Reorganize app/ and add script for secret management #29

Merged
quentin merged 5 commits from test_reorganize into master 2021-01-18 07:18:23 +00:00
Owner

In app/, we now have one folder for each Deuxfleurs module.

These folder contain the following hierarchy:

  • <module>/build/<image_name>/: folders with dockerfiles and other necessary resources for building container images
  • <module>/config/: folder containing configuration files, referenced by deployment file
  • <module>/secrets/: folder containing secrets, which can be synchronized with Consul using secretmgr.py
  • <module>/deploy/: folder containing the HCL file(s) necessary for deploying the module
  • <module>/integration/: folder containing files for integration testing using docker-compose

This is the documentation of secretmgr.py, which is also in the file secretmgr.py itself:

Functionnalities:

- check that secrets are correctly configured
- help user fill in secrets
- create LDAP service users and fill in corresponding secrets
- maybe one day: manage SSL certificates and keys

It uses files placed in <module_name>/secrets/* to know what secrets
it should handle. These secret files contain directives for what to do
about these secrets.

Example directives:

USER <description>
(a secret that must be filled in by the user)

USER_LONG <description>
(the same, indicates that the secret fits on several lines)

CMD <command>
(a secret that is generated by running this command)

CONST <constant value>
(the secret has a constant value set here)

CONST_LONG
<constant value, several lines>
(same)

SERVICE_DN <service name> <service description>
(the LDAP DN of a service user)

SERVICE_PASSWORD <service name>
(the LDAP password for the corresponding service user)

SSL_CERT <cert name> <list of domains>
(a SSL domain for the given domains)

SSL_KEY <cert name>
(the SSL key going with corresponding certificate)

RSA_PUBLIC_KEY <key name> <key description>
(a public RSA key)

RSA_PRIVATE_KEY <key name>
(the corresponding private RSA key)
In app/, we now have one folder for each Deuxfleurs module. These folder contain the following hierarchy: - `<module>/build/<image_name>/`: folders with dockerfiles and other necessary resources for building container images - `<module>/config/`: folder containing configuration files, referenced by deployment file - `<module>/secrets/`: folder containing secrets, which can be synchronized with Consul using `secretmgr.py` - `<module>/deploy/`: folder containing the HCL file(s) necessary for deploying the module - `<module>/integration/`: folder containing files for integration testing using docker-compose This is the documentation of `secretmgr.py`, which is also in the file `secretmgr.py` itself: ``` Functionnalities: - check that secrets are correctly configured - help user fill in secrets - create LDAP service users and fill in corresponding secrets - maybe one day: manage SSL certificates and keys It uses files placed in <module_name>/secrets/* to know what secrets it should handle. These secret files contain directives for what to do about these secrets. Example directives: USER <description> (a secret that must be filled in by the user) USER_LONG <description> (the same, indicates that the secret fits on several lines) CMD <command> (a secret that is generated by running this command) CONST <constant value> (the secret has a constant value set here) CONST_LONG <constant value, several lines> (same) SERVICE_DN <service name> <service description> (the LDAP DN of a service user) SERVICE_PASSWORD <service name> (the LDAP password for the corresponding service user) SSL_CERT <cert name> <list of domains> (a SSL domain for the given domains) SSL_KEY <cert name> (the SSL key going with corresponding certificate) RSA_PUBLIC_KEY <key name> <key description> (a public RSA key) RSA_PRIVATE_KEY <key name> (the corresponding private RSA key) ```
lx added 3 commits 2021-01-16 19:09:13 +00:00
quentin added 1 commit 2021-01-18 07:06:42 +00:00
quentin added 1 commit 2021-01-18 07:09:13 +00:00
quentin merged commit ad6017eea0 into master 2021-01-18 07:18:23 +00:00
quentin deleted branch test_reorganize 2021-01-18 07:18:41 +00:00
This repo is archived. You cannot comment on pull requests.
No reviewers
No milestone
No project
No assignees
2 participants
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/infrastructure#29
No description provided.