Skip to content

Add support for multiple secret namespaces#96

Merged
cezmunsta merged 17 commits into
masterfrom
namespaces
Sep 28, 2022
Merged

Add support for multiple secret namespaces#96
cezmunsta merged 17 commits into
masterfrom
namespaces

Conversation

@cezmunsta
Copy link
Copy Markdown
Owner

@cezmunsta cezmunsta commented Sep 28, 2022

By adding support for multiple namespaces, it is possible to provide
access control for larger groups where a single namespace either
becomes too verbose, or simply allows visibility to information that
would be hidden by preference. Using different Vault policies will
allow both of these to be addressed.

  • Added --namespace option to allow for filtering when multiple
    namespaces are available to the user, adding
    config.Settings.NameSpace to store it at runtime.
  • Updated cmd.getVersion to display the configured SecretPath
    items in verbose mode
  • Added cmd.getSecretPath to iterate namespaces and updated
    references to call it in place of using cfg.SecretPath
  • Updated cmd.getConnections to accept a slice of secrets
  • Updated vault.ListSecrets to iterate over the available
    namespaces, returning a slice of secrets instead of a single
    secret
  • Updated vault.ListSecret to return secrets and errors when
    an error exists, allowing a check on number of secrets
  • Updated cmd.getConnections to check the number of secrets when
    listing
  • Tweaked dev-vault bootstrap
  • Minor formatting & linting

Resolves #83

cezmunsta added 17 commits March 8, 2022 23:06
@cezmunsta
Add support for multiple secret namespaces
a75f74e 
By adding support for multiple namespaces, it is possible to provide
access control for larger groups where a single namespace either
becomes too verbose, or simply allows visibility to information that
would be hidden by preference. Using different Vault policies will
allow both of these to be addressed.

* Added `--namespace` option to allow for filtering when multiple
  namespaces are available to the user, adding
  `config.Settings.NameSpace` to store it at runtime.
* Updated `cmd.getVersion` to display the configured `SecretPath`
  items in verbose mode
* Added `cmd.getSecretPath` to iterate namespaces and updated
  references to call it in place of using `cfg.SecretPath`
* Updated `cmd.getConnections` to accept a slice of secrets
* Updated `vault.ListSecrets` to iterate over the available
  namespaces, returning a slice of secrets instead of a single
  secret
* Minor formatting & linting

Resolves #83
@cezmunsta
Updated unit tests
3557dab
@cezmunsta
Updated Makefile and dev script
0ecc611
@cezmunsta
Improved debug build
8483699
@cezmunsta
Add namespace to show and list, display namespaces as list
8299235
@cezmunsta
Conditional call of getSecretPath()
dfb327c
@cezmunsta
Add support for multiple secret namespaces
09d0b56 
By adding support for multiple namespaces, it is possible to provide
access control for larger groups where a single namespace either
becomes too verbose, or simply allows visibility to information that
would be hidden by preference. Using different Vault policies will
allow both of these to be addressed.

* Added `--namespace` option to allow for filtering when multiple
  namespaces are available to the user, adding
  `config.Settings.NameSpace` to store it at runtime.
* Updated `cmd.getVersion` to display the configured `SecretPath`
  items in verbose mode
* Added `cmd.getSecretPath` to iterate namespaces and updated
  references to call it in place of using `cfg.SecretPath`
* Updated `cmd.getConnections` to accept a slice of secrets
* Updated `vault.ListSecrets` to iterate over the available
  namespaces, returning a slice of secrets instead of a single
  secret
* Minor formatting & linting

Resolves #83
@cezmunsta
Updated unit tests
7b14819
@cezmunsta
Updated Makefile and dev script
3c02a31
@cezmunsta
Improved debug build
8a62585
@cezmunsta
Add namespace to show and list, display namespaces as list
4e7dc1b
@cezmunsta
Conditional call of getSecretPath()
8a8d6a9
@cezmunsta
Tweaked dev-vault helpers
eb2f491
@cezmunsta
Merge branch 'namespaces' of github.com:cezmunsta/ssh_ms into namespaces
fe4f9ea
@cezmunsta
Allow partial access
6b21f8e 
When multiple namespaces are configured, it is possible that
a user does not have access to all namespaces. In such a scenario,
so long as at least one is successful, we will skip over the
failures.

* Updated `vault.ListSecret` to return secrets _and_ errors when
  an error exists, allowing a check on number of secrets
* Updated `cmd.getConnections` to check the number of secrets when
  listing
@cezmunsta
Updated policy-min
227fca5
@cezmunsta
Updated README for namespaces
2a79209
@cezmunsta cezmunsta added the enhancement New feature or request label Sep 28, 2022
@cezmunsta cezmunsta self-assigned this Sep 28, 2022
@cezmunsta cezmunsta merged commit 7e1686d into master Sep 28, 2022
@cezmunsta cezmunsta deleted the namespaces branch September 28, 2022 21:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@cezmunsta cezmunsta

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add support for multiple secret namespaces

1 participant

@cezmunsta