Page MenuHomeDevCentral
Differential D3302

Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path
ClosedPublic
Actions

Authored by dereckson on Jan 28 2024, 19:11.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 9, 04:24
Unknown Object (File)
Thu, May 8, 20:50
Unknown Object (File)
Thu, May 8, 09:49
Unknown Object (File)
Thu, May 8, 03:45
Unknown Object (File)
Wed, May 7, 20:30
Unknown Object (File)
Wed, May 7, 17:11
Unknown Object (File)
Sun, May 4, 10:29
Unknown Object (File)
Sat, May 3, 09:52
View All Files
Subscribers
None

Details

Reviewers
dereckson
ledesillusionniste
Maniphest Tasks
T930: Secrets to migrate from DevCentral to Vault
Commits
rOPS2fc953ee6496: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path
Summary

Zemke-Rhyne secrets have been migrated to Vault under ops/secrets/<old name>.

Vault offers a concept of path to organize secrets a hierarchical way,
while under Zemke-Rhyne, the name of the secret used dots.

Ref T930

Test Plan

Refresh Vault policies, deploy a service on PaaS Docker

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Passed
Unit
No Test Coverage
Branch
credentials-migrate
Build Status
Buildable 5232
Build 5513: arc lint + arc unit

Event Timeline

dereckson created this revision.Jan 28 2024, 19:11
Herald added a reviewer: ledesillusionniste. · View Herald TranscriptJan 28 2024, 19:11

This change touches Wolfplex files. As such, administrative approval is needed from Wolfplex technical contact.

Harbormaster completed remote builds in B5231: Diff 8500.Jan 28 2024, 19:11
dereckson requested review of this revision.Jan 28 2024, 19:11
dereckson added a comment.Jan 28 2024, 19:14
In D3302#50408, @Herald wrote:

This change touches Wolfplex files. As such, administrative approval is needed from Wolfplex technical contact.

The change is only technical from Vault perspective: secrets were stored in ops/secrets/<former Zemke-Rhyne name>,
and have now been migrated to new paths using a slash ("/") as separator instead of a dot (".").

For Wolfplex files, it's indeed now needed to use ops/secrets/nasqueron/etherpad/api to get Etherpad API key.

Credentials for Wolfplex are now all located in ops/secrets/wolfplex/.

dereckson accepted this revision.Jan 28 2024, 19:16
This revision is now accepted and ready to land.Jan 28 2024, 19:16
dereckson updated this revision to Diff 8501.Jan 28 2024, 19:25

Consolidate dot and slash sections in credentials pillar.

Harbormaster completed remote builds in B5232: Diff 8501.Jan 28 2024, 19:25
Closed by commit rOPS2fc953ee6496: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path (authored by dereckson). · Explain WhyJan 28 2024, 19:26
This revision was automatically updated to reflect the committed changes.
dereckson added a commit: rOPS2fc953ee6496: Migrate former Zemke-Rhyne secrets from a.b.c to a/b/c path.
dereckson mentioned this in P349 credentials-repo-replace.py.Jan 28 2024, 19:31

Revision Contents
Changeset List

PathSize
pillar/
credentials/
99 lines
notifications/
12 lines
opensearch/
4 lines
paas/
docker/
docker-002/
2 lines
34 lines
8 lines
dwellers/
4 lines
2 lines
saas/
2 lines
roles/
vault/
policies/
files/
4 lines
viperserv/
eggdrop/
2 lines
webserver-content/
org/
wolfplex/
2 lines

Diff 8501

View Options

pillar/credentials/vault.sls

Loading...
View Options

pillar/notifications/config.sls

Loading...
View Options

pillar/opensearch/clusters.sls

Loading...
View Options

pillar/paas/docker/docker-002/etherpad.sls

Loading...
View Options

pillar/paas/docker/docker-002/main.sls

Loading...
View Options

pillar/paas/docker/docker-002/sentry.sls

Loading...
View Options

pillar/paas/docker/dwellers/main.sls

Loading...
View Options

pillar/paas/docker/dwellers/notifications.sls

Loading...
View Options

pillar/saas/rabbitmq.sls

Loading...
View Options

roles/vault/policies/files/sentry.hcl

Loading...
View Options

roles/viperserv/eggdrop/config.sls

Loading...
View Options

roles/webserver-content/org/wolfplex/api.sls

Loading...
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator