Merge remote-tracking branch 'remotes/from/ce/main'

2026-05-05 04:16:31 +02:00 · 2026-04-16 16:29:03 +00:00 · 2026-04-16 16:29:03 +00:00 · 080ba36e93
commit 080ba36e93
parent 1c1cd3f617 203a452960
5 changed files with 13 additions and 6 deletions
--- a/command/server/server_seal_transit_acc_test.go
+++ b/command/server/server_seal_transit_acc_test.go
@ -137,6 +137,7 @@ func prepareTestContainer(t *testing.T) (func(), *DockerVaultConfig) {
 		ContainerName: "vault",
 		ImageRepo:     "docker.mirror.hashicorp.services/hashicorp/vault",
 		ImageTag:      "latest",
+		Env:           []string{"SKIP_SETCAP=true"},
 		Cmd: []string{
 			"server", "-log-level=trace", "-dev", fmt.Sprintf("-dev-root-token-id=%s", rootToken),
 			"-dev-listen-address=0.0.0.0:8200",
--- a/sdk/helper/docker/testhelpers.go
+++ b/sdk/helper/docker/testhelpers.go
@ -592,6 +592,7 @@ func CopyToContainer(ctx context.Context, dapi *client.Client, containerID, from
 	_, err = dapi.CopyToContainer(ctx, containerID, client.CopyToContainerOptions{
 		DestinationPath: dstDir,
 		Content:         content,
+		CopyUIDGID:      true,
 	})
 	if err != nil {
 		return fmt.Errorf("error copying from %q -> %q: %v", from, to, err)
--- a/sdk/helper/testcluster/docker/environment.go
+++ b/sdk/helper/testcluster/docker/environment.go
@ -1079,7 +1079,7 @@ func (n *DockerClusterNode) AddNetworkDelay(ctx context.Context, delay time.Dura
 			// Its handle must be unique, so we base it on targetIP
 			fmt.Sprintf("tc filter add dev eth0 parent 1:0 protocol ip pref 55 handle ::%x u32 match ip dst %s flowid 2:1", lastOctet, targetIP),
 		}, "; "),
-	})
+	}, dockhelper.RunCmdUser("root"))
 	if err != nil {
 		return err
 	}
@ -1118,7 +1118,7 @@ func (n *DockerClusterNode) PartitionFromCluster(ctx context.Context) error {
 			"iptables -I INPUT -i eth0 ! -s \"$GW\" -j DROP",
 			"iptables -I OUTPUT -o eth0 ! -d \"$GW\" -j DROP",
 		}, "; "),
-	})
+	}, dockhelper.RunCmdUser("root"))
 	if err != nil {
 		return err
 	}
@ -1146,7 +1146,7 @@ func (n *DockerClusterNode) UnpartitionFromCluster(ctx context.Context) error {
 			"iptables -D INPUT -i eth0 ! -s \"$GW\" -j DROP | true",
 			"iptables -D OUTPUT -o eth0 ! -d \"$GW\" -j DROP | true",
 		}, "; "),
-	})
+	}, dockhelper.RunCmdUser("root"))
 	if err != nil {
 		return err
 	}
--- a/sdk/helper/testcluster/docker/replication.go
+++ b/sdk/helper/testcluster/docker/replication.go
@ -20,6 +20,7 @@ func DefaultOptions(t *testing.T) *DockerClusterOptions {
 		ImageRepo:   "hashicorp/vault",
 		ImageTag:    "latest",
 		VaultBinary: os.Getenv("VAULT_BINARY"),
+		Envs:        []string{"SKIP_SETCAP=true"},
 		ClusterOptions: testcluster.ClusterOptions{
 			NumCores:    3,
 			ClusterName: strings.ReplaceAll(t.Name(), "/", "-"),
--- a/vault/external_tests/seal_binary/seal_docker_util.go
+++ b/vault/external_tests/seal_binary/seal_docker_util.go
@ -128,8 +128,12 @@ func createContainerWithConfig(config string, imageRepo, imageTag string, logCon
 		Cmd: []string{
 			"server", "-log-level=trace",
 		},
-		Ports:           []string{"8200/tcp"},
-		Env:             []string{fmt.Sprintf("VAULT_LICENSE=%s", os.Getenv("VAULT_LICENSE")), fmt.Sprintf("VAULT_LOCAL_CONFIG=%s", config)},
+		Ports: []string{"8200/tcp"},
+		Env: []string{
+			fmt.Sprintf("VAULT_LICENSE=%s", os.Getenv("VAULT_LICENSE")),
+			fmt.Sprintf("VAULT_LOCAL_CONFIG=%s", config),
+			"SKIP_SETCAP=true",
+		},
 		LogConsumer:     logConsumer,
 		DoNotAutoRemove: true,
 	})
@ -180,7 +184,7 @@ func createTransitTestContainer(imageRepo, imageTag string, numKeys int) (*dockh
 			"server", "-log-level=trace", "-dev", fmt.Sprintf("-dev-root-token-id=%s", rootToken),
 			"-dev-listen-address=0.0.0.0:8200",
 		},
-		Env:   []string{fmt.Sprintf("VAULT_LICENSE=%s", os.Getenv("VAULT_LICENSE"))},
+		Env:   []string{fmt.Sprintf("VAULT_LICENSE=%s", os.Getenv("VAULT_LICENSE")), "SKIP_SETCAP=true"},
 		Ports: []string{"8200/tcp"},
 	})
 	if err != nil {