Fix CI

G-Research · Sep 20, 2024 · ece6f54 · ece6f54
1 parent ae17288
commit ece6f54
Showing 1 changed file with 21 additions and 19 deletions.
diff --git a/app/lib/clients/vault.rb b/app/lib/clients/vault.rb
@@ -28,7 +28,7 @@ def kv_delete(path)
 
       def client
         ::Vault::Client.new(
-          address: Rails.configuration.astral[:vault_addr],
+          address: vault_address,
           token: Rails.configuration.astral[:vault_token]
         )
       end
@@ -48,11 +48,11 @@ def intermediate_ca_mount
       def cert_path
         "#{intermediate_ca_mount}/issue/astral"
       end
-
+      
       def root_ca_ref
         Rails.configuration.astral[:vault_root_ca_ref]
       end
-
+      
       def root_ca_mount
         Rails.configuration.astral[:vault_root_ca_mount]
       end
@@ -63,23 +63,23 @@ def enable_engine(mount, type)
 
       def enable_ca
         # if mount exists, assume configuration is done
-        if client.sys.mounts.key?(intermediate_ca_mount.to_sym)
-          return
-        end
-
-        # create the mount
-        enable_engine(intermediate_ca_mount, "pki")
+        # if client.sys.mounts.key?(intermediate_ca_mount.to_sym)
+        #   return
+        # end
+        
+        # # create the mount
+        # enable_engine(intermediate_ca_mount, "pki")
 
         # Generate intermediate CSR
-        intermediate_csr = Vault.logical.write("#{intermediate_ca_mount}/intermediate/generate/internal",
+        intermediate_csr = client.logical.write("#{intermediate_ca_mount}/intermediate/generate/internal",
                                                common_name: "astral.internal Intermediate Authority",
                                                issuer_name: "astral-intermediate").data[:csr]
 
         # Save the intermediate CSR
         File.write("tmp/pki_intermediate.csr", intermediate_csr)
 
         # Sign the intermediate certificate with the root CA
-        intermediate_cert = Vault.logical.write("#{root_ca_mount}/root/sign-intermediate",
+        intermediate_cert = client.logical.write("#{root_ca_mount}/root/sign-intermediate",
                                                 issuer_ref: root_ca_ref,
                                                 csr: intermediate_csr,
                                                 format: "pem_bundle",
@@ -89,28 +89,30 @@ def enable_ca
         File.write("tmp/intermediate.cert.pem", intermediate_cert)
 
         # Set the signed intermediate certificate
-        Vault.logical.write("#{intermediate_ca_mount}/intermediate/set-signed", certificate: intermediate_cert)
+        client.logical.write("#{intermediate_ca_mount}/intermediate/set-signed", certificate: intermediate_cert)
 
         # Configure the intermediate CA
-        Vault.logical.write("#{intermediate_ca_mount}/config/cluster",
-                            path: "#{vault_address}/v1/#{pki_mount}",
-                            aia_path: "#{vault_address}/v1/#{pki_mount}")
+        client.logical.write("#{intermediate_ca_mount}/config/cluster",
+                            path: "#{vault_address}/v1/#{intermediate_ca_mount}",
+                            aia_path: "#{vault_address}/v1/#{intermediate_ca_mount}")
 
-        issuer_ref = Vault.logical.read("#{intermediate_ca_mount}/config/issuers").data[:default]
-        Vault.logical.write("#{intermediate_ca_mount}/roles/astral",
+        issuer_ref = client.logical.read("#{intermediate_ca_mount}/config/issuers").data[:default]
+        client.logical.write("#{intermediate_ca_mount}/roles/astral",
                             issuer_ref: issuer_ref,
                             allow_any_name: true,
                             max_ttl: "720h",
                             no_store: false)
 
-        Vault.logical.write("#{intermediate_ca_mount}/config/urls",
+        client.logical.write("#{intermediate_ca_mount}/config/urls",
                             issuing_certificates: "{{cluster_aia_path}}/issuer/{{issuer_id}}/der",
                             crl_distribution_points: "{{cluster_aia_path}}/issuer/{{issuer_id}}/crl/der",
                             ocsp_servers: "{{cluster_path}}/ocsp",
                             enable_templating: true)
-      rescue Vault::HTTPError => e
+      rescue ::Vault::HTTPError => e
         Rails.logger.error "Unable to configure intermediate_cert: #{e}"
       end
+
+
     end
   end
 end