hash icon indicating copy to clipboard operation
hash copied to clipboard

Published 20 hours ago β€’ verified publisher icon hashintel

H-227, H-229: Update Vault config and path construction

Open CiaranMn opened this issue 1 year ago β€’ 2 comments

🌟 What is the purpose of this PR?

This PR does the following:

  • Updates the path construction for Vault secrets to avoid users of the Vault client attempting to use engines / paths we don't want used from the API (fixes H-229)
  • Adds the Vault environment variables to the API Terraform config, ~and removes ROOT from the Vault token environment variable name, since we want to use a more specific token with a limited policy (being introduced to the Vault config in https://github.com/hashintel/internal-api/pull/133) – fixes H-227 once that linked PR is merged and we have created a token for that role for use in the API~ – we should use the iam auth method instead, see 'blocked by'
  • Driveby: Removes a redundant environment variable for the Linear OAuth callback URL (it will never differ from ${apiOrigin}/oauth/linear/callback)
  • Driveby: associates the user secret with the user always, and the integration with the owning workspace (rather than the user secret potentially being owned by an org as it was previously)

🚫 Blocked by

  • [ ] https://github.com/hashintel/internal-api/pull/133 must be applied to create the Vault role for the API, ~which can then have a token created for it. Once the token is available we can merge this so that the API is deployed with it~
  • [ ] implement the iam auth method with Vault (tokens have a time limit) and allow the API's execution role to use it – docs

Pre-Merge Checklist πŸš€

🚒 Has this modified a publishable library?

This PR:

  • [x] does not modify any publishable blocks or libraries, or modifications do not need publishing

πŸ“œ Does this require a change to the docs?

The changes in this PR:

  • [x] are internal and do not require a docs change

πŸ•ΈοΈ Does this require a change to the Turbo Graph?

The changes in this PR:

  • [x] do not affect the execution graph

❓ How to test this?

  1. Check that creating a Linear integration still works

CiaranMn avatar Aug 01 '23 10:08 CiaranMn

H-229

H-227

linear[bot] avatar Aug 01 '23 10:08 linear[bot]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (211859a) 52.21% compared to head (75f15d8) 58.23%. Report is 1021 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2837      +/-   ##
==========================================
+ Coverage   52.21%   58.23%   +6.01%     
==========================================
  Files         337      240      -97     
  Lines       27987    25173    -2814     
  Branches      428       54     -374     
==========================================
+ Hits        14614    14659      +45     
+ Misses      13371    10508    -2863     
- Partials        2        6       +4
Flag Coverage Ξ”
backend-integration-tests 7.34% <ΓΈ> (ΓΈ)
unit-tests 18.36% <ΓΈ> (+18.36%) :arrow_up:

Flags with carried forward coverage won't be shown. Click here to find out more.

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

codecov[bot] avatar Aug 01 '23 11:08 codecov[bot]

Paths were updated in #4141 and environment variables added in #4174

There is still an outstanding task to use IAM profiles to connect to Vault (H-227).

CiaranMn avatar Mar 15 '24 08:03 CiaranMn