[Secure Consul Ph. 1] Integrate ready-to-run signal with Consul bootstrapping done #3160

jim-wang-intel · 2021-02-09T20:50:27Z

🚀 Feature Request

Relevant Package

This feature request is for security-bootstrapper

Description

Once consul bootstrapper is done with installation of agent-token, we need a way to signal it is complete and ready to accept the connection for other services.

Describe the solution you'd like

In security-bootstrapper, before raising the ready-to-run port/semaphore, we need to wait for consul agent token ready signal or port.
The consul bootstrapper also should implement a way to short-circuit the whole ACL and agent token bootstrapping to signal agent token ready if it has already done this successfully before (like 2nd time or later).

Describe alternatives you've considered

Have you considered any alternative solutions or workarounds?

The text was updated successfully, but these errors were encountered:

New addition for implementing for Consul's ACL policies creation and roles for Consul tokens generated later on - Add logic to check whehter the ACL policy is already pre-existing before creation of new policy - Add implementation to create a new ACL policy - Add implementation to create a role for EdgeX's services via Vault's /consul/roles/* APIs: this sets the stage for creating role-based Consul tokens used by EdgeX services - Add logic for creating token roles based on EdgeX service keys from configuration file - Add implementation to create registry management token and store it into a file - Update token-file-provider on edgex's default policy to add the permission for calling /consul/creds/"service-key" endpoint Closes: edgexfoundry#3158, edgexfoundry#3254, edgexfoundry#3160 Signed-off-by: Jim Wang <[email protected]>

New addition for implementing for Consul's ACL policies creation and roles for Consul tokens generated later on via `go-mod-secret` - Add logic to check whether the ACL policy is already per-existing before creation of new policy - Add implementation to create a new ACL policy - Add implementation to create a role for EdgeX's services via Vault's /consul/roles/* APIs: this sets the stage for creating role-based Consul tokens used by EdgeX services - Add logic for creating token roles based on EdgeX service keys from configuration file - Add implementation to create registry management token and store it into a file - Update token-file-provider on edgex's default policy to add the permission for calling /consul/creds/"service-key" endpoint Closes: edgexfoundry#3158, edgexfoundry#3254, edgexfoundry#3160 Signed-off-by: Jim Wang <[email protected]>

New addition for implementing for Consul's ACL policies creation and roles for Consul tokens generated later on via go-mod-secret - Add logic to check whether the ACL policy is already per-existing before creation of new policy - Add implementation to create a new ACL policy - Add implementation to create a role for EdgeX's services via Vault's /consul/roles/* APIs: this sets the stage for creating role-based Consul tokens used by EdgeX services - Add logic for creating token roles based on EdgeX service keys from configuration file - Update token-file-provider on edgex's default policy to add the permission for calling /consul/creds/"service-key" endpoint Closes: edgexfoundry#3254, edgexfoundry#3160 Signed-off-by: Jim Wang <[email protected]>

New addition for implementing for Consul's ACL policies creation and roles for Consul tokens generated later on via go-mod-secret - Add logic to check whether the ACL policy is already per-existing before creation of new policy - Add implementation to create a new ACL policy - Add implementation to create a role for EdgeX's services via Vault's /consul/roles/* APIs: this sets the stage for creating role-based Consul tokens used by EdgeX services - Add logic for creating token roles based on EdgeX service keys from configuration file - Update token-file-provider on edgex's default policy to add the permission for calling /consul/creds/"service-key" endpoint Closes: #3254, #3160 Signed-off-by: Jim Wang <[email protected]>

jim-wang-intel added the enhancement New feature or request label Feb 9, 2021

jim-wang-intel changed the title ~~[Secure Consul] Integrate ready-to-run signal with Consul~~ [Secure Consul] Integrate ready-to-run signal with Consul bootstrapping done Feb 9, 2021

jim-wang-intel added ireland security-services labels Feb 9, 2021

jim-wang-intel added this to the Ireland milestone Feb 9, 2021

jim-wang-intel changed the title ~~[Secure Consul] Integrate ready-to-run signal with Consul bootstrapping done~~ [Secure Consul Ph. 1] Integrate ready-to-run signal with Consul bootstrapping done Feb 10, 2021

jim-wang-intel mentioned this issue Mar 18, 2021

feat(security): Implementation for adding Consul ACL policies, roles #3273

Merged

3 tasks

jim-wang-intel linked a pull request Mar 18, 2021 that will close this issue

feat(security): Implementation for adding Consul ACL policies, roles #3273

Merged

3 tasks

jim-wang-intel closed this as completed in #3273 Mar 22, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Secure Consul Ph. 1] Integrate ready-to-run signal with Consul bootstrapping done #3160

[Secure Consul Ph. 1] Integrate ready-to-run signal with Consul bootstrapping done #3160

jim-wang-intel commented Feb 9, 2021 •

edited

Loading

[Secure Consul Ph. 1] Integrate ready-to-run signal with Consul bootstrapping done #3160

[Secure Consul Ph. 1] Integrate ready-to-run signal with Consul bootstrapping done #3160

Comments

jim-wang-intel commented Feb 9, 2021 • edited Loading

🚀 Feature Request

Relevant Package

Description

Describe the solution you'd like

Describe alternatives you've considered

jim-wang-intel commented Feb 9, 2021 •

edited

Loading