simplify activating ssl in devcontainer

G-Research · Oct 17, 2024 · 4824594 · 4824594
1 parent a3e2eda
commit 4824594
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 8 deletions.
diff --git a/.devcontainer/docker-compose.yml b/.devcontainer/docker-compose.yml
@@ -26,7 +26,8 @@ services:
     image: hashicorp/vault:latest
     restart: unless-stopped
     ports:
-      - 8200:8443
+      - 8200:8200
+      - 8443:8443
     volumes:
       - ../cert:/vault/cert
     environment:
@@ -37,7 +38,7 @@ services:
                 {
                     "tcp": {
                         "address": "0.0.0.0:8443",
-                        "tls_disable": "1",
+                        "tls_disable": "0",
                         "tls_cert_file": "/vault/cert/vault.pem",
                         "tls_key_file": "/vault/cert/vault.key"
                     }

diff --git a/README.md b/README.md
@@ -85,8 +85,5 @@ command:
 rake configure:ssl
 ```
 
-To use in the devcontainer, edit `.devcontainer/docker-compose.yml` so
-that the `app` service has `VAULT_ADDRESS` of `https://vault:8200` and
-the `VAULT_SSL_CERT` value is uncommented. Finally, the `vault`
-service needs `tls_disable` in the `VAULT_LOCAL_CONFIG` set to
-`0`. Restart.
+To use SSL in the devcontainer, edit `.devcontainer/docker-compose.yml` so
+that the `app` service has `VAULT_ADDRESS` of `https://vault:8443`. 
diff --git a/test/lib/clients/vault_test.rb b/test/lib/clients/vault_test.rb
@@ -115,7 +115,10 @@ class VaultTest < ActiveSupport::TestCase
   def vault_client
     ::Vault::Client.new(
           address: vault_addr,
-          token: vault_token
+          token: vault_token,
+          ssl_ca_cert: ssl_cert,
+          ssl_pem_file: ssl_client_cert,
+          ssl_key_file: ssl_client_key
     )
   end
 
@@ -126,4 +129,16 @@ def vault_addr
   def vault_token
     Config[:vault_token]
   end
+
+  def ssl_cert
+    Config[:vault_ssl_cert]
+  end
+
+  def ssl_client_cert
+    Config[:vault_ssl_client_cert]
+  end
+
+  def ssl_client_key
+    Config[:vault_ssl_client_key]
+  end
 end