Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor security-bootstrapper Vault's Consul Secret Engine APIs using go-mod-secret (yet to be created) #3227

Closed
jim-wang-intel opened this issue Mar 4, 2021 · 1 comment · Fixed by #4193
Closed

Refactor security-bootstrapper Vault's Consul Secret Engine APIs using go-mod-secret (yet to be created) #3227

jim-wang-intel opened this issue Mar 4, 2021 · 1 comment · Fixed by #4193
Assignees
@bnevis-i
Labels
1-low priority denoting isolated changes security-services tech-debt issue_type denoting refactoring to improve design or removal of temporary workarounds
Projects
Security WG - Secure Consul Security WG
Milestone
Levski

Comments

@jim-wang-intel
Copy link
Contributor

jim-wang-intel commented Mar 4, 2021
edited
Loading

🚀 Feature Request

Relevant Package

This feature request is for security-bootsrapper's subcommands to use go-mod-secret's API for Vault's SecretEngine API in future.

Description

A clear and concise description of the problem or missing capability...

Currently, the Vault's Consul Secret Engine APIs are locally coded in edgex-go. It would be nice to move these APIs to go-mod-secret and refactor the code to use them (not exists yet today).

(Please provide reference to the code to be moved/refactored)

Describe the solution you'd like

If you have a solution in mind, please describe it.

Move Vault's Consul Secret Engine APIs to go-mod-secret. This refactor can be done after phase 2 of Securing Consul is done so that we can refactor all Vault's Consul Secret Engine APIs into go-mod-secret module in one scoop.

Change Details

Specifically, the Vault-Consul secret engine APIs used in consul-bootstrapper in this code:

  1. https://github.com/edgexfoundry/edgex-go/blob/main/internal/security/bootstrapper/command/setupacl/command.go#L654-L708 and
  2. https://github.com/edgexfoundry/edgex-go/blob/main/internal/security/bootstrapper/command/setupacl/aclroles.go#L85-L137

could be refactored and modulized into go-mod-secrets as part of SecretStoreClient interfaces: https://github.com/edgexfoundry/go-mod-secrets/blob/main/secrets/interfaces.go#L54-L69.

Describe alternatives you've considered

Have you considered any alternative solutions or workarounds?
@jim-wang-intel jim-wang-intel added security-services tech-debt issue_type denoting refactoring to improve design or removal of temporary workarounds 1-low priority denoting isolated changes labels Mar 4, 2021
@jim-wang-intel jim-wang-intel added this to Phase 1 - To do in Security WG - Secure Consul via automation Mar 4, 2021
@jim-wang-intel jim-wang-intel moved this from Phase 1 - To do to Phase 2 - To do in Security WG - Secure Consul Mar 4, 2021
@jim-wang-intel jim-wang-intel mentioned this issue Mar 4, 2021
Merged
3 tasks
@jim-wang-intel jim-wang-intel moved this from Phase 2 - To do to Phase 3 - To do in Security WG - Secure Consul Apr 29, 2021
@bnevis-i bnevis-i added this to the Jakarta milestone Jun 23, 2021
@bnevis-i bnevis-i removed this from the Jakarta milestone Oct 6, 2021
@bnevis-i bnevis-i added this to the Levski milestone May 19, 2022
@bnevis-i
Copy link
Collaborator

Replanned for Levski in Levski planning 5/19/2022

@bnevis-i bnevis-i added this to New Issues in Security WG via automation Sep 13, 2022
@bnevis-i bnevis-i moved this from New Issues to Release Backlog in Security WG Sep 13, 2022
@bnevis-i bnevis-i moved this from Release Backlog to In progress in Security WG Sep 22, 2022
@bnevis-i bnevis-i self-assigned this Sep 22, 2022
@bnevis-i bnevis-i moved this from Phase 3 - To do to In progress in Security WG - Secure Consul Sep 27, 2022
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Sep 27, 2022
@ItsRico
refactor: moving consul access and role interface
4bf73d9 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
@bnevis-i bnevis-i moved this from In progress to QA/Code Review in Security WG Oct 12, 2022
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 12, 2022
@ItsRico
refactor: moving consul access and role interface
7bb2893 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 12, 2022
@ItsRico
refactor: moving consul access and role interface
fd852b8 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
@ItsRico ItsRico mentioned this issue Oct 12, 2022
Merged
1 task
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 12, 2022
@ItsRico
refactor: moving consul access and role interface
c5cff6f 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 12, 2022
@ItsRico
refactor: moving consul access and role interface
cdf811a 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
@bnevis-i bnevis-i moved this from In progress to Review in progress in Security WG - Secure Consul Oct 12, 2022
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 18, 2022
@ItsRico
refactor: moving consul access and role interface
7bb1638 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 19, 2022
@ItsRico
refactor: moving consul access and role interface
1b1fe8f 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 19, 2022
@ItsRico
refactor: moving consul access and role interface
0b38361 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 19, 2022
@ItsRico
refactor: moving consul access and role interface
aed9121 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 19, 2022
@ItsRico
refactor: moving consul access and role interface
3e94568 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 19, 2022
@ItsRico
refactor: moving consul access and role interface
5b88078 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
ItsRico added a commit to ItsRico/edgex-go that referenced this issue Oct 19, 2022
@ItsRico
refactor: moving consul access and role interface
39e5983 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: edgexfoundry#3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
Security WG automation moved this from QA/Code Review to Done Oct 19, 2022
bnevis-i pushed a commit that referenced this issue Oct 19, 2022
@ItsRico
refactor: moving consul access and role interface (#4193)
5b680ce 
Moving configureConsulAccess and createRole to go-mod-secrets to
consolidate consul API.

Closes: #3227

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>

Signed-off-by: Rico Chavez-Lopez <rchavezlopez@ucdavis.edu>
Security WG - Secure Consul automation moved this from Review in progress to Done Oct 19, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bnevis-i bnevis-i

Labels
1-low priority denoting isolated changes security-services tech-debt issue_type denoting refactoring to improve design or removal of temporary workarounds
Projects
No open projects
Security WG
  
Done
Security WG - Secure Consul
Done
Milestone
Levski
Development

Successfully merging a pull request may close this issue.

refactor: moving consul access and role interface ItsRico/edgex-go
2 participants
@bnevis-i @jim-wang-intel