Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix UBI setting environment variable #15438

Merged
merged 1 commit into from
May 17, 2022
Merged

Fix UBI setting environment variable #15438

merged 1 commit into from
May 17, 2022

Conversation

cipherboy
Copy link
Contributor

The VAULT_DISABLE_FILE_PERMISSIONS_CHECK presently only takes the value true and doesn't use ParseBool; change the behavior to match most other environment variables (since it is new), but also update the UBI image to use the literal true.

@akshya96 If this will be reverted, I'm happy to remove the updates to the config. But since its still here, I figured I'd aim for consistency. I think, if you wanted to avoid a complete revert and allow users to manually enable the feature, you could update this new code to just set skipCheckPermissions := true by default and then just update the docs.

My 2c.

@cipherboy cipherboy added core Issues and Pull-Requests specific to Vault Core release/build pr/no-changelog labels May 16, 2022
@cipherboy cipherboy added this to the 1.11.0-rc1 milestone May 16, 2022
@cipherboy cipherboy requested review from tvoran and akshya96 May 16, 2022 15:12
tvoran
tvoran approved these changes May 16, 2022
View reviewed changes
Copy link
Member

@tvoran tvoran left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The entrypoint change looks good to me.

@cipherboy
Fix value of VAULT_DISABLE_FILE_PERMISSIONS_CHECK
b4ad204 
This variable doesn't use ParseBool and thus strictly requires "true" as
the value.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy removed the request for review from akshya96 May 17, 2022 13:16
@cipherboy
Copy link
Contributor Author

@akshya96 I dropped the second change; will merge this without the changes to the config var as I see you've done that in another PR.

@cipherboy cipherboy force-pushed the cipherboy-fix-env-var branch from 68bfde6 to b4ad204 Compare May 17, 2022 13:17
@cipherboy cipherboy merged commit bddfb9d into main May 17, 2022
@cipherboy cipherboy mentioned this pull request May 17, 2022
Merged
@cipherboy cipherboy deleted the cipherboy-fix-env-var branch May 17, 2022 14:33
cipherboy added a commit that referenced this pull request May 31, 2022
@cipherboy
Fix value of VAULT_DISABLE_FILE_PERMISSIONS_CHECK (#15438)
d0906b2 
This variable doesn't use ParseBool and thus strictly requires "true" as
the value.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy mentioned this pull request May 31, 2022
Merged
cipherboy added a commit that referenced this pull request May 31, 2022
@cipherboy
Fix value of VAULT_DISABLE_FILE_PERMISSIONS_CHECK (#15438)
69f9ae2 
This variable doesn't use ParseBool and thus strictly requires "true" as
the value.

Signed-off-by: Alexander Scheel <[email protected]>
@cipherboy cipherboy mentioned this pull request May 31, 2022
Merged
cipherboy added a commit that referenced this pull request May 31, 2022
@cipherboy @samsalisbury @tvoran
Backport CRT UBI onboarding to 1.9.x (#15710)
ee2f226 
* UBI Containerfile - CRT Enablement  (#15272)

* Copy UBI Dockerfile into Vault

This Dockerfile was modeled off of the existing Alpine Dockerfile (in
this repo) and the external Dockerfile from the docker-vault repo:

> https://github.com/hashicorp/docker-vault/blob/master/ubi/Dockerfile

We also import the UBI-specific docker-entrypoint.sh, as certain
RHEL/Alpine changes (like interpreter) require a separate entry script.

Signed-off-by: Alexander Scheel <[email protected]>

* Add UBI build to CRT pipeline

Also adds workflow_dispatch to the CRT pipeline, to allow manually
triggering CRT from PRs, when desired.

Signed-off-by: Alexander Scheel <[email protected]>

* Update Dockerfile

Co-authored-by: Sam Salisbury <[email protected]>

* Update Dockerfile

Co-authored-by: Sam Salisbury <[email protected]>

* Update Dockerfile

Co-authored-by: Sam Salisbury <[email protected]>

* Update Dockerfile

* Update Dockerfile

* Update build.yml

Allow for both push to arbitrary branch plus workflow dispatch, per Newsletter article.

------

Also pulls in changes from 0ee2ac3 as
this wasn't backported.

------

Co-authored-by: Sam Salisbury <[email protected]>

* Set HOME=/home/vault in UBI Dockerfile (#15439)

Signed-off-by: Alexander Scheel <[email protected]>

* Fix ubi-docker-entrypoint.sh->docker-entrypoint.sh (#15443)

It is believed to break the helm chart; see also:

#15272 (comment)

Signed-off-by: Alexander Scheel <[email protected]>

* Fix value of VAULT_DISABLE_FILE_PERMISSIONS_CHECK (#15438)

This variable doesn't use ParseBool and thus strictly requires "true" as
the value.

Signed-off-by: Alexander Scheel <[email protected]>

* Update Dockerfile

Co-authored-by: Theron Voran <[email protected]>

Co-authored-by: Sam Salisbury <[email protected]>
Co-authored-by: Theron Voran <[email protected]>
cipherboy added a commit that referenced this pull request May 31, 2022
@cipherboy @samsalisbury @tvoran
Backport CRT UBI onboarding to 1.10.x (#15709)
3a16675 
* UBI Containerfile - CRT Enablement  (#15272)

* Copy UBI Dockerfile into Vault

This Dockerfile was modeled off of the existing Alpine Dockerfile (in
this repo) and the external Dockerfile from the docker-vault repo:

> https://github.com/hashicorp/docker-vault/blob/master/ubi/Dockerfile

We also import the UBI-specific docker-entrypoint.sh, as certain
RHEL/Alpine changes (like interpreter) require a separate entry script.

Signed-off-by: Alexander Scheel <[email protected]>

* Add UBI build to CRT pipeline

Also adds workflow_dispatch to the CRT pipeline, to allow manually
triggering CRT from PRs, when desired.

Signed-off-by: Alexander Scheel <[email protected]>

* Update Dockerfile

Co-authored-by: Sam Salisbury <[email protected]>

* Update Dockerfile

Co-authored-by: Sam Salisbury <[email protected]>

* Update Dockerfile

Co-authored-by: Sam Salisbury <[email protected]>

* Update Dockerfile

* Update Dockerfile

* Update build.yml

Allow for both push to arbitrary branch plus workflow dispatch, per Newsletter article.

------

Also pulls in changes from 0ee2ac3 as
this wasn't backported.

------

Co-authored-by: Sam Salisbury <[email protected]>

* Set HOME=/home/vault in UBI Dockerfile (#15439)

Signed-off-by: Alexander Scheel <[email protected]>

* Fix ubi-docker-entrypoint.sh->docker-entrypoint.sh (#15443)

It is believed to break the helm chart; see also:

#15272 (comment)

Signed-off-by: Alexander Scheel <[email protected]>

* Fix value of VAULT_DISABLE_FILE_PERMISSIONS_CHECK (#15438)

This variable doesn't use ParseBool and thus strictly requires "true" as
the value.

Signed-off-by: Alexander Scheel <[email protected]>

* Update Dockerfile

Co-authored-by: Theron Voran <[email protected]>

Co-authored-by: Sam Salisbury <[email protected]>
Co-authored-by: Theron Voran <[email protected]>
Gabrielopesantos pushed a commit to Gabrielopesantos/vault that referenced this pull request Jun 6, 2022
@cipherboy @Gabrielopesantos
Fix value of VAULT_DISABLE_FILE_PERMISSIONS_CHECK (hashicorp#15438)
c7ecd11 
This variable doesn't use ParseBool and thus strictly requires "true" as
the value.

Signed-off-by: Alexander Scheel <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tvoran tvoran tvoran approved these changes

Assignees
No one assigned
Labels
core Issues and Pull-Requests specific to Vault Core pr/no-changelog release/build
Projects
None yet
Milestone
1.11.0-rc1
Development

Successfully merging this pull request may close these issues.
2 participants
@cipherboy @tvoran