Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Vault Dockerfile and TRG 4.06 #247

Closed
tom-rm-meyer-ISST opened this issue Aug 31, 2023 · 8 comments · Fixed by eclipse-tractusx/eclipse-tractusx.github.io#370
Closed

Vault Dockerfile and TRG 4.06 #247

tom-rm-meyer-ISST opened this issue Aug 31, 2023 · 8 comments · Fixed by eclipse-tractusx/eclipse-tractusx.github.io#370
Assignees
Labels

Comments

@tom-rm-meyer-ISST
Copy link

tom-rm-meyer-ISST commented Aug 31, 2023

Is your support request related to a problem? Please describe.
Hi, I use the vault image as base image to spin up a vault and put the keys for my connectors.
According to TRG 4.06 this image is not part of the trusted base images.

Describe the solution you'd like
I see two ways to handle this:

  • don't use the vault as base image and find another way to achieve this (current ideais to put via second container using alpine image)
  • add the vault image to the accepted base images
  • don't use vault for docker-compose

Additional context
I created a local docker-compose for easier local deployment and also for easier migration to updated edc versions.
For this compose I use a vault (older version to not run into the license issue).
This PR uses this approach. Please refer to local/docker-conpose and local/vault/Dockerfile.

@tomaszbarwicki
Copy link
Contributor

H @tom-rm-meyer-ISST, we may want to add it to accepted base images after consultation with EF, can you please provide full link to the image you use/plan to use?

@tom-rm-meyer-ISST
Copy link
Author

tom-rm-meyer-ISST commented Sep 1, 2023

Hi Tomasz! According to docker hub the latest version is vault:1.13.3 which is OK regarding licensing. I also discussed the issue in the office hours and therefore created a PR to add the image to TRG 4.06. Further checks by EF are welcome.

@SebastianBezold
Copy link
Contributor

HI @tom-rm-meyer-ISST,

I can see there hasn't been a lot of movement on this issue. Could you maybe elaborate a bit more on your usecase?

For background:

We are currently sharpening the TRG formulations. The text is not there yet, but for example, the aligned base images are "only" relevant for published docker images. This means only the images we build on our own and then publish it to DockerHub.

In case you are only using an existing Docker image, you are not affected by our checks. If you do create your own image based on HashiCorp Vault, you can still consider, you would need to publish it.

There will be a new feature for our automated release guideline checks, that allows you to exclude images, that are not published. I'll keep you posted on when this will be available.

If you are building your own image based on HashiCorp vault and you are publishing it, then i'll try to think about a solution for our automated checks. Right now we do not take tags into account, but maybe that's a good addition anyways

@tom-rm-meyer-ISST
Copy link
Author

Ok, we don't publish the image. We just use it for means of having a local deployment for integration testing.

Actually I wanted to join tomorrows offic hour for this topic. If I remember correctly, @hzierer was aware of a fork of the HashiCorp vault that didn't yet have a container image published.

But overall: I as a team only use it for local testing. The EDC team does publish a helm chart with the hashicorp vault - is that something we need to remain aware of?

@SebastianBezold
Copy link
Contributor

Hi @tom-rm-meyer-ISST,

in general, we need to be aware of the issue, because we need to care about open source governance. In Vault's case, we cannot use newer versions, that are licensed under BSL. So we will need to reconsider the HashiCorp Vault usage and find alternatives. I cannot speak for the EDC team, but I could imagine, they need to drop support for HashiCorp Vault in the future.
I'm not aware of an open source fork of Vault. I'm just aware of the Terraform fork OpenTofu

@tom-rm-meyer-ISST
Copy link
Author

Well, then from my side we could close this PR as we don't see a real need.

@SebastianBezold
Copy link
Contributor

Ok cool. Like I mentioned earlier, we will also clarify the purpose of the aligned base images in the TRG. We can also take that to tomorrows office hour like you suggested. I guess we won't be that many though, since it seems to be vacation week :)

I'll close this issue here too for now, but feel free to re-open it at any time in case there is related questions

@kvendingoldo
Copy link

btw. you can also integrate tenv that support Terraform as well as OpenTofu (and Terragrunt :) ) in one tool. It allow you to simplify version management.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants