380 lines
15 KiB
Makefile
380 lines
15 KiB
Makefile
# Determine this makefile's path.
|
|
# Be sure to place this BEFORE `include` directives, if any.
|
|
THIS_FILE := $(lastword $(MAKEFILE_LIST))
|
|
|
|
MAIN_PACKAGES=$$($(GO_CMD) list ./... | grep -v vendor/ )
|
|
SDK_PACKAGES=$$(cd $(CURDIR)/sdk && $(GO_CMD) list ./... | grep -v vendor/ )
|
|
API_PACKAGES=$$(cd $(CURDIR)/api && $(GO_CMD) list ./... | grep -v vendor/ )
|
|
ALL_PACKAGES=$(MAIN_PACKAGES) $(SDK_PACKAGES) $(API_PACKAGES)
|
|
TEST=$$(echo $(ALL_PACKAGES) | grep -v integ/ )
|
|
TEST_TIMEOUT?=45m
|
|
EXTENDED_TEST_TIMEOUT=60m
|
|
INTEG_TEST_TIMEOUT=120m
|
|
VETARGS?=-asmdecl -atomic -bool -buildtags -copylocks -methods -nilfunc -printf -rangeloops -shift -structtags -unsafeptr
|
|
GOFMT_FILES?=$$(find . -name '*.go' | grep -v pb.go | grep -v vendor)
|
|
SED?=$(shell command -v gsed || command -v sed)
|
|
|
|
GO_VERSION_MIN=$$(cat $(CURDIR)/.go-version)
|
|
PROTOC_VERSION_MIN=3.21.12
|
|
GO_CMD?=go
|
|
CGO_ENABLED?=0
|
|
ifneq ($(FDB_ENABLED), )
|
|
CGO_ENABLED=1
|
|
BUILD_TAGS+=foundationdb
|
|
endif
|
|
|
|
default: dev
|
|
|
|
# bin generates the releasable binaries for Vault
|
|
bin: prep
|
|
@CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS) ui' sh -c "'$(CURDIR)/scripts/build.sh'"
|
|
|
|
# dev creates binaries for testing Vault locally. These are put
|
|
# into ./bin/ as well as $GOPATH/bin
|
|
dev: BUILD_TAGS+=testonly
|
|
dev: prep
|
|
@CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
|
|
dev-ui: BUILD_TAGS+=testonly
|
|
dev-ui: assetcheck prep
|
|
@CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS) ui' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
|
|
dev-dynamic: BUILD_TAGS+=testonly
|
|
dev-dynamic: prep
|
|
@CGO_ENABLED=1 BUILD_TAGS='$(BUILD_TAGS)' VAULT_DEV_BUILD=1 sh -c "'$(CURDIR)/scripts/build.sh'"
|
|
|
|
# *-mem variants will enable memory profiling which will write snapshots of heap usage
|
|
# to $TMP/vaultprof every 5 minutes. These can be analyzed using `$ go tool pprof <profile_file>`.
|
|
# Note that any build can have profiling added via: `$ BUILD_TAGS=memprofiler make ...`
|
|
dev-mem: BUILD_TAGS+=memprofiler
|
|
dev-mem: dev
|
|
dev-ui-mem: BUILD_TAGS+=memprofiler
|
|
dev-ui-mem: assetcheck dev-ui
|
|
dev-dynamic-mem: BUILD_TAGS+=memprofiler
|
|
dev-dynamic-mem: dev-dynamic
|
|
|
|
# Creates a Docker image by adding the compiled linux/amd64 binary found in ./bin.
|
|
# The resulting image is tagged "vault:dev".
|
|
docker-dev: BUILD_TAGS+=testonly
|
|
docker-dev: prep
|
|
docker build --build-arg VERSION=$(GO_VERSION_MIN) --build-arg BUILD_TAGS="$(BUILD_TAGS)" -f scripts/docker/Dockerfile -t vault:dev .
|
|
|
|
docker-dev-ui: BUILD_TAGS+=testonly
|
|
docker-dev-ui: prep
|
|
docker build --build-arg VERSION=$(GO_VERSION_MIN) --build-arg BUILD_TAGS="$(BUILD_TAGS)" -f scripts/docker/Dockerfile.ui -t vault:dev-ui .
|
|
|
|
# test runs the unit tests and vets the code
|
|
test: BUILD_TAGS+=testonly
|
|
test: prep
|
|
@CGO_ENABLED=$(CGO_ENABLED) \
|
|
VAULT_ADDR= \
|
|
VAULT_TOKEN= \
|
|
VAULT_DEV_ROOT_TOKEN_ID= \
|
|
VAULT_ACC= \
|
|
$(GO_CMD) test -tags='$(BUILD_TAGS)' $(TEST) $(TESTARGS) -timeout=$(TEST_TIMEOUT) -parallel=20
|
|
|
|
testcompile: BUILD_TAGS+=testonly
|
|
testcompile: prep
|
|
@for pkg in $(TEST) ; do \
|
|
$(GO_CMD) test -v -c -tags='$(BUILD_TAGS)' $$pkg -parallel=4 ; \
|
|
done
|
|
|
|
# testacc runs acceptance tests
|
|
testacc: BUILD_TAGS+=testonly
|
|
testacc: prep
|
|
@if [ "$(TEST)" = "./..." ]; then \
|
|
echo "ERROR: Set TEST to a specific package"; \
|
|
exit 1; \
|
|
fi
|
|
VAULT_ACC=1 $(GO_CMD) test -tags='$(BUILD_TAGS)' $(TEST) -v $(TESTARGS) -timeout=$(EXTENDED_TEST_TIMEOUT)
|
|
|
|
# testrace runs the race checker
|
|
testrace: BUILD_TAGS+=testonly
|
|
testrace: prep
|
|
@CGO_ENABLED=1 \
|
|
VAULT_ADDR= \
|
|
VAULT_TOKEN= \
|
|
VAULT_DEV_ROOT_TOKEN_ID= \
|
|
VAULT_ACC= \
|
|
$(GO_CMD) test -tags='$(BUILD_TAGS)' -race $(TEST) $(TESTARGS) -timeout=$(EXTENDED_TEST_TIMEOUT) -parallel=20
|
|
|
|
cover:
|
|
./scripts/coverage.sh --html
|
|
|
|
# vet runs the Go source code static analysis tool `vet` to find
|
|
# any common errors.
|
|
vet:
|
|
@$(GO_CMD) list -f '{{.Dir}}' ./... | grep -v /vendor/ \
|
|
| grep -v '.*github.com/hashicorp/vault$$' \
|
|
| xargs $(GO_CMD) vet ; if [ $$? -eq 1 ]; then \
|
|
echo ""; \
|
|
echo "Vet found suspicious constructs. Please check the reported constructs"; \
|
|
echo "and fix them if necessary before submitting the code for reviewal."; \
|
|
fi
|
|
|
|
# deprecations runs staticcheck tool to look for deprecations. Checks entire code to see if it
|
|
# has deprecated function, variable, constant or field
|
|
deprecations: bootstrap prep
|
|
@BUILD_TAGS='$(BUILD_TAGS)' ./scripts/deprecations-checker.sh ""
|
|
|
|
# ci-deprecations runs staticcheck tool to look for deprecations. All output gets piped to revgrep
|
|
# which will only return an error if changes that is not on main has deprecated function, variable, constant or field
|
|
ci-deprecations: prep check-tools-external
|
|
@BUILD_TAGS='$(BUILD_TAGS)' ./scripts/deprecations-checker.sh main
|
|
|
|
# vet-codechecker runs our custom linters on the test functions. All output gets
|
|
# piped to revgrep which will only return an error if new piece of code violates
|
|
# the check
|
|
vet-codechecker: check-tools-internal
|
|
@echo "==> Running go vet with ./tools/codechecker..."
|
|
@$(GO_CMD) vet -vettool=$$(which codechecker) -tags=$(BUILD_TAGS) ./... 2>&1 | revgrep
|
|
|
|
# vet-codechecker runs our custom linters on the test functions. All output gets
|
|
# piped to revgrep which will only return an error if new piece of code that is
|
|
# not on main violates the check
|
|
ci-vet-codechecker: tools-internal check-tools-external
|
|
@echo "==> Running go vet with ./tools/codechecker..."
|
|
@$(GO_CMD) vet -vettool=$$(which codechecker) -tags=$(BUILD_TAGS) ./... 2>&1 | revgrep origin/main
|
|
|
|
# lint runs vet plus a number of other checkers, it is more comprehensive, but louder
|
|
lint: check-tools-external
|
|
@$(GO_CMD) list -f '{{.Dir}}' ./... | grep -v /vendor/ \
|
|
| xargs golangci-lint run --timeout 10m; if [ $$? -eq 1 ]; then \
|
|
echo ""; \
|
|
echo "Lint found suspicious constructs. Please check the reported constructs"; \
|
|
echo "and fix them if necessary before submitting the code for reviewal."; \
|
|
fi
|
|
|
|
# for ci jobs, runs lint against the changed packages in the commit
|
|
ci-lint: check-tools-external
|
|
@golangci-lint run --deadline 10m --new-from-rev=HEAD~
|
|
|
|
# prep runs `go generate` to build the dynamically generated
|
|
# source files.
|
|
#
|
|
# n.b.: prep used to depend on fmtcheck, but since fmtcheck is
|
|
# now run as a pre-commit hook (and there's little value in
|
|
# making every build run the formatter), we've removed that
|
|
# dependency.
|
|
prep: check-go-version clean
|
|
@echo "==> Running go generate..."
|
|
@GOARCH= GOOS= $(GO_CMD) generate $(MAIN_PACKAGES)
|
|
@GOARCH= GOOS= cd api && $(GO_CMD) generate $(API_PACKAGES)
|
|
@GOARCH= GOOS= cd sdk && $(GO_CMD) generate $(SDK_PACKAGES)
|
|
|
|
# Git doesn't allow us to store shared hooks in .git. Instead, we make sure they're up-to-date
|
|
# whenever a make target is invoked.
|
|
.PHONY: hooks
|
|
hooks:
|
|
@if [ -d .git/hooks ]; then cp .hooks/* .git/hooks/; fi
|
|
|
|
-include hooks # Make sure they're always up-to-date
|
|
|
|
# bootstrap the build by generating any necessary code and downloading additional tools that may
|
|
# be used by devs.
|
|
bootstrap: prep tools
|
|
|
|
# Note: if you have plugins in GOPATH you can update all of them via something like:
|
|
# for i in $(ls | grep vault-plugin-); do cd $i; git remote update; git reset --hard origin/master; dep ensure -update; git add .; git commit; git push; cd ..; done
|
|
update-plugins:
|
|
grep vault-plugin- go.mod | cut -d ' ' -f 1 | while read -r P; do echo "Updating $P..."; go get -v "$P"; done
|
|
|
|
static-assets-dir:
|
|
@mkdir -p ./http/web_ui
|
|
|
|
install-ui-dependencies:
|
|
@echo "==> Installing JavaScript assets"
|
|
@cd ui && yarn
|
|
|
|
test-ember: install-ui-dependencies
|
|
@echo "==> Running ember tests"
|
|
@cd ui && yarn run test:oss
|
|
|
|
test-ember-enos: install-ui-dependencies
|
|
@echo "==> Running ember tests with a real backend"
|
|
@cd ui && yarn run test:enos
|
|
|
|
ember-dist: install-ui-dependencies
|
|
@cd ui && npm rebuild node-sass
|
|
@echo "==> Building Ember application"
|
|
@cd ui && yarn run build
|
|
@rm -rf ui/if-you-need-to-delete-this-open-an-issue-async-disk-cache
|
|
|
|
ember-dist-dev: install-ui-dependencies
|
|
@cd ui && npm rebuild node-sass
|
|
@echo "==> Building Ember application"
|
|
@cd ui && yarn run build:dev
|
|
|
|
static-dist: ember-dist
|
|
static-dist-dev: ember-dist-dev
|
|
|
|
proto: check-tools-external
|
|
@echo "==> Generating Go code from protobufs..."
|
|
@sh -c "'$(CURDIR)/scripts/protocversioncheck.sh' '$(PROTOC_VERSION_MIN)'"
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative vault/*.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative vault/activity/activity_log.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative vault/activity/generation/generate_data.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative helper/storagepacker/types.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative helper/forwarding/types.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/logical/*.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative physical/raft/types.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative helper/identity/mfa/types.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative helper/identity/types.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/database/dbplugin/*.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/database/dbplugin/v5/proto/*.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/plugin/pb/*.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative vault/tokens/token.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative sdk/helper/pluginutil/*.proto
|
|
protoc --go_out=. --go_opt=paths=source_relative --go-grpc_out=. --go-grpc_opt=paths=source_relative vault/hcp_link/proto/*/*.proto
|
|
|
|
# No additional sed expressions should be added to this list. Going forward
|
|
# we should just use the variable names choosen by protobuf. These are left
|
|
# here for backwards compatability, namely for SDK compilation.
|
|
$(SED) -i -e 's/Id/ID/' -e 's/SPDX-License-IDentifier/SPDX-License-Identifier/' vault/request_forwarding_service.pb.go
|
|
$(SED) -i -e 's/Idp/IDP/' -e 's/Url/URL/' -e 's/Id/ID/' -e 's/IDentity/Identity/' -e 's/EntityId/EntityID/' -e 's/Api/API/' -e 's/Qr/QR/' -e 's/Totp/TOTP/' -e 's/Mfa/MFA/' -e 's/Pingid/PingID/' -e 's/namespaceId/namespaceID/' -e 's/Ttl/TTL/' -e 's/BoundCidrs/BoundCIDRs/' -e 's/SPDX-License-IDentifier/SPDX-License-Identifier/' helper/identity/types.pb.go helper/identity/mfa/types.pb.go helper/storagepacker/types.pb.go sdk/plugin/pb/backend.pb.go sdk/logical/identity.pb.go vault/activity/activity_log.pb.go
|
|
|
|
# This will inject the sentinel struct tags as decorated in the proto files.
|
|
protoc-go-inject-tag -input=./helper/identity/types.pb.go
|
|
protoc-go-inject-tag -input=./helper/identity/mfa/types.pb.go
|
|
|
|
fmt:
|
|
find . -name '*.go' | grep -v pb.go | grep -v vendor | xargs gofumpt -w
|
|
|
|
fmtcheck: check-go-fmt
|
|
|
|
.PHONY: go-mod-download
|
|
go-mod-download:
|
|
@$(CURDIR)/scripts/go-helper.sh mod-download
|
|
|
|
.PHONY: go-mod-tidy
|
|
go-mod-tidy:
|
|
@$(CURDIR)/scripts/go-helper.sh mod-tidy
|
|
|
|
semgrep:
|
|
semgrep --include '*.go' --exclude 'vendor' -a -f tools/semgrep .
|
|
|
|
assetcheck:
|
|
@echo "==> Checking compiled UI assets..."
|
|
@sh -c "'$(CURDIR)/scripts/assetcheck.sh'"
|
|
|
|
spellcheck:
|
|
@echo "==> Spell checking website..."
|
|
@misspell -error -source=text website/source
|
|
|
|
.PHONY check-go-fmt:
|
|
check-go-fmt:
|
|
@$(CURDIR)/scripts/go-helper.sh check-fmt
|
|
|
|
.PHONY check-go-version:
|
|
check-go-version:
|
|
@$(CURDIR)/scripts/go-helper.sh check-version $(GO_VERSION_MIN)
|
|
|
|
.PHONY:check-sempgrep
|
|
check-sempgrep: check-tools-external
|
|
@echo "==> Checking semgrep..."
|
|
@semgrep --error --include '*.go' --exclude 'vendor' -f tools/semgrep/ci .
|
|
|
|
.PHONY: check-tools
|
|
check-tools:
|
|
@$(CURDIR)/tools/tools.sh check
|
|
|
|
.PHONY: check-tools-external
|
|
check-tools-external:
|
|
@$(CURDIR)/tools/tools.sh check-external
|
|
|
|
.PHONY: check-tools-internal
|
|
check-tools-internal:
|
|
@$(CURDIR)/tools/tools.sh check-internal
|
|
|
|
check-vault-in-path:
|
|
@VAULT_BIN=$$(command -v vault) || { echo "vault command not found"; exit 1; }; \
|
|
[ -x "$$VAULT_BIN" ] || { echo "$$VAULT_BIN not executable"; exit 1; }; \
|
|
printf "Using Vault at %s:\n\$$ vault version\n%s\n" "$$VAULT_BIN" "$$(vault version)"
|
|
|
|
.PHONY: tools
|
|
tools:
|
|
@$(CURDIR)/tools/tools.sh install
|
|
|
|
.PHONY: tools-external
|
|
tools-external:
|
|
@$(CURDIR)/tools/tools.sh install-external
|
|
|
|
.PHONY: tools-internal
|
|
tools-internal:
|
|
@$(CURDIR)/tools/tools.sh install-internal
|
|
|
|
mysql-database-plugin:
|
|
@CGO_ENABLED=0 $(GO_CMD) build -o bin/mysql-database-plugin ./plugins/database/mysql/mysql-database-plugin
|
|
|
|
mysql-legacy-database-plugin:
|
|
@CGO_ENABLED=0 $(GO_CMD) build -o bin/mysql-legacy-database-plugin ./plugins/database/mysql/mysql-legacy-database-plugin
|
|
|
|
cassandra-database-plugin:
|
|
@CGO_ENABLED=0 $(GO_CMD) build -o bin/cassandra-database-plugin ./plugins/database/cassandra/cassandra-database-plugin
|
|
|
|
influxdb-database-plugin:
|
|
@CGO_ENABLED=0 $(GO_CMD) build -o bin/influxdb-database-plugin ./plugins/database/influxdb/influxdb-database-plugin
|
|
|
|
postgresql-database-plugin:
|
|
@CGO_ENABLED=0 $(GO_CMD) build -o bin/postgresql-database-plugin ./plugins/database/postgresql/postgresql-database-plugin
|
|
|
|
# These ci targets are used for used for building and testing in Github Actions
|
|
# workflows and for Enos scenarios.
|
|
.PHONY: ci-build
|
|
ci-build:
|
|
@$(CURDIR)/scripts/ci-helper.sh build
|
|
|
|
.PHONY: ci-build-ui
|
|
ci-build-ui:
|
|
@$(CURDIR)/scripts/ci-helper.sh build-ui
|
|
|
|
.PHONY: ci-bundle
|
|
ci-bundle:
|
|
@$(CURDIR)/scripts/ci-helper.sh bundle
|
|
|
|
.PHONY: ci-get-artifact-basename
|
|
ci-get-artifact-basename:
|
|
@$(CURDIR)/scripts/ci-helper.sh artifact-basename
|
|
|
|
.PHONY: ci-get-date
|
|
ci-get-date:
|
|
@$(CURDIR)/scripts/ci-helper.sh date
|
|
|
|
.PHONY: ci-get-revision
|
|
ci-get-revision:
|
|
@$(CURDIR)/scripts/ci-helper.sh revision
|
|
|
|
.PHONY: ci-get-version-package
|
|
ci-get-version-package:
|
|
@$(CURDIR)/scripts/ci-helper.sh version-package
|
|
|
|
.PHONY: ci-install-external-tools
|
|
ci-install-external-tools:
|
|
@$(CURDIR)/scripts/ci-helper.sh install-external-tools
|
|
|
|
.PHONY: ci-prepare-legal
|
|
ci-prepare-legal:
|
|
@$(CURDIR)/scripts/ci-helper.sh prepare-legal
|
|
|
|
.PHONY: ci-update-external-tool-modules
|
|
ci-update-external-tool-modules:
|
|
@$(CURDIR)/scripts/ci-helper.sh update-external-tool-modules
|
|
|
|
.PHONY: ci-copywriteheaders
|
|
ci-copywriteheaders:
|
|
copywrite headers --plan
|
|
# Special case for MPL headers in /api, /sdk, and /shamir
|
|
cd api && $(CURDIR)/scripts/copywrite-exceptions.sh
|
|
cd sdk && $(CURDIR)/scripts/copywrite-exceptions.sh
|
|
cd shamir && $(CURDIR)/scripts/copywrite-exceptions.sh
|
|
|
|
.PHONY: all bin default prep test vet bootstrap fmt fmtcheck mysql-database-plugin mysql-legacy-database-plugin cassandra-database-plugin influxdb-database-plugin postgresql-database-plugin ember-dist ember-dist-dev static-dist static-dist-dev assetcheck check-vault-in-path packages build build-ci semgrep semgrep-ci vet-codechecker ci-vet-codechecker clean dev
|
|
|
|
.NOTPARALLEL: ember-dist ember-dist-dev
|
|
|
|
.PHONY: all-packages
|
|
all-packages:
|
|
@echo $(ALL_PACKAGES) | tr ' ' '\n'
|
|
|
|
.PHONY: clean
|
|
clean:
|
|
@echo "==> Cleaning..."
|