openbao · naphelps · May 22, 2024 · May 21, 2024 · May 21, 2024 · May 21, 2024
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -10,7 +10,7 @@ on:
         required: false
 
 env:
-  PKG_NAME: "vault-csi-provider"
+  PKG_NAME: "openbao-csi-provider"
 
 jobs:
   get-product-version:

diff --git a/.github/workflows/jira.yaml b/.github/workflows/jira.yaml
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
@@ -1,12 +1,12 @@
 name: Tests
 
-on: [push, workflow_dispatch]
+on: [push, workflow_dispatch, pull_request]
 
 env:
   KIND_VERSION: "v0.19.0"
   BATS_VERSION: "1.9.0"
   NODE_VERSION: "19.8.1"
-  TARBALL_FILE: vault-csi-provider.docker.tar
+  TARBALL_FILE: openbao-csi-provider.docker.tar
 
 jobs:
   copyright:
@@ -38,14 +38,14 @@ jobs:
       - name: Build
         run: |
           make e2e-image
-          docker save --output "${TARBALL_FILE}" e2e/vault-csi-provider:latest
+          docker save --output "${TARBALL_FILE}" e2e/openbao-csi-provider:latest
 
       - name: Test
         run: make test
 
       - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
-          name: vault-csi-provider-image
+          name: openbao-csi-provider-image
           path: ${{ env.TARBALL_FILE }}
 
   integration-test:
@@ -55,7 +55,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        kind-k8s-version: [1.23.17, 1.24.13, 1.25.9, 1.26.4, 1.27.2]
+        kind-k8s-version: [1.27.13, 1.28.9, 1.29.4]
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
@@ -77,12 +77,10 @@ jobs:
 
       - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
         with:
-          name: vault-csi-provider-image
+          name: openbao-csi-provider-image
 
-      - name: Load vault-csi-provider dev image
+      - name: Load openbao-csi-provider dev image
         run: docker image load --input ${{ env.TARBALL_FILE }}
 
       - name: bats tests
-        env:
-          VAULT_LICENSE: "${{ secrets.VAULT_LICENSE_CI }}"
         run: DISPLAY_SETUP_TEARDOWN_LOGS=true make e2e-teardown e2e-setup e2e-test
diff --git a/CODEOWNERS b/CODEOWNERS
diff --git a/Dockerfile b/Dockerfile
@@ -14,31 +14,31 @@ ENV CGO_ENABLED=0
 # Leave the GOPATH
 WORKDIR /build
 COPY . ./
-RUN go build -o vault-csi-provider
+RUN go build -o openbao-csi-provider
 
 # dev runs the binary from devbuild
 # -----------------------------------
 FROM docker.mirror.hashicorp.services/alpine:${ALPINE_VERSION} AS dev
-COPY --from=devbuild /build/vault-csi-provider /bin/
-ENTRYPOINT [ "/bin/vault-csi-provider" ]
+COPY --from=devbuild /build/openbao-csi-provider /bin/
+ENTRYPOINT [ "/bin/openbao-csi-provider" ]
 
 # Default release image.
 # -----------------------------------
 FROM docker.mirror.hashicorp.services/alpine:${ALPINE_VERSION} AS default
 
 ARG PRODUCT_VERSION
 ARG PRODUCT_REVISION
-ARG PRODUCT_NAME=vault-csi-provider
+ARG PRODUCT_NAME=openbao-csi-provider
 ARG TARGETOS TARGETARCH
 
 LABEL version=$PRODUCT_VERSION
 LABEL revision=$PRODUCT_REVISION
 
-COPY dist/$TARGETOS/$TARGETARCH/vault-csi-provider /bin/
-ENTRYPOINT [ "/bin/vault-csi-provider" ]
+COPY dist/$TARGETOS/$TARGETARCH/openbao-csi-provider /bin/
+ENTRYPOINT [ "/bin/openbao-csi-provider" ]
 
 # ===================================
-# 
+#
 #   Set default target to 'dev'.
 #
 # ===================================

diff --git a/Makefile b/Makefile
@@ -1,5 +1,5 @@
 REGISTRY_NAME?=docker.io/hashicorp
-IMAGE_NAME=vault-csi-provider
+IMAGE_NAME=openbao-csi-provider
 VERSION?=0.0.0-dev
 IMAGE_TAG=$(REGISTRY_NAME)/$(IMAGE_NAME):$(VERSION)
 IMAGE_TAG_LATEST=$(REGISTRY_NAME)/$(IMAGE_NAME):latest
@@ -11,20 +11,20 @@ ifdef SOURCE_DATE_EPOCH
 else
     BUILD_DATE ?= $(shell date $(DATE_FMT))
 endif
-PKG=github.com/hashicorp/vault-csi-provider/internal/version
+PKG=github.com/openbao/openbao-csi-provider/internal/version
 LDFLAGS?="-X '$(PKG).BuildVersion=$(VERSION)' \
 	-X '$(PKG).BuildDate=$(BUILD_DATE)' \
 	-X '$(PKG).GoVersion=$(shell go version)'"
 CSI_DRIVER_VERSION=1.3.2
-VAULT_HELM_VERSION=0.24.1
-VAULT_VERSION=1.13.3
+OPENBAO_HELM_VERSION=0.3.0
+OPENBAO_VERSION=v2.0.0-alpha20240329
 GOLANGCI_LINT_FORMAT?=colored-line-number
 
-VAULT_VERSION_ARGS=--set server.image.tag=$(VAULT_VERSION)
-ifdef VAULT_LICENSE
-	VAULT_VERSION_ARGS=--set server.image.repository=docker.mirror.hashicorp.services/hashicorp/vault-enterprise \
-		--set server.image.tag=$(VAULT_VERSION)-ent \
-		--set server.enterpriseLicense.secretName=vault-ent-license
+OPENBAO_VERSION_ARGS=--set server.image.tag=$(OPENBAO_VERSION)
+ifdef OPENBAO_LICENSE
+	OPENBAO_VERSION_ARGS=--set server.image.repository=docker.mirror.hashicorp.services/openbao/openbao-enterprise \
+		--set server.image.tag=$(OPENBAO_VERSION)-ent \
+		--set server.enterpriseLicense.secretName=openbao-ent-license
 endif
 
 .PHONY: default build test bootstrap fmt lint image e2e-image e2e-setup e2e-teardown e2e-test mod setup-kind promote-staging-manifest copyright
@@ -77,33 +77,33 @@ setup-kind:
 	kind create cluster
 
 e2e-setup:
-	kind load docker-image e2e/vault-csi-provider:latest
+	kind load docker-image e2e/openbao-csi-provider:latest
 	kubectl apply -f test/bats/configs/cluster-resources.yaml
 	helm install secrets-store-csi-driver secrets-store-csi-driver \
 		--repo https://kubernetes-sigs.github.io/secrets-store-csi-driver/charts --version=$(CSI_DRIVER_VERSION) \
 		--wait --timeout=5m \
 		--namespace=csi \
 		--set linux.image.pullPolicy="IfNotPresent" \
 		--set syncSecret.enabled=true \
-		--set tokenRequests[0].audience="vault"
-	@if [ -n "$(VAULT_LICENSE)" ]; then\
-        kubectl create --namespace=csi secret generic vault-ent-license --from-literal="license=${VAULT_LICENSE}";\
+		--set tokenRequests[0].audience="openbao"
+	@if [ -n "$(OPENBAO_LICENSE)" ]; then\
+        kubectl create --namespace=csi secret generic openbao-ent-license --from-literal="license=${OPENBAO_LICENSE}";\
     fi
-	helm install vault-bootstrap test/bats/configs/vault \
+	helm install openbao-bootstrap test/bats/configs/openbao \
 		--namespace=csi
-	helm install vault vault \
-		--repo https://helm.releases.hashicorp.com --version=$(VAULT_HELM_VERSION) \
+	helm install openbao openbao \
+		--repo https://openbao.github.io/openbao-helm --version=$(OPENBAO_HELM_VERSION) \
 		--wait --timeout=5m \
 		--namespace=csi \
-		--values=test/bats/configs/vault/vault.values.yaml \
-		$(VAULT_VERSION_ARGS)
-	kubectl wait --namespace=csi --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=vault
-	kubectl exec -i --namespace=csi vault-0 -- /bin/sh /mnt/bootstrap/bootstrap.sh
-	kubectl wait --namespace=csi --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=vault-csi-provider
+		--values=test/bats/configs/openbao/openbao.values.yaml \
+		$(OPENBAO_VERSION_ARGS)
+	kubectl wait --namespace=csi --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao
+	kubectl exec -i --namespace=csi openbao-0 -- /bin/sh /mnt/bootstrap/bootstrap.sh
+	kubectl wait --namespace=csi --for=condition=Ready --timeout=5m pod -l app.kubernetes.io/name=openbao-csi-provider
 
 e2e-teardown:
-	helm uninstall --namespace=csi vault || true
-	helm uninstall --namespace=csi vault-bootstrap || true
+	helm uninstall --namespace=csi openbao || true
+	helm uninstall --namespace=csi openbao-bootstrap || true
 	helm uninstall --namespace=csi secrets-store-csi-driver || true
 	kubectl delete --ignore-not-found -f test/bats/configs/cluster-resources.yaml
 

diff --git a/README.md b/README.md
@@ -1,24 +1,29 @@
-# HashiCorp Vault Provider for Secrets Store CSI Driver
+# Openbao Provider for Secrets Store CSI Driver
 
-HashiCorp [Vault](https://vaultproject.io) provider for the [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secrets stored in
-Vault and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
+> :warning: **Please note**: We take OpenBao's security and our users' trust very seriously. If
+you believe you have found a security issue in OpenBao Helm, _please responsibly disclose_
+by contacting us at [[email protected]](mailto:[email protected]).
+
+
+[Openbao](https://openbao.org) provider for the [Secrets Store CSI driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) allows you to get secrets stored in
+Openbao and use the Secrets Store CSI driver interface to mount them into Kubernetes pods.
 
 ## Installation
 
 ### Prerequisites
 
-* Supported Kubernetes version, see the [documentation](https://developer.hashicorp.com/vault/docs/platform/k8s/csi#supported-kubernetes-versions) (runs on Linux nodes only)
+* Supported Kubernetes version, see the [documentation](https://openbao.org/docs/platform/k8s/csi#supported-kubernetes-versions) (runs on Linux nodes only)
 * [Secrets store CSI driver](https://secrets-store-csi-driver.sigs.k8s.io/getting-started/installation.html) installed
 
 ### Using helm
 
 The recommended installation method is via helm 3:
 
 ```bash
-helm repo add hashicorp https://helm.releases.hashicorp.com
-# Just installs Vault CSI provider. Adjust `server.enabled` and `injector.enabled`
-# if you also want helm to install Vault and the Vault Agent injector.
-helm install vault hashicorp/vault \
+helm repo add openbao https://openbao.github.io/openbao-helm
+# Just installs Openbao CSI provider. Adjust `server.enabled` and `injector.enabled`
+# if you also want helm to install Openbao and the Openbao Agent injector.
+helm install openbao openbao/openbao \
   --set "server.enabled=false" \
   --set "injector.enabled=false" \
   --set "csi.enabled=true"
@@ -29,27 +34,27 @@ helm install vault hashicorp/vault \
 You can also install using the deployment config in the `deployment` folder:
 
 ```bash
-kubectl apply -f deployment/vault-csi-provider.yaml
+kubectl apply -f deployment/openbao-csi-provider.yaml
 ```
 
 ## Usage
 
-See the [learn tutorial](https://learn.hashicorp.com/tutorials/vault/kubernetes-secret-store-driver)
-and [documentation pages](https://www.vaultproject.io/docs/platform/k8s/csi) for
-full details of deploying, configuring and using Vault CSI provider. The
+See the [learn tutorial](https://openbao.org/tutorials/openbao/kubernetes-secret-store-driver)
+and [documentation pages](https://openbao.org/docs/platform/k8s/csi) for
+full details of deploying, configuring and using Openbao CSI provider. The
 integration tests in [test/bats/provider.bats](./test/bats/provider.bats) also
 provide a good set of fully worked and tested examples to build on.
 
 ## Troubleshooting
 
-To troubleshoot issues with Vault CSI provider, look at logs from the Vault CSI
+To troubleshoot issues with Openbao CSI provider, look at logs from the Openbao CSI
 provider pod running on the same node as your application pod:
 
   ```bash
   kubectl get pods -o wide
-  # find the Vault CSI provider pod running on the same node as your application pod
+  # find the Openbao CSI provider pod running on the same node as your application pod
 
-  kubectl logs vault-csi-provider-7x44t
+  kubectl logs openbao-csi-provider-7x44t
   ```
 
 Pass `-debug=true` to the provider to get more detailed logs. When installing

diff --git a/deployment/vault-csi-provider.yaml → deployment/openbao-csi-provider.yaml b/deployment/vault-csi-provider.yaml → deployment/openbao-csi-provider.yaml
@@ -9,13 +9,13 @@ metadata:
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: vault-csi-provider
+  name: openbao-csi-provider
   namespace: csi
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: vault-csi-provider-clusterrole
+  name: openbao-csi-provider-clusterrole
 rules:
 - apiGroups:
   - ""
@@ -27,26 +27,26 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: vault-csi-provider-clusterrolebinding
+  name: openbao-csi-provider-clusterrolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: vault-csi-provider-clusterrole
+  name: openbao-csi-provider-clusterrole
 subjects:
 - kind: ServiceAccount
-  name: vault-csi-provider
+  name: openbao-csi-provider
   namespace: csi
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
-  name: vault-csi-provider-role
+  name: openbao-csi-provider-role
 rules:
 - apiGroups: [""]
   resources: ["secrets"]
   verbs: ["get"]
   resourceNames:
-  - vault-csi-provider-hmac-key
+  - openbao-csi-provider-hmac-key
 # 'create' permissions cannot be restricted by resource name:
 # https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources
 - apiGroups: [""]
@@ -56,42 +56,42 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
-  name: vault-csi-provider-rolebinding
+  name: openbao-csi-provider-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
-  name: vault-csi-provider-role
+  name: openbao-csi-provider-role
 subjects:
 - kind: ServiceAccount
-  name: vault-csi-provider
+  name: openbao-csi-provider
   namespace: csi
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
   labels:
-    app.kubernetes.io/name: vault-csi-provider
-  name: vault-csi-provider
+    app.kubernetes.io/name: openbao-csi-provider
+  name: openbao-csi-provider
   namespace: csi
 spec:
   updateStrategy:
     type: RollingUpdate
   selector:
     matchLabels:
-      app.kubernetes.io/name: vault-csi-provider
+      app.kubernetes.io/name: openbao-csi-provider
   template:
     metadata:
       labels:
-        app.kubernetes.io/name: vault-csi-provider
+        app.kubernetes.io/name: openbao-csi-provider
     spec:
-      serviceAccountName: vault-csi-provider
+      serviceAccountName: openbao-csi-provider
       tolerations:
       containers:
-        - name: provider-vault-installer
-          image: hashicorp/vault-csi-provider:1.4.0
+        - name: provider-openbao-installer
+          image: openbao/openbao-csi-provider:1.4.0
           imagePullPolicy: Always
           args:
-            - -endpoint=/provider/vault.sock
+            - -endpoint=/provider/openbao.sock
             - -debug=false
           resources:
             requests: