From 056ee6bbfaad725733d8188f278d4ca16ecb03e1 Mon Sep 17 00:00:00 2001 From: Nathan Phelps Date: Fri, 17 May 2024 10:00:44 -0400 Subject: [PATCH 1/5] Issue 6: Changed some of the Hashicorp Vault refences in the docs to OpenBao. Signed-off-by: Nathan Phelps --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- CODEOWNERS | 1 - CONTRIBUTING.md | 29 ++++++++++++++-------------- README.md | 2 +- charts/openbao/README.md | 8 +++----- charts/openbao/templates/NOTES.txt | 6 +++--- test/README.md | 8 +++----- 7 files changed, 26 insertions(+), 30 deletions(-) delete mode 100644 CODEOWNERS diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index cb69c5138..c45b6a48b 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -11,7 +11,7 @@ assignees: '' For questions, the best place to get answers is on our [discussion forum](https://discuss.hashicorp.com/c/vault), as they will get more visibility from experienced users than the issue tracker. -Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in Vault Helm, _please responsibly disclose_ by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). +Please note: We take Vault's security and our users' trust very seriously. If you believe you have found a security issue in OpenBao Helm, _please responsibly disclose_ by contacting us at [openbao-security@lists.lfedge.org](mailto:openbao-security@lists.lfedge.org). --> diff --git a/CODEOWNERS b/CODEOWNERS deleted file mode 100644 index a765f7ea9..000000000 --- a/CODEOWNERS +++ /dev/null @@ -1 +0,0 @@ -* @hashicorp/vault-ecosystem diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index ad31ac92d..44aa9e6fd 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,8 +1,8 @@ -# Contributing to Vault Helm +# Contributing to OpenBao Helm -**Please note:** We take Vault's security and our users' trust very seriously. -If you believe you have found a security issue in Vault, please responsibly -disclose by contacting us at security@hashicorp.com. +**Please note:** We take OpenBao's security and our users' trust very seriously. +If you believe you have found a security issue in OpenBao, please responsibly +disclose by contacting us at openbao-security@lists.lfedge.org. **First:** if you're unsure or afraid of _anything_, just ask or submit the issue or pull request anyways. You won't be yelled at for giving it your best @@ -12,14 +12,15 @@ rules to get in the way of that. That said, if you want to ensure that a pull request is likely to be merged, talk to us! You can find out our thoughts and ensure that your contribution -won't clash or be obviated by Vault's normal direction. A great way to do this -is via the [Vault Discussion Forum][1]. +won't clash or be obviated by OpenBao's normal direction. A great way to do this +is via the [Linux Foundation Element chat server][1], or [mailing list][2]. This document will cover what we're looking for in terms of reporting issues. By addressing all the points we're looking for, it raises the chances we can quickly merge or address your contributions. -[1]: https://discuss.hashicorp.com/c/vault +[1]: https://chat.lfx.linuxfoundation.org +[2]: https://lists.lfedge.org/g/openbao ## Issues @@ -33,14 +34,14 @@ quickly merge or address your contributions. * Provide steps to reproduce the issue, and if possible include the expected results as well as the actual results. Please provide text, not screen shots! -* Respond as promptly as possible to any questions made by the Vault +* Respond as promptly as possible to any questions made by the OpenBao team to your issue. Stale issues will be closed periodically. ### Issue Lifecycle 1. The issue is reported. -2. The issue is verified and categorized by a Vault Helm collaborator. +2. The issue is verified and categorized by a OpenBao Helm collaborator. Categorization is done via tags. For example, bugs are marked as "bugs". 3. Unless it is critical, the issue may be left for a period of time (sometimes @@ -70,25 +71,25 @@ The following are the instructions for running bats tests using a Docker contain #### Prerequisites * Docker installed -* `vault-helm` checked out locally +* `openbao-helm` checked out locally #### Test -**Note:** the following commands should be run from the `vault-helm` directory. +**Note:** the following commands should be run from the `openbao-helm` directory. First, build the Docker image for running the tests: ```shell -docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test +docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t openbao-helm-test ``` Next, execute the tests with the following commands: ```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit +docker run -it --rm -v "${PWD}:/test" openbao-helm-test bats /test/test/unit ``` It's possible to only run specific bats tests using regular expressions. For example, the following will run only tests with "injector" in the name: ```shell -docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector" +docker run -it --rm -v "${PWD}:/test" openbao-helm-test bats /test/test/unit -f "injector" ``` ### Test Manually diff --git a/README.md b/README.md index aedb40394..69c3aa845 100644 --- a/README.md +++ b/README.md @@ -23,7 +23,7 @@ The versions required are: ## Usage -To install the latest version of this chart, add the Hashicorp helm repository and run `helm install`: +To install the latest version of this chart, add the OpenBao helm repository and run `helm install`: ```console helm repo add openbao https://openbao.github.io/openbao-helm diff --git a/charts/openbao/README.md b/charts/openbao/README.md index d85bf0f7a..645ad0cf9 100644 --- a/charts/openbao/README.md +++ b/charts/openbao/README.md @@ -8,9 +8,9 @@ Official OpenBao Chart ## Maintainers -| Name | Email | Url | -| ---- | ------ | --- | -| OpenBao | | | +| Name | Email | Url | +|---------|------------------------------------|-----------------------| +| OpenBao | https://lists.lfedge.org/g/openbao | | ## Source Code @@ -171,8 +171,6 @@ Kubernetes: `>= 1.27.0-0` | server.dev.devRootToken | string | `"root"` | | | server.dev.enabled | bool | `false` | | | server.enabled | string | `"-"` | | -| server.enterpriseLicense.secretKey | string | `"license"` | | -| server.enterpriseLicense.secretName | string | `""` | | | server.extraArgs | string | `""` | | | server.extraContainers | string | `nil` | | | server.extraEnvironmentVars | object | `{}` | | diff --git a/charts/openbao/templates/NOTES.txt b/charts/openbao/templates/NOTES.txt index 60d99a4e5..89985f4e6 100644 --- a/charts/openbao/templates/NOTES.txt +++ b/charts/openbao/templates/NOTES.txt @@ -1,10 +1,10 @@ -Thank you for installing HashiCorp Vault! +Thank you for installing OpenBao! -Now that you have deployed Vault, you should look over the docs on using +Now that you have deployed OpenBao, you should look over the docs on using Vault with Kubernetes available here: -https://developer.hashicorp.com/vault/docs +https://openbao.org/docs/ Your release is named {{ .Release.Name }}. To learn more about the release, try: diff --git a/test/README.md b/test/README.md index 951a0616e..066914d8e 100644 --- a/test/README.md +++ b/test/README.md @@ -1,11 +1,9 @@ -# Vault Helm Tests +# OpenBao Helm Tests -## Running Vault Helm Acceptance tests +## Running OpenBao Helm Acceptance tests The Makefile at the top level of this repo contains a few target that should help with running acceptance tests in your own GKE instance or in a kind cluster. -Note that for the Vault Enterprise tests to pass, a `VAULT_LICENSE_CI` environment variable needs to be set to the contents of a valid Vault Enterprise license. - ### Running in a GKE cluster * Set the `GOOGLE_CREDENTIALS` and `CLOUDSDK_CORE_PROJECT` variables at the top of the file. `GOOGLE_CREDENTIALS` should contain the local path to your Google Cloud Platform account credentials in JSON format. `CLOUDSDK_CORE_PROJECT` should be set to the ID of your GCP project. @@ -49,7 +47,7 @@ editing will be required, since several properties accept multiple data types. ## Helm test -Vault Helm also contains a simple helm test under +OpenBao Helm also contains a simple helm test under [templates/tests/](../templates/tests/) that may be run against a helm release: helm test From 2dc52a4801707128e1939b3baeec899709f6c8ae Mon Sep 17 00:00:00 2001 From: Nathan Phelps Date: Mon, 20 May 2024 17:26:03 -0400 Subject: [PATCH 2/5] Issue 6: Removed Enterprise licensing references out of the chart's value configuration. Signed-off-by: Nathan Phelps --- charts/openbao/values.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/charts/openbao/values.yaml b/charts/openbao/values.yaml index 2d8ec8fdd..48a21579f 100644 --- a/charts/openbao/values.yaml +++ b/charts/openbao/values.yaml @@ -369,18 +369,6 @@ server: # See vault.mode in _helpers.tpl for implementation details. enabled: "-" - # [Enterprise Only] This value refers to a Kubernetes secret that you have - # created that contains your enterprise license. If you are not using an - # enterprise image or if you plan to introduce the license key via another - # route, then leave secretName blank ("") or set it to null. - # Requires Vault Enterprise 1.8 or later. - enterpriseLicense: - # The name of the Kubernetes secret that holds the enterprise license. The - # secret must be in the same namespace that Vault is installed into. - secretName: "" - # The key within the Kubernetes secret that holds the enterprise license. - secretKey: "license" - # Resource requests, limits, etc. for the server cluster placement. This # should map directly to the value of the resources field for a PodSpec. # By default no direct resource request is made. From 25fd0b4cc48d4ee682c55cee1102fc3472526268 Mon Sep 17 00:00:00 2001 From: Nathan Phelps Date: Mon, 20 May 2024 17:31:37 -0400 Subject: [PATCH 3/5] Issue 6: Updated the chart version to 0.3.0. Signed-off-by: Nathan Phelps --- charts/openbao/Chart.yaml | 2 +- charts/openbao/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/openbao/Chart.yaml b/charts/openbao/Chart.yaml index 3f315158b..6f34713b6 100644 --- a/charts/openbao/Chart.yaml +++ b/charts/openbao/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v2 name: openbao -version: 0.2.0 +version: 0.3.0 appVersion: v2.0.0-alpha20240329 kubeVersion: ">= 1.27.0-0" description: Official OpenBao Chart diff --git a/charts/openbao/README.md b/charts/openbao/README.md index 645ad0cf9..9769a3e9b 100644 --- a/charts/openbao/README.md +++ b/charts/openbao/README.md @@ -1,6 +1,6 @@ # openbao -![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v2.0.0-alpha20240329](https://img.shields.io/badge/AppVersion-v2.0.0--alpha20240329-informational?style=flat-square) +![Version: 0.3.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![AppVersion: v2.0.0-alpha20240329](https://img.shields.io/badge/AppVersion-v2.0.0--alpha20240329-informational?style=flat-square) Official OpenBao Chart From 9b5f42f0e0fc0296545cb0c643caaaa6e47e6640 Mon Sep 17 00:00:00 2001 From: Nathan Phelps Date: Mon, 20 May 2024 17:37:03 -0400 Subject: [PATCH 4/5] Issue 6: Removing Enterprise references from chart template helper. Signed-off-by: Nathan Phelps --- charts/openbao/templates/_helpers.tpl | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/charts/openbao/templates/_helpers.tpl b/charts/openbao/templates/_helpers.tpl index 7a22d04cc..e1bc286af 100644 --- a/charts/openbao/templates/_helpers.tpl +++ b/charts/openbao/templates/_helpers.tpl @@ -201,12 +201,6 @@ extra volumes the user may have specified (such as a secret with TLS). {{- if .Values.server.volumes }} {{- toYaml .Values.server.volumes | nindent 8}} {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - secret: - secretName: {{ .Values.server.enterpriseLicense.secretName }} - defaultMode: 0440 - {{- end }} {{- end -}} {{/* @@ -270,11 +264,6 @@ based on the mode configured. {{- if .Values.server.volumeMounts }} {{- toYaml .Values.server.volumeMounts | nindent 12}} {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: vault-license - mountPath: /vault/license - readOnly: true - {{- end }} {{- end -}} {{/* From 45305a998d8a841b3c9abeb89403dd3b76586d94 Mon Sep 17 00:00:00 2001 From: Nathan Phelps Date: Mon, 20 May 2024 17:39:52 -0400 Subject: [PATCH 5/5] Issue 6: Removed Enterprise reference from chart's server-statefulset template. Signed-off-by: Nathan Phelps --- charts/openbao/templates/server-statefulset.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/openbao/templates/server-statefulset.yaml b/charts/openbao/templates/server-statefulset.yaml index 94d5babbd..997d3f1b7 100644 --- a/charts/openbao/templates/server-statefulset.yaml +++ b/charts/openbao/templates/server-statefulset.yaml @@ -137,10 +137,6 @@ spec: - name: VAULT_LOG_FORMAT value: "{{ .Values.server.logFormat }}" {{- end }} - {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }} - - name: VAULT_LICENSE_PATH - value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }} - {{- end }} {{ template "vault.envs" . }} {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }} {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}