 +59,8 @@ jobs:
           GOARCH: ${{ inputs.goarch }}
           GOOS: ${{ inputs.goos }}
           GO_TAGS: ${{ inputs.go-tags }}
+          # We started stripping symbol tables in 1.13.x
+          KEEP_SYMBOLS: true
         run: make ci-build
       - name: Determine artifact basename
         env:
@@ -83,7 +85,7 @@ jobs:
           version: ${{ inputs.vault-version }}
           maintainer: HashiCorp
           homepage: https://github.com/hashicorp/vault
-          license: BUSL-1.1
+          license: MPL-2.0
           binary: dist/${{ inputs.package-name }}
           deb_depends: openssl
           rpm_depends: openssl

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,11 +4,6 @@ name: build
 on:
   workflow_dispatch:
   pull_request:
-    # The default types for pull_request are [ opened, synchronize, reopened ].
-    # This is insufficient for our needs, since we're skipping stuff on PRs in
-    # draft mode.  By adding the ready_for_review type, when a draft pr is marked
-    # ready, we run everything, including the stuff we'd have skipped up until now.
-    types: [opened, synchronize, reopened, ready_for_review]
   push:
     branches:
       - main
@@ -98,7 +93,7 @@ jobs:
         name: Set up node and yarn
         uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
-          node-version-file: ui/package.json
+          node-version: 14
           cache: yarn
           cache-dependency-path: ui/yarn.lock
       - if: steps.cache-ui-assets.outputs.cache-hit != 'true'
@@ -216,15 +211,6 @@ jobs:
 
   test:
     name: Test ${{ matrix.build-artifact-name }}
-    # Only run the Enos workflow against branches that are created from the
-    # hashicorp/vault repository. This has the effect of limiting execution of
-    # Enos scenarios to branches that originate from authors that have write
-    # access to hashicorp/vault repository. This is required as Github Actions
-    # will not populate the required secrets for branches created by outside
-    # contributors in order to protect the secrets integrity.
-    # This condition can be removed in future if enos workflow is updated to
-    # workflow_run event
-    if: "! github.event.pull_request.head.repo.fork"
     needs:
       - product-metadata
       - build-linux
@@ -248,16 +234,6 @@ jobs:
 
   test-docker-k8s:
     name: Test Docker K8s
-    # Only run the Enos workflow against branches that are created from the
-    # hashicorp/vault repository. This has the effect of limiting execution of
-    # Enos scenarios to branches that originate from authors that have write
-    # access to hashicorp/vault repository. This is required as Github Actions
-    # will not populate the required secrets for branches created by outside
-    # contributors in order to protect the secrets integrity.
-    # GHA secrets are only ready on workflow_run for public repo
-    # This condition can be removed in future if enos workflow is updated to
-    # workflow_run event
-    if: "! github.event.pull_request.head.repo.fork"
     needs:
       - product-metadata
       - build-docker
@@ -314,7 +290,7 @@ jobs:
     steps:
       - run: |
           tr -d '\n' <<< '${{ toJSON(needs.*.result) }}' | grep -q -v -E '(failure|cancelled)'
-
+          
   notify-completed-successfully-failures-oss:
     if: ${{ always() && github.repository == 'hashicorp/vault' && needs.completed-successfully.result == 'failure' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) }}
     runs-on: ubuntu-latest