Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bring intermediate CA setup into the app #35

Merged
merged 41 commits into from
Sep 24, 2024
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
a917c5f
WIP for kv support
suprjinx Sep 17, 2024
9a24f7d
move models/CertIssueRequest -> lib/requests; add new request
suprjinx Sep 17, 2024
094d2ae
Fix test which wasn't really running
suprjinx Sep 17, 2024
9da9d9f
WIP for create secret
suprjinx Sep 17, 2024
913e61b
WIP for write and read KV
suprjinx Sep 17, 2024
f261fd3
Add delete method for kv; updated README
suprjinx Sep 18, 2024
f44d438
Fix lints
suprjinx Sep 18, 2024
88ce4b3
Streamline some testing bits, add destroy_secret kv support
suprjinx Sep 18, 2024
8fbc730
Compact logging payload, rename AuthorizeRequest ->
suprjinx Sep 18, 2024
1e6dfe9
Fix test
suprjinx Sep 19, 2024
acaad4a
Refactor interactors to use parent class with logging helper -- to
suprjinx Sep 19, 2024
98e39b5
cosmetic changes
suprjinx Sep 19, 2024
9192a7e
revert rake task change
suprjinx Sep 19, 2024
6cd0b82
add test for secret_request
suprjinx Sep 19, 2024
c69d5c3
get the kv engine mount from config
suprjinx Sep 19, 2024
a9abae3
Remove bit about using dockerhub
suprjinx Sep 19, 2024
af2e397
Log instead of puts
suprjinx Sep 19, 2024
219787b
move intermediate CA setup from rake task to app
suprjinx Sep 19, 2024
b19ef08
Merge branch 'main' into ca-setup
suprjinx Sep 20, 2024
41b8ce1
Fix merge error
suprjinx Sep 20, 2024
eb77b39
Vault intermediate setup in Clients::Vault
suprjinx Sep 20, 2024
ae17288
issue correct cert path
suprjinx Sep 20, 2024
ece6f54
Fix CI
suprjinx Sep 20, 2024
b87edbe
fix lints
suprjinx Sep 20, 2024
8731e61
uncomment
suprjinx Sep 20, 2024
ce5f9d4
Don't need config for intermediate, it's created by the app
suprjinx Sep 20, 2024
394ad29
Don't need config for kv mount, it's created by the app
suprjinx Sep 20, 2024
67cce6c
Move vault client methods into separate files
suprjinx Sep 23, 2024
b6900cf
add test for kv mount configuration
suprjinx Sep 23, 2024
38049bd
add test for pki/cert configuration
suprjinx Sep 23, 2024
dacca54
fix ci?
suprjinx Sep 23, 2024
a392f9a
fix ci?
suprjinx Sep 23, 2024
a1d5693
deflake test
suprjinx Sep 23, 2024
b8ea898
Try to no-cache the devcontainer
suprjinx Sep 23, 2024
cf637a6
pause before reading back kv
suprjinx Sep 23, 2024
0a6c26e
restore secrets_test to previous
suprjinx Sep 24, 2024
bc1b1bd
put a seperate key for each operation
suprjinx Sep 24, 2024
8934bd6
try changing up the compose file
suprjinx Sep 24, 2024
c7ee265
try configuring the engines only once (maybe race in tests)
suprjinx Sep 24, 2024
4c5d5ea
Try vault setup first
suprjinx Sep 24, 2024
54cc766
Seems to be an error pushing devcontainer still
suprjinx Sep 24, 2024
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
get the kv engine mount from config
  • Loading branch information
suprjinx committed Sep 19, 2024
commit c69d5c360d2ec605ad7a58ddcfa94ea937f350a0
3 changes: 1 addition & 2 deletions app/lib/services/vault_service.rb
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,7 @@ def enable_engine(mount, type)
end

def kv_mount
# TODO should this be dynamic based on identity?
"astralkv"
Rails.configuration.astral[:vault_kv_mount]
end
end
end
Expand Down
1 change: 1 addition & 0 deletions config/astral.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ shared:
vault_addr: <%= ENV["VAULT_ADDR"] %>
vault_token: <%= ENV["VAULT_TOKEN"] %>
vault_cert_path: "pki_int/issue/learn"
vault_kv_mount: <%= ENV["VAULT_KV_MOUNT"] || "astralkv" %>
jwt_signing_key: <%= ENV["JWT_SIGNING_KEY"] %>
cert_ttl: <%= ENV["CERT_TTL"] %>
app_registry_addr: <%= ENV["APP_REGISTRY_ADDR"] %>
Expand Down