Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add vault-kv interface #97

Merged
merged 13 commits into from
Sep 13, 2023
Merged

add vault-kv interface #97

merged 13 commits into from
Sep 13, 2023

Conversation

gboutry
Copy link
Contributor

@gboutry gboutry commented Aug 18, 2023

Add vault-kv interface

vault-kv reflects the interface purpose better than `secrets`
@gboutry gboutry changed the title add secrets interface add vault-kv interface Aug 18, 2023
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/schema.py Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
Vault documentation refers to kv_mountpoint as `mounts`, let's reflect
that in the relation data.

A `mount` shall respect the following pattern:
charm-<requirer app>-<user provided suffix>
Credentials intermediate class is unnecessary.

Fix typo in databag example
@jnsgruk
Copy link
Member

jnsgruk commented Aug 24, 2023

Looks like we need an entry in the top-level README too :)

README.md Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
Refactor credentials: role_id and role_secret_id will be passed as a
Juju secret.
Elaborate on egress_subnet: usage of role_id and role_secret_id is
restricted to unit's egress_subnet, meaning only the designated can use
this tuple of credentials.
Change category: Move `vault-kv` from Storage to Security
Renaming role_id to role-id and role_secret_id to role-secret-id
gboutry added a commit to gboutry/vault-k8s-operator that referenced this pull request Aug 25, 2023
Refactoring vault-kv interface based on comments from
canonical/charm-relation-interfaces#97

Added unit tests for charm behavior
Added unit tests for vault-kv interface
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
interfaces/vault_kv/v0/README.md Outdated Show resolved Hide resolved
In case of CMRs, the provider will see an obfuscated name for an unit,
which will cause the requiring to fail fetching its credentials from the
relation.

A requiring unit has to provide a unique string that will be used to
store the secret in the relation data, allowing this unit to fetch the
secret at a later time.

Rename <user provided suffix> to <requirer provided suffix>.
@simskij simskij dismissed gruyaume’s stale review September 13, 2023 08:19

Addressed by Ghislain

@simskij simskij merged commit cc5941d into canonical:main Sep 13, 2023
5 checks passed
@gboutry gboutry deleted the feat/vault-kv branch September 13, 2023 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants