backport of commit 727c73c

hashicorp · Jul 27, 2023 · cc2e873 · cc2e873
1 parent f45e9b9
commit cc2e873
Show file tree

Hide file tree

Showing 4,891 changed files with 370,737 additions and 131,245 deletions.
diff --git a/.copywrite.hcl b/.copywrite.hcl
@@ -8,9 +8,8 @@ project {
   # Supports doublestar glob patterns for more flexibility in defining which
   # files or folders should be ignored
   header_ignore = [
-    "builtin/credential/aws/pkcs7/**",
+    "builtin/credentials/aws/pkcs7/**",
     "ui/node_modules/**",
     "enos/modules/k8s_deploy_vault/raft-config.hcl",
-    "plugins/database/postgresql/scram/**"
   ]
 }
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 contact_links:
   - name: Ask a question
     url: https://discuss.hashicorp.com/c/vault

diff --git a/.github/scripts/gh_comment.sh b/.github/scripts/gh_comment.sh
@@ -16,8 +16,7 @@ function update_or_create_comment {
                  -H "Accept: application/vnd.github+json" \
                  -H "X-GitHub-Api-Version: 2022-11-28" \
                  --paginate \
-                 /repos/hashicorp/"$REPO"/issues/"$PR_NUMBER"/comments |
-                 jq -r --arg SEARCH_KEY "$SEARCH_KEY" '.[] | select (.body | startswith($SEARCH_KEY)) | .id')
+                 /repos/hashicorp/"$REPO"/issues/"$PR_NUMBER"/comments | jq -r --arg SEARCH_KEY "$SEARCH_KEY" '.[] | select (.body | contains($SEARCH_KEY)) | .id')
 
   if [[ "$comment_id" != "" ]]; then
     # update the comment with the new body

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -11,7 +11,7 @@ jobs:
   backport-targeted-release-branch:
     if: github.event.pull_request.merged
     runs-on: ubuntu-latest
-    container: hashicorpdev/backport-assistant:0.3.3
+    container: hashicorpdev/backport-assistant:0.3.0
     steps:
       - name: Backport changes to targeted release branch
         run: |

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,11 +4,6 @@ name: build
 on:
   workflow_dispatch:
   pull_request:
-    # The default types for pull_request are [ opened, synchronize, reopened ].
-    # This is insufficient for our needs, since we're skipping stuff on PRs in
-    # draft mode.  By adding the ready_for_review type, when a draft pr is marked
-    # ready, we run everything, including the stuff we'd have skipped up until now.
-    types: [opened, synchronize, reopened, ready_for_review]
   push:
     branches:
       - main
@@ -98,7 +93,7 @@ jobs:
         name: Set up node and yarn
         uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
-          node-version-file: ui/package.json
+          node-version: 14
           cache: yarn
           cache-dependency-path: ui/yarn.lock
       - if: steps.cache-ui-assets.outputs.cache-hit != 'true'
@@ -216,15 +211,6 @@ jobs:
 
   test:
     name: Test ${{ matrix.build-artifact-name }}
-    # Only run the Enos workflow against branches that are created from the
-    # hashicorp/vault repository. This has the effect of limiting execution of
-    # Enos scenarios to branches that originate from authors that have write
-    # access to hashicorp/vault repository. This is required as Github Actions
-    # will not populate the required secrets for branches created by outside
-    # contributors in order to protect the secrets integrity.
-    # This condition can be removed in future if enos workflow is updated to
-    # workflow_run event
-    if: "! github.event.pull_request.head.repo.fork"
     needs:
       - product-metadata
       - build-linux
@@ -248,16 +234,6 @@ jobs:
 
   test-docker-k8s:
     name: Test Docker K8s
-    # Only run the Enos workflow against branches that are created from the
-    # hashicorp/vault repository. This has the effect of limiting execution of
-    # Enos scenarios to branches that originate from authors that have write
-    # access to hashicorp/vault repository. This is required as Github Actions
-    # will not populate the required secrets for branches created by outside
-    # contributors in order to protect the secrets integrity.
-    # GHA secrets are only ready on workflow_run for public repo
-    # This condition can be removed in future if enos workflow is updated to
-    # workflow_run event
-    if: "! github.event.pull_request.head.repo.fork"
     needs:
       - product-metadata
       - build-docker
@@ -314,7 +290,7 @@ jobs:
     steps:
       - run: |
           tr -d '\n' <<< '${{ toJSON(needs.*.result) }}' | grep -q -v -E '(failure|cancelled)'
-
+          
   notify-completed-successfully-failures-oss:
     if: ${{ always() && github.repository == 'hashicorp/vault' && needs.completed-successfully.result == 'failure' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) }}
     runs-on: ubuntu-latest
@@ -366,4 +342,4 @@ jobs:
           channel-id: "C05AABYEA9Y" # sent to #feed-vault-ci-official
           slack-bot-token: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}
           payload: |
-            {"text":"Enterprise build failures on ${{ github.ref_name }}","blocks":[{"type":"header","text":{"type":"plain_text","text":":rotating_light: Enterprise build failures :rotating_light:","emoji":true}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"build(s) failed on ${{ github.ref_name }}"},"accessory":{"type":"button","text":{"type":"plain_text","text":"View Failing Workflow","emoji":true},"url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}}]}
+            {"text":"Enterprise build failures on ${{ github.ref_name }}","blocks":[{"type":"header","text":{"type":"plain_text","text":":rotating_light: Enterprise build failures :rotating_light:","emoji":true}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"build(s) failed on ${{ github.ref_name }}"},"accessory":{"type":"button","text":{"type":"plain_text","text":"View Failing Workflow","emoji":true},"url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}}]}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -39,7 +39,7 @@ jobs:
             # shellcheck disable=SC2129
             echo 'compute-small=["self-hosted","ondemand","linux","type=c6a.large"]' >> "$GITHUB_OUTPUT"     #  2x vCPUs,  4 GiB RAM,
             echo 'compute-medium=["self-hosted","ondemand","linux","type=c6a.xlarge"]' >> "$GITHUB_OUTPUT"   #  4x vCPUs,  8 GiB RAM,
-            echo 'compute-large=["self-hosted","ondemand","linux","type=c6a.2xlarge"]' >> "$GITHUB_OUTPUT"   #  8x vCPUs, 16 GiB RAM,
+            echo 'compute-large=["self-hosted","ondemand","linux","type=c6a.2xlarge","disk_gb=64"]' >> "$GITHUB_OUTPUT"   #  8x vCPUs, 16 GiB RAM,
             echo 'compute-largem=["self-hosted","ondemand","linux","type=m6a.2xlarge"]' >> "$GITHUB_OUTPUT"  #  8x vCPUs, 32 GiB RAM,
             echo 'compute-xlarge=["self-hosted","ondemand","linux","type=c6a.4xlarge"]' >> "$GITHUB_OUTPUT"  # 16x vCPUs, 32 GiB RAM,
             echo 'enterprise=1' >> "$GITHUB_OUTPUT"
@@ -196,14 +196,14 @@ jobs:
       # Setup node.js without caching to allow running npm install -g yarn (next step)
       - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
-          node-version-file: './ui/package.json'
+          node-version: 14
       - id: install-yarn
         run: |
           npm install -g yarn
       # Setup node.js with caching using the yarn.lock file
       - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
-          node-version-file: './ui/package.json'
+          node-version: 14
           cache: yarn
           cache-dependency-path: ui/yarn.lock
       - id: install-browser
@@ -261,7 +261,7 @@ jobs:
           name: test-results-ui
           path: ui/test-results
         if: success() || failure()
-      - uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f # v2.1
+      - uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f  # TSCCR: no entry for repository "test-summary/action"
         with:
           paths: "ui/test-results/qunit/results.xml"
           show: "fail"
@@ -279,15 +279,23 @@ jobs:
           tr -d '\n' <<< '${{ toJSON(needs.*.result) }}' | grep -q -v -E '(failure|cancelled)'
 
   notify-tests-completed-failures-oss:
-    if: ${{ always() && github.repository == 'hashicorp/vault' && needs.tests-completed.result == 'failure' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) }}
+    if:  |
+      always() &&
+      github.repository == 'hashicorp/vault' &&
+      (needs.test-go.result == 'failure' ||
+      needs.test-go-fips.result == 'failure' ||
+      needs.test-go-race.result == 'failure') &&
+      (github.ref_name == 'main' || startsWith(github.ref_name, 'release/'))
     runs-on: ubuntu-latest
     permissions:
       id-token: write
       contents: read
     strategy:
       fail-fast: false
     needs:
-      - tests-completed
+      - test-go
+      - test-go-fips
+      - test-go-race
     steps:
       - name: send-notification
         uses: slackapi/slack-github-action@e28cf165c92ffef168d23c5c9000cffc8a25e117 # v1.24.0
@@ -301,15 +309,23 @@ jobs:
             {"text":"OSS test failures on ${{ github.ref_name }}","blocks":[{"type":"header","text":{"type":"plain_text","text":":rotating_light: OSS test failures :rotating_light:","emoji":true}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"test(s) failed on ${{ github.ref_name }}"},"accessory":{"type":"button","text":{"type":"plain_text","text":"View Failing Workflow","emoji":true},"url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}}]}
 
   notify-tests-completed-failures-ent:
-    if: ${{ always() && github.repository == 'hashicorp/vault-enterprise' && needs.tests-completed.result == 'failure' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) }}
+    if: |
+      always() &&
+      github.repository == 'hashicorp/vault-enterprise' &&
+      (needs.test-go.result == 'failure' ||
+      needs.test-go-fips.result == 'failure' ||
+      needs.test-go-race.result == 'failure') &&
+      (github.ref_name == 'main' || startsWith(github.ref_name, 'release/'))
     runs-on: ['self-hosted', 'linux', 'small']
     permissions:
       id-token: write
       contents: read
     strategy:
       fail-fast: false
     needs:
-      - tests-completed
+      - test-go
+      - test-go-fips
+      - test-go-race
     steps:
       - id: vault-auth
         name: Vault Authenticate

diff --git a/.github/workflows/enos-release-testing-oss.yml b/.github/workflows/enos-release-testing-oss.yml
@@ -64,7 +64,6 @@ jobs:
 
   save-metadata:
     runs-on: linux
-    if: always()
     needs: test
     steps:
       - name: Persist metadata

diff --git a/.github/workflows/oss.yml b/.github/workflows/oss.yml
@@ -68,7 +68,7 @@ jobs:
       - if: github.event.pull_request != null && steps.changes.outputs.ui == 'true'
         run: echo "PROJECT=171" >> "$GITHUB_ENV"
 
-      - uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0
+      - uses: actions/add-to-project@a9f041ddd462ed185893ea1024cec954f50dbe42 # v0.3.0 # TSCCR: no entry for repository "actions/add-to-project"
         with:
           project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }}
           github-token: ${{ secrets.TRIAGE_GITHUB_TOKEN }}

diff --git a/.github/workflows/plugin-update-check.yml b/.github/workflows/plugin-update-check.yml