* only add required mounts if there's space
* correct the docker version, add comments
* fix base version
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
* [VAULT-45173] go: bump several dependencies to resolve GHSA-j88v-2chj-qfwx
This PR has a set of fairly complex dependency bumps to resolve GHSA-j88v-2chj-qfwx. For the third time in about six weeks, we've had to deal with CVEs in old and unsupported versions of `jackc/pgx`. These changes are for us to rid ourselves of those transitive dependencies completely.
First, we get rid `jackc/pgx/v4` by bumping `cloud.google.com/go/cloudsqlconn` to `v1.21.0`, which pulls in `v5`.
Next, we have to get rid of `jackc/pgx v3`, which was brought in via chain of `hashicorp/go-discover` -> `joyent/triton-go` -> `jackc/pgx/v3`. First, we updated `go-discover` to pull in the v2 module of `triton-go` from the modern upstream ([0], [1]) and pin to it. Then we update our own manta support to pull in the v2 module. Finally, we replace the `TritonDataCenter/triton-go` module with a fork that removes an unnecessary dep on `pgx/v3`.[2]
[0]: https://github.com/hashicorp/go-discover/pull/326
[1]: https://github.com/hashicorp/go-discover/pull/332
[2]: https://github.com/TritonDataCenter/triton-go/pull/207
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
Resolve GHSA-x744-4wpc-v9h2 and GHSA-pxq6-2prw-chj9 in `vault` by replacing
`github.com/docker/docker` with `github.com/moby/moby/client` @ `v0.3.0` and
`github.com/moby/moby/api` @ `v1.54.0`. This is necessary as `docker/docker`
is no longer maintained and the fixes are not available in it.
Resolve GO-2026-4518, GHSA-x6gf-mpr2-68h6 and GHSA-jqcq-xjh3-6g23 by
upgrading to github.com/jackc/pgx/v5. This is necessary as v4 is not
longer maitained.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
This change does a few things that might not be obvious:
- We stop requesting the previous runner image. This will result in us
using Docker 29 instead of 28. With this comes changes in our
container build system, most notably that container images are now
exported as OCI images. Every container runtime that we support also
supports OCI images so this ought to have no meaningful impact to
downstream users. One noticeable change is that the image layers are
now compressed so the final image size on disk will be considerably
smaller than before.
- Upgrade `hashicorp/action-setup-enos` to the latest version. This is not
strictly required for this change but as we just released a new version of
the CLI it makes sense to update it here. We should also note that recently
we released a new version of `terraform-provider-enos` which contains
necessary for this change as our docker and kind resources needed to be
updated handle OCI and Docker exported images. Previously they relied on
files that existed only in Docker images.
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* license: update headers to IBM Corp.
* `make proto`
* update offset because source file changed
Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
* portion of changes for autoloading
* add test checking for panic
* add endpoint for force unloading
* separate method for force unload
* changelog
* don't redefine constants
Co-authored-by: miagilepner <mia.epner@hashicorp.com>
* full load
* snapshot manager tested
* integration test
* more tetsts
* remove obselete test
* fix failing test
* move tesdata to ent folder
* add test for RaftDataDirPath
* fix race condition, don't create new barrier instance
* check for nil result
* remove encryption from the barrier storage wrapper
* Update physical/raft/fsm.go
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* fmt
---------
Co-authored-by: Kuba Wieczorek <kuba.wieczorek@hashicorp.com>
* PostgreSQL backend passwordless authentication in cloud
* adding changelog
* Updating deprecated docker test types
* adding unit tests for getAuthConfig
* removing cloud auth based tests due to failure in CI. Unit test should focus on the default flow.
* Adding function name for lint
* sdk/physical: use permitpool from go-secure-stdlib
* physical: use permitpool from go-secure-stdlib
* fixup! sdk/physical: use permitpool from go-secure-stdlib
* fixup! sdk/physical: use permitpool from go-secure-stdlib
* ce changes for vault-31750
* add changelog
* make proto
* refactor naming
* clarify error message
* update changelog
* one more time
* make proto AGAIN
* add warning for when MAP_POPULATE mmap flag not set
* Make mmap flags method handle any flags, where MAP_POPULATE is just one of them
* Only have the log print out on restores
* Add test, make logic more consistent
* Add changelog
* Add godoc for test
* Make test less dangerous
* add versions to raft bootstrap answer
* remove version faking
* save version state to storage
* logging and copy
* changelog
* use leader versions on upgrade
* add enterprise cluster test
* never drop persisted states
* rename to partialCopy, fix comment, fix log line
* pass in correct accountName variable into validation function
* modify test fixture to better test validation functionality
* pass in accountName variable into error message
* changelog
* Speed up ddb list by only getting keys
* Add same optimization to has_children
* Add changeling
---------
Co-authored-by: Violet Hynes <violet.hynes@hashicorp.com>
