Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add TLS certificate auth for HashiCorp Vault #14691

Closed
wants to merge 8 commits into from
Closed

Add TLS certificate auth for HashiCorp Vault #14691

wants to merge 8 commits into from

Conversation

TheRealHaoLiu
Copy link
Member

SUMMARY

based on #14534

ISSUE TYPE
  • New or Enhanced Feature
COMPONENT NAME
  • API
AWX VERSION
awx: 23.5.1.dev7+gf2f7d18cf9
ADDITIONAL INFORMATION

marbindrakon and others added 6 commits November 8, 2023 10:48
@marbindrakon
Add TLS certificate auth for HashiCorp Vault
813267a 
Add support for AWX to authenticate with HashiCorp Vault using
TLS client certificates.

Also updates the documentation for the HashiCorp Vault secret management
plugins to include both the new TLS options and the missing Kubernetes
auth method options.

Signed-off-by: Andrew Austin <[email protected]>
@marbindrakon
Refactor docker-compose vault for TLS cert auth
5c07701 
Add TLS configuration to the docker-compose Vault configuration and
use that method by default in vault plumbing.

This ensures that the result of bringing up the docker-compose stack
with vault enabled and running the plumb-vault playbook is a fully
working credential retrieval setup using TLS client cert authentication.

Signed-off-by: Andrew Austin <[email protected]>
@marbindrakon @TheRealHaoLiu
Remove incorrect trailing space
332395d 
Co-authored-by: Hao Liu <[email protected]>
@rebeccahhh
Merge branch 'devel' into devel
2db0f1e
@marbindrakon
Merge branch 'devel' into devel
a69e83b
@TheRealHaoLiu
Make vault init idempotent
ca1799d 
- improve error handling for vault_initialization
- ignore error if vault cert auth is already configured
- removed unused register
@TheRealHaoLiu TheRealHaoLiu mentioned this pull request Nov 28, 2023
Merged
@TheRealHaoLiu
Add VAULT_TLS option
cc51ac5 
Make TLS for HashiCorp Vault optional and configurable via VAULT_TLS env var
@TheRealHaoLiu
Add retries for vault init
0bd7418 
Sometime it took longer for vault to fully come up and init will fail
@TheRealHaoLiu
Copy link
Member Author

im gonna commit this into the original PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chrismeyersfsu chrismeyersfsu chrismeyersfsu approved these changes

@AlanCoding AlanCoding Awaiting requested review from AlanCoding

@john-westcott-iv john-westcott-iv Awaiting requested review from john-westcott-iv

Assignees
No one assigned
Labels
component:api component:docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@TheRealHaoLiu @chrismeyersfsu @marbindrakon @rebeccahhh