6 Commits

Author SHA1 Message Date
dandds
058ee57527 Create database with separate script.
Creating the ATAT database requires a separate connection to one of the
default Postgres databases, like `postgres`. This updates the scripts
and secrets-tool command to handle creating the database. It also
removes database creation from Terraform and updates the documentation.
2020-01-27 13:17:09 -05:00
dandds
a8f6befc17 secrets-tool command for bootstrapping database.
This additional secrets-tool command can be used to run the database
bootsrapping script (`script/database_setup.py`) inside an ATAT docker
container against the Azure database. It sources the necessary keys from
Key Vault.
2020-01-27 13:17:09 -05:00
Rob Gil
55623028df Adds a secrets generator and loader
secrets-tool now has a feature to both generate secrets as well as load
the generated secrets in to KeyVault.
2020-01-16 21:40:26 -05:00
Rob Gil
b9a7efe6ba Revised Pipfiles 2020-01-16 18:19:33 -05:00
Rob Gil
aa89505650 169163334 - Abstracts terraform wrapper code
The terraform wrapper is now abstracted in to a utility class for
working with terraform. The terraform module was also updated to support
configurable keyvault servers. Logging for this new module was also
added, so the terraform output is seen on the console.
2020-01-16 17:27:49 -05:00
Rob Gil
deead852b5 169163334 - Initial secrets-tool commit
Adds admin_users map and keyvault policy

This adds an admin_users map as well as a new policy in the keyvault
module. When run, this will apply an administrator policy for users in
the admin_users map. With these permissions, the admin users will be
able to manage secrets and keys in keyvault.

169163334 - Initial secrets-tool commit

Adds admin_users map and keyvault policy

This adds an admin_users map as well as a new policy in the keyvault
module. When run, this will apply an administrator policy for users in
the admin_users map. With these permissions, the admin users will be
able to manage secrets and keys in keyvault.

170237669 - Makes the read only policy for keyvault optional and only create the policy if a principal_id is passed

170237669 - Adds new operator keyvault for secrets

This is a new keyvault specifically for storing operator secrets and
things that would not be accessible to applications. The primary use
case for this is for launching things like postgres (root postgres
creds) and other services which would require secrets to be added to the
terraform configuration. This approach avoids adding secrets to
terraform.

An accompanying script will be added to populate the new keyvault.
2020-01-16 17:27:49 -05:00