Merge pull request #54 from FREVA-CLINT/new-vault

New vault

assets/share/freva/deployment/playbooks/web-server-playbook.yml

@@ -88,7 +88,7 @@
         -e GID=$(id -g {{ansible_user}})
         --name "{{project_name}}-httpd"
         --security-opt label=disable
-        -e FREVA_HOST={{web_server_name}} -p 80:80 -p 443:443
+        -e FREVA_HOST="{{web_server_name}}" -p 80:80 -p 443:443
         httpd:latest /usr/local/bin/prepare-httpd
     redis_name: "{{ project_name }}-redis"
     apache_name: "{{project_name}}-httpd"

assets/share/freva/deployment/vault/Dockerfile

@@ -4,19 +4,21 @@ LABEL maintainer="DRKZ-CLINT"
 LABEL repository="https://github.com/FREVA-CLINT/freva.git"
 
 ENV VAULT_ADDR='http://127.0.0.1:8200'
-COPY runserver.py /bin/runserver
+COPY runserver.py /bin/runserver.py
 COPY --chown=vault:vault vault-server-tls.hcl /vault
 COPY --chown=vault:vault policy-file.hcl /vault
 RUN set -ex &&\
-    chmod +x /bin/runserver &&\
+    chmod +x /bin/runserver.py &&\
     mkdir -p /data && chown -R vault:vault /data &&\
     apk add --update --no-cache python3 mysql mysql-client &&\
     ln -sf python3 /usr/bin/python
 
 RUN python3 -m ensurepip
 RUN pip3 install --no-cache --upgrade pip setuptools &&\
-    pip3 install requests flask flask_restful
+    pip3 install requests pyopenssl fastapi uvicorn
 
 EXPOSE 5002
 VOLUME /vault/file
-CMD ["/bin/runserver"]
+CMD /bin/runserver.py &&\
+    uvicorn --workers 2 --app-dir /bin runserver:app \
+    --host 0.0.0.0 --port 5002

assets/share/freva/deployment/vault/mypy.ini

@@ -0,0 +1,9 @@
+[mypy]
+strict = True
+install_types = True
+non_interactive = True
+disallow_untyped_defs = True
+disallow_incomplete_defs = True
+check_untyped_defs = True
+disallow_untyped_decorators = True
+warn_redundant_casts = True

assets/share/freva/deployment/vault/policy-file.hcl

@@ -1,3 +1,3 @@
 path "kv/*" {
-  capabilities = ["read", "list"]
+  capabilities = ["read", "list", "delete", "create", "update"]
 }