upstream/vault
1
0
Fork 0
mirror of https://github.com/hashicorp/vault.git synced 2026-05-20 17:31:10 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
vault/enos/modules
History
Vault Automation aca7f3740c
[VAULT-44098] containers: never attempt to run setcap when running as non-root user (#13988) (#14106) 
In prior versions of the Vault container we'd set `ICP_LOCK` on the `vault`
binary at runtime via the entrypoint script. As we now run the Vault
container as an unprivileged user we have to set this capability at build time
as `setcap` cannot be run by unprivileged users.

This change updates the Alpine OCI and UBI container entrypoints
to not attempt to run `setcap` when running as non-root user.

Importantly, these changes introduce a *new requirement* whereby users of the
container must add `IPC_LOCK` capability to the container or pod or the
Vault service will fail to start. As running with locked memory is always our
guidance for Vault the containers now require this. Users that do not wish to grant
the `IPC_LOCK` capability will want to wrap the container unset the capability on
the binary during build time: `setcap cap_ipc_lock=-ep /bin/vault`.

Signed-off-by: Ryan Cragun <me@ryan.ec>
Co-authored-by: Ryan Cragun <me@ryan.ec>
2026-04-20 12:48:55 -06:00
..
artifact/metadata [VAULT-41521] enos(ec2_infor): update scenario base images (#11508) (#11533) 2025-12-22 14:17:51 -07:00
autopilot_upgrade_storageconfig license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
backend_consul license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
backend_raft license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
benchmark license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
build_artifactory_artifact license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
build_artifactory_package license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
build_crt license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
build_local [UI] - migrate to pnpm for JS package management (#11651) (#11661) 2026-01-09 11:45:14 -06:00
choose_follower_host license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
cloud_docker_vault_cluster [COMPLIANCE] Update Copyright and License Headers (#11034) (#12518) 2026-02-24 17:20:11 -07:00
create_vpc license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
database_container [VAULT-43581] sdk: Add MongoDB blackbox tests for static roles (#13746) (#14010) 2026-04-17 09:15:38 -04:00
disable_selinux [VAULT-41521] enos(ec2_infor): update scenario base images (#11508) (#11533) 2025-12-22 14:17:51 -07:00
docker_namespace_token [COMPLIANCE] Update Copyright and License Headers (#11034) (#12518) 2026-02-24 17:20:11 -07:00
docker_network [COMPLIANCE] Update Copyright and License Headers (#11034) (#12518) 2026-02-24 17:20:11 -07:00
ec2_info [VAULT-41521] enos(ec2_infor): update scenario base images (#11508) (#11533) 2025-12-22 14:17:51 -07:00
generate_dr_operation_token license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
generate_failover_secondary_token license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
generate_secondary_public_key license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
generate_secondary_token license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
get_local_metadata license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
hcp Add blackbox testing SDK (#11210) (#12245) 2026-02-06 21:36:29 +00:00
install_packages [VAULT-41521] enos(ec2_infor): update scenario base images (#11508) (#11533) 2025-12-22 14:17:51 -07:00
k8s_deploy_vault [VAULT-44098] containers: never attempt to run setcap when running as non-root user (#13988) (#14106) 2026-04-20 12:48:55 -06:00
k8s_vault_verify_replication license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
k8s_vault_verify_ui license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
k8s_vault_verify_version license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
k8s_vault_verify_write_data license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
ldap_wait_for_search Backport enos(ldap): always verify base DN connection before setup into ce/main 2026-03-25 13:34:17 -04:00
load_docker_image license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
local_kind_cluster license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
read_license license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
replication_data license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
restart_consul license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
restart_vault license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
seal_awskms license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
seal_pkcs11 license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
seal_shamir license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
set_up_external_integration_target Backport [Mongo SDK Plugin] (enos): Add MongoDB plugin test framework for Enos into ce/main (#13700) 2026-04-08 12:25:01 -04:00
shutdown_multiple_nodes license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
shutdown_node license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
softhsm_create_vault_keys license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
softhsm_distribute_vault_keys license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
softhsm_init license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
softhsm_install [VAULT-41521] enos(ec2_infor): update scenario base images (#11508) (#11533) 2025-12-22 14:17:51 -07:00
start_vault license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
stop_vault license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
target_ec2_fleet license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
target_ec2_instances license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
target_ec2_shim license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
target_ec2_spot_fleet license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_agent license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_cluster Root Credential Rotation-Part 2 (#11887) (#12400) 2026-02-18 12:59:12 -05:00
vault_failover_demote_dr_primary license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_failover_promote_dr_secondary license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_failover_update_dr_primary license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_get_cluster_ips license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_proxy license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_raft_remove_node_and_verify license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_raft_remove_peer license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_run_blackbox_test [VAULT-43581] sdk: Add MongoDB blackbox tests for static roles (#13746) (#14010) 2026-04-17 09:15:38 -04:00
vault_setup_dr_primary license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_setup_perf_primary license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_setup_replication_secondary license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_step_down license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_test_ui license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_unseal_replication_followers license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_update_license_ibm Backport [VAULT-42245] Add IBM license update to enos upgrade scenario into ce/main (#13165) 2026-03-25 12:04:01 -07:00
vault_upgrade license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_agent_output license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_autopilot license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_billing_start_date license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_default_lcq license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_dr_replication license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_ibm_license_update Backport [VAULT-42245] Add IBM license update to enos upgrade scenario into ce/main (#13165) 2026-03-25 12:04:01 -07:00
vault_verify_performance_replication Update perf replication checking script (#10134) (#10500) 2025-11-03 10:49:34 -08:00
vault_verify_raft_auto_join_voter license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_removed_node license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_removed_node_shim license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_replication license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_ui license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_undo_logs license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_verify_version license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_wait_for_cluster_unsealed license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_wait_for_leader license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
vault_wait_for_seal_rewrap license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
verify_log_secrets Backport [VAULT-42245] Add IBM license update to enos upgrade scenario into ce/main (#13165) 2026-03-25 12:04:01 -07:00
verify_seal_type license: update headers to IBM Corp. (#10229) (#10233) 2025-10-21 15:20:20 -06:00
verify_secrets_engines Backport enos(ldap): always verify base DN connection before setup into ce/main 2026-03-25 13:34:17 -04:00