backport of commit 7b088a7

hashicorp · Sep 25, 2024 · 80edd38 · 80edd38
1 parent 37d8330
commit 80edd38
Show file tree

Hide file tree

Showing 103 changed files with 298 additions and 1,947 deletions.
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -14,26 +14,8 @@ jobs:
   backport:
     if: github.event.pull_request.merged
     runs-on: ${{ fromJSON(vars.RUNNER) }}
-    container: hashicorpdev/backport-assistant:0.5.1
+    container: hashicorpdev/backport-assistant:0.2.3
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0 # Fetch all branches and tags
-      - name: Check if any migrations have changed
-        run: |
-          if git diff --exit-code --name-only "origin/${{ github.event.pull_request.base.ref }}"...HEAD -- internal/db/schema/migrations; then
-            echo "No migrations have changed, continuing with backport"
-          else
-            # Post comment on PR.
-            echo "Posting new backport-failure GitHub comment under PR #${{ github.event.pull_request.number }}"
-            curl -sX POST \
-              -H "Accept: application/vnd.github+json" \
-              -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-              -d '{"body": "Backport Assistant: you attempted to automatically backport changes in this PR, but because it contained changes to migration files, this was rejected. Please carefully manually backport the changes."}' \
-              "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/issues/${{ github.event.pull_request.number }}/comments"
-            echo "Migrations have changed, refusing to backport. Please carefully manually backport the changes."
-            exit 1
-          fi
       - name: Backport changes to stable-website
         run: |
           backport-assistant backport -automerge

diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml
@@ -119,7 +119,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36    # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
         with:

diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml
@@ -22,7 +22,7 @@ jobs:
       id: boundary-team-role
       run: |
         TEAM=boundary
-        ROLE="$(gh api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')"
+        ROLE="$(hub api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')"
         if [[ -n ${ROLE} ]]; then
           echo "Actor ${{ github.actor }} is a ${TEAM} team member, skipping ticket creation"
         else

diff --git a/.github/workflows/test-race.yml b/.github/workflows/test-race.yml
@@ -109,7 +109,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Test ${{ matrix.module }} Module
         run: |
           make test-${{ matrix.module }}
@@ -141,7 +141,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Set up plugin cache
         id: plugin-cache
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -109,7 +109,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Test ${{ matrix.module }} Module
         run: |
           make test-${{ matrix.module }}
@@ -141,7 +141,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Set up plugin cache
         id: plugin-cache
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2

diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.23.1
+1.22.5
diff --git a/.release/linux/package/etc/boundary.d/worker.hcl b/.release/linux/package/etc/boundary.d/worker.hcl
@@ -13,7 +13,7 @@
 #   description = "A default worker created demonstration"
 
 #   # Workers must be able to reach controllers on :9201
-#   initial_upstreams = [
+#   controllers = [
 #     "10.0.0.1",
 #     "10.0.0.2",
 #     "10.0.0.3",

diff --git a/.semgrep/event-with-info-msg.yaml b/.semgrep/event-with-info-msg.yaml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,9 +4,6 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
 
 ## Next
 
-* Remove deprecated `controllers` field from the worker config, which was deprecated in 0.9.0 for
-`initial_upstreams`([PR](https://github.com/hashicorp/boundary/pull/5125))
-
 ## 0.17.2 (Unreleased)
 
 ### Changes
@@ -84,9 +81,6 @@ object store. There are two SBC types, managed secret and environmental.
   ([PR](https://github.com/hashicorp/boundary-ui/pull/2388))
 * ui: Add API tags support for workers and improve worker filtering for targets
   ([PR](https://github.com/hashicorp/boundary-ui/pull/2393))
-* Updated grpc to 1.61.1([PR](https://github.com/hashicorp/boundary/pull/4983))
-
-### Bug Fixes
 
 ## 0.16.2 (2024/06/10)
 

diff --git a/Makefile b/Makefile
@@ -37,7 +37,7 @@ golangci-lint:
 
 	if [ "$(GOLINT_INSTALLED)" = "" ]; then \
 		curl -sSfL \
-			https://raw.githubusercontent.com/golangci/golangci-lint/9a8a056e9fe49c0e9ed2287aedce1022c79a115b/install.sh | sh -s -- -b $(GO_PATH)/bin v1.60.3; \
+			https://raw.githubusercontent.com/golangci/golangci-lint/9a8a056e9fe49c0e9ed2287aedce1022c79a115b/install.sh | sh -s -- -b $(GO_PATH)/bin v1.55.2; \
 	fi;
 
 .PHONY: cleangen

diff --git a/api/client_test.go b/api/client_test.go
@@ -23,17 +23,11 @@ func TestConfigSetAddress(t *testing.T) {
 
 	tests := []test{
 		{
-			"ipv4",
+			"bare",
 			"http://127.0.0.1:9200",
 			"http://127.0.0.1:9200",
 			"",
 		},
-		{
-			"ipv6",
-			"http://[::1]:9200",
-			"http://[::1]:9200",
-			"",
-		},
 		{
 			"bare with version",
 			"http://127.0.0.1:9200/v1",

diff --git a/api/go.mod b/api/go.mod
@@ -1,6 +1,8 @@
 module github.com/hashicorp/boundary/api
 
-go 1.23.1
+go 1.21
+
+toolchain go1.21.5
 
 require (
 	github.com/hashicorp/boundary/sdk v0.0.48

diff --git a/api/proxy/proxy_test.go b/api/proxy/proxy_test.go
@@ -169,9 +169,6 @@ func testSessionAuth(t *testing.T) *targets.SessionAuthorizationData {
 			{
 				Address: "localhost:9202",
 			},
-			{
-				Address: "[::1]:9201",
-			},
 		},
 	}
 

diff --git a/enos/README.md b/enos/README.md
@@ -8,82 +8,67 @@ the results of the `build` workflow, scenarios are executable from a developer
 machine that has the requisite dependencies and configuration.
 
 Refer to the [enos documentation](https://github.com/hashicorp/Enos-Docs)
-for further information regarding installation, execution, or composing Enos scenarios.
-
-## Setup
-* Terraform >= 1.0
-* Vault >= 1.12.2
-* Enos >= v0.0.28
-* Doormat
-```shell
-brew tap hashicorp/tap
-brew install hashicorp/tap/vault
-brew install hashicorp/tap/terraform
-brew install hashicorp/tap/enos
-brew install coreutils
-
-# Install doormat cli
-brew tap hashicorp/security git@github.com:hashicorp/homebrew-security.git
-brew install hashicorp/security/doormat-cli
-```
+for further information regarding installation, execution or composing Enos scenarios.
 
+## Requirements
 * AWS access. HashiCorp Boundary developers should use Doormat.
+* Terraform >= 1.0
+* Enos >= v0.0.28 (`brew tap hashicorp/tap && brew update && brew install hashicorp/tap/enos`)
 * An SSH keypair in the AWS region you wish to run the scenario. You can use
   doormat to login to the AWS console to create or upload an existing keypair.
-```shell
-# Create a SSH Key Pair
-ssh-keygen -t ed25519 -C "your_email@example.com"
-
-# <https://doormat.hashicorp.services/>
-# Go to the console for the corresponding AWS account
-# Select the desired AWS region on the top-right
-# Go to EC2 -> Key Pairs -> Actions -> Import Key Pair -> Import public key file (.pub)
-# Note the name of the key pair
-```
-* Boundary CLI installed locally
+* Boundary installed locally. `make install` will put it in `$GOPATH/bin`, which
+  you can use with the `local_boundary_dir` variable, e.g.
+  `local_boundary_dir = /Users/<user>/.go/bin`.
 
-### Enos Variables
+## Scenarios Variables
 In CI, each scenario is executed via Github Actions and has been configured using
 environment variable inputs that follow the `ENOS_VAR_varname` pattern.
 
 For local execution you can specify all the required variables using environment
 variables, or you can update `enos.vars.hcl` with values and uncomment the lines.
 
+Variables that are required:
+- `aws_ssh_private_key_path`
+- `aws_ssh_keypair_name`
+- `enos_user`
+- `local_boundary_dir`
+
 If you want to use the `builder:crt` variant to simulate execution in CI you'll
 also need to specify `crt_bundle_path` to a local boundary install bundle.
 
-See [enos.vars.hcl](./enos.vars.hcl) for complete descriptions of each variable.
+If you want to modify which port the ALB listens on to proxy controller API
+requests, you can specify the `alb_listener_api_port`.
 
-You can either modify `enos.vars.hcl` directly or create your own copy at
-`enos-local.vars.hcl` which gets ignored by git.
+See [enos.vars.hcl](./enos.vars.hcl) for complete descriptions of each variable.
 
 ## Executing Scenarios
 From the `enos` directory:
 
 ```bash
-# List all available scenarios. Scenarios can be found in enos/enos-scenario*
+# list all available scenarios
 enos scenario list
-
-# Launch an individual scenario but leave infrastructure up after execution
-enos scenario launch e2e_aws builder:local
-
-# Explicitly destroy all existing infrastructure
-enos scenario destroy integration builder:local
+# run the cli_ui scenario with an artifact that is built locally. Make sure
+# the local machine has been configured for the cli_ui scenario as detailed in
+# the requirements section. This will execute the scenario and clean up any
+# resources if successful.
+enos scenario run integration builder:local test:cli_ui
+# launch an individual scenario but leave infrastructure up after execution
+enos scenario launch integration builder:local test:cli_ui
+# check an individual scenario for validity. This is useful during scenario
+# authoring and debugging.
+enos scenario validate integration builder:local test:cli_ui
+# if you've run the tests and need to outputs, such as the URL or credentials,
+# you can run the output command to see them. Please note that after "run" or
+# destroy there will be no "outputs" as the infrastructure will have been
+# destroyed.
+enos scenario output integration builder:local test:cli_ui
+# explicitly destroy all existing infrastructure
+enos scenario destroy integration builder:local test:cli_ui
 ```
 
 Refer to the [enos documentation](https://github.com/hashicorp/Enos-Docs)
 for further information regarding installation, execution or composing scenarios.
 
-To get information about the environment that was created...
-```shell
-# Scenarios that start with `e2e` can get environment information using a script. It can be helpful to set some aliases in your shell profile
-alias enosenv="source <(. ${BOUNDARY_REPO}/enos/scripts/test_e2e_env.sh); . ${BOUNDARY_REPO}/enos/scripts/test_e2e_env.sh"
-alias enosenvent="source <(. ${BOUNDARY_ENTEPRISE_REPO}/enos/scripts/test_e2e_env.sh); . ${BOUNDARY_ENTEPRISE_REPO}/enos/scripts/test_e2e_env.sh"
-
-# Some scenarios don't start with `e2e` can get environment information using an enos command
-enos scenario output hcp_session_recording builder:local
-```
-
 # Scenarios
 
 ## Infrastructure Integration
@@ -109,6 +94,22 @@ you could test that version against the cluster by setting `local_boundary_dir`
     The `builder:local` variant will build an install bundle as part of the
     scenario and copy it to each worker and controller node. This allows you
     to execute the scenario using an artifact of the current branch.
+  * `test:smoke`
+    The `test:smoke` variant runs a basic smoke test. It first provisions one
+    or more "target" nodes that don't have access on port 22. It then creates a
+    test catalog and host set and adds each of the "target" node(s) as
+    hosts/targets. It then SSH's to the target using `boundary` to verify that
+    it is able.
+  * `test:cli_ui`
+    The `test:cli_ui` variant creates implied dependencies for the Bats CLI UI tests
+    in the Boundary cluster and then executes the Bats CLI UI tests against it. This
+    scenario requires the machine executing `enos` to be configured for the Bats
+    tests as described in the Requirements section.
+
+## End-to-end tests
+
+Scenarios with `e2e_` invoke an end-to-end test suite written in Go. Different tests
+are invoked depending on the scenario.
 
 # CI Bootstrap
 In order to execute any of the scenarios in this repository, it is first necessary to bootstrap the

diff --git a/enos/ci/hcp-resources/.gitignore b/enos/ci/hcp-resources/.gitignore
diff --git a/enos/ci/hcp-resources/README.md b/enos/ci/hcp-resources/README.md