Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin/main' into VAULT-30921/hvs-shado…
Browse files Browse the repository at this point in the history 
…w-tests
  • Loading branch information
@tvoran
tvoran committed Nov 18, 2024
2 parents b6bfd63 + 6ab056c commit 9119a01
Show file tree
Hide file tree
Showing 8 changed files with 99 additions and 91 deletions.
10 changes: 5 additions & 5 deletions .github/actions/integration-test/action.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,9 @@ runs:
fi
[ -n "${{ inputs.version }}" ] || (echo "inputs.version not set" >&2 ; exit 1)
# Checkout this repo.
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: Create Kind Cluster
Expand All @@ -67,7 +67,7 @@ runs:
cluster_name: ${{ inputs.kind-cluster-name }}
config: test/integration/kind/config.yaml
node_image: kindest/node:v${{ inputs.k8s-version }}
version: "v0.22.0"
version: "v0.25.0"
- name: Create kind export log root
id: create_kind_export_log_root
shell: bash
Expand Down Expand Up @@ -117,13 +117,13 @@ runs:
make $make_target VERSION=${{ inputs.version }} INTEGRATION_TESTS_PARALLEL=true SUPPRESS_TF_OUTPUT=true EXPORT_KIND_LOGS_ROOT=${{ steps.create_kind_export_log_root.outputs.log_root }}
- name: Store kind cluster logs
if: success()
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: ${{ steps.create_kind_export_log_root.outputs.log_artifact_name }}
path: ${{ steps.create_kind_export_log_root.outputs.log_root }}
- name: Store kind cluster logs failure
if: failure()
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: ${{ steps.create_kind_export_log_root.outputs.log_artifact_name }}-failed
path: ${{ steps.create_kind_export_log_root.outputs.log_root }}
40 changes: 20 additions & 20 deletions .github/workflows/build.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
outputs:
product-version: ${{ steps.get-product-version.outputs.product-version }}
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: get product version
id: get-product-version
run: |
Expand All @@ -36,9 +36,9 @@ jobs:
outputs:
go-version: ${{ steps.setup-go.outputs.go-version }}
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- id: setup-go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: go mod download all
Expand Down Expand Up @@ -77,12 +77,12 @@ jobs:
needs:
- build-pre-checks
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- run: make ci-test
- uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
- uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
with:
node-version: '20'
- run: npm install -g bats@${BATS_VERSION}
Expand All @@ -100,15 +100,15 @@ jobs:
filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
steps:
- name: Checkout directory
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Generate metadata file
id: generate-metadata-file
uses: hashicorp/actions-generate-metadata@v1
with:
version: ${{ needs.get-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
repositoryOwner: "hashicorp"
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }}
Expand All @@ -125,9 +125,9 @@ jobs:
fail-fast: true
steps:
- name: Checkout
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: Build binary
Expand All @@ -149,7 +149,7 @@ jobs:
echo "path=${ZIP_FILE}" >> $GITHUB_OUTPUT
echo "name=$(basename ${ZIP_FILE})" >> $GITHUB_OUTPUT
- name: Upload binary
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: ${{ steps.build-binary.outputs.name }}
path: ${{ steps.build-binary.outputs.path }}
Expand All @@ -168,7 +168,7 @@ jobs:
repo: ${{github.event.repository.name}}
version: ${{needs.get-product-version.outputs.product-version}}
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup scripts directory
shell: bash
run: |
Expand Down Expand Up @@ -212,7 +212,7 @@ jobs:
version: ${{needs.get-product-version.outputs.product-version}}
image_tag: ${{needs.get-product-version.outputs.product-version}}-ubi
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup scripts directory
shell: bash
run: |
Expand Down Expand Up @@ -258,7 +258,7 @@ jobs:
version: ${{needs.get-product-version.outputs.product-version}}
image_tag: ${{needs.get-product-version.outputs.product-version}}-ubi
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup scripts directory
shell: bash
run: |
Expand Down Expand Up @@ -318,7 +318,7 @@ jobs:
- name: Install kind
uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
with:
version: "v0.22.0"
version: "v0.25.0"
install_only: true
- uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
id: setup-helm
Expand All @@ -328,9 +328,9 @@ jobs:
shell: bash
run: |
helm repo add hashicorp https://helm.releases.hashicorp.com
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Setup go
uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
with:
go-version-file: .go-version
- name: Run tests
Expand All @@ -344,7 +344,7 @@ jobs:
- run: echo "setting versions"
outputs:
# JSON encoded array of k8s versions
K8S_VERSIONS: '["1.30.0", "1.29.4", "1.28.9", "1.27.13", "1.26.15"]'
K8S_VERSIONS: '["1.31.2", "1.30.6", "1.29.10", "1.28.15", "1.27.16"]'
VAULT_N: "1.17.2"
VAULT_N_1: "1.16.6"
VAULT_N_2: "1.15.12"
Expand All @@ -365,7 +365,7 @@ jobs:
installation-method: [helm, kustomize]
vault-enterprise: [true, false]
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/integration-test
name: vault:${{ matrix.vault-version }} kind:${{ matrix.k8s-version }}
with:
Expand Down Expand Up @@ -401,7 +401,7 @@ jobs:
installation-method: [kustomize]
vault-enterprise: [true]
steps:
- uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/integration-test
name: vault:${{ matrix.vault-version }} kind:${{ matrix.k8s-version }}
with:
Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,12 +94,12 @@ ENTRYPOINT ["/vault-secrets-operator"]

# ubi build image
# -----------------------------------
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227.1726694542 AS build-ubi
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5 AS build-ubi
RUN microdnf --refresh --assumeyes upgrade ca-certificates

# ubi release image
# -----------------------------------
FROM registry.access.redhat.com/ubi9/ubi-micro:9.4-15 AS release-ubi
FROM registry.access.redhat.com/ubi9/ubi-micro:9.5 AS release-ubi

ENV BIN_NAME=vault-secrets-operator
ARG PRODUCT_VERSION
Expand Down
4 changes: 2 additions & 2 deletions Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ CHART_CRDS_DIR ?= $(CHART_ROOT)/crds
VAULT_IMAGE_TAG ?= latest
VAULT_IMAGE_REPO ?=
K8S_VAULT_NAMESPACE ?= vault
KIND_K8S_VERSION ?= v1.30.0
VAULT_HELM_VERSION ?= 0.25.0
KIND_K8S_VERSION ?= v1.31.2
VAULT_HELM_VERSION ?= 0.29.0
# Root directory to export kind cluster logs after each test run.
EXPORT_KIND_LOGS_ROOT ?=

Expand Down
2 changes: 2 additions & 0 deletions consts/reasons.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,10 @@ const (
ReasonStatusUpdateError = "StatusUpdateError"
ReasonUnrecoverable = "Unrecoverable"
ReasonVaultClientConfigError = "VaultClientConfigError"
ReasonHVSClientConfigError = "HVSClientConfigError"
ReasonVaultClientError = "VaultClientError"
ReasonVaultStaticSecret = "VaultStaticSecretError"
ReasonHVSSecret = "HVSSecretError"
ReasonSecretDataDrift = "SecretDataDrift"
ReasonInexistentDestination = "InexistentDestination"
ReasonResourceUpdated = "ResourceUpdated"
Expand Down
8 changes: 7 additions & 1 deletion controllers/hcpvaultsecretsapp_controller.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,7 +128,7 @@ func (r *HCPVaultSecretsAppReconciler) Reconcile(ctx context.Context, req ctrl.R
d, err := parseDurationString(o.Spec.RefreshAfter, ".spec.refreshAfter", r.MinRefreshAfter)
if err != nil {
logger.Error(err, "Field validation failed")
r.Recorder.Eventf(o, corev1.EventTypeWarning, consts.ReasonVaultStaticSecret,
r.Recorder.Eventf(o, corev1.EventTypeWarning, consts.ReasonHVSSecret,
"Field validation failed, err=%s", err)
return ctrl.Result{}, err
}
Expand All @@ -147,6 +147,8 @@ func (r *HCPVaultSecretsAppReconciler) Reconcile(ctx context.Context, req ctrl.R
c, err := r.hvsClient(ctx, o)
if err != nil {
logger.Error(err, "Get HCP Vault Secrets Client")
r.Recorder.Eventf(o, corev1.EventTypeWarning, consts.ReasonHVSClientConfigError,
"Failed to instantiate HVS client: %s", err)
return ctrl.Result{
RequeueAfter: computeHorizonWithJitter(requeueDurationOnError),
}, nil
Expand All @@ -164,6 +166,8 @@ func (r *HCPVaultSecretsAppReconciler) Reconcile(ctx context.Context, req ctrl.R
resp, err := fetchOpenSecretsPaginated(ctx, c, params, nil)
if err != nil {
logger.Error(err, "Get App Secrets", "appName", o.Spec.AppName)
r.Recorder.Eventf(o, corev1.EventTypeWarning, consts.ReasonHVSSecret,
"Failed to get HVS App secrets: %s", err)
entry, _ := r.BackOffRegistry.Get(req.NamespacedName)
return ctrl.Result{
RequeueAfter: entry.NextBackOff(),
Expand All @@ -185,6 +189,8 @@ func (r *HCPVaultSecretsAppReconciler) Reconcile(ctx context.Context, req ctrl.R
dynamicSecrets, err := getHVSDynamicSecrets(ctx, c, o.Spec.AppName, renewPercent, shadowSecrets)
if err != nil {
logger.Error(err, "Get Dynamic Secrets", "appName", o.Spec.AppName)
r.Recorder.Eventf(o, corev1.EventTypeWarning, consts.ReasonHVSSecret,
"Failed to get HVS dynamic secrets: %s", err)
entry, _ := r.BackOffRegistry.Get(req.NamespacedName)
return ctrl.Result{
RequeueAfter: entry.NextBackOff(),
Expand Down
38 changes: 19 additions & 19 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,24 +19,24 @@ require (
github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0
github.com/hashicorp/go-version v1.7.0
github.com/hashicorp/golang-lru/v2 v2.0.7
github.com/hashicorp/hcp-sdk-go v0.115.0
github.com/hashicorp/hcp-sdk-go v0.118.0
github.com/hashicorp/vault/api v1.13.0
github.com/hashicorp/vault/sdk v0.13.0
github.com/kelseyhightower/envconfig v1.4.0
github.com/onsi/ginkgo v1.16.5
github.com/onsi/gomega v1.34.2
github.com/prometheus/client_golang v1.20.4
github.com/onsi/gomega v1.35.0
github.com/prometheus/client_golang v1.20.5
github.com/prometheus/client_model v0.6.1
github.com/stretchr/testify v1.9.0
golang.org/x/crypto v0.28.0
google.golang.org/api v0.199.0
google.golang.org/api v0.203.0
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.31.1
k8s.io/apiextensions-apiserver v0.31.1
k8s.io/apimachinery v0.31.1
k8s.io/client-go v0.31.1
k8s.io/api v0.31.2
k8s.io/apiextensions-apiserver v0.31.2
k8s.io/apimachinery v0.31.2
k8s.io/client-go v0.31.2
k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
sigs.k8s.io/controller-runtime v0.19.0
sigs.k8s.io/controller-runtime v0.19.1
sigs.k8s.io/yaml v1.4.0
)

Expand All @@ -48,10 +48,10 @@ require (
)

require (
cloud.google.com/go v0.115.1 // indirect
cloud.google.com/go/auth v0.9.5 // indirect
cloud.google.com/go v0.116.0 // indirect
cloud.google.com/go/auth v0.9.9 // indirect
cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect
cloud.google.com/go/iam v1.2.0 // indirect
cloud.google.com/go/iam v1.2.1 // indirect
cloud.google.com/go/storage v1.43.0 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.3.0 // indirect
Expand Down Expand Up @@ -160,19 +160,19 @@ require (
go.uber.org/multierr v1.11.0 // indirect
go.uber.org/zap v1.26.0 // indirect
golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
golang.org/x/net v0.29.0 // indirect
golang.org/x/net v0.30.0 // indirect
golang.org/x/oauth2 v0.23.0 // indirect
golang.org/x/sync v0.8.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/term v0.25.0 // indirect
golang.org/x/text v0.19.0 // indirect
golang.org/x/time v0.6.0 // indirect
golang.org/x/time v0.7.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
google.golang.org/grpc v1.67.0 // indirect
google.golang.org/protobuf v1.34.2 // indirect
google.golang.org/genproto v0.0.0-20241015192408-796eee8c2d53 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect
google.golang.org/genproto/googleapis/rpc v0.0.0-20241015192408-796eee8c2d53 // indirect
google.golang.org/grpc v1.67.1 // indirect
google.golang.org/protobuf v1.35.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
Expand Down
Loading

0 comments on commit 9119a01

Please sign in to comment.