Fixes #12865: Vault plugin : Add a variable_from_vault generic method. #65
Conversation
victorqrt
force-pushed
the
ust_12865/vault_plugin_add_a_variable_from_vault_generic_method
branch
from
be14573
to
6d53dcd
Compare
vault/packaging/postinst
Outdated
| @@ -0,0 +1,3 @@ | |||
| #!/bin/sh | |||
| cp -a /opt/rudder/share/plugins/vault/usr/share/ncf/tree /usr/share/ncf/ | |||
There was a problem hiding this comment.
@ncharles do you think we should put it with CFEgine stubs for dsc methods instead?
There was a problem hiding this comment.
yes, because if we put it in /usr/share/ncf, it'll be erased at ncf upgrade
|
|
||
| pass2.vault_reachable:: | ||
| "vault.auth_token" string => "${data_output[auth][client_token]}", | ||
| ifvarclass => isvariable("data_output[auth][client_token]"); |
There was a problem hiding this comment.
We should display an error message if the config is not defined
| # @description Gets a key-value dictionnary from Vault given the secret path | ||
| # | ||
| # @documentation | ||
| # Vault |
There was a problem hiding this comment.
you'll need to improve a bit the documentation
victorqrt
force-pushed
the
ust_12865/vault_plugin_add_a_variable_from_vault_generic_method
branch
from
6d53dcd
to
0fc63ae
Compare
|
Commit modified |
| cp -a /opt/rudder/share/plugins/vault/* /var/rudder/configuration-repository/ncf/ | ||
| cd /var/rudder/configuration-repository/ncf/ | ||
| rm sample_vault.json | ||
| git add . && git commit -m "Vault plugin installation" |
There was a problem hiding this comment.
You should probably mention somewhere in the output that there is a sample_vault.json
| # | ||
| ##################################################################################### | ||
|
|
||
| bundle agent vault_fetch_config() |
There was a problem hiding this comment.
could you document here the format of the vault.json file ?
| # @documentation To use the generated variable, you must use the form `${variable_prefix.variable_name}` with each name replaced with the parameters of this method. | ||
| # | ||
| # Access to the vault has to be configured on each agent in /var/rudder/plugin-resources/vault.json. A sample config file is provided in /opt/rudder/share/plugins/vault/sample_vault.json | ||
| # |
There was a problem hiding this comment.
can you specify the success & error case ? that fetching a key is a repair, failing is an error?
|
|
||
| pass3.variable_defined:: | ||
| "success" usebundle => _classes_repaired("${old_class_prefix}"); | ||
| "success" usebundle => _classes_repaired("${class_prefix}"); |
There was a problem hiding this comment.
for the sanity of the person doing maintenance in the futur, could you change the promiser to "repair" ?
|
Commit modified |
victorqrt
force-pushed
the
ust_12865/vault_plugin_add_a_variable_from_vault_generic_method
branch
from
0fc63ae
to
f7a08c0
Compare
| ##################################################################################### | ||
|
|
||
| # Fetches the configuration to be used for this run. | ||
| # The config is located at "config_path". It is a JSON file containing two fields : a server_addr and an auth dictionary. |
There was a problem hiding this comment.
can you paste the sample, so that it'll be easier for users ?
|
Commit modified |
victorqrt
force-pushed
the
ust_12865/vault_plugin_add_a_variable_from_vault_generic_method
branch
from
f7a08c0
to
f81db13
Compare
victorqrt
force-pushed
the
ust_12865/vault_plugin_add_a_variable_from_vault_generic_method
branch
from
f81db13
to
2f0eaa2
Compare
|
This PR breaks qa-test You should run ./qa-test in your repository to make sure it works. |
|
OK, merging this PR |
|
OK, merging this PR |
https://www.rudder-project.org/redmine/issues/12865