mirror of
https://github.com/hashicorp/vault.git
synced 2026-05-28 04:10:44 -04:00
Merge remote-tracking branch 'remotes/from/ce/main'
This commit is contained in:
hc-github-team-secure-vault-core
commit
b958ee0282
4 changed files with 13 additions and 10 deletions
10
.github/workflows/test-go.yml
vendored
10
.github/workflows/test-go.yml
vendored
|
|
@ -347,20 +347,20 @@ jobs:
|
|||
name: Build Docker image with custom vault binary
|
||||
run: |
|
||||
set -exo pipefail
|
||||
|
||||
|
||||
if [ "${{ needs.test-matrix.outputs.is-ent-branch }}" == "true" ]; then
|
||||
go run ./tools/testimagemaker/ -source=docker.io/hashicorp/vault-enterprise:latest -target=hashicorp/vault-enterprise-ci:latest -binary=./vault-binary
|
||||
go run ./tools/testimagemaker/ -source=docker.io/hashicorp/vault-enterprise:2.0.0-ent.hsm -target=hashicorp/vault-enterprise-ci:latest-hsm -binary=./vault-hsm-binary -hsm
|
||||
|
||||
go run ./tools/testimagemaker/ -source=docker.io/hashicorp/vault-enterprise:2.0.1-ent.hsm -target=hashicorp/vault-enterprise-ci:latest-hsm -binary=./vault-hsm-binary -hsm
|
||||
|
||||
# Verify the images were built successfully
|
||||
docker images hashicorp/vault-enterprise-ci:latest
|
||||
echo "image=hashicorp/vault-enterprise-ci:latest" >> "$GITHUB_OUTPUT"
|
||||
|
||||
|
||||
docker images hashicorp/vault-enterprise-ci:latest-hsm
|
||||
echo "hsmimage=hashicorp/vault-enterprise-ci:latest-hsm" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
go run ./tools/testimagemaker/ -source=docker.io/hashicorp/vault:latest -target=hashicorp/vault-ci:latest -binary=./vault-binary
|
||||
|
||||
|
||||
# Verify the images was built successfully
|
||||
docker images hashicorp/vault-ci:latest
|
||||
echo "image=hashicorp/vault-ci:latest" >> "$GITHUB_OUTPUT"
|
||||
|
|
|
|||
|
|
@ -135,9 +135,9 @@ func prepareTestContainer(t *testing.T) (func(), *DockerVaultConfig) {
|
|||
|
||||
runner, err := docker.NewServiceRunner(docker.RunOptions{
|
||||
ContainerName: "vault",
|
||||
Capabilities: []string{"IPC_LOCK"},
|
||||
ImageRepo: "docker.mirror.hashicorp.services/hashicorp/vault",
|
||||
ImageTag: "latest",
|
||||
Env: []string{"SKIP_SETCAP=true"},
|
||||
Cmd: []string{
|
||||
"server", "-log-level=trace", "-dev", fmt.Sprintf("-dev-root-token-id=%s", rootToken),
|
||||
"-dev-listen-address=0.0.0.0:8200",
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ func GetImageRepoAndTag(t *testing.T, hsm bool) (string, string) {
|
|||
// If vaultImage is populated, it is split by ":" and the two pieces are returned
|
||||
// as the repo and tag. If vault_binary is populated, an image is created based on
|
||||
// the latest hsm image.
|
||||
// (TODO: currently hardcoded as "docker.io/hashicorp/vault-enterprise:2.0.0-ent.hsm")
|
||||
// (TODO: currently hardcoded as "docker.io/hashicorp/vault-enterprise:2.0.1-ent.hsm")
|
||||
// This is done by installing SoftHSM and the vaultBinary on top of that image.
|
||||
// If neither is populated an error is returned.
|
||||
func CreateOrReturnDockerImage(hsm bool) (repo string, tag string, output []byte, err error) {
|
||||
|
|
@ -86,7 +86,7 @@ func CreateOrReturnDockerImage(hsm bool) (repo string, tag string, output []byte
|
|||
tag := "latest"
|
||||
source := "docker.io/" + base + ":latest"
|
||||
if hsm {
|
||||
source = "docker.io/hashicorp/vault-enterprise:2.0.0-ent.hsm"
|
||||
source = "docker.io/hashicorp/vault-enterprise:2.0.1-ent.hsm"
|
||||
tag = "latest-hsm"
|
||||
}
|
||||
target := fmt.Sprintf("%s:%s", repo, tag)
|
||||
|
|
|
|||
|
|
@ -423,12 +423,16 @@ func (n *DockerClusterNode) setupCert(ip string) error {
|
|||
}
|
||||
|
||||
func NewTestDockerCluster(t *testing.T, opts *DockerClusterOptions) *DockerCluster {
|
||||
t.Helper()
|
||||
|
||||
dc, err := NewTestDockerClusterWithErr(t, opts)
|
||||
require.NoError(t, err)
|
||||
return dc
|
||||
}
|
||||
|
||||
func NewTestDockerClusterWithErr(t *testing.T, opts *DockerClusterOptions) (*DockerCluster, error) {
|
||||
t.Helper()
|
||||
|
||||
if opts == nil {
|
||||
opts = &DockerClusterOptions{DisableMlock: true}
|
||||
}
|
||||
|
|
@ -921,7 +925,6 @@ func (n *DockerClusterNode) Start(ctx context.Context, opts *DockerClusterOption
|
|||
envs := []string{
|
||||
// For now we're using disable_mlock, because this is for testing
|
||||
// anyway, and because it prevents us using external plugins.
|
||||
"SKIP_SETCAP=true",
|
||||
"VAULT_LOG_FORMAT=json",
|
||||
"VAULT_LICENSE=" + opts.VaultLicense,
|
||||
"VAULT_DISABLE_MLOCK=" + strconv.FormatBool(opts.DisableMlock),
|
||||
|
|
@ -946,7 +949,7 @@ func (n *DockerClusterNode) Start(ctx context.Context, opts *DockerClusterOption
|
|||
PreDelete: true,
|
||||
DoNotAutoRemove: true,
|
||||
PostStart: postStartFunc,
|
||||
Capabilities: []string{"NET_ADMIN"},
|
||||
Capabilities: []string{"NET_ADMIN", "IPC_LOCK", "SETFCAP"},
|
||||
OmitLogTimestamps: true,
|
||||
VolumeNameToMountPoint: map[string]string{
|
||||
n.DataVolumeName: "/vault/file",
|
||||
|
|
|
|||
Loading…
Reference in a new issue