Syncing the forked repo with upstream (whilst keeping the v2 commit)#73
Open
rahulkaukuntla wants to merge 260 commits intomasterfrom
Open
Syncing the forked repo with upstream (whilst keeping the v2 commit)#73rahulkaukuntla wants to merge 260 commits intomasterfrom
rahulkaukuntla wants to merge 260 commits intomasterfrom
Conversation
Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* update link to versioned documentation * Remove duplicate sections * Update website/content/docs/upgrade/replicated-deployment.mdx --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
…ashicorp#30072) * Update azure.mdx Added one section around one known issue & how to fix it, while using Azure Auth method for workload/application running on K8s. * Update website/content/docs/auth/azure.mdx * Update website/content/docs/auth/azure.mdx * Update website/content/docs/auth/azure.mdx * Update website/content/docs/auth/azure.mdx --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com>
* add nil check for audit broker * add test * lint, changelog
…g and enabling, update the docs (hashicorp#31258) * apply oss patch * add changelog entree * remove changelog from oss * update docs
* Dependency updates for main * go mod tidy
…duct usage reporting (hashicorp#31261) * apply oss patch * add changelog entree * remove changelog from oss
* add necessary consts * add other db plugins * correct ES * Fix consts in test
…ashicorp#31323) * fixing overflow issue on secondaries lists * add checks in tests
…hashicorp#31326) * add test * add changelog
* updates api client vars to snake_case for custom messages * updates api client vars to snake_case for tools * updates api client vars to snake_case for sync * updates api client vars to snake_case for secrets engine * updates api client vars to snake_case for auth * updates api client vars to snake_case for usage * updates api client dep to point to gh repo * fixes custom-messages service unit tests * fixes configure-ssh test * fixes configure-ssh test...again
* removes api client in favor of dependency * removes api-client path from ignore files and configs * removes normalize keys method from api service * removes normalize keys test for api service
* Update README Let contributors know that docs will now be located in UDR * Add comments to each mdx doc Comment has been added to all mdx docs that are not partials * chore: added changelog changelog check failure * wip: removed changelog * Fix content errors * Doc spacing * Update website/content/docs/deploy/kubernetes/vso/helm.mdx Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com> --------- Co-authored-by: jonathanfrappier <92055993+jonathanfrappier@users.noreply.github.com> Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
…s CE changes (hashicorp#31301) * moving clientcountutil changes from ent * adding random usage time for repeated clients * replace math.rand with crypto.rand
…hicorp#31331) * support open-api secret recovery operations * add changelog * Update changelog/31331.txt Co-authored-by: miagilepner <mia.epner@hashicorp.com> --------- Co-authored-by: miagilepner <mia.epner@hashicorp.com>
* userpass is not case sensitive * ldap is case sensitive when it is configured that way --------- Co-authored-by: Ben Ash <bash@hashicorp.com>
…corp#30188) * Completed initial replacement of editor * fixing ts issues * removing codemirror modifier and deps * working on replacing the code editor * addressing linting concerns * cleaning up policy-form editor * fixing linting issues * fixing linting issues * fixing tests * fixing tests * fixing tests * fixing tests * fixing failing tests * cleaning up PR * fixing tests * remove outdated message for navigating editor * fix linting in tests * add changelog * fix tests * update naming * remove unused lint param + name changes * update test selector usage * update test selector usage * update test selector usage * lint fixes * replace page object selectors * lint fix * fix lint * fix lint after merge * update tests * remove import --------- Co-authored-by: Lane Wetmore <lane.wetmore@hashicorp.com>
…e updates in nightly tests (hashicorp#31333) * Add option to control write/read from cache independently * Cleanup enabled from key
* VAULT-35602: adding Enos LDAP Tests * adding godaddy tests * updating external integration target module name
…ng removal stage (hashicorp#31215) * HCL dup attr deprecation: pending removal * correct docs * add changelog * better error message for possible common errors * Update website/content/partials/deprecation/duplicate-hcl-attributes.mdx Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> * Update website/content/partials/deprecation/duplicate-hcl-attributes.mdx Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com> --------- Co-authored-by: Yoko Hyakuna <yoko@hashicorp.com> Co-authored-by: Luis (LT) Carbonell <lt.carbonell@hashicorp.com>
* added changelog records for minor release * PQC algorithm changelog edits --------- Co-authored-by: lursu <leland.ursu@hashicorp.com> Co-authored-by: Scott G. Miller <smiller@hashicorp.com>
…et engine. (hashicorp#9073) (hashicorp#9163) Co-authored-by: Balaji <balaji.b@hashicorp.com>
…ashicorp#9255) * delete activity component, convert date-formatters to ts * add "month" filter to overview tab * add test coverage for date range dropdown * add month filtering to client-list * remove old comment * wire up clients to route filters for client-list * adds changelog * only link to client-list for enterprise versions * add refresh page link * render all tabs, add custom empty state for secret sycn clients * cleanup unused service imports * revert billing periods as first of the month * first round of test updates * update client count utils test * fix comment typo * organize tests Co-authored-by: claire bontempo <68122737+hellobontempo@users.noreply.github.com>
…hicorp#9262) * UI: VAULT-39172 VAULT-38567 general settings followup (hashicorp#8910) * Add unsaved changes fields * Set up default values for TTL and update general-settings * Add form error state * Ass TODO cmment * Move actions back! * Update unsaved changes state * Address comments and add TODOs * UI: VAULT-39264 Lease Duration TTL picker (hashicorp#9080) * Update default and max ttl to show correct default * Query sys/internal endpoint for ttl values * WIP ttl-picker-v2 * Intialize values and check for if ttl value is unset * Use ttlKey instead of name * Set name to be ttlKey * Show validation for ttl picker * Fix validation bugs * Remove lease duration files * Add copyright headers * Initalize only when its a custom value * Update ttl-picker to not have a dropdown * Validate field before converting to secs * [UI] Fix styling and update version card component (hashicorp#9214) * Fix styling and update version card component * Update unsaved changes * Code cleanup * More code cleanup! * Add helper function * Remove query for lease duration * Fix outstanding issues * Captialize unsaved changes * Update util name * Remove action helper * [UI]: General Settings design feedback updates (hashicorp#9257) * Small refactor based on design feedback * More refactoring! * Rename variables so it makes more sense! * Remove unused modal fields Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com>
…ain (hashicorp#9048) (hashicorp#9260) * improve auth/ldap TestRotateRootWithRotationUrl test case * add const * Update path_config_rotate_root_test.go * Backport VAULT-34830: enable the new workflow into ce/main (hashicorp#8681) * VAULT-34830: enable the new workflow (hashicorp#8661) * pipeline: various fixes for the cutover to the enterprise first workflow (hashicorp#8686) Various small fixes that were discovered when doing the cutover to the enterprise first merge workflow: - The `actions-docker-build` action infers enterprise metadata magically from the repository name. Use a branch that allows configuring the repo name until it's merged upstream. - Fix some CE-In-Enterprise outputs in our metadata job. - Pass the recurse depth flag correctly when creating backports - Set the package name when calling the `build-vault` composite action - Disallow merging changes into `main` and `release/*` when executing in the `hashicorp/vault` repository. This is a hack until PSS-909 is resolved. - Use self-hosted runners when testing arm64 CE containers in enterprise. Conflicts: .github/workflows/backport-automation-ent.yml .github/workflows/test-run-enos-scenario-containers.yml --------- * remove file that slipped in during the backport but before the changed file checks (hashicorp#8706) * UI: Creating Metadata card for configuration page (hashicorp#8679) (hashicorp#8709) * card setup * updating to pass in vals * remove test usage * actions(metadata): fix metadata version for ce (hashicorp#8713) (hashicorp#8714) * Add support for AES-CBC to transit (hashicorp#8367) (hashicorp#8741) * add key types and encryption for cbc * add decryption * start adding tests * add tests for policy functions * add convergent case * add enterprise check and key creation test cases * fix key generation and add import/export * add tests and fixes * add changelog * linter * refactor policy functions and fix IV * add ce change * fix function calls * fix factories in function call * fix IV test case * test fixes * add cbc keys to read * change iv * fix merge errors * make fmt * change error name and add iv error * fix tests * UI: Create version card (hashicorp#8710) (hashicorp#8744) * setup version card * folder restructure * Adding todos, removing test * [VAULT-38605] Add self-enrollment option to the TOTP Login MFA method (hashicorp#8711) (hashicorp#8731) * [VAULT-38601] Modify response to MFA enforced requests to enable TOTP self-enrollment (hashicorp#8723) (hashicorp#8746) * Fix token creation in a namespace (hashicorp#8461) (hashicorp#8747) * fix and test for token creation in namespace * add changelog * add nil check * change existing test to work with change * fix imports * add error and more specificity in changelog * enos(sample): don't double sample (hashicorp#8752) (hashicorp#8770) * enos: remove double sample observe * ci(build): fix notification on artifacts build failure * changelog: add hash link to changes that originate from enterprise (hashicorp#8745) (hashicorp#8775) * pipeline(backport): use --strategy-option=theirs (hashicorp#8767) (hashicorp#8780) * VAULT-37630: Recover as a copy (hashicorp#8640) (hashicorp#8798) * recover as a copy implementation * get policy tests passing * add helpers and testing support * fixes * revert a couple of changes * more tests * switch to query param * correctly update source path with the namespace * only add openapi recover source path if there's a path parameter * add changelog * check for no mount in path * [UI] VAULT-37386 Plugin management: General Settings Route + Templates (hashicorp#8726) (hashicorp#8801) * Move components and routes over to new PR * Move components to secrets-engine folder * Use native FormData * Update params that are passed in * Add loading state * Add comments * Update jsdoc description * Remove unused action * Remove debugger * Fix linting errors * Add version card component and fix merge conflict issues * VAULT-38193 Add database observations to Vault (hashicorp#8727) (hashicorp#8802) * VAULT-38193 database observations (WIP) * VAULT-38193 database observations * nil check * make it consistent * Clean up * update vault-plugin-secrets-openldap to v0.16.1 (hashicorp#8820) (hashicorp#8821) * update vault-plugin-secrets-openldap to v0.16.1 * changelog * VAULT-39129: Updating enos tutorial scenario link (hashicorp#8831) (hashicorp#8835) * [VAULT-39153] pipeline(backport): remove docs and pipeline from allowed ce inactive (hashicorp#8819) (hashicorp#8842) Docs have been moved since the tool was written so that exclusion is no longer needed. Since the defaults were added the `pipeline` group has expanded to include all `.github`, which we don't want to always backport. It seems unlike that `pipeline` tooling changes are likely to be required often on inactive branches so we'll exclude all together for now. * [VAULT-39157] enos(cloud): add basic vault cloud scenario (hashicorp#8828) (hashicorp#8847) * [VAULT-39157] enos(cloud): add basic vault cloud scenario Add the skeleton of a Vault Cloud scenario whereby we create an HCP network, Vault Cloud cluster, and admin token. In subsequent PR's we'll wire up building images, waiting on builds, and ultimately fully testing the resulting image. * copywrite: add headers --------- * Upgrade to CRT schema 2 to fix crt-report-dispatch event (hashicorp#8572) (hashicorp#8809) * api/client: support setting extra headers with new logical request interface. (hashicorp#8808) (hashicorp#8858) * [VAULT-39208]: actions: update action pins (hashicorp#8864) (hashicorp#8865) * UI: Create Lease Duration card component + style updates (hashicorp#8815) (hashicorp#8870) * updating components to use hds flex, removing custom css * creating layout, updating fields to use select instead of dropdown * conditional render, remove commented code * adding external link * update handlers and style * updating general settings layout so TTL doesnt stretch other cards * typo * [UI] Cubbyhole List View Bug (hashicorp#8859) (hashicorp#8871) * fixes issue with cubbyhole list view throwing error in child namespace * updates to use engineType prop * Disallow writing of barrier keyring if seals aren't healthy (hashicorp#8707) (hashicorp#8885) * Set the full rewrap context for barrier keyring writes * Retain some logging at Trace but get rid of the overall context pattern. Apply correct ctx transform * changelog * remove logger * here too * remove other unnecessary changes * VAULT-38888 Add prefix vault to metric summary definitions into main (hashicorp#8725) (hashicorp#8892) * VAULT-38888 Add prefix vault to metric summary definitions * VAULT-38888 Add changelog for fix * Edit changelog file name --------- * [VAULT-39235]: pipeline(changed-files): don't group underscore prefixed changelogs as enterprise only files (hashicorp#8906) (hashicorp#8934) Don't categorize changelog files that begin with an underscore as enterprise only, otherwise they'll be removed when backporting changes to CE. Since we want to include links to commit SHAs in the changelog we have to create the changelog in the context of CE and thus need to backport all of those changes. We also fix a few Go tests that hand not been updated to handle the updated default inactive CE groups. * VAULT-39010 Adding new go-discover logic (hashicorp#8884) (hashicorp#8931) * testing new go-discover logic * add changelog * Delete website/content/partials/known-issues/aws-auto-join-fails.mdx * Backport bump go-getter to 1.7.9 into ce/main (hashicorp#8926) * bump go-getter to 1.7.9 (hashicorp#8899) * bump go-getter to 1.7.9 * add changelog * go mod tidy --------- * VAULT-38463: Addressing ldap pipeline failure (hashicorp#8817) (hashicorp#8911) * VAULT-38463: Addressing ldap pipeline failure * testing ldap tests * testing ldap tests * debugging ldap issue * testing pipeline * testing pipeline * testing pipeline * testing pipeline * testing pipeline * testing pipeline * testing pipeline * debugging ldap failure * debugging ldap failure * debugging pipeline * adding dependency for verify secrets * removing extra code * undo changes * undo changes * Backport [VAULT-38910]: upgrade docker package to resolve GO-2025-3829 into ce/main (hashicorp#8875) * [VAULT-38910]upgrade docker package to resolve GO-2025-3829 (hashicorp#8642) * bump github.com/hashicorp/go-secure-stdlib/plugincontainer to v0.4.2 * bump github.com/docker/docker to v28.3.3+incompatible * go mod tidy --------- * manually copy over missing changelogs for main (hashicorp#8956) * Improve error messages in TestRotateRootWithRotationUrl for BindDN and URL checks * Use bitnamilegacy cassandra image for tests (hashicorp#8984) (hashicorp#8985) * use default cassandra image for tests * switch to bitnamilegacy * [VAULT-39237] actions(generate-changelog) generate changelogs in ce for active ce versions (hashicorp#8973) (hashicorp#8976) Update our changelog generator to dynamically decide which repository context that it should use when generating the changelog. If the version given corresponds to an active CE branch then we generate the changelog in the context of `hashicorp/vault` with the `note-ce.md` template. If the version corresponds to an enterprise only branch we generate the changelog in the context of `hashicorp/vault-enterprise` with the `note-ent.md` template. The reason we do all of this is so that we can add commit links to changelogs that for changes that are actually in community editions. * UI: Moving settings/mount-backend-form to secrets/mounts (hashicorp#8975) (hashicorp#8998) * adding route and replacing old route usage * adding comments * updating secrets tests to new route * Update CHANGELOG.md for 1.20.3 1.19.9 1.18.14 and 1.16.25 (hashicorp#31527) * changelog: fix commit URL in CE generated template (hashicorp#9010) (hashicorp#9013) * VAULT-38463: Fix ldap failure (hashicorp#8996) (hashicorp#9001) * Backport [VAULT-38600] Fix the name of the CE stub for mfaLoginEnterprisePaths into ce/main (hashicorp#9021) * Update CHANGELOG.md (hashicorp#31528) added "Enterprise" to 1.19, 1.18 and 1.16 minor releases * VAULT-38796, VAULT-38889 reformat observation schema to version 2 (hashicorp#9006) (hashicorp#9023) * [VAULT-39267] actions(slack): migrate to v2 action (hashicorp#8964) (hashicorp#8990) * VAULT-37633: Database static role recover operations (hashicorp#8922) (hashicorp#8982) * initial implementation * fix * tests * changelog * fix vet errors * pr comments * [VAULT-38600] Create TOTP Login MFA credential self-enrollment API endpoint (hashicorp#8970) (hashicorp#8999) * VAULT-36947: Support force unloading a snapshot (hashicorp#8740) (hashicorp#9036) * portion of changes for autoloading * add test checking for panic * add endpoint for force unloading * separate method for force unload * changelog * don't redefine constants * VAULT-39294: Deprecate recover_snapshot_id query param and use a header instead (hashicorp#8834) (hashicorp#9042) * deprecate snapshot query params, use a header instead * keep read query param, but deprecate recover one * fix test * remove list change * add changelog * rename header, allow request method * update changelog * VAULT-37632 allow restoring SSH CA from loaded snapshot (hashicorp#8581) (hashicorp#9034) * allow restoring ssh config/ca * add some unit tests * address PR review * imports and test upgrades * linter complaints * add PR comment and linter fixes * address review * Revert "Merge hashicorp#31503 into main" This reverts commit 6f2ffcf64cd6a01cdbf685db296053adb428e26b, reversing changes made to 681d1d5c7a2298a8b5dd403554dec2e98c3ce971. * Update path_config_rotate_root_test.go --------- Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec> Co-authored-by: jadeidev <32917209+jadeidev@users.noreply.github.com> Co-authored-by: Dan Rivera <dan.rivera@hashicorp.com> Co-authored-by: Rachel Culpepper <84159930+rculpepper@users.noreply.github.com> Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com> Co-authored-by: miagilepner <mia.epner@hashicorp.com> Co-authored-by: Kianna <30884335+kiannaquach@users.noreply.github.com> Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com> Co-authored-by: John-Michael Faircloth <fairclothjm@users.noreply.github.com> Co-authored-by: Tin Vo <tintvo08@gmail.com> Co-authored-by: james-warren0 <95658341+james-warren0@users.noreply.github.com> Co-authored-by: Ben Ash <32777270+benashz@users.noreply.github.com> Co-authored-by: Jordan Reimer <zofskeez@gmail.com> Co-authored-by: Scott Miller <smiller@hashicorp.com> Co-authored-by: roh-ag <rohit.agrawal@hashicorp.com> Co-authored-by: JMGoldsmith <spartanaudio@gmail.com> Co-authored-by: Josh Black <raskchanky@gmail.com> Co-authored-by: Luciano Di Lalla <88449051+ldilalla-HC@users.noreply.github.com> Co-authored-by: Robert <17119716+robmonte@users.noreply.github.com> Co-authored-by: Bruno Oliveira de Souza <bruno.souza@hashicorp.com>
…ashicorp#9266) * add responses to the three endpoints * add responses for the rest of the endpoints * more changes * use standard definitions for responses * normalize complex fields of type structs into standard json types of slices and maps * fix normalization of total * add normalization to partial month endpoint too * fix linters * add bad request and server error schema types to monthly endpoint * add validation tests * fix linters error * upgrade dependency * make query parameters explicit * add changelog * define by namespace fields as a slice, not a map * define times as Time type instead of string * remove normalizations Co-authored-by: Amir Aslamov <amir.aslamov@hashicorp.com>
…o ce/main (hashicorp#9208) * license: add support for publishing artifacts to IBM PAO (hashicorp#8366) Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: brian shore <bshore@hashicorp.com> Co-authored-by: Ethel Evans <ethel.evans@hashicorp.com> Co-authored-by: Ryan Cragun <me@ryan.ec>
…nts/observations (hashicorp#9270) (hashicorp#9278) Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
Update our pins to the latest version. Essentially all of these are related actions needing to run on Node 24. Both our self-hosted and the Github hosted runners that we use are all on a new enough version of actions/runner that it shouldn't be a problem. Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: kelly <69541941+kporter101@users.noreply.github.com>
Co-authored-by: Dan Rivera <dan.rivera@hashicorp.com>
…corp#9308) * add endpoint * add tests * split out deleted namespace test * add responses for openapi spec * fix test flakiness and address comments * add comment Co-authored-by: Jenny Deng <jenny.deng@hashicorp.com>
…orp#9309) (hashicorp#9310) * [VAULT-39457] UI: add changelog for plugin management updates * update filename * update changelog Co-authored-by: Shannon Roberts (Beagin) <beagins@users.noreply.github.com>
…auth-aws migrating `api/auth/aws` from `aws-sdk-go` to `aws-sdk-go-v2`
rahulkaukuntla
force-pushed
the
rahul/sync-with-upstream
branch
from
5344868 to
58f0f9f
Compare
|
I made a single commit which merges our old main branch (44fb304) into this PR's head. That ends up fixing the conflicts we were seeing earlier. Although the diff here is basically unreadable, I can see through analyzing the history that this is correctly pulling in the upstream into this repo. Going to approve now. |
dustmop
approved these changes
Sep 12, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
What does this PR do?
There's one commit (migrating the
api/auth/awslibrary away from aws-sdk-go to v2) that we want to keep, while still syncing the forked repo with upstream. This caused a number of merge conflicts, so I just made it a pr for safety. If you make a pull request from the branch into the upstream repo, there should only be the changes made to theapi/auth/awslibrary.TODO only if you're a HashiCorp employee
backport/label that matches the desired release branch. Note that in the CE repo, the latest release branch will look likebackport/x.x.x, but older release branches will bebackport/ent/x.x.x+ent.of a public function, even if that change is in a CE file, double check that
applying the patch for this PR to the ENT repo and running tests doesn't
break any tests. Sometimes ENT only tests rely on public functions in CE
files.
in the PR description, commit message, or branch name.
description. Also, make sure the changelog is in this PR, not in your ENT PR.
PCI review checklist
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.