diff options
author | Mike Crute <mike@crute.us> | 2022-12-21 22:06:29 -0800 |
---|---|---|
committer | Mike Crute <mike@crute.us> | 2022-12-21 22:06:29 -0800 |
commit | ed1504c2826f6a5d406dd72e51f5a90b77ffea45 (patch) | |
tree | 159733ceaf63026d36c39117fff6159e6247bed7 /README.md | |
parent | e5629fb163c7cf303438afc5be6075299cfc6071 (diff) | |
download | cloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.tar.bz2 cloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.tar.xz cloud-identity-broker-ed1504c2826f6a5d406dd72e51f5a90b77ffea45.zip |
Upgrade to latest golib
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 19 |
1 files changed, 16 insertions, 3 deletions
@@ -55,8 +55,10 @@ proxy. You will need: | |||
55 | 55 | ||
56 | - [Mongodb](https://www.mongodb.com/) | 56 | - [Mongodb](https://www.mongodb.com/) |
57 | - [Vault](https://www.hashicorp.com/products/vault) | 57 | - [Vault](https://www.hashicorp.com/products/vault) |
58 | - [Netbox](https://netbox.dev/) | ||
58 | - [GitHub Oauth Application](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app) | 59 | - [GitHub Oauth Application](https://docs.github.com/en/developers/apps/building-oauth-apps/creating-an-oauth-app) |
59 | - [SSL certificates](https://letsencrypt.org/). | 60 | - [SSL certificates](https://letsencrypt.org/) |
61 | - Internal DNS Service (for LetsEncrypt DNS challenges) | ||
60 | 62 | ||
61 | Once the requisite infrastructure (see below) is configured, run the binary | 63 | Once the requisite infrastructure (see below) is configured, run the binary |
62 | like so: | 64 | like so: |
@@ -66,8 +68,7 @@ VAULT_ROLE_ID="..." \ | |||
66 | VAULT_SECRET_ID="..." \ | 68 | VAULT_SECRET_ID="..." \ |
67 | VAULT_ADDR="https://your-vault-addr:8200" \ | 69 | VAULT_ADDR="https://your-vault-addr:8200" \ |
68 | ./cloud-identity-broker \ | 70 | ./cloud-identity-broker \ |
69 | --mongodb-uri="mongodb://your-mongodb-host:27017/your-db-name?authSource=admin" \ | 71 | --mongodb-uri="your-vault-path@your-mongodb-host/your-db-name" \ |
70 | --mongodb-vault-path="database/static-creds/your-cred-name" \ | ||
71 | --github-oauth-vault-path="service/service-name/github-oauth" \ | 72 | --github-oauth-vault-path="service/service-name/github-oauth" \ |
72 | web | 73 | web |
73 | ``` | 74 | ``` |
@@ -192,10 +193,22 @@ collection. Those records have the following form: | |||
192 | - `VaultMaterial` the path to the Vault material that contains the account | 193 | - `VaultMaterial` the path to the Vault material that contains the account |
193 | credentials document, as above. | 194 | credentials document, as above. |
194 | 195 | ||
196 | ## Notes on Infrastructure | ||
197 | |||
198 | The infrastructural decisions of the project were made based on the | ||
199 | systems readily available to the original author and their production | ||
200 | readiness. The code itself has been structured to avoid forcing those | ||
201 | decisions on future users. Everything is coded to generic models and | ||
202 | interfaces for database and secret access. With a little additional code | ||
203 | it should be possible to swap in preferred implementations for both of | ||
204 | those systems. The project is happy to entertain alternative back-ends | ||
205 | for these interfaces. | ||
206 | |||
195 | ## To Do | 207 | ## To Do |
196 | 208 | ||
197 | - Allow GitLab CI jobs to auth using [job tokens](https://docs.gitlab.com/ee/api/jobs.html#get-job-tokens-job) | 209 | - Allow GitLab CI jobs to auth using [job tokens](https://docs.gitlab.com/ee/api/jobs.html#get-job-tokens-job) |
198 | - Implement an Admin UI, all admin ops are directly on the DB at the moment | 210 | - Implement an Admin UI, all admin ops are directly on the DB at the moment |
211 | - Remove internal service dependencies | ||
199 | - Support dynamic mongodb credentials | 212 | - Support dynamic mongodb credentials |
200 | - Support for other clouds | 213 | - Support for other clouds |
201 | - GCP | 214 | - GCP |