[pull] develop from smartcontractkit:develop#524
Merged
pull[bot] merged 6 commits intoMarcelRaschke:developfrom Apr 1, 2026
Merged
[pull] develop from smartcontractkit:develop#524pull[bot] merged 6 commits intoMarcelRaschke:developfrom
pull[bot] merged 6 commits intoMarcelRaschke:developfrom
Conversation
…rg_id (#21680) * EnsureRightLabelOnSecret: dual label support for workflow_owner and org_id Update EnsureRightLabelOnSecret to accept explicit workflowOwner and orgID parameters, supporting both ETH address (left-padded) and SHA256(org_id) label encodings. Centralize all label utilities in vaultutils/labels.go. Made-with: Cursor * fix testifylint: use require.Error for error assertions Made-with: Cursor * fix: use dedicated label functions for workflowOwner and orgID Replace generic OwnerToLabel (which auto-detected type via IsHexAddress) with WorkflowOwnerToLabel and OrgIDToLabel to preserve backward compat with callers that pass non-address strings through HexToAddress. Made-with: Cursor * gate orgID label check behind VaultOrgIdAsSecretOwnerEnabled limiter Wire workflowOwner and orgID from request-level fields on GetSecretsRequest/CreateSecretsRequest/UpdateSecretsRequest instead of secretRequest.Id.Owner. Only check orgID label when the gate limiter is enabled; rename OrgId -> OrgID per Go naming convention. Made-with: Cursor * fix goimports ordering in system-tests vault.go Made-with: Cursor
The Vault DON processes batch requests through OCR consensus, which does not guarantee the response array order matches the request array order. The create, update, and delete test assertions were using positional indexing (Responses[i] == namespaces[i]), causing intermittent failures when the DON returned responses in a different order. Replace positional checks with map-based lookups keyed by namespace, so the assertions are order-independent. Made-with: Cursor
* Fix for chains which doesnt have 1.5/1.6 lanes * lint fixes
…d migration (#21691) * feat: add OwnerMigrationStore adapter for vault org_id migration Add a transparent adapter layer (OwnerMigrationReadStore / OwnerMigrationWriteStore) that sits between the vault plugin and the KV store to handle the migration of secrets from workflow_owner-keyed entries to org_id-keyed entries. The adapter implements the same ReadKVStore / WriteKVStore interfaces and provides: - Dual-owner lookup on reads (org_id first, workflow_owner fallback) - Metadata merging and deduplication across both owners for list operations - org_id-based writes for all new/updated secrets - Lazy migration: deletes legacy workflow_owner entries on update - Dual-owner deletion with cleanup of both owners - Pass-through for pending queue operations (not owner-scoped) This is a standalone component (not wired into the plugin yet) with comprehensive unit tests covering all operations and migration scenarios. * refactor: rename to KVStoreWrapper with internal ownerMigrationAdapter Restructure the owner migration layer into two types: - KVStoreWrapper (exported): the abstraction the plugin interacts with - ownerMigrationAdapter (unexported): internal migration logic orgID/workflowOwner are passed per method call rather than stored in the struct, matching the plugin's one-store-per-call pattern where a single instance processes batches with different owners. Add Criticalw log on unexpected duplicate during metadata merge. Rename files: owner_migration_store.go → kvstore_wrapper.go. Made-with: Cursor * feat: gate KVStoreWrapper with migrationEnabled flag Add migrationEnabled bool to KVStoreWrapper constructor. When false, all methods pass through directly to the inner KVStore, bypassing the ownerMigrationAdapter entirely. The caller resolves the gate from cresettings.Default.VaultOrgIdAsSecretOwnerEnabled. Add 14 unit tests verifying passthrough behavior when disabled. Made-with: Cursor * fix: update KVStoreWrapper for context.Context interface changes after develop merge - Add context.Context as first param to all KVStoreWrapper and adapter methods - Rename test helper to newMigrationTestStore to avoid redeclaration with kvstore_test.go - Update NewWriteStore calls to include pluginMetrics parameter Made-with: Cursor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )