Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stop using deprecated hashicorp/vault/api RawRequest functions #6601

Merged
merged 5 commits into from
Jan 9, 2024
Merged

Stop using deprecated hashicorp/vault/api RawRequest functions #6601

merged 5 commits into from
Jan 9, 2024

Conversation

wallrj
Copy link
Member

@wallrj wallrj commented Jan 4, 2024
edited

Fixed the following staticcheck warnings:

SA1019: v.client.RawRequest is deprecated: RawRequest exists for historical compatibility and should not be used directly. Use client.Logical().ReadRaw(...) or higher level methods instead.

The RawRequest function was deprecated in:

So in this PR I've unhidden the deprecation warning and updated the E2E test code to use https://github.com/hashicorp/vault-client-go instead of the vault/api module.

Testing

I ran the Vault E2E tests locally as follows:

kind create cluster
cmctl x install 
make e2e-build
_bin/test/e2e.test  --repo-root=/dev/null --ginkgo.focus="Vault" --ginkgo.skip="Gateway"
Running Suite: cert-manager e2e suite - /home/richard/projects/cert-manager/cert-manager
========================================================================================
Random Seed: 1704812813

Will run 166 of 791 specs
"hashicorp" already exists with the same configuration, skipping
Release "chart-vault-vault" does not exist. Installing it now.
NAME: chart-vault-vault
LAST DEPLOYED: Tue Jan  9 15:06:54 2024
NAMESPACE: e2e-vault
STATUS: deployed
REVISION: 1
NOTES:
Thank you for installing HashiCorp Vault!

Now that you have deployed Vault, you should look over the docs on using
Vault with Kubernetes available here:

https://www.vaultproject.io/docs/


Your release is named chart-vault-vault. To learn more about the release, try:

  $ helm status chart-vault-vault
  $ helm get manifest chart-vault-vault
S•••SS•••••••••[controller-runtime] log.SetLogger(...) was never called; logs will not be displayed.
Detected at:
        >  goroutine 847 [running]:
        >  runtime/debug.Stack()
        >       runtime/debug/stack.go:24 +0x5e
        >  sigs.k8s.io/controller-runtime/pkg/log.eventuallyFulfillRoot()
        >       sigs.k8s.io/controller-runtime@v0.16.3/pkg/log/log.go:60 +0xcd
        >  sigs.k8s.io/controller-runtime/pkg/log.(*delegatingLogSink).WithName(0xc000250540, {0x1dfe938, 0x14})
        >       sigs.k8s.io/controller-runtime@v0.16.3/pkg/log/deleg.go:147 +0x45
        >  github.com/go-logr/logr.Logger.WithName({{0x20c9f50, 0xc000250540}, 0x0}, {0x1dfe938?, 0xc001e51d98?})
        >       github.com/go-logr/logr@v1.4.1/logr.go:345 +0x3d
        >  sigs.k8s.io/controller-runtime/pkg/client.newClient(0x0?, {0x0, 0xc000252850, {0x0, 0x0}, 0x0, {0x0, 0x0}, 0x0})
        >       sigs.k8s.io/controller-runtime@v0.16.3/pkg/client/client.go:122 +0xec
        >  sigs.k8s.io/controller-runtime/pkg/client.New(0x1e189b7?, {0x0, 0xc000252850, {0x0, 0x0}, 0x0, {0x0, 0x0}, 0x0})
        >       sigs.k8s.io/controller-runtime@v0.16.3/pkg/client/client.go:103 +0x7d
        >  github.com/cert-manager/cert-manager/e2e-tests/framework.(*Framework).BeforeEach(0xc000340370)
        >       github.com/cert-manager/cert-manager/e2e-tests/framework/framework.go:141 +0x34c
        >  github.com/onsi/ginkgo/v2/internal.extractBodyFunction.func3({0xa03c88, 0xc002196180})
        >       github.com/onsi/ginkgo/v2@v2.13.0/internal/node.go:463 +0x13
        >  github.com/onsi/ginkgo/v2/internal.(*Suite).runNode.func3()
        >       github.com/onsi/ginkgo/v2@v2.13.0/internal/suite.go:889 +0x8d
        >  created by github.com/onsi/ginkgo/v2/internal.(*Suite).runNode in goroutine 23
        >       github.com/onsi/ginkgo/v2@v2.13.0/internal/suite.go:876 +0xd7b
•••S••W0109 15:07:35.390326  286984 warnings.go:70] tls: failed to find any PEM data in certificate input
•S•••SS••••••••••••S••W0109 15:08:10.892343  286984 warnings.go:70] tls: failed to find any PEM data in certificate input
•SSSSSSSSSSSS•••••SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS•••••SSS••••••••••SSSSSSSSSSSSSSSSSSSSSSSSSSS
•••••SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS••••••••••SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSS•••••SSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSSproxy logs:


Ran 76 of 791 Specs in 149.628 seconds
SUCCESS! -- 76 Passed | 0 Failed | 0 Pending | 715 Skipped
PASS

/kind cleanup

NONE

@jetstack-bot jetstack-bot added release-note-none Denotes a PR that doesn't merit a release note. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. area/testing Issues relating to testing needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Jan 4, 2024
@wallrj wallrj force-pushed the deprecations-4 branch 2 times, most recently from da2b78c to 5d5cab7 Compare January 9, 2024 11:29
@wallrj
Unhide hashicorp/vault/api RawRequest deprecations
88adf38 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
@wallrj wallrj force-pushed the deprecations-4 branch 2 times, most recently from 1c97e88 to 5074209 Compare January 9, 2024 12:17
@jetstack-bot jetstack-bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jan 9, 2024
@wallrj
Use vault-client-go instead
3f75290 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
@jetstack-bot jetstack-bot added the area/acme Indicates a PR directly modifies the ACME Issuer code label Jan 9, 2024
wallrj
wallrj commented Jan 9, 2024
View reviewed changes
test/e2e/framework/addon/vault/setup.go
secretId, err := v.callVault("POST", url, "secret_id", map[string]string{})
// TODO: Should use Auth.AppRoleWriteSecretId instead of raw write here,
// but it's currently broken. See:
// https://github.com/hashicorp/vault-client-go/issues/249
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wallrj wallrj changed the title WIP: Stop using deprecated hashicorp/vault/api RawRequest functions Stop using deprecated hashicorp/vault/api RawRequest functions Jan 9, 2024
@jetstack-bot jetstack-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jan 9, 2024
wallrj
wallrj commented Jan 9, 2024
View reviewed changes
test/e2e/framework/addon/vault/setup.go
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These are the all important changes but GitHub seems to be folding them. Unfold this file when reviewing.

wallrj
wallrj commented Jan 9, 2024
View reviewed changes
test/e2e/framework/addon/vault/setup.go
Comment on lines 374 to -385
// # read the secret-id
url = path.Join(baseUrl, "secret-id")
secretId, err := v.callVault("POST", url, "secret_id", map[string]string{})
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Notice that the original comment is misleading. These lines are writing (POSTing) to the secret-id endpoint.

Copy link
Member

@maelvls maelvls Jan 9, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah, good catch. Vault seems to use POST-as-GET, it seems that's what is going on here. Maybe the comment should say:

// # read the secret-id (POST-as-GET)

Note that the error message just below also refers to "reading":

fmt.Errorf("error reading secret_id: %s", ...)

@wallrj wallrj requested a review from maelvls January 9, 2024 13:49
@wallrj
make update-licenses
a2b5ef4 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
@wallrj
Revert bae2682
bbb511d 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
wallrj
wallrj commented Jan 9, 2024
View reviewed changes
LICENSES Outdated Show resolved Hide resolved
@wallrj wallrj mentioned this pull request Jan 9, 2024
Open
@wallrj
Work around bugs in vault-client-sdk
38288e5 
Signed-off-by: Richard Wall <richard.wall@venafi.com>
wallrj
wallrj commented Jan 9, 2024
View reviewed changes
test/e2e/framework/addon/vault/setup.go
ctx := context.Background()
// TODO: Should use Secrets.PkiWriteRole here,
// but it is broken. See:
// https://github.com/hashicorp/vault-client-go/issues/195
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@maelvls
Copy link
Member

maelvls commented Jan 9, 2024

hey, I went thought the changes, I didn't spot anything strange. I haven't performed ad-hoc tests, nor did I run the end-to-end tests locally, I am confident CI will have caught anything off (I hope).

It must have taken some work to get there! Great work, I appreciate the self-review and the comments you added in code.

/lgtm
/approve

@jetstack-bot jetstack-bot added the lgtm Indicates that a PR is ready to be merged. label Jan 9, 2024
@jetstack-bot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: maelvls

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jetstack-bot jetstack-bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 9, 2024
@jetstack-bot jetstack-bot merged commit dd5f585 into cert-manager:master Jan 9, 2024
8 checks passed
@wallrj wallrj deleted the deprecations-4 branch January 9, 2024 16:34
This was referenced Jan 11, 2024
Merged
Merged
@JaniAnttonen JaniAnttonen mentioned this pull request Apr 12, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@inteon inteon inteon left review comments

@maelvls maelvls Awaiting requested review from maelvls

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/acme Indicates a PR directly modifies the ACME Issuer code area/testing Issues relating to testing dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@wallrj @maelvls @jetstack-bot @inteon