-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Initial support for wan fed using Vault as secrets backend #1016
Conversation
bf10149
to
1c03ab2
Compare
1c03ab2
to
b342d8c
Compare
"policies": fmt.Sprintf("consul-gossip,connect-ca,consul-server-%s", datacenter), | ||
"ttl": "24h", | ||
} | ||
_, err = vaultClient.Logical().Write(fmt.Sprintf("auth/%s/role/consul-server", authPath), params) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No changes needed but I am thinking ahead to the documentation and wondering what you think about us suggesting that the server roles also have DC appended to help the user visually? Thoughts?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤔 we could do that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks great! I love the cleanup and refactor of the setup stages for Vault, this is exactly how I'd envisioned it coming together once we started adding new test files!
I've left just a couple non-blocking comments!
Great work!
b342d8c
to
64cb04f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is very impressive!! have a few questions but they are not blockers
// connectCAPolicy allows Consul to bootstrap all certificates for the service mesh in Vault. | ||
// Adapted from https://www.consul.io/docs/connect/ca/vault#consul-managed-pki-paths. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🙏
64cb04f
to
d1c08cd
Compare
Fork PRs don't have access to the enterprise license secret.
Changes proposed in this PR:
This is initial support for the Consul WAN federation which includes only gossip and TLS credentials. Other credentials will be added in a separate PR.
How I've tested this PR:
acceptance tests
How I expect reviewers to test this PR:
👀
Checklist:
CHANGELOG entry added(will be added as one entry in the last PR in the wan federation with vault series)