search

canonical / snap-vault

Vault is a tool for securely accessing secrets
https://snapcraft.io/vault
Other
16 stars 10 forks source link

Add service capability to vault snap #52

Closed sombrafam closed 6 months ago

sombrafam commented 9 months ago

Since vault is mostly used as a server, it makes sense to provide a 'vault server' in the snap.

sombrafam commented 9 months ago

Resolves #48

javacruft commented 8 months ago

If we do implement this change we'll need to update the charms to stop installing a systemd service file for the vault daemon.

gruyaume commented 6 months ago

@sombrafam Is this effort still in progress? I see the last commit dates from November 2 2023.

sombrafam commented 6 months ago

Hey @gruyaume, the only thing it's blocking this is the approval/agreement to move forward with this approach. Since your team is the owner of it now, I would like to hear your thoughts about that.

The motivation on our side is that there has been community complaints about the way the snap is packed without the services, we also have a customer with the same request.

sombrafam commented 6 months ago

Going over the patch again and reconsidering how this should be done, I think that there are some things we need to change:

  1. I believe we should not try to maintain compatibility with the charm (which I was trying to somewhat achieve) and go for a close parity with what Hashicorp package[1] does, since:
  1. We should add automated tests to check if the package is building properly and if the service runs correctly after the installation.

    [1] https://github.com/hashicorp/vault/tree/main/.release/linux

gruyaume commented 6 months ago

Going over the patch again and reconsidering how this should be done, I think that there are some things we need to change:

  1. I believe we should not try to maintain compatibility with the charm (which I was trying to somewhat achieve) and go for a close parity with what Hashicorp package[1] does, since:
  • compatibility might not be possible;
  • the charm should be able to handle differences in the package during it's upgrade;
  • non-charm usages of the snap should not be affected by charm needs;
  1. We should add automated tests to check if the package is building properly and if the service runs correctly after the installation.

[1] https://github.com/hashicorp/vault/tree/main/.release/linux

We're in the process of writing a completely new version of the Machine charm for Vault so please don't base your decisions on trying to make the snap compatible with the existing charm.

gruyaume commented 6 months ago

Closing this PR as this feature as been added in PR #67