aboutsummaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorMike Crute <mike@crute.us>2022-12-21 22:06:29 -0800
committerMike Crute <mike@crute.us>2022-12-21 22:06:29 -0800
commited1504c2826f6a5d406dd72e51f5a90b77ffea45 (patch)
tree159733ceaf63026d36c39117fff6159e6247bed7 /README.md
parente5629fb163c7cf303438afc5be6075299cfc6071 (diff)
downloadcloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.tar.bz2
cloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.tar.xz
cloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.zip
Upgrade to latest golib
Diffstat (limited to 'README.md')
-rw-r--r--README.md19
1 files changed, 16 insertions, 3 deletions
diff --git a/README.md b/README.md
index 1a892a5..ad96813 100644
--- a/README.md
+++ b/README.md
@@ -55,8 +55,10 @@ proxy. You will need:
55 55
56- [Mongodb](https://www.mongodb.com/) 56- [Mongodb](https://www.mongodb.com/)
57- [Vault](https://www.hashicorp.com/products/vault) 57- [Vault](https://www.hashicorp.com/products/vault)
58- [Netbox](https://netbox.dev/)
58- [GitHub Oauth Application](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app) 59- [GitHub Oauth Application](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app)
59- [SSL certificates](https://letsencrypt.org/). 60- [SSL certificates](https://letsencrypt.org/)
61- Internal DNS Service (for LetsEncrypt DNS challenges)
60 62
61Once the requisite infrastructure (see below) is configured, run the binary 63Once the requisite infrastructure (see below) is configured, run the binary
62like so: 64like so:
@@ -66,8 +68,7 @@ VAULT_ROLE_ID="..." \
66VAULT_SECRET_ID="..." \ 68VAULT_SECRET_ID="..." \
67VAULT_ADDR="https://your-vault-addr:8200" \ 69VAULT_ADDR="https://your-vault-addr:8200" \
68 ./cloud-identity-broker \ 70 ./cloud-identity-broker \
69 --mongodb-uri="mongodb://your-mongodb-host:27017/your-db-name?authSource=admin" \ 71 --mongodb-uri="your-vault-path@your-mongodb-host/your-db-name" \
70 --mongodb-vault-path="database/static-creds/your-cred-name" \
71 --github-oauth-vault-path="service/service-name/github-oauth" \ 72 --github-oauth-vault-path="service/service-name/github-oauth" \
72 web 73 web
73``` 74```
@@ -192,10 +193,22 @@ collection. Those records have the following form:
192- `VaultMaterial` the path to the Vault material that contains the account 193- `VaultMaterial` the path to the Vault material that contains the account
193 credentials document, as above. 194 credentials document, as above.
194 195
196## Notes on Infrastructure
197
198The infrastructural decisions of the project were made based on the
199systems readily available to the original author and their production
200readiness. The code itself has been structured to avoid forcing those
201decisions on future users. Everything is coded to generic models and
202interfaces for database and secret access. With a little additional code
203it should be possible to swap in preferred implementations for both of
204those systems. The project is happy to entertain alternative back-ends
205for these interfaces.
206
195## To Do 207## To Do
196 208
197- Allow GitLab CI jobs to auth using [job tokens](https://docs.gitlab.com/ee/api/jobs.html#get-job-tokens-job) 209- Allow GitLab CI jobs to auth using [job tokens](https://docs.gitlab.com/ee/api/jobs.html#get-job-tokens-job)
198- Implement an Admin UI, all admin ops are directly on the DB at the moment 210- Implement an Admin UI, all admin ops are directly on the DB at the moment
211- Remove internal service dependencies
199- Support dynamic mongodb credentials 212- Support dynamic mongodb credentials
200- Support for other clouds 213- Support for other clouds
201 - GCP 214 - GCP
© 2015 Mike Crute