Skip to content

Commit 4752f2c

Browse files
authored
Merge pull request #187 from CSCfi/feature/update-fork
Update fork
2 parents 09c1477 + b54d295 commit 4752f2c

File tree

11 files changed

+180
-221
lines changed

11 files changed

+180
-221
lines changed

.github/pull_request_template.md

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
## PCI review checklist
2+
3+
<!-- heimdall_github_prtemplate:grc-pci_dss-2024-01-05 -->
4+
5+
- [ ] I have documented a clear reason for, and description of, the change I am making.
6+
7+
- [ ] If applicable, I've documented a plan to revert these changes if they require more than reverting the pull request.
8+
9+
- [ ] If applicable, I've documented the impact of any changes to security controls.
10+
11+
Examples of changes to security controls include using new access control methods, adding or removing logging pipelines, etc.

.github/workflows/codeql-analysis.yml

Lines changed: 2 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@ name: "CodeQL"
22

33
on:
44
push:
5-
branches: [master]
5+
branches: [main]
66
pull_request:
77
# The branches below must be a subset of the branches above
8-
branches: [master]
8+
branches: [main]
99
schedule:
1010
- cron: "0 15 * * 4"
1111

@@ -22,15 +22,6 @@ jobs:
2222
steps:
2323
- name: Checkout repository
2424
uses: actions/checkout@v6
25-
with:
26-
# We must fetch at least the immediate parents so that if this is
27-
# a pull request then we can checkout the head.
28-
fetch-depth: 2
29-
30-
# If this run was triggered by a pull request event, then checkout
31-
# the head of the pull request instead of the merge commit.
32-
- run: git checkout HEAD^2
33-
if: ${{ github.event_name == 'pull_request' }}
3425

3526
# Initializes the CodeQL tools for scanning.
3627
- name: Initialize CodeQL

.github/workflows/unittests.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ jobs:
88
runs-on: ubuntu-latest
99
strategy:
1010
matrix:
11-
go-version: ["1.22"]
11+
go-version: ["1.25"]
1212
steps:
1313
- name: Set up Go ${{ matrix.go-version }}
1414
uses: actions/setup-go@v5

LICENSE

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
Copyright (c) 2021 HashiCorp, Inc.
2+
13
Mozilla Public License Version 2.0
24
==================================
35

environments/docker/environment.go

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,6 @@
1+
// Copyright (c) HashiCorp, Inc.
2+
// SPDX-License-Identifier: MPL-2.0
3+
14
package docker
25

36
import (
@@ -39,7 +42,7 @@ import (
3942

4043
var _ stepwise.Environment = (*Cluster)(nil)
4144

42-
const dockerVersion = "1.41"
45+
const dockerVersion = "1.51"
4346
const defaultImage = "hashicorp/vault:latest"
4447

4548
// Cluster is used for managing the lifecycle of the test Vault cluster
@@ -433,7 +436,7 @@ func (n *dockerClusterNode) setupCert() error {
433436
return err
434437
}
435438

436-
certGetter := stepwise.NewCertificateGetter(n.ServerCertPEMFile, n.ServerKeyPEMFile, "")
439+
certGetter := stepwise.NewCertificateGetter(n.ServerCertPEMFile, n.ServerKeyPEMFile)
437440
if err := certGetter.Reload(); err != nil {
438441
return err
439442
}
@@ -797,10 +800,9 @@ func setupNetwork(cli *docker.Client, netName string) (string, error) {
797800
}
798801

799802
func createNetwork(cli *docker.Client, netName string) (string, error) {
800-
resp, err := cli.NetworkCreate(context.Background(), netName, types.NetworkCreate{
801-
CheckDuplicate: true,
802-
Driver: "bridge",
803-
Options: map[string]string{},
803+
resp, err := cli.NetworkCreate(context.Background(), netName, network.CreateOptions{
804+
Driver: "bridge",
805+
Options: map[string]string{},
804806
IPAM: &network.IPAM{
805807
Driver: "default",
806808
Options: map[string]string{},
@@ -860,12 +862,14 @@ func (dc *Cluster) Setup() error {
860862
// auth mounts via the /sys endpoint, we need to remove that prefix
861863
authPath := strings.TrimPrefix(dc.MountPath(), "auth/")
862864
err = client.Sys().EnableAuthWithOptions(authPath, &api.EnableAuthOptions{
863-
Type: registryName,
865+
Type: registryName,
866+
Config: dc.MountOptions.MountConfigInput,
864867
})
865868
case api.PluginTypeDatabase:
866869
case api.PluginTypeSecrets:
867870
err = client.Sys().Mount(dc.MountPath(), &api.MountInput{
868-
Type: registryName,
871+
Type: registryName,
872+
Config: dc.MountOptions.MountConfigInput,
869873
})
870874
default:
871875
return fmt.Errorf("unknown plugin type: %s", dc.MountOptions.PluginType.String())

environments/docker/runner.go

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,19 @@
1+
// Copyright (c) HashiCorp, Inc.
2+
// SPDX-License-Identifier: MPL-2.0
3+
14
package docker
25

36
import (
47
"context"
58
"fmt"
69
"io"
710

8-
"github.com/docker/docker/api/types"
911
"github.com/docker/docker/api/types/container"
1012
"github.com/docker/docker/api/types/image"
1113
"github.com/docker/docker/api/types/network"
1214
"github.com/docker/docker/api/types/strslice"
1315
docker "github.com/docker/docker/client"
14-
"github.com/docker/docker/pkg/archive"
16+
"github.com/moby/go-archive"
1517
)
1618

1719
// Runner manages the lifecycle of the Docker container
@@ -28,7 +30,7 @@ type Runner struct {
2830
// pulling the specified Vault image, creating the container, and copies the
2931
// plugin binary into the container file system before starting the container
3032
// itself.
31-
func (d *Runner) Start(ctx context.Context) (*types.ContainerJSON, error) {
33+
func (d *Runner) Start(ctx context.Context) (*container.InspectResponse, error) {
3234
hostConfig := &container.HostConfig{
3335
PublishAllPorts: true,
3436
AutoRemove: true,
@@ -69,29 +71,32 @@ func (d *Runner) Start(ctx context.Context) (*types.ContainerJSON, error) {
6971
hostConfig.CapAdd = strslice.StrSlice{"IPC_LOCK", "NET_ADMIN"}
7072
cfg.Hostname = d.ContainerName
7173
fullName := d.ContainerName
72-
dockerContainer, err := d.dockerAPI.ContainerCreate(ctx, &cfg, hostConfig, networkingConfig, nil, fullName)
74+
newContainer, err := d.dockerAPI.ContainerCreate(ctx, &cfg, hostConfig, networkingConfig, nil, fullName)
7375
if err != nil {
7476
return nil, fmt.Errorf("container create failed: %v", err)
7577
}
7678

7779
// copies the plugin binary into the Docker file system. This copy is only
7880
// allowed before the container is started
7981
for from, to := range d.CopyFromTo {
80-
if err := copyToContainer(ctx, d.dockerAPI, dockerContainer.ID, from, to); err != nil {
81-
_ = d.dockerAPI.ContainerRemove(ctx, dockerContainer.ID, container.RemoveOptions{})
82+
if err := copyToContainer(ctx, d.dockerAPI, newContainer.ID, from, to); err != nil {
83+
_ = d.dockerAPI.ContainerRemove(ctx, newContainer.ID, container.RemoveOptions{})
84+
8285
return nil, err
8386
}
8487
}
8588

86-
err = d.dockerAPI.ContainerStart(ctx, dockerContainer.ID, container.StartOptions{})
89+
err = d.dockerAPI.ContainerStart(ctx, newContainer.ID, container.StartOptions{})
8790
if err != nil {
88-
_ = d.dockerAPI.ContainerRemove(ctx, dockerContainer.ID, container.RemoveOptions{})
91+
_ = d.dockerAPI.ContainerRemove(ctx, newContainer.ID, container.RemoveOptions{})
92+
8993
return nil, fmt.Errorf("container start failed: %v", err)
9094
}
9195

92-
inspect, err := d.dockerAPI.ContainerInspect(ctx, dockerContainer.ID)
96+
inspect, err := d.dockerAPI.ContainerInspect(ctx, newContainer.ID)
9397
if err != nil {
94-
_ = d.dockerAPI.ContainerRemove(ctx, dockerContainer.ID, container.RemoveOptions{})
98+
_ = d.dockerAPI.ContainerRemove(ctx, newContainer.ID, container.RemoveOptions{})
99+
95100
return nil, err
96101
}
97102
return &inspect, nil
@@ -117,7 +122,7 @@ func copyToContainer(ctx context.Context, d *docker.Client, containerID, from, t
117122
}
118123
defer content.Close()
119124

120-
err = d.CopyToContainer(ctx, containerID, dstDir, content, types.CopyToContainerOptions{})
125+
err = d.CopyToContainer(ctx, containerID, dstDir, content, container.CopyToContainerOptions{})
121126
if err != nil {
122127
return fmt.Errorf("error copying from %q -> %q: %v", from, to, err)
123128
}

go.mod

Lines changed: 25 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -1,32 +1,33 @@
11
module github.com/CSCfi/vault-testing-stepwise
22

3-
go 1.24.0
3+
go 1.25.0
44

55
require (
6-
github.com/docker/docker v26.1.5+incompatible
6+
github.com/docker/docker v28.5.2+incompatible
77
github.com/docker/go-connections v0.6.0
88
github.com/hashicorp/go-cleanhttp v0.5.2
99
github.com/hashicorp/go-hclog v1.6.3
1010
github.com/hashicorp/go-multierror v1.1.1
1111
github.com/hashicorp/go-uuid v1.0.3
1212
github.com/hashicorp/vault/api v1.22.0
13-
github.com/hashicorp/vault/sdk v0.14.0
13+
github.com/hashicorp/vault/sdk v0.20.0
1414
golang.org/x/net v0.48.0
1515
)
1616

1717
require (
18-
github.com/Microsoft/go-winio v0.6.1 // indirect
18+
github.com/Microsoft/go-winio v0.6.2 // indirect
1919
github.com/cenkalti/backoff/v4 v4.3.0 // indirect
20-
github.com/containerd/containerd v1.7.12 // indirect
20+
github.com/cespare/xxhash/v2 v2.3.0 // indirect
21+
github.com/containerd/errdefs v1.0.0 // indirect
22+
github.com/containerd/errdefs/pkg v0.3.0 // indirect
2123
github.com/containerd/log v0.1.0 // indirect
2224
github.com/distribution/reference v0.6.0 // indirect
2325
github.com/docker/go-units v0.5.0 // indirect
2426
github.com/fatih/color v1.18.0 // indirect
2527
github.com/felixge/httpsnoop v1.0.4 // indirect
26-
github.com/go-jose/go-jose/v4 v4.1.1 // indirect
27-
github.com/go-logr/logr v1.4.2 // indirect
28+
github.com/go-jose/go-jose/v4 v4.1.3 // indirect
29+
github.com/go-logr/logr v1.4.3 // indirect
2830
github.com/go-logr/stdr v1.2.2 // indirect
29-
github.com/gogo/protobuf v1.3.2 // indirect
3031
github.com/golang/snappy v0.0.4 // indirect
3132
github.com/hashicorp/errwrap v1.1.0 // indirect
3233
github.com/hashicorp/go-retryablehttp v0.7.8 // indirect
@@ -35,34 +36,33 @@ require (
3536
github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
3637
github.com/hashicorp/go-sockaddr v1.0.7 // indirect
3738
github.com/hashicorp/hcl v1.0.1-vault-7 // indirect
38-
github.com/klauspost/compress v1.16.5 // indirect
39-
github.com/kr/pretty v0.3.0 // indirect
39+
github.com/klauspost/compress v1.18.2 // indirect
4040
github.com/mattn/go-colorable v0.1.14 // indirect
4141
github.com/mattn/go-isatty v0.0.20 // indirect
4242
github.com/mitchellh/go-homedir v1.1.0 // indirect
4343
github.com/mitchellh/mapstructure v1.5.0 // indirect
4444
github.com/moby/docker-image-spec v1.3.1 // indirect
45-
github.com/moby/patternmatcher v0.5.0 // indirect
46-
github.com/moby/sys/sequential v0.5.0 // indirect
47-
github.com/moby/sys/user v0.1.0 // indirect
48-
github.com/moby/term v0.5.0 // indirect
45+
github.com/moby/go-archive v0.1.0 // indirect
46+
github.com/moby/patternmatcher v0.6.0 // indirect
47+
github.com/moby/sys/atomicwriter v0.1.0 // indirect
48+
github.com/moby/sys/sequential v0.6.0 // indirect
49+
github.com/moby/sys/user v0.4.0 // indirect
50+
github.com/moby/sys/userns v0.1.0 // indirect
51+
github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
4952
github.com/morikuni/aec v1.0.0 // indirect
5053
github.com/opencontainers/go-digest v1.0.0 // indirect
51-
github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect
54+
github.com/opencontainers/image-spec v1.1.1 // indirect
5255
github.com/pierrec/lz4 v2.6.1+incompatible // indirect
5356
github.com/pkg/errors v0.9.1 // indirect
5457
github.com/ryanuber/go-glob v1.0.0 // indirect
5558
github.com/sirupsen/logrus v1.9.3 // indirect
56-
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect
57-
go.opentelemetry.io/otel v1.28.0 // indirect
58-
go.opentelemetry.io/otel/metric v1.28.0 // indirect
59-
go.opentelemetry.io/otel/trace v1.28.0 // indirect
60-
golang.org/x/crypto v0.46.0 // indirect
61-
golang.org/x/mod v0.30.0 // indirect
62-
golang.org/x/sync v0.19.0 // indirect
59+
go.opentelemetry.io/auto/sdk v1.2.1 // indirect
60+
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.64.0 // indirect
61+
go.opentelemetry.io/otel v1.39.0 // indirect
62+
go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.30.0 // indirect
63+
go.opentelemetry.io/otel/metric v1.39.0 // indirect
64+
go.opentelemetry.io/otel/trace v1.39.0 // indirect
6365
golang.org/x/sys v0.39.0 // indirect
6466
golang.org/x/text v0.32.0 // indirect
65-
golang.org/x/time v0.12.0 // indirect
66-
golang.org/x/tools v0.39.0 // indirect
67-
gotest.tools/v3 v3.5.0 // indirect
67+
golang.org/x/time v0.14.0 // indirect
6868
)

0 commit comments

Comments
 (0)