search

overture-stack / rollcall

A service for managing indices and aliases in an elasticsearch cluster
GNU Affero General Public License v3.0
0 stars 1 forks source link

Fix/secrets path #64

Closed jaserud closed 2 years ago

jaserud commented 2 years ago

related to: https://github.com/overture-stack/rollcall/issues/63

The way rollcall tries to access secrets from vault is confusing because of the defaults that spring applies. More info on how spring generates the secrets paths: https://cloud.spring.io/spring-cloud-vault/reference/html/#vault.config.backends.

Because of the confusion we actually have to allow rollcall access to multiple paths even though we don't use them. See log below from argo dev. Using vault-fail-fast in this state keeps crashing the app.

2022-02-01 22:19:48.929  INFO 1 --- [           main] b.c.PropertySourceBootstrapConfiguration : Located property source: CompositePropertySource {name='vault', propertySources=[LeaseAwareVaultPropertySource {name='kv/application/test'}, LeaseAwareVaultPropertySource {name='kv/application'}, LeaseAwareVaultPropertySource {name='kv/argo/dev/donor-submission-rollcall/test'}, LeaseAwareVaultPropertySource {name='kv/argo/dev/donor-submission-rollcall'}]}
2022-02-01 22:19:48.937  INFO 1 --- [           main] b.overture.rollcall.RollcallApplication  : The following profiles are active: test

Rather then deal with the confusion and provide rollcall to access all the thigns in vault, I propose one config variable that sets the secret path.

jaserud commented 2 years ago

after discussion this is overkill, we will just stick to env configs.