From 6bb86b63db2a30dd6863bba402308551b9d1d4a7 Mon Sep 17 00:00:00 2001 From: Alexander Sharov Date: Sat, 13 Jan 2024 19:59:09 +0100 Subject: [PATCH] feat: rename Vault to OpenBao --- .gitignore | 2 +- Dockerfile | 80 +++++++++---------- Makefile | 30 +++---- make.bat | 4 +- scripts/build.sh | 6 +- scripts/docker/Dockerfile | 2 +- scripts/docker/Dockerfile.ui | 2 +- .../secret/identity/oidc-provider.mdx | 2 +- 8 files changed, 64 insertions(+), 64 deletions(-) diff --git a/.gitignore b/.gitignore index c320896f86..b9c18be179 100644 --- a/.gitignore +++ b/.gitignore @@ -32,7 +32,7 @@ _testmain.go /http/web_ui/*.* /http/web_ui/**/*.* -# Vault-specific +# OpenBao-specific example.hcl example.vault.d diff --git a/Dockerfile b/Dockerfile index 18ad9efea3..8b4284835f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,8 +6,8 @@ FROM alpine:3.18 as default ARG BIN_NAME # NAME and PRODUCT_VERSION are the name of the software in releases.hashicorp.com -# and the version to download. Example: NAME=vault PRODUCT_VERSION=1.2.3. -ARG NAME=vault +# and the version to download. Example: NAME=openbao PRODUCT_VERSION=1.2.3. +ARG NAME=openbao ARG PRODUCT_VERSION ARG PRODUCT_REVISION # TARGETARCH and TARGETOS are set automatically when --platform is provided. @@ -15,14 +15,14 @@ ARG TARGETOS TARGETARCH # Additional metadata labels used by container registries, platforms # and certification scanners. -LABEL name="Vault" \ - maintainer="Vault Team " \ - vendor="HashiCorp" \ +LABEL name="OpenBao" \ + maintainer="OpenBao Team " \ + vendor="OpenBao" \ version=${PRODUCT_VERSION} \ release=${PRODUCT_REVISION} \ revision=${PRODUCT_REVISION} \ - summary="Vault is a tool for securely accessing secrets." \ - description="Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log." + summary="OpenBao is a tool for securely accessing secrets." \ + description="OpenBao is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. OpenBao provides a unified interface to any secret, while providing tight access control and recording a detailed audit log." COPY LICENSE /licenses/mozilla.txt @@ -42,28 +42,28 @@ COPY dist/$TARGETOS/$TARGETARCH/$BIN_NAME /bin/ # storage backend, if desired; the server will be started with /vault/config as # the configuration directory so you can add additional config files in that # location. -RUN mkdir -p /vault/logs && \ - mkdir -p /vault/file && \ - mkdir -p /vault/config && \ - chown -R ${NAME}:${NAME} /vault +RUN mkdir -p /openbao/logs && \ + mkdir -p /openbao/file && \ + mkdir -p /openbao/config && \ + chown -R ${NAME}:${NAME} /openbao # Expose the logs directory as a volume since there's potentially long-running # state in there -VOLUME /vault/logs +VOLUME /openbao/logs # Expose the file directory as a volume since there's potentially long-running # state in there -VOLUME /vault/file +VOLUME /openbao/file # 8200/tcp is the primary interface that applications use to interact with -# Vault. +# OpenBao. EXPOSE 8200 # The entry point script uses dumb-init as the top-level process to reap any -# zombie processes created by Vault sub-processes. +# zombie processes created by OpenBao sub-processes. # # For production derivatives of this container, you shoud add the IPC_LOCK -# capability so that Vault can mlock memory. +# capability so that OpenBao can mlock memory. COPY .release/docker/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh ENTRYPOINT ["docker-entrypoint.sh"] @@ -86,14 +86,14 @@ ARG TARGETOS TARGETARCH # Additional metadata labels used by container registries, platforms # and certification scanners. -LABEL name="Vault" \ - maintainer="Vault Team " \ - vendor="HashiCorp" \ +LABEL name="OpenBao" \ + maintainer="OpenBao Team " \ + vendor="OpenBao" \ version=${PRODUCT_VERSION} \ release=${PRODUCT_REVISION} \ revision=${PRODUCT_REVISION} \ - summary="Vault is a tool for securely accessing secrets." \ - description="Vault is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. Vault provides a unified interface to any secret, while providing tight access control and recording a detailed audit log." + summary="OpenBao is a tool for securely accessing secrets." \ + description="OpenBao is a tool for securely accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, and more. OpenBao provides a unified interface to any secret, while providing tight access control and recording a detailed audit log." COPY LICENSE /licenses/mozilla.txt @@ -101,18 +101,18 @@ COPY LICENSE /licenses/mozilla.txt ENV NAME=$NAME ENV VERSION=$VERSION -# Set up certificates, our base tools, and Vault. Unlike the other version of +# Set up certificates, our base tools, and OpenBao. Unlike the other version of # this (https://github.com/hashicorp/docker-vault/blob/master/ubi/Dockerfile), -# we copy in the Vault binary from CRT. +# we copy in the OpenBao binary from CRT. RUN set -eux; \ microdnf install -y ca-certificates gnupg openssl libcap tzdata procps shadow-utils util-linux # Create a non-root user to run the software. -RUN groupadd --gid 1000 vault && \ - adduser --uid 100 --system -g vault vault && \ - usermod -a -G root vault +RUN groupadd --gid 1000 openbao && \ + adduser --uid 100 --system -g openbao openbao && \ + usermod -a -G root openbao -# Copy in the new Vault from CRT pipeline, rather than fetching it from our +# Copy in the new OpenBao from CRT pipeline, rather than fetching it from our # public releases. COPY dist/$TARGETOS/$TARGETARCH/$BIN_NAME /bin/ @@ -121,37 +121,37 @@ COPY dist/$TARGETOS/$TARGETARCH/$BIN_NAME /bin/ # storage backend, if desired; the server will be started with /vault/config as # the configuration directory so you can add additional config files in that # location. -ENV HOME /home/vault -RUN mkdir -p /vault/logs && \ - mkdir -p /vault/file && \ - mkdir -p /vault/config && \ +ENV HOME /home/openbao +RUN mkdir -p /openbao/logs && \ + mkdir -p /openbao/file && \ + mkdir -p /openbao/config && \ mkdir -p $HOME && \ - chown -R vault /vault && chown -R vault $HOME && \ + chown -R openbao /openbao && chown -R openbao $HOME && \ chgrp -R 0 $HOME && chmod -R g+rwX $HOME && \ - chgrp -R 0 /vault && chmod -R g+rwX /vault + chgrp -R 0 /openbao && chmod -R g+rwX /openbao # Expose the logs directory as a volume since there's potentially long-running # state in there -VOLUME /vault/logs +VOLUME /openbao/logs # Expose the file directory as a volume since there's potentially long-running # state in there -VOLUME /vault/file +VOLUME /openbao/file # 8200/tcp is the primary interface that applications use to interact with -# Vault. +# OpenBao. EXPOSE 8200 # The entry point script uses dumb-init as the top-level process to reap any -# zombie processes created by Vault sub-processes. +# zombie processes created by OpenBao sub-processes. # # For production derivatives of this container, you shoud add the IPC_LOCK -# capability so that Vault can mlock memory. +# capability so that OpenBao can mlock memory. COPY .release/docker/ubi-docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh ENTRYPOINT ["docker-entrypoint.sh"] -# Use the Vault user as the default user for starting this container. -USER vault +# Use the OpenBao user as the default user for starting this container. +USER openbao # # By default you'll get a single-node development server that stores everything # # in RAM and bootstraps itself. Don't use this configuration for production. diff --git a/Makefile b/Makefile index eed53a4369..393b78631a 100644 --- a/Makefile +++ b/Makefile @@ -28,21 +28,21 @@ endif default: dev -# bin generates the releasable binaries for Vault +# bin generates the releasable binaries for OpenBao bin: prep @CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS) ui' sh -c "'$(CURDIR)/scripts/build.sh'" -# dev creates binaries for testing Vault locally. These are put +# dev creates binaries for testing OpenBao locally. These are put # into ./bin/ as well as $GOPATH/bin dev: BUILD_TAGS+=testonly dev: prep - @CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'" + @CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS)' OPENBAO_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'" dev-ui: BUILD_TAGS+=testonly dev-ui: assetcheck prep - @CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS) ui' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'" + @CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS) ui' OPENBAO_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'" dev-dynamic: BUILD_TAGS+=testonly dev-dynamic: prep - @CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'" + @CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' OPENBAO_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'" # *-mem variants will enable memory profiling which will write snapshots of heap usage # to $TMP/vaultprof every 5 minutes. These can be analyzed using `$ go tool pprof `. @@ -55,14 +55,14 @@ dev-dynamic-mem: BUILD_TAGS+=memprofiler dev-dynamic-mem: dev-dynamic # Creates a Docker image by adding the compiled linux/amd64 binary found in ./bin. -# The resulting image is tagged "vault:dev". +# The resulting image is tagged "openbao:dev". docker-dev: BUILD_TAGS+=testonly docker-dev: prep - docker build --build-arg VERSION=$(GO_VERSION_MIN) --build-arg BUILD_TAGS="$(BUILD_TAGS)" -f scripts/docker/Dockerfile -t vault:dev . + docker build --build-arg VERSION=$(GO_VERSION_MIN) --build-arg BUILD_TAGS="$(BUILD_TAGS)" -f scripts/docker/Dockerfile -t openbao:dev . docker-dev-ui: BUILD_TAGS+=testonly docker-dev-ui: prep - docker build --build-arg VERSION=$(GO_VERSION_MIN) --build-arg BUILD_TAGS="$(BUILD_TAGS)" -f scripts/docker/Dockerfile.ui -t vault:dev-ui . + docker build --build-arg VERSION=$(GO_VERSION_MIN) --build-arg BUILD_TAGS="$(BUILD_TAGS)" -f scripts/docker/Dockerfile.ui -t openbao:dev-ui . # test runs the unit tests and vets the code test: BUILD_TAGS+=testonly @@ -176,9 +176,9 @@ bootstrap: ci-bootstrap go generate -tags tools tools/tools.go # Note: if you have plugins in GOPATH you can update all of them via something like: -# for i in $(ls | grep vault-plugin-); do cd $i; git remote update; git reset --hard origin/master; dep ensure -update; git add .; git commit; git push; cd ..; done +# for i in $(ls | grep openbao-plugin-); do cd $i; git remote update; git reset --hard origin/master; dep ensure -update; git add .; git commit; git push; cd ..; done update-plugins: - grep vault-plugin- go.mod | cut -d ' ' -f 1 | while read -r P; do echo "Updating $P..."; go get -v "$P"; done + grep openbao-plugin- go.mod | cut -d ' ' -f 1 | while read -r P; do echo "Updating $P..."; go get -v "$P"; done static-assets-dir: @mkdir -p ./http/web_ui @@ -195,10 +195,10 @@ test-ember-enos: install-ui-dependencies @echo "--> Running ember tests with a real backend" @cd ui && yarn run test:enos -check-vault-in-path: - @VAULT_BIN=$$(command -v vault) || { echo "vault command not found"; exit 1; }; \ - [ -x "$$VAULT_BIN" ] || { echo "$$VAULT_BIN not executable"; exit 1; }; \ - printf "Using Vault at %s:\n\$$ vault version\n%s\n" "$$VAULT_BIN" "$$(vault version)" +check-openbao-in-path: + @OPENBAO_BIN=$$(command -v openbao) || { echo "openbao command not found"; exit 1; }; \ + [ -x "$$OPENBAO_BIN" ] || { echo "$$OPENBAO_BIN not executable"; exit 1; }; \ + printf "Using OpenBao at %s:\n\$$ openbao version\n%s\n" "$$OPENBAO_BIN" "$$(openbao version)" ember-dist: install-ui-dependencies @cd ui && npm rebuild node-sass @@ -286,7 +286,7 @@ hana-database-plugin: mongodb-database-plugin: @CGO_ENABLED=0 $(GO_CMD) build -o bin/mongodb-database-plugin ./plugins/database/mongodb/mongodb-database-plugin -.PHONY: bin default prep test vet bootstrap ci-bootstrap fmt fmtcheck mysql-database-plugin mysql-legacy-database-plugin cassandra-database-plugin influxdb-database-plugin postgresql-database-plugin mssql-database-plugin hana-database-plugin mongodb-database-plugin ember-dist ember-dist-dev static-dist static-dist-dev assetcheck check-vault-in-path packages build build-ci semgrep semgrep-ci vet-godoctests ci-vet-godoctests +.PHONY: bin default prep test vet bootstrap ci-bootstrap fmt fmtcheck mysql-database-plugin mysql-legacy-database-plugin cassandra-database-plugin influxdb-database-plugin postgresql-database-plugin mssql-database-plugin hana-database-plugin mongodb-database-plugin ember-dist ember-dist-dev static-dist static-dist-dev assetcheck check-openbao-in-path packages build build-ci semgrep semgrep-ci vet-godoctests ci-vet-godoctests .NOTPARALLEL: ember-dist ember-dist-dev diff --git a/make.bat b/make.bat index ca3238bc12..dcfcaa00a0 100644 --- a/make.bat +++ b/make.bat @@ -13,7 +13,7 @@ REM Run target. for %%a in (%_TARGETS%) do (if x%1==x%%a goto %%a) goto usage -REM bin generates the releasable binaries for Vault +REM bin generates the releasable binaries for OpenBao :bin call :generate call .\scripts\windows\build.bat "%CD%" @@ -24,7 +24,7 @@ REM bootstrap downloads required build tools for %%t in (%_EXTERNAL_TOOLS%) do (go get -u -v %%t) goto :eof -REM dev creates binaries for testing Vault locally. These are put +REM dev creates binaries for testing OpenBao locally. These are put REM into ./bin/ as well as %GOPATH%/bin :dev call :generate diff --git a/scripts/build.sh b/scripts/build.sh index a3b1dfdcdf..382a75606f 100755 --- a/scripts/build.sh +++ b/scripts/build.sh @@ -18,7 +18,7 @@ DIR="$( cd -P "$SOURCE_DIR/.." && pwd )" cd "$DIR" # Set build tags -BUILD_TAGS="${BUILD_TAGS:-"vault"}" +BUILD_TAGS="${BUILD_TAGS:-"openbao"}" # Get the git commit GIT_COMMIT="$("$SOURCE_DIR"/ci-helper.sh revision)" @@ -55,8 +55,8 @@ IFS=$OLDIFS # Ensure the go bin folder exists mkdir -p ${BIN_PATH} -rm -f ${BIN_PATH}/vault -cp bin/vault ${BIN_PATH} +rm -f ${BIN_PATH}/openbao +cp bin/openbao ${BIN_PATH} # Done! echo diff --git a/scripts/docker/Dockerfile b/scripts/docker/Dockerfile index 98dc94df86..ccebc4b435 100644 --- a/scripts/docker/Dockerfile +++ b/scripts/docker/Dockerfile @@ -14,7 +14,7 @@ WORKDIR /go/src/github.com/hashicorp/vault COPY . . RUN make bootstrap \ - && CGO_ENABLED=$CGO_ENABLED BUILD_TAGS="${BUILD_TAGS}" VAULT_DEV_BUILD=1 sh -c "'./scripts/build.sh'" + && CGO_ENABLED=$CGO_ENABLED BUILD_TAGS="${BUILD_TAGS}" OPENBAO_DEV_BUILD=1 sh -c "'./scripts/build.sh'" # Docker Image diff --git a/scripts/docker/Dockerfile.ui b/scripts/docker/Dockerfile.ui index 312b842fcc..42cf7e00ab 100644 --- a/scripts/docker/Dockerfile.ui +++ b/scripts/docker/Dockerfile.ui @@ -37,7 +37,7 @@ ENV PATH $GOROOT/bin:$GOPATH/bin:$PATH WORKDIR /go/src/github.com/hashicorp/vault COPY . . RUN make bootstrap static-dist \ - && CGO_ENABLED=$CGO_ENABLED BUILD_TAGS="${BUILD_TAGS} ui" VAULT_DEV_BUILD=1 GOOS=linux GOARCH=amd64 sh -c "'./scripts/build.sh'" + && CGO_ENABLED=$CGO_ENABLED BUILD_TAGS="${BUILD_TAGS} ui" OPENBAO_DEV_BUILD=1 GOOS=linux GOARCH=amd64 sh -c "'./scripts/build.sh'" # Docker Image diff --git a/website/content/api-docs/secret/identity/oidc-provider.mdx b/website/content/api-docs/secret/identity/oidc-provider.mdx index 1e7b3eb138..24ee3b8761 100644 --- a/website/content/api-docs/secret/identity/oidc-provider.mdx +++ b/website/content/api-docs/secret/identity/oidc-provider.mdx @@ -795,7 +795,7 @@ Resource that returns Claims about the authenticated End-User. ### Parameters -- `name` `(string: )` - The name of the provider. This parameter is +- `name` `(stri§ng: )` - The name of the provider. This parameter is specified as part of the URL. ### Headers