Compare revisions

Renovate Bot · Chukwuka Akagbusi · Chukwuka Akagbusi · Chukwuka Akagbusi · Chukwuka Akagbusi · Chukwuka Akagbusi
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,13 +3,14 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ---
-## [0.29.0-bb.1] - 2024-12-04
+
+## [0.29.1-bb.0] - 2024-12-04

 ### Changed

- Updated minio-instance from 6.0.4-bb.2 -> 6.0.4-bb.3
- Updated gluon to 0.5.12
- Added missing label for app.kubernetes.io/version
+- Updated gluon 0.5.10 -> 0.5.12
+- Updated registry1.dso.mil/ironbank/hashicorp/vault (source) 1.18.1 -> 1.18.2
+- Updated minio-instance from 6.0.3-bb.2 -> 6.0.4-bb.2

 ## [0.29.0-bb.0] - 2024-11-12


--- a/README.md
+++ b/README.md
 <!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
 # vault

+<<<<<<< HEAD
+![Version: 0.29.1-bb.0](https://img.shields.io/badge/Version-0.29.1--bb.0-informational?style=flat-square) ![AppVersion: 1.18.2](https://img.shields.io/badge/AppVersion-1.18.2-informational?style=flat-square) ![Maintenance Track: bb_integrated](https://img.shields.io/badge/Maintenance_Track-bb_integrated-green?style=flat-square)
+=======
 ![Version: 0.29.0-bb.1](https://img.shields.io/badge/Version-0.29.0--bb.1-informational?style=flat-square) ![AppVersion: 1.18.1](https://img.shields.io/badge/AppVersion-1.18.1-informational?style=flat-square) ![Maintenance Track: bb_integrated](https://img.shields.io/badge/Maintenance_Track-bb_integrated-green?style=flat-square)
+>>>>>>> origin/main

 Official HashiCorp Vault Chart

@@ -73,7 +77,7 @@ helm install vault chart/
 | injector.image.tag | string | `"v1.5.0"` |  |
 | injector.image.pullPolicy | string | `"IfNotPresent"` |  |
 | injector.agentImage.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` |  |
-| injector.agentImage.tag | string | `"1.18.1"` |  |
+| injector.agentImage.tag | string | `"1.18.2"` |  |
 | injector.agentDefaults.cpuLimit | string | `"500m"` |  |
 | injector.agentDefaults.cpuRequest | string | `"500m"` |  |
 | injector.agentDefaults.memLimit | string | `"250Mi"` |  |
@@ -143,7 +147,7 @@ helm install vault chart/
 | server.enterpriseLicense.secretName | string | `""` |  |
 | server.enterpriseLicense.secretKey | string | `"license"` |  |
 | server.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` |  |
-| server.image.tag | string | `"1.18.1"` |  |
+| server.image.tag | string | `"1.18.2"` |  |
 | server.image.pullPolicy | string | `"IfNotPresent"` |  |
 | server.updateStrategyType | string | `"OnDelete"` |  |
 | server.logLevel | string | `""` |  |
@@ -307,7 +311,7 @@ helm install vault chart/
 | csi.agent.enabled | bool | `true` |  |
 | csi.agent.extraArgs | list | `[]` |  |
 | csi.agent.image.repository | string | `"registry1.dso.mil/ironbank/hashicorp/vault"` |  |
-| csi.agent.image.tag | string | `"1.18.1"` |  |
+| csi.agent.image.tag | string | `"1.18.2"` |  |
 | csi.agent.image.pullPolicy | string | `"IfNotPresent"` |  |
 | csi.agent.logFormat | string | `"standard"` |  |
 | csi.agent.logLevel | string | `"info"` |  |

--- a/chart/.github/workflows/acceptance.yaml
+++ b/chart/.github/workflows/acceptance.yaml
@@ -8,10 +8,11 @@ jobs:
      fail-fast: false
      matrix:
        kind-k8s-version:
-          - 1.31.1
-          - 1.30.4
-          - 1.29.8
-          - 1.28.13
+          - 1.31.2
+          - 1.30.6
+          - 1.29.10
+          - 1.28.15
+          - 1.27.16
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -22,7 +23,7 @@ jobs:
        with:
          config: test/kind/config.yaml
          node_image: kindest/node:v${{ matrix.kind-k8s-version }}
-          version: v0.24.0
+          version: v0.25.0
      - run: bats --tap --timing ./test/acceptance
        env:
          VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }}
--- a/chart/.github/workflows/tests.yaml
+++ b/chart/.github/workflows/tests.yaml
@@ -20,6 +20,6 @@ jobs:
        uses: ./.github/actions/setup-test-tools
      - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
        with:
-          go-version: '1.22.8'
+          go-version: '1.22.9'
      - run: go install "github.com/redhat-certification/chart-verifier@${CHART_VERIFIER_VERSION}"
      - run: bats --tap --timing ./test/chart
--- a/chart/CHANGELOG.md
+++ b/chart/CHANGELOG.md
 ## Unreleased

+## 0.29.1 (November 20, 2024)
+
+Bugs:
+* server: restore support for templated config [GH-1073](https://github.com/hashicorp/vault-helm/pull/1073)
+
 ## 0.29.0 (November 7, 2024)

+KNOWN ISSUES:
+* Template support in server config stopped working [GH-1072](https://github.com/hashicorp/vault-helm/issues/1072)
+
 Changes:

 * Default `vault` version updated to 1.18.1
 * Default `vault-k8s` version updated to 1.5.0
 * Default `vault-csi-provider` version updated to 1.5.0
-* Tested with Kubernetes versions 1.28-1.31
+* Tested with Kubernetes versions 1.27-1.31

 Features:


--- a/chart/Chart.lock
+++ b/chart/Chart.lock
@@ -5,5 +5,5 @@ dependencies:
 - name: gluon
  repository: oci://registry1.dso.mil/bigbang
  version: 0.5.12
-digest: sha256:b6eb8c18df10da0146d037ce426a5916a0f62f3c046f3a8aa0cda17ac3fe1026
-generated: "2024-12-04T07:27:06.99039-06:00"
+digest: sha256:105624a776675e7156624fe31b0c426acfa78eadcfbdc4ebf77fbffa76f5d88a
+generated: "2024-11-26T07:19:56.76797824Z"
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 apiVersion: v2
 name: vault
-version: '0.29.0-bb.1'
-appVersion: 1.18.1
+version: '0.29.1-bb.0'
+appVersion: 1.18.2
 kubeVersion: ">= 1.20.0-0"
 description: Official HashiCorp Vault Chart
 home: https://www.vaultproject.io
@@ -33,10 +33,10 @@ dependencies:
 annotations:
  bigbang.dev/maintenanceTrack: bb_integrated
  bigbang.dev/applicationVersions: |
-    - Vault: 1.18.1
+    - Vault: 1.18.2
  helm.sh/images: |
    - name: vault
-      image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.1
+      image: registry1.dso.mil/ironbank/hashicorp/vault:1.18.2
    - name: vault-k8s
      image: registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s:v1.5.0
    - name: vault-csi-provider

--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
 upstream:
  type: git
  git:
-    commit: deb58795634ca2e073a00c757dad51b6e3c9fffc
+    commit: 272d04ee17098aae908364d331bd8c99118e0c5e
    repo: https://github.com/hashicorp/vault-helm
    directory: /
-    ref: v0.29.0
+    ref: v0.29.1
--- a/chart/Makefile
+++ b/chart/Makefile
@@ -14,7 +14,7 @@ LOCAL_ACCEPTANCE_TESTS?=false
 KIND_CLUSTER_NAME?=vault-helm

 # kind k8s version
-KIND_K8S_VERSION?=v1.31.1
+KIND_K8S_VERSION?=v1.31.2

 # Generate json schema for chart values. See test/README.md for more details.
 values-schema:

--- a/chart/README.md
+++ b/chart/README.md
@@ -21,7 +21,7 @@ this README. Please refer to the Kubernetes and Helm documentation.
 The versions required are:

  * **Helm 3.6+**
-  * **Kubernetes 1.28+** - This is the earliest version of Kubernetes tested.
+  * **Kubernetes 1.27+** - This is the earliest version of Kubernetes tested.
    It is possible that this chart works with earlier versions but it is
    untested.


--- a/chart/test/unit/server-configmap.bats
+++ b/chart/test/unit/server-configmap.bats
@@ -57,6 +57,35 @@ load _helpers
  [ "${actual}" = "true" ]
 }

+@test "server/ConfigMap: raft config templated not JSON" {
+  cd `chart_dir`
+  local actual
+  actual=$(helm template \
+      --show-only templates/server-config-configmap.yaml \
+      --set 'server.ha.enabled=true' \
+      --set 'server.ha.raft.enabled=true' \
+      --set "server.ha.raft.config=hello = {{ .Chart.Name }}" \
+      . | tee /dev/stderr |
+      yq '.data' | tee /dev/stderr)
+  local check=$(echo "${actual}" | \
+    yq '."extraconfig-from-values.hcl" == "hello = vault\ndisable_mlock = true"')
+  [ "${check}" = "true" ]
+}
+
+@test "server/ConfigMap: raft config templated JSON" {
+  cd `chart_dir`
+  local actual
+  actual=$(helm template \
+      --show-only templates/server-config-configmap.yaml \
+      --set 'server.ha.enabled=true' \
+      --set 'server.ha.raft.enabled=true' \
+      --set "server.ha.raft.config=\{\"hello\": \"{{ .Chart.Name }}\"\}" \
+      . | tee /dev/stderr |
+      yq '.data' | tee /dev/stderr)
+  local check=$(echo "${actual}" | \
+    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"vault\"}"')
+  [ "${check}" = "true" ]
+}

 @test "server/ConfigMap: disabled by server.dev.enabled true" {
  cd `chart_dir`
@@ -107,10 +136,11 @@ load _helpers
      --set 'server.standalone.config=\{\"hello\": \"world\"\}' \
      . | tee /dev/stderr |
      yq '.data')
-  [ "$(echo "${data}" | \
-    yq '(. | length) == 1')" = "true" ]
-  [ "$(echo "${data}" | \
-    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"world\"}"')" = 'true' ]
+  local checkLength=$(echo "${data}" | yq '(. | length) == 1')
+  [ "${checkLength}" = "true" ]
+  local checkExtraConfig=$(echo "${data}" | \
+    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"world\"}"')
+  [ "${checkExtraConfig}" = 'true' ]

  data=$(helm template \
      --show-only templates/server-config-configmap.yaml  \
@@ -118,10 +148,11 @@ load _helpers
      --set 'server.standalone.config=\{\"foo\": \"bar\"\}' \
      . | tee /dev/stderr |
      yq '.data' | tee /dev/stderr)
-  [ "$(echo "${data}" | \
-    yq '(. | length) == 1')" = "true" ]
-  [ "$(echo "${data}" | \
-    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"foo\":\"bar\"}"')" = 'true' ]
+  checkLength=$(echo "${data}" | yq '(. | length) == 1')
+  [ "${checkLength}" = "true" ]
+  checkExtraConfig=$(echo "${data}" | \
+    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"foo\":\"bar\"}"')
+  [ "${checkExtraConfig}" = 'true' ]

  data=$(helm template \
      --show-only templates/server-config-configmap.yaml  \
@@ -129,10 +160,11 @@ load _helpers
      --set 'server.standalone.config=\{\"disable_mlock\": false\,\"foo\":\"bar\"\}' \
      . | tee /dev/stderr |
      yq '.data' | tee /dev/stderr)
-  [ "$(echo "${data}" | \
-    yq '(. | length) == 1')" = "true" ]
-  [ "$(echo "${data}" | \
-    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')" = 'true' ]
+  checkLength=$(echo "${data}" | yq '(. | length) == 1')
+  [ "${checkLength}" = "true" ]
+  checkExtraConfig=$(echo "${data}" | \
+    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')
+  [ "${checkExtraConfig}" = 'true' ]
 }

 @test "server/ConfigMap: standalone extraConfig is set as not JSON" {
@@ -173,10 +205,11 @@ load _helpers
      --set 'server.ha.config=\{\"hello\": \"ha-world\"\}' \
      . | tee /dev/stderr |
      yq '.data' | tee /dev/stderr)
-  [ "$(echo "${data}" | \
-    yq '(. | length) == 1')" = "true" ]
-  [ "$(echo "${data}" | \
-    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"ha-world\"}"')" = 'true' ]
+  local checkLength=$(echo "${data}" | yq '(. | length) == 1')
+  [ "${checkLength}" = "true" ]
+  local checkExtraConfig=$(echo "${data}" | \
+    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":true,\"hello\":\"ha-world\"}"')
+  [ "$checkExtraConfig" = 'true' ]

 data=$(helm template \
      --show-only templates/server-config-configmap.yaml  \
@@ -184,10 +217,11 @@ load _helpers
      --set 'server.ha.config=\{\"foo\": \"bar\"\,\"disable_mlock\":false\}' \
      . | tee /dev/stderr |
      yq '.data' | tee /dev/stderr)
-  [ "$(echo "${data}" | \
-    yq '(. | length) == 1')" = "true" ]
-  [ "$(echo "${data}" | \
-    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')" = 'true' ]
+  checkLength=$(echo "${data}" | yq '(. | length) == 1')
+  [ "$checkLength" = "true" ]
+  checkExtraConfig=$(echo "${data}" | \
+    yq '."extraconfig-from-values.hcl" == "{\"disable_mlock\":false,\"foo\":\"bar\"}"')
+  [ "${checkExtraConfig}" = 'true' ]
 }

 @test "server/ConfigMap: disabled by injector.externalVaultAddr" {

--- a/chart/values.openshift.yaml
+++ b/chart/values.openshift.yaml
@@ -13,12 +13,12 @@ injector:

  agentImage:
    repository: "registry.connect.redhat.com/hashicorp/vault"
-    tag: "1.18.1-ubi"
+    tag: "1.18.2-ubi"

 server:
  image:
    repository: "registry.connect.redhat.com/hashicorp/vault"
-    tag: "1.18.1-ubi"
+    tag: "1.18.2-ubi"

  readinessProbe:
    path: "/v1/sys/health?uninitcode=204"
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -75,7 +75,7 @@ injector:
  # required.
  agentImage:
    repository: "registry1.dso.mil/ironbank/hashicorp/vault"
-    tag: "1.18.1"
+    tag: "1.18.2"

  # The default values for the injected Vault Agent containers.
  agentDefaults:
@@ -392,7 +392,7 @@ server:

  image:
    repository: "registry1.dso.mil/ironbank/hashicorp/vault"
-    tag: "1.18.1"
+    tag: "1.18.2"
    # Overrides the default Image Pull Policy
    pullPolicy: IfNotPresent

@@ -1242,7 +1242,7 @@ csi:

    image:
      repository: "registry1.dso.mil/ironbank/hashicorp/vault"
-      tag: "1.18.1"
+      tag: "1.18.2"
      pullPolicy: IfNotPresent

    logFormat: standard
No results found