backport of commit abaf1d6

hashicorp · Aug 16, 2023 · ec60705 · ec60705
1 parent 7518664
commit ec60705
Show file tree

Hide file tree

Showing 5,385 changed files with 380,771 additions and 152,366 deletions.
diff --git a/.copywrite.hcl b/.copywrite.hcl
@@ -1,21 +1,15 @@
 schema_version = 1
 
 project {
-  license        = "BUSL-1.1"
-  copyright_year = 2023
+  license        = "MPL-2.0"
+  copyright_year = 2015
 
   # (OPTIONAL) A list of globs that should not have copyright/license headers.
   # Supports doublestar glob patterns for more flexibility in defining which
   # files or folders should be ignored
   header_ignore = [
-    "builtin/credential/aws/pkcs7/**",
+    "builtin/credentials/aws/pkcs7/**",
     "ui/node_modules/**",
     "enos/modules/k8s_deploy_vault/raft-config.hcl",
-    "plugins/database/postgresql/scram/**",
-    # licensed under MPL - ignoring for now until the copywrite tool can support
-    # multiple licenses per repo.
-    "sdk/**",
-    "api/**",
-    "shamir/**'"
   ]
 }
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 contact_links:
   - name: Ask a question
     url: https://discuss.hashicorp.com/c/vault

diff --git a/.github/ISSUE_TEMPLATE/plugin-submission.md b/.github/ISSUE_TEMPLATE/plugin-submission.md
@@ -7,7 +7,7 @@ assignees: ''
 
 ---
 
-Please provide details for the plugin to be listed. All fields are required for a submission to be included in the [Vault Integrations](https://developer.hashicorp.com/vault/integrations) page.
+Please provide details for the plugin to be listed. All fields are required for a submission to be included in the [Plugin Portal](https://www.vaultproject.io/docs/plugin-portal) page.
 
 **Plugin Information**
 Name as it would appear listed:

diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
@@ -1,5 +1,5 @@
 # Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
+# SPDX-License-Identifier: MPL-2.0
 
 self-hosted-runner:
   # Labels of self-hosted runner in array of string

diff --git a/.github/actions/set-up-go/action.yml b/.github/actions/set-up-go/action.yml
@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 ---
 name: Set up Go with a shared module cache
 description: Set up Go with a shared module cache

diff --git a/.github/actions/set-up-gotestsum/action.yml b/.github/actions/set-up-gotestsum/action.yml
@@ -1,6 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 ---
 name: Set up gotestsum from Github releases
 description: Set up gotestsum from Github releases

diff --git a/.github/scripts/gh_comment.sh b/.github/scripts/gh_comment.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 
 set -e
 
@@ -19,8 +16,7 @@ function update_or_create_comment {
                  -H "Accept: application/vnd.github+json" \
                  -H "X-GitHub-Api-Version: 2022-11-28" \
                  --paginate \
-                 /repos/hashicorp/"$REPO"/issues/"$PR_NUMBER"/comments |
-                 jq -r --arg SEARCH_KEY "$SEARCH_KEY" '.[] | select (.body | startswith($SEARCH_KEY)) | .id')
+                 /repos/hashicorp/"$REPO"/issues/"$PR_NUMBER"/comments | jq -r --arg SEARCH_KEY "$SEARCH_KEY" '.[] | select (.body | contains($SEARCH_KEY)) | .id')
 
   if [[ "$comment_id" != "" ]]; then
     # update the comment with the new body

diff --git a/.github/scripts/report_failed_builds.sh b/.github/scripts/report_failed_builds.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 
 set -e
 

diff --git a/.github/scripts/report_failed_tests.sh b/.github/scripts/report_failed_tests.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 
 set -e
 MAX_TESTS=10

diff --git a/.github/scripts/verify_changes.sh b/.github/scripts/verify_changes.sh
@@ -1,7 +1,4 @@
 #!/bin/bash
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: BUSL-1.1
-
 #  This script validates if the git diff contains only docs/ui changes
 
 event_type=$1 # GH event type (pull_request)

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -11,7 +11,7 @@ jobs:
   backport-targeted-release-branch:
     if: github.event.pull_request.merged
     runs-on: ubuntu-latest
-    container: hashicorpdev/backport-assistant:0.3.3
+    container: hashicorpdev/backport-assistant:0.3.0
     steps:
       - name: Backport changes to targeted release branch
         run: |

diff --git a/.github/workflows/build-vault-oss.yml b/.github/workflows/build-vault-oss.yml
@@ -83,7 +83,7 @@ jobs:
           version: ${{ inputs.vault-version }}
           maintainer: HashiCorp
           homepage: https://github.com/hashicorp/vault
-          license: BUSL-1.1
+          license: MPL-2.0
           binary: dist/${{ inputs.package-name }}
           deb_depends: openssl
           rpm_depends: openssl

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -4,11 +4,6 @@ name: build
 on:
   workflow_dispatch:
   pull_request:
-    # The default types for pull_request are [ opened, synchronize, reopened ].
-    # This is insufficient for our needs, since we're skipping stuff on PRs in
-    # draft mode.  By adding the ready_for_review type, when a draft pr is marked
-    # ready, we run everything, including the stuff we'd have skipped up until now.
-    types: [opened, synchronize, reopened, ready_for_review]
   push:
     branches:
       - main
@@ -98,7 +93,7 @@ jobs:
         name: Set up node and yarn
         uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
-          node-version-file: ui/package.json
+          node-version: 14
           cache: yarn
           cache-dependency-path: ui/yarn.lock
       - if: steps.cache-ui-assets.outputs.cache-hit != 'true'
@@ -216,15 +211,6 @@ jobs:
 
   test:
     name: Test ${{ matrix.build-artifact-name }}
-    # Only run the Enos workflow against branches that are created from the
-    # hashicorp/vault repository. This has the effect of limiting execution of
-    # Enos scenarios to branches that originate from authors that have write
-    # access to hashicorp/vault repository. This is required as Github Actions
-    # will not populate the required secrets for branches created by outside
-    # contributors in order to protect the secrets integrity.
-    # This condition can be removed in future if enos workflow is updated to
-    # workflow_run event
-    if: "! github.event.pull_request.head.repo.fork"
     needs:
       - product-metadata
       - build-linux
@@ -248,16 +234,6 @@ jobs:
 
   test-docker-k8s:
     name: Test Docker K8s
-    # Only run the Enos workflow against branches that are created from the
-    # hashicorp/vault repository. This has the effect of limiting execution of
-    # Enos scenarios to branches that originate from authors that have write
-    # access to hashicorp/vault repository. This is required as Github Actions
-    # will not populate the required secrets for branches created by outside
-    # contributors in order to protect the secrets integrity.
-    # GHA secrets are only ready on workflow_run for public repo
-    # This condition can be removed in future if enos workflow is updated to
-    # workflow_run event
-    if: "! github.event.pull_request.head.repo.fork"
     needs:
       - product-metadata
       - build-docker
@@ -314,7 +290,7 @@ jobs:
     steps:
       - run: |
           tr -d '\n' <<< '${{ toJSON(needs.*.result) }}' | grep -q -v -E '(failure|cancelled)'
-
+          
   notify-completed-successfully-failures-oss:
     if: ${{ always() && github.repository == 'hashicorp/vault' && needs.completed-successfully.result == 'failure' && (github.ref_name == 'main' || startsWith(github.ref_name, 'release/')) }}
     runs-on: ubuntu-latest
@@ -366,4 +342,4 @@ jobs:
           channel-id: "C05AABYEA9Y" # sent to #feed-vault-ci-official
           slack-bot-token: ${{ steps.secrets.outputs.SLACK_BOT_TOKEN }}
           payload: |
-            {"text":"Enterprise build failures on ${{ github.ref_name }}","blocks":[{"type":"header","text":{"type":"plain_text","text":":rotating_light: Enterprise build failures :rotating_light:","emoji":true}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"build(s) failed on ${{ github.ref_name }}"},"accessory":{"type":"button","text":{"type":"plain_text","text":"View Failing Workflow","emoji":true},"url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}}]}
+            {"text":"Enterprise build failures on ${{ github.ref_name }}","blocks":[{"type":"header","text":{"type":"plain_text","text":":rotating_light: Enterprise build failures :rotating_light:","emoji":true}},{"type":"divider"},{"type":"section","text":{"type":"mrkdwn","text":"build(s) failed on ${{ github.ref_name }}"},"accessory":{"type":"button","text":{"type":"plain_text","text":"View Failing Workflow","emoji":true},"url":"${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"}}]}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -196,14 +196,14 @@ jobs:
       # Setup node.js without caching to allow running npm install -g yarn (next step)
       - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
-          node-version-file: './ui/package.json'
+          node-version: 14
       - id: install-yarn
         run: |
           npm install -g yarn
       # Setup node.js with caching using the yarn.lock file
       - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0
         with:
-          node-version-file: './ui/package.json'
+          node-version: 14
           cache: yarn
           cache-dependency-path: ui/yarn.lock
       - id: install-browser
@@ -261,7 +261,7 @@ jobs:
           name: test-results-ui
           path: ui/test-results
         if: success() || failure()
-      - uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f # v2.1
+      - uses: test-summary/action@62bc5c68de2a6a0d02039763b8c754569df99e3f  # TSCCR: no entry for repository "test-summary/action"
         with:
           paths: "ui/test-results/qunit/results.xml"
           show: "fail"
@@ -357,11 +357,7 @@ jobs:
       needs.test-go-fips.result == 'success' ||
       needs.test-go-fips.result == 'failure' ||
       needs.test-go-race.result == 'success' ||
-      needs.test-go-race.result == 'failure') &&
-      (github.repository == 'hashicorp/vault' &&
-      (github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name))
-    # The last check ensures this doesn't run on community-contributed PRs, who
-    # won't have the permissions to run this job.
+      needs.test-go-race.result == 'failure')
     needs:
       - test-go
       - test-go-fips

diff --git a/.github/workflows/code-checker.yml b/.github/workflows/code-checker.yml
@@ -43,29 +43,6 @@ jobs:
         # godoc for the function.
       - run: make ci-vet-codechecker
         name: Check custom linters
-      - run: |
-          make bootstrap
-          make protolint
-        name: Protobuf lint
-
-  generate-delta:
-    name: Protobuf generate delta
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
-      - uses: ./.github/actions/set-up-go
-        with:
-          github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
-      - name: Check generate delta
-        run: |
-          make bootstrap
-          # Delete all protobuf files first, in case we removed a protobuf file
-          find . -type f -name '*.pb.go' -delete
-          make proto
-          if ! git diff --exit-code; then
-            echo "Protobuf files need regenerating. Run 'make proto' to fix"
-            exit 1
-          fi
 
   format:
     name: Format
@@ -84,15 +61,6 @@ jobs:
             echo "Code has formatting errors. Run 'make fmt' to fix"
             exit 1
           fi
-      - name: Protobuf format
-        run: |
-          make bootstrap
-          echo "Using buf version $(go run github.com/bufbuild/buf/cmd/buf --version)"
-          make protofmt
-          if ! git diff --exit-code; then
-            echo "Protobuf code has formatting errors. Run 'make protofmt' to fix"
-            exit 1
-          fi
 
   semgrep:
     name: Semgrep

diff --git a/.github/workflows/enos-release-testing-oss.yml b/.github/workflows/enos-release-testing-oss.yml
@@ -64,7 +64,6 @@ jobs:
 
   save-metadata:
     runs-on: linux
-    if: always()
     needs: test
     steps:
       - name: Persist metadata

diff --git a/.github/workflows/oss.yml b/.github/workflows/oss.yml
@@ -68,7 +68,7 @@ jobs:
       - if: github.event.pull_request != null && steps.changes.outputs.ui == 'true'
         run: echo "PROJECT=171" >> "$GITHUB_ENV"
 
-      - uses: actions/add-to-project@31b3f3ccdc584546fc445612dec3f38ff5edb41c # v0.5.0
+      - uses: actions/add-to-project@a9f041ddd462ed185893ea1024cec954f50dbe42 # v0.3.0 # TSCCR: no entry for repository "actions/add-to-project"
         with:
           project-url: https://github.com/orgs/hashicorp/projects/${{ env.PROJECT }}
           github-token: ${{ secrets.TRIAGE_GITHUB_TOKEN }}