Page MenuHomeDevCentral
Differential D3987

Allow all servers to read IPsec in Vault
AcceptedPublic
Actions

Authored by Duranzed on Mon, Mar 2, 18:15.
Tags
None
Referenced Files
F24659392: D3987.id10341.diff
Tue, Mar 3, 17:40
Unknown Object (File)
Tue, Mar 3, 10:52
Unknown Object (File)
Tue, Mar 3, 09:40
Unknown Object (File)
Mon, Mar 2, 22:12
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T2268: Configure IPsec tunnels on Saltstack
Summary

Allow to add to every node policy keys from the new pillar entry
vault_secrets_ubiquity.

Ref T2268

Test Plan

salt complector state.sls_id salt-node-cloudhugger roles/vault/policies test=True

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
strongswan
Build Status
Buildable 6389
Build 6673: arc lint + arc unit

Event Timeline

Duranzed requested review of this revision.Mon, Mar 2, 18:15
Duranzed created this revision.
Harbormaster completed remote builds in B6389: Diff 10341.Mon, Mar 2, 18:15
Duranzed edited the summary of this revision. (Show Details)Mon, Mar 2, 18:17
Duranzed added a task: T2268: Configure IPsec tunnels on Saltstack .
Duranzed added a comment.Mon, Mar 2, 18:20
$ sudo salt complector state.sls_id salt-node-cloudhugger roles/vault/policies test=True
complector:
----------
          ID: salt-node-cloudhugger
    Function: vault.policy_present
      Result: None
     Comment: Policy would be changed
     Started: 18:09:21.668208
    Duration: 841.275 ms
     Changes:   
              ----------
              salt-node-cloudhugger:
                  ----------
                  change:
                      --- 
                      +++ 
                      @@ -10,3 +10,7 @@
                       path "ops/data/secrets/nasqueron/opensearch/infra-logs/internal_users/dashboards" {
                           capabilities = [ "read" ]
                       }
                      +
                      +path "ops/data/secrets/network/ipsec/key" {
                      +    capabilities = [ "read" ]
                      +}

Summary for complector
------------
Succeeded: 1 (unchanged=1, changed=1)
Failed:    0
------------
Total states run:     1
Total run time: 841.275 ms
dereckson retitled this revision from Vault configuration to read ipsec key to Allow all servers to read IPsec in Vault.Wed, Mar 4, 07:01
dereckson edited the summary of this revision. (Show Details)
dereckson edited the test plan for this revision. (Show Details)
dereckson accepted this revision.Wed, Mar 4, 07:03
This revision is now accepted and ready to land.Wed, Mar 4, 07:03
dereckson mentioned this in D3988: Configure strongSwan as IPsec implementation.Wed, Mar 4, 07:14

Revision Contents
Changeset List

PathSize
_modules/
9 lines
pillar/
credentials/
6 lines

Diff 10341

View Options

_modules/credentials.py

Loading...
View Options

pillar/credentials/vault.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator