HPCC-35978 Handle invalid vault definitions

[kenrowland]

Improved values.schema.json to validate Akeyless vault definitions
Added common vaults section copy XSL with validation for component XMLs
Added type/kind validation to jsecrets code

Signed-Off-By: Kenneth Rowland kenneth.rowland@lexisnexisrisk.com

Type of change:

• This change is a bug fix (non-breaking change which fixes an issue).
• This change is a new feature (non-breaking change which adds functionality).
• This change improves the code (refactor or other change that does not change the functionality)
• This change fixes warnings (the fix does not alter the functionality or the generated code)
• This change is a breaking change (fix or feature that will cause existing behavior to change).
• This change alters the query API (existing queries will have to be recompiled)

Checklist:

• My code follows the code style of this project.
  • My code does not create any new warnings from compiler, build system, or lint.
• The commit message is properly formatted and free of typos.
  • The commit message title makes sense in a changelog, by itself.
  • The commit is signed.
• My change requires a change to the documentation.
  • I have updated the documentation accordingly, or...
  • I have created a JIRA ticket to update the documentation.
  • Any new interfaces or exported functions are appropriately commented.
• I have read the CONTRIBUTORS document.
• The change has been fully tested:
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have checked that this change does not introduce memory leaks.
  • I have used Valgrind or similar tools to check for potential issues.
• I have given due consideration to all of the following potential concerns:
  • Scalability
  • Performance
  • Security
  • Thread-safety
  • Cloud-compatibility
  • Premature optimization
  • Existing deployed queries will not be broken
  • This change fixes the problem, not just the symptom
  • The target branch of this pull request is appropriate for such a change.
• There are no similar instances of the same problem that should be addressed
  • I have addressed them here
  • I have raised JIRA issues to address them separately
• This is a user interface / front-end modification
  • I have tested my changes in multiple modern browsers
  • The component(s) render as expected

Smoketest:

• Send notifications about my Pull Request position in Smoketest queue.
• Test my draft Pull Request.

Testing:

[github-actions]

Jira Issue: https://hpccsystems.atlassian.net//browse/HPCC-35978

Jirabot Action Result:
Workflow Transition To: Merge Pending
Updated PR

[asselitx]

Maybe two small changes but looks good otherwise.

[asselitx]

I don't think vaultType and vaultKind are used here so they could be removed.

[kenrowland]

Correct, an artifact from previous incantations. Good find.

[asselitx]

Looks like a missing final newline

[kenrowland]

Added

[github-actions]

🔄 Upmerge Test Results

Status: ✅ All branches merged successfully
PR: #21149 - HPCC-35978 Handle invalid vault definitions
Base Branch: candidate-10.2.x
Test Time: 2026-03-26 18:33:37 UTC

✅ Successful Branches (1)

• master
  This comment was automatically generated by the upmerge test workflow.

[kenrowland]

@ghalliday @jakesmith Please merge

[ghalliday]

@kenrowland this is failing (probably because of the unused static function.
Please add documentation to the jira to describe what the checks are and why they are there.
Also there should be some tests in testing/helm/errtests to exercise these checks.

[kenrowland]

Removed the unused static method and added positive and negative tests for helm. Interesting that there were no existing Hashicorp tests.

[github-actions]

🔄 Upmerge Test Results

Status: ✅ All branches merged successfully
PR: #21149 - HPCC-35978 Handle invalid vault definitions
Base Branch: candidate-10.2.x
Test Time: 2026-04-08 15:22:07 UTC

✅ Successful Branches (1)

• master
  This comment was automatically generated by the upmerge test workflow.

[ghalliday]

@kenrowland I am confused - why are there two different enums which are now identical?

[ghalliday]

Why do we have two enumerations that now contain identical values? It is too late, but the names should have been chosen more carefully. Can type be deleted, and just rely on type?

[ghalliday]

This is going to cause backward compatibility issues with deployments that do not have the value set - when it was previously optional.