Page MenuHomeDevCentral
Differential D3987

Allow all servers to read IPsec in Vault
ClosedPublic
Actions

Authored by Duranzed on Mon, Mar 2, 18:15.
Tags
Referenced Files
Unknown Object (File)
Sat, Mar 21, 00:38
Unknown Object (File)
Fri, Mar 20, 10:29
Unknown Object (File)
Fri, Mar 20, 01:21
Unknown Object (File)
Wed, Mar 18, 16:25
Unknown Object (File)
Wed, Mar 18, 08:52
Unknown Object (File)
Mon, Mar 16, 10:34
Unknown Object (File)
Mon, Mar 16, 01:51
Unknown Object (File)
Mon, Mar 16, 01:29
View All 49 Files
Subscribers
None

Details

Reviewers
dereckson
Maniphest Tasks
T2268: Configure IPsec tunnels on Saltstack
Commits
rOPS7a20ee8b442c: Allow all servers to read IPsec in Vault
Summary

Allow to add to every node policy keys from the new pillar entry
vault_secrets_ubiquity.

Ref T2268

Test Plan

salt complector state.sls_id salt-node-cloudhugger roles/vault/policies test=True

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Duranzed requested review of this revision.Mon, Mar 2, 18:15
Duranzed created this revision.
Harbormaster completed remote builds in B6389: Diff 10341.Mon, Mar 2, 18:15
Duranzed edited the summary of this revision. (Show Details)Mon, Mar 2, 18:17
Duranzed added a task: T2268: Configure IPsec tunnels on Saltstack .
Duranzed added a comment.Mon, Mar 2, 18:20
$ sudo salt complector state.sls_id salt-node-cloudhugger roles/vault/policies test=True
complector:
----------
          ID: salt-node-cloudhugger
    Function: vault.policy_present
      Result: None
     Comment: Policy would be changed
     Started: 18:09:21.668208
    Duration: 841.275 ms
     Changes:   
              ----------
              salt-node-cloudhugger:
                  ----------
                  change:
                      --- 
                      +++ 
                      @@ -10,3 +10,7 @@
                       path "ops/data/secrets/nasqueron/opensearch/infra-logs/internal_users/dashboards" {
                           capabilities = [ "read" ]
                       }
                      +
                      +path "ops/data/secrets/network/ipsec/key" {
                      +    capabilities = [ "read" ]
                      +}

Summary for complector
------------
Succeeded: 1 (unchanged=1, changed=1)
Failed:    0
------------
Total states run:     1
Total run time: 841.275 ms
dereckson retitled this revision from Vault configuration to read ipsec key to Allow all servers to read IPsec in Vault.Wed, Mar 4, 07:01
dereckson edited the summary of this revision. (Show Details)
dereckson edited the test plan for this revision. (Show Details)
dereckson accepted this revision.Wed, Mar 4, 07:03
This revision is now accepted and ready to land.Wed, Mar 4, 07:03
dereckson mentioned this in D3988: Configure strongSwan as IPsec implementation.Wed, Mar 4, 07:14
Duranzed added a project: User-Duranzed.Thu, Mar 5, 12:46
Closed by commit rOPS7a20ee8b442c: Allow all servers to read IPsec in Vault (authored by Duranzed, committed by yousra). · Explain WhyThu, Mar 5, 12:52
This revision was automatically updated to reflect the committed changes.
yousra added a commit: rOPS7a20ee8b442c: Allow all servers to read IPsec in Vault.

Revision Contents
Changeset List

PathSize
_modules/
9 lines
pillar/
credentials/
6 lines

Diff 10384

View Options

_modules/credentials.py

Loading...
View Options

pillar/credentials/vault.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator