Skip to content

Move configuration data into a configs top-level element #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: develop
Choose a base branch
from
Open

Move configuration data into a configs top-level element #83

wants to merge 4 commits into from

Conversation

king-alexander
Copy link
Collaborator

@king-alexander king-alexander commented Apr 23, 2025
edited
Loading

🗣 Description

Declare a configs top-level element and reference configurations for services in the Compose application.

💭 Motivation and context

This change resolves #80.

🧪 Testing

I tested this change locally with Docker version 4.40.0 (187762) and Docker Compose version v2.34.0-desktop.1. I verified that all services in the project started successfully, then ran existing unit tests. All passed.

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@king-alexander
Move configuration files into a configs directory
b2aeca9
@king-alexander
Update references to Admiral configuration
f239a5b 
The path changed from `/run/secrets/admiral.yaml` to
`/admiral_config`.
@king-alexander
Define configs
c00f845 
Create the `configs` top-level element, grant access to
respective services, and update references.
@king-alexander king-alexander self-assigned this Apr 23, 2025
@king-alexander king-alexander added improvement This issue or pull request will add or improve functionality, maintainability, or ease of use docker Pull requests that update Docker code labels Apr 23, 2025
@king-alexander
Add TODO
8bac93c 
Reference #82 as future work.
@king-alexander king-alexander marked this pull request as ready for review April 23, 2025 20:23
@dav3r dav3r moved this to In Progress in CyHy System Apr 24, 2025
@dav3r
Copy link
Member

dav3r commented Apr 24, 2025

This PR seems to be removing secrets altogether. I thought the goal here was to move non-sensitive config data into config files and keep sensitive data (e.g. database passwords) in secrets. Or am I misunderstanding something?

@king-alexander
Copy link
Collaborator Author

This PR seems to be removing secrets altogether. I thought the goal here was to move non-sensitive config data into config files and keep sensitive data (e.g. database passwords) in secrets. Or am I misunderstanding something?

The SSLMate API key is still defined as a secret and in #82 I will define a Redis ACL as another. I was going to look into alternative authentication methods for MongoDB as well in order to define the credentials as a separate secret. Should I keep mongo.yaml in the secrets section until I get around to that?

@dav3r
Copy link
Member

dav3r commented Apr 24, 2025

This PR seems to be removing secrets altogether. I thought the goal here was to move non-sensitive config data into config files and keep sensitive data (e.g. database passwords) in secrets. Or am I misunderstanding something?

The SSLMate API key is still defined as a secret and in #82 I will define a Redis ACL as another. I was going to look into alternative authentication methods for MongoDB as well in order to define the credentials as a separate secret. Should I keep mongo.yaml in the secrets section until I get around to that?

Yes, I think anything with a password should remain in the secrets directory. Since admiral.yaml still includes the Redis password, you may want to take care of #82 first, then come back to this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dav3r dav3r Awaiting requested review from dav3r dav3r is a code owner

@felddy felddy Awaiting requested review from felddy

@jsf9k jsf9k Awaiting requested review from jsf9k jsf9k is a code owner

@mcdonnnj mcdonnnj Awaiting requested review from mcdonnnj mcdonnnj is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

@king-alexander king-alexander

Labels

docker Pull requests that update Docker code improvement This issue or pull request will add or improve functionality, maintainability, or ease of use

Projects

CyHy System
Status: In Progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Define a Configs top-level element

2 participants

@king-alexander @dav3r