backport of commit d8b7fbd

hashicorp · Sep 21, 2022 · a8fac91 · a8fac91
1 parent 0dce151
commit a8fac91
Show file tree

Hide file tree

Showing 1,175 changed files with 9,544 additions and 44,937 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
diff --git a/.circleci/config/commands/configure-git.yml b/.circleci/config/commands/configure-git.yml
@@ -1,7 +1,6 @@
 steps:
   - add_ssh_keys:
       fingerprints:
-        # "CircleCI Additional SSH Key" associated with hc-github-team-secure-vault-core GitHub user
-        - "b8:e2:38:f8:5b:1b:82:f3:1f:23:fa:46:6e:95:e7:e9"
+        - "0e:03:77:f4:e2:c3:56:c2:53:6a:03:e1:31:91:2f:06"
   - run: |
       git config --global url."git@github.com:".insteadOf https://github.com/
diff --git a/.circleci/config/commands/go_test.yml b/.circleci/config/commands/go_test.yml
@@ -14,7 +14,7 @@ parameters:
     default: false
   go_image:
     type: string
-    default: "docker.mirror.hashicorp.services/cimg/go:1.19.1"
+    default: "docker.mirror.hashicorp.services/cimg/go:1.17.13"
   use_docker:
     type: boolean
     default: false
@@ -107,7 +107,7 @@ steps:
         export VAULT_LICENSE_CI="$VAULT_LICENSE"
         VAULT_LICENSE=
 
-        # Create a docker network for our test container
+        # Create a docker network for our testcontainer
         if [ $USE_DOCKER == 1 ]; then
           # Despite the fact that we're using a circleci image (thus getting the
           # version they chose for the docker cli) and that we're specifying a
@@ -116,17 +116,15 @@ steps:
           # reasons unclear.
           export DOCKER_API_VERSION=1.39
 
-          TEST_DOCKER_NETWORK_NAME="${CIRCLE_WORKFLOW_JOB_ID}-${CIRCLE_NODE_INDEX}"
-          export TEST_DOCKER_NETWORK_ID=$(docker network list --quiet --no-trunc --filter="name=${TEST_DOCKER_NETWORK_NAME}")
+          export TEST_DOCKER_NETWORK_ID=$(docker network list -q -f 'name=vaulttest')
           if [ -z $TEST_DOCKER_NETWORK_ID ]; then
-            docker network prune -f
-            TEST_DOCKER_NETWORK_ID=$(docker network create "${TEST_DOCKER_NETWORK_NAME}")
+            TEST_DOCKER_NETWORK_ID=$(docker network create vaulttest)
           fi
 
 
 
-          # Start a docker test container to run the tests in
-          CONTAINER_ID="$(docker run -d \
+          # Start a docker testcontainer to run the tests in
+          docker run -d \
             -e TEST_DOCKER_NETWORK_ID \
             -e GOPRIVATE \
             -e DOCKER_CERT_PATH \
@@ -135,21 +133,19 @@ steps:
             -e DOCKER_TLS_VERIFY \
             -e NO_PROXY \
             -e VAULT_TEST_LOG_DIR=<< parameters.log_dir >> \
-            --network ${TEST_DOCKER_NETWORK_NAME} \
-            << parameters.go_image >> \
-            tail -f /dev/null)"
-          mkdir workspace
-          echo ${CONTAINER_ID} > workspace/container_id
+            --network vaulttest --name \
+            testcontainer << parameters.go_image >> \
+            tail -f /dev/null
 
           # Run tests
-          test -d << parameters.cache_dir >> && docker cp << parameters.cache_dir >> ${CONTAINER_ID}:/tmp/gocache
-          docker exec ${CONTAINER_ID} sh -c 'mkdir -p /home/circleci/go/src/github.com/hashicorp/vault'
-          docker cp . ${CONTAINER_ID}:/home/circleci/go/src/github.com/hashicorp/vault/
-          docker cp $DOCKER_CERT_PATH/ ${CONTAINER_ID}:$DOCKER_CERT_PATH
+          test -d << parameters.cache_dir >> && docker cp << parameters.cache_dir >> testcontainer:/tmp/gocache
+          docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/src/github.com/hashicorp/vault'
+          docker cp . testcontainer:/home/circleci/go/src/github.com/hashicorp/vault/
+          docker cp $DOCKER_CERT_PATH/ testcontainer:$DOCKER_CERT_PATH
 
           # Copy the downloaded modules inside the container.
-          docker exec ${CONTAINER_ID} sh -c 'mkdir -p /home/circleci/go/pkg'
-          docker cp "$(go env GOPATH)/pkg/mod" ${CONTAINER_ID}:/home/circleci/go/pkg/mod
+          docker exec testcontainer sh -c 'mkdir -p /home/circleci/go/pkg'
+          docker cp "$(go env GOPATH)/pkg/mod" testcontainer:/home/circleci/go/pkg/mod
 
           docker exec -w /home/circleci/go/src/github.com/hashicorp/vault/ \
             -e CIRCLECI -e VAULT_CI_GO_TEST_RACE \
@@ -158,7 +154,7 @@ steps:
             -e GOPROXY="off" \
             -e VAULT_LICENSE_CI \
             -e GOARCH=<< parameters.arch >> \
-            ${CONTAINER_ID} \
+            testcontainer \
               gotestsum --format=short-verbose \
                 --junitfile test-results/go-test/results.xml \
                 --jsonfile test-results/go-test/results.json \
@@ -189,8 +185,8 @@ steps:
             name: Copy test results
             when: always
             command: |
-              docker cp $(cat workspace/container_id):/home/circleci/go/src/github.com/hashicorp/vault/test-results .
-              docker cp $(cat workspace/container_id):/tmp/gocache << parameters.cache_dir >>
+              docker cp testcontainer:/home/circleci/go/src/github.com/hashicorp/vault/test-results .
+              docker cp testcontainer:/tmp/gocache << parameters.cache_dir >>
   - when:
       condition: << parameters.save_cache >>
       steps:

diff --git a/.circleci/config/commands/setup-semgrep.yml b/.circleci/config/commands/setup-semgrep.yml
@@ -0,0 +1,14 @@
+---
+description: >
+  Ensure semgrep is installed.
+steps:
+  - run:
+      working_directory: ~/
+      name: Setup Semgrep
+      command: |
+        apk add --no-cache python3 py3-pip make
+        python3 -m pip install --user semgrep==0.86.5
+        export PATH="$HOME/.local/bin:$PATH"
+
+        echo "$ semgrep --version"
+        semgrep --version
diff --git a/.circleci/config/executors/@executors.yml b/.circleci/config/executors/@executors.yml
@@ -3,51 +3,48 @@ go-machine:
     image: ubuntu-2004:202201-02
   shell: /usr/bin/env bash -euo pipefail -c
   environment:
-    CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
-    GO_VERSION: 1.19.1 # Pin Go to patch version (ex: 1.2.3)
-    GOTESTSUM_VERSION: 0.5.2 # Pin gotestsum to patch version (ex: 1.2.3)
-    GOFUMPT_VERSION: 0.3.1 # Pin gofumpt to patch version (ex: 1.2.3)
+    CIRCLECI_CLI_VERSION: 0.1.5546  # Pin CircleCI CLI to patch version (ex: 1.2.3)
+    GO_VERSION: 1.17.13  # Pin Go to patch version (ex: 1.2.3)
+    GOTESTSUM_VERSION: 0.5.2  # Pin gotestsum to patch version (ex: 1.2.3)
+    GOFUMPT_VERSION: 0.2.1  # Pin gofumpt to patch version (ex: 1.2.3)
     GO_TAGS: ""
   working_directory: /home/circleci/go/src/github.com/hashicorp/vault
 node:
   docker:
-    - image: docker.mirror.hashicorp.services/circleci/node:14-browsers
-      environment:
-        # See https://git.io/vdao3 for details.
-        JOBS: 2
+    - image: docker.mirror.hashicorp.services/node:14-buster
   shell: /usr/bin/env bash -euo pipefail -c
   working_directory: /home/circleci/go/src/github.com/hashicorp/vault
 python:
   docker:
     - image: docker.mirror.hashicorp.services/python:3-alpine
   shell: /usr/bin/env bash -euo pipefail -c
   working_directory: /home/circleci/go/src/github.com/hashicorp/vault
-semgrep:
+alpine:
   docker:
-    - image: docker.mirror.hashicorp.services/returntocorp/semgrep:0.113.0
+    - image: docker.mirror.hashicorp.services/alpine:3.13
   shell: /bin/sh
   working_directory: /home/circleci/go/src/github.com/hashicorp/vault
 docker-env-go-test-remote-docker:
   resource_class: medium
   docker:
-    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.1"
+    - image: "docker.mirror.hashicorp.services/cimg/go:1.17.13"
   environment:
-    CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
+    CIRCLECI_CLI_VERSION: 0.1.5546  # Pin CircleCI CLI to patch version (ex: 1.2.3)
     GO_TAGS: ""
   working_directory: /home/circleci/go/src/github.com/hashicorp/vault
 docker-env-go-test:
   resource_class: large
   docker:
-    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.1"
+    - image: "docker.mirror.hashicorp.services/cimg/go:1.17.13"
   environment:
-    CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
+    CIRCLECI_CLI_VERSION: 0.1.5546  # Pin CircleCI CLI to patch version (ex: 1.2.3)
     GO_TAGS: ""
   working_directory: /home/circleci/go/src/github.com/hashicorp/vault
 docker-env-go-test-race:
   resource_class: xlarge
   docker:
-    - image: "docker.mirror.hashicorp.services/cimg/go:1.19.1"
+    - image: "docker.mirror.hashicorp.services/cimg/go:1.17.13"
   environment:
-    CIRCLECI_CLI_VERSION: 0.1.5546 # Pin CircleCI CLI to patch version (ex: 1.2.3)
+    CIRCLECI_CLI_VERSION: 0.1.5546  # Pin CircleCI CLI to patch version (ex: 1.2.3)
     GO_TAGS: ""
   working_directory: /home/circleci/go/src/github.com/hashicorp/vault
diff --git a/.circleci/config/jobs/fmt.yml b/.circleci/config/jobs/fmt.yml
@@ -8,7 +8,6 @@ steps:
   - run:
       name: make fmt
       command: |
-        echo "Using gofumpt version ${GOFUMPT_VERSION}"
         go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}"
         make fmt
         if ! git diff --exit-code; then

diff --git a/.circleci/config/jobs/semgrep.yml b/.circleci/config/jobs/semgrep.yml
@@ -1,6 +1,7 @@
 ---
-executor: semgrep
+executor: alpine 
 steps:
+  - setup-semgrep
   - checkout
   - attach_workspace:
       at: .
@@ -10,6 +11,4 @@ steps:
         # Alpine images can't run the make file due to a bash requirement. Run
         # semgrep explicitly here. 
         export PATH="$HOME/.local/bin:$PATH" 
-        echo -n 'Semgrep Version: '
-        semgrep --version
         semgrep --error --include '*.go' --exclude 'vendor' -f tools/semgrep/ci .
diff --git a/.circleci/config/jobs/test-ui-browserstack.yml b/.circleci/config/jobs/test-ui-browserstack.yml
@@ -0,0 +1,13 @@
+executor: node
+resource_class: xlarge
+steps:
+  - checkout
+  - restore_yarn_cache
+  - attach_workspace:
+      at: .
+  - run:
+      name: Run Browserstack Tests
+      command: |
+        # Add ./bin to the PATH so vault binary can be found.
+        export PATH="${PWD}"/bin:${PATH}
+        make test-ui-browserstack
diff --git a/.circleci/config/jobs/test-ui.yml b/.circleci/config/jobs/test-ui.yml
@@ -9,6 +9,18 @@ steps:
   - run:
       name: Test UI
       command: |
+        set -x
+
+        # Install Chrome
+        wget -q -O - https://dl-ssl.google.com/linux/linux_signing_key.pub \
+          | apt-key add -
+        echo "deb http://dl.google.com/linux/chrome/deb/ stable main" \
+          | tee /etc/apt/sources.list.d/google-chrome.list
+        apt-get update
+        apt-get -y install google-chrome-stable
+        rm /etc/apt/sources.list.d/google-chrome.list
+        rm -rf /var/lib/apt/lists/* /var/cache/apt/*
+
         # Add ./bin to the PATH so vault binary can be run by Ember tests
         export PATH="${PWD}/bin:${PATH}"
 

diff --git a/.circleci/config/workflows/ci.yml b/.circleci/config/workflows/ci.yml
@@ -14,6 +14,14 @@ jobs:
         # Only main, UI, release and merge branches need to run UI tests.
         # We don't filter here however because test-ui is configured in github as
         # required so it must run, instead we short-circuit within test-ui.
+  - test-ui-browserstack:
+      requires:
+        - install-ui-dependencies
+        - build-go-dev
+      filters:
+        branches:
+          # Forked pull requests have CIRCLE_BRANCH set to pull/XXX
+          ignore: /pull\/[0-9]+/
   - test-go:
       requires:
         - pre-flight-checks
@@ -31,5 +39,5 @@ jobs:
       requires:
         - pre-flight-checks
   - semgrep:
-      requires:
-        - pre-flight-checks
+       requires:
+         - pre-flight-checks
diff --git a/.github/enos-run-matrices/ent.json b/.github/enos-run-matrices/ent.json
diff --git a/.github/enos-run-matrices/oss.json b/.github/enos-run-matrices/oss.json