Comments (7)
It suddenly got a whole lot more complex:
Currently, all the targets are bundled together into a single gitwatch instance with a single auth method (either nil or ssh). This means different auth methods for different targets won't work simply with the current setup.
I think it will be easier to update gitwatch to support per-repo settings such as auth instead of messing around with clustering targets with shared auth, firing multiple gitwatch instances and multiplexing their channels.
from pico.
Given the following configuration:
Configs in GitLab: pico run https://gitlab.com/ns/config
A target on GitHub and BitBucket
T({
name: "app",
url: "https://github.com/ns/repo",
up: "./run"
});
T({
name: "app",
url: "https://bitbucket.org/ns/repo",
up: "./run"
});
There are three sets of credentials to acquire. They may have the following names in Vault:
- pico-gitlab-auth
- pico-github-auth
- pico-bitbucket-auth
To close this issue, there needs to be some logic that maps from the above configuration to these Vault secrets.
from pico.
Why not have some global config in the main file which can be used to setup what these values could be.
For example:
G({
"respository" {
"gitlab": {
"ssh": false,
"url": "https://${GITLAB_USERNAME}:${GITLAB_TOKEN}@gitlab.com",
"path": "${VAULT_PATH}/core_deployment"
},
"bitbucket": {
"ssh": true,
"ssh_use_vault": true,
"path": "/path" // since `ssh_use_vault` is true, this is the vault path
},
"github": {
"ssh": true,
"ssh_use_vault": false,
"path": "~/.ssh/github.com_rsa" // this would be a volume in docker
}
}
});
T({
name: "app",
repo: "github:/my_name/my_repo",
up: "./run"
});
T({
name: "app",
repo: "bitbucket:/my_org/new_repo",
up: "./run"
});
T({
name: "app",
repo: "gitlab:/my_name/my_repo",
up: "./run"
});
I might have made a mistake in the way I did it, I didn't check it syntax issues, but you get the idea. I think it might also make sense to make use of Vault's SSH storage, but be able to use that to also automate it using SSH and if it was done via pico, it could make it extremely simple.
from pico.
Yes I was thinking something like this. Instead of changing the repo
key I'd introduce an auth
key that pointed to some additionally declared resource.
from pico.
T({
name: "app",
url: "https://github.com/ns/repo",
auth: "github_01",
up: "./run"
});
T({
name: "app",
url: "https://bitbucket.org/ns/repo",
auth: "bb_01",
up: "./run"
});
A({
name: "github_01",
source: "vault",
path: "pico_auth",
method: "http",
user_key: "GITHUB_USERNAME",
pass_key: "GITHUB_PASSWORD"
});
Would read from /secret/pico_auth
the keys for username/password. (Assuming /secret
is where the KV engine is mounted).
from pico.
I have a feeling I will regret the single-letter function names in configuration files...
from pico.
haha probably, but I do like the concept. It could work out nicely.
from pico.
Related Issues (20)
- Split configuration watcher off from target watcher HOT 2
- Wrap command output for log aggregators
- A vault secret to read arbitrary variables from and pass to children HOT 2
- Package level documentation for go.dev HOT 1
- go get fails HOT 3
- AWS Secrets Manager as a secret store implementation
- Configurable path HOT 8
- Pico in package managers
- A failed target results in unrecognised targets until next reconfigure
- Git watcher management is sketchy - needs better error handling
- Recover after full disk
- Pico fails to change to the correct directory when used with branches
- Submodules
- Issues with branches and pico updating them HOT 6
- `A` should return name for use in variables
- Public targets fail to pull when no auth method is specified
- Separate auth for the config HOT 1
- Git-based conditional commands
- Non root container
- env_file fails to find file on host machine when deployed HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pico.