WIP wiring in app-registry

app/interactors/refresh_domain.rb

@@ -5,15 +5,15 @@ def call
     domain_info = Services::DomainOwnershipService.new.get_domain_info(context.request.fqdn)
     domain_record = Domain.first_or_create(fqdn: context.request.fqdn)
 
-    if !domain_info || domain_info["isDeleted"]
+    if !domain_info
       domain_record.delete
       return
     end
 
     domain_record.update!(
-      group_delegation: domain_info["ownerDelegatedRequestsToTeam"],
-      groups: domain_info["autoApprovedGroups"],
-      users: domain_info["autoApprovedServiceAccounts"]
+      group_delegation: domain_info.group_delegation,
+      groups: domain_info.groups,
+      users: domain_info.users
     )
   rescue => e
     Rails.logger.warn("Continuing after error in #{self.class.name}: #{e.class.name}: #{e.message}")

app/lib/services/auth_service.rb

@@ -19,7 +19,7 @@ def authorize!(identity, cert_issue_req)
 
     def decode(token)
       # Decode a JWT access token using the configured base.
-      body = JWT.decode(token, Rails.application.config.astral[:jwt_signing_key])[0]
+      body = JWT.decode(token, Rails.application.configuration.astral[:jwt_signing_key])[0]
       Identity.new(body)
     rescue => e
       Rails.logger.warn "Unable to decode token: #{e}"

app/lib/services/domain_ownership_service.rb

@@ -1,9 +1,29 @@
 module Services
   class DomainOwnershipService
+    attr_reader :client
+
     def initialize
+      @client = Faraday.new(url: Rails.configuration.astral[:app_registry_uri]) do |faraday|
+        faraday.response :raise_error, include_request: true
+      end
     end
 
     def get_domain_info
     end
+
+    private
+
+    def convert(input)
+      if !input || input["isDeleted"]
+        return nil
+      end
+
+      OpenStruct.new(
+               fqdn: domain_info["fullyQualifiedDomainName"],
+               group_delegation: domain_info["ownerDelegatedRequestsToTeam"],
+               groups: domain_info["autoApprovedGroups"],
+               users: domain_info["autoApprovedServiceAccounts"]
+             )
+    end
   end
 end

app/lib/services/vault_service.rb

@@ -3,15 +3,15 @@ class VaultService
     def initialize
       # TODO create a new token for use in the session
       @client = Vault::Client.new(
-        address: Rails.application.config.astral[:vault_addr],
-        token: Rails.application.config.astral[:vault_token]
+        address: Rails.application.configuration.astral[:vault_addr],
+        token: Rails.application.configuration.astral[:vault_token]
       )
     end
 
     def issue_cert(cert_issue_request)
       opts = cert_issue_request.attributes
       # Generate the TLS certificate using the intermediate CA
-      tls_cert = @client.logical.write(Rails.application.config.astral[:vault_cert_path], opts)
+      tls_cert = @client.logical.write(Rails.application.configuration.astral[:vault_cert_path], opts)
       OpenStruct.new tls_cert.data
     end
   end

config/astral.yml

@@ -4,6 +4,8 @@ shared:
   vault_cert_path: "pki_int/issue/learn"
   jwt_signing_key: <%= ENV["JWT_SIGNING_KEY"] %>
   cert_ttl: <%= ENV["CERT_TTL"] %>
+  app_registry_addr: <%= ENV["APP_REGISTRY_ADDR"] %>
+  app_registry_token: <%= ENV["APP_REGISTRY_TOKEN"] %>
 
 test:
   cert_ttl: <%= 24.hours.in_seconds %>

db/migrate/20240904175652_create_domains.rb

@@ -1,12 +1,11 @@
 class CreateDomains < ActiveRecord::Migration[7.2]
   def change
     create_table :domains do |t|
-      t.string :fqdn, null: false
+      t.string :fqdn, null: false, index: { unique: true }
       t.text :users
       t.text :groups
       t.boolean :group_delegation, default: false
       t.timestamps
-      t.index :fqdn, unique: true
     end
   end
 end