creds-microservice

command module

v0.0.0-...-32e231b Latest Latest Go to latest Published: Feb 23, 2024 License: BSD-3-Clause Imports: 10 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

gitlab.com/cyverse/creds-microservice

Links

Open Source Insights

README ¶

Credential Microservice

Env Variables

Configurations are done via environment variables

name	default
NATS_URL	localhost:1234
NATS_CLIENT_ID	-
VAULT_ADDRESS	http://127.0.0.1:8200
VAULT_TOKEN	(get from vault)
LOG_LEVEL	debug

Vault

This service uses Hashicorp Vault as a storage backend for credentials.
The KV version 1 (not version 2) secret engine is used.
The KV secret engine is assumed to be enabled at secret/ path

Local Development Setup

Setup Vault

download vault binary https://www.vaultproject.io/downloads
run Vault in dev mode with a token of your choice (here uses "foobarfoobar" as an example)

vault server -dev -dev-root-token-id=foobarfoobar

set env var

export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=foobarfoobar

enable KV (version 1) engine

vault secrets enable -version=1 -path=secret/ kv

Setup NATS Streaming (docker)

cacao-cluster is the default cluster ID used by CACAO

docker run --rm -p 4222:4222 -p 8222:8222 nats-streaming:latest -cid cacao-cluster

set env var

export NATS_URL=127.0.0.1:4222
export STAN_URL=127.0.0.1:4222

The rest

build the service & run

Integration Tests

Integration test requires a vault or NATS Streaming instance running, therefore it is normally skipped unless CI_INTEGRATION_VAULT or CI_INTEGRATION_STAN env var is "true".

To run locally

vault adapter

download vault binary
run vault in dev mode with a token of your choice (here uses "foobarfoobar" as an example)

vault server -dev -dev-root-token-id=foobarfoobar

set env var

export CI_INTEGRATION_VAULT=true
export VAULT_ADDR=http://127.0.0.1:8200
export VAULT_TOKEN=foobarfoobar

run go test (normal unit test will run along with integration test)

go test -v ./...

postgres adapter

has docker installed
run postgres in container

docker run --rm -ti -p 5432:5432 \
  -e POSTGRES_USER=cred \
  -e POSTGRES_DB=credential \
  -e POSTGRES_PASSWORD=example \
  postgres:12

set env var

export POSTGRES_HOST=localhost
export POSTGRES_USER=cred
export POSTGRES_PASSWORD=example
export POSTGRES_DB=credential
export CI_INTEGRATION_PSQL=true

run go test (normal unit test will run along with integration test)

go test -v ./...

query(NATS)/event(STAN) adapter (with nats-streaming docker image)

has docker installed
run NATS Streaming as docker container

docker run --rm -p 4222:4222 nats-streaming:latest

set env var

export CI_INTEGRATION_STAN=true
export NATS_CLUSTER_ID=test-cluster
export NATS_URL=nats://localhost:4222

run go test (normal unit test will run along with integration test)

go test -v ./...

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

main.go

Directories ¶

Path	Synopsis
adapters Package adapters provides functions and structs for interacting with Vault for storing user secrets.	Package adapters provides functions and structs for interacting with Vault for storing user secrets.
storageschema
domain
validation
ports
mocks
types
vault_migration_tools
vault2postgres

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL