INS-62 / Make Vault-PKI formula stateful + blocking #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dmwilcox
reviewed
Jan 10, 2019
jfryman
force-pushed
the
jfryman/INS-62
branch
2 times, most recently
from
dd5dc38 to
5ee43c4
Compare
jfryman
force-pushed
the
jfryman/INS-62
branch
5 times, most recently
from
945cf08 to
44fa5f7
Compare
jfryman
force-pushed
the
jfryman/INS-62
branch
5 times, most recently
from
b525884 to
4ab4398
Compare
|
To use this with testing, you will need to export the following variable: Then you can proceed with |
jfryman
force-pushed
the
jfryman/INS-62
branch
from
4ab4398 to
03c7f0d
Compare
This commit updates Vault-PKI to rely less on the salt reactor for processing a signed certificate request. Instead of the response being sent back out of band, and having another salt run to activate, the Vault-PKI now waits and watches the event bus waiting for a return message and then reacts internally. This simplifies the overall execution strategy for this module, and allows for blocking and state dependency management which has not been possible up to this point.
jfryman
force-pushed
the
jfryman/INS-62
branch
from
03c7f0d to
f88313c
Compare
dmwilcox
suggested changes
Feb 5, 2019
dmwilcox
approved these changes
Feb 12, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR updates the Vault-PKI formula to add a few features:
'cert' state should be stateful (not appear to have changes each time it is included in high state)
'cert' state should have a blocking mode to wait and poll for the cert delivery, will allow use of requisites on the cert state namely by consul + nginx which rely on a cert to start cleanly
Requires: ripple/salt-runner-vault-pki#4