diff --git a/Makefile b/Makefile index 109d0be226..294d940ba1 100644 --- a/Makefile +++ b/Makefile @@ -575,6 +575,9 @@ docker-compose: docker-auth docker-compose-cluster: docker-auth CURRENT_UID=$(shell id -u) TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose -f tools/docker-compose-cluster.yml up +docker-compose-hashivault: docker-auth + CURRENT_UID=$(shell id -u) TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose -f tools/docker-compose.yml -f tools/docker-hashivault-override.yml up --no-recreate awx + docker-compose-test: docker-auth cd tools && CURRENT_UID=$(shell id -u) TAG=$(COMPOSE_TAG) DEV_DOCKER_TAG_BASE=$(DEV_DOCKER_TAG_BASE) docker-compose run --rm --service-ports awx /bin/bash diff --git a/awx/main/credential_plugins/__init__.py b/awx/main/credential_plugins/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/awx/main/credential_plugins/hashivault.py b/awx/main/credential_plugins/hashivault.py new file mode 100644 index 0000000000..27828b4e18 --- /dev/null +++ b/awx/main/credential_plugins/hashivault.py @@ -0,0 +1,48 @@ +from .plugin import CredentialPlugin + +from hvac import Client + + +hashi_inputs = { + 'fields': [{ + 'id': 'url', + 'label': 'Hashivault Server URL', + 'type': 'string', + 'help_text': 'The Hashivault server url.' + }, { + 'id': 'secret_path', + 'label': 'Secret Path', + 'type': 'string', + 'help_text': 'The path to the secret.' + }, { + 'id': 'secret_field', + 'label': 'Secret Field', + 'type': 'string', + 'help_text': 'The data field to access on the secret.' + }, { + 'id': 'token', + 'label': 'Token', + 'type': 'string', + 'secret': True, + 'help_text': 'An access token for the Hashivault server.' + }], + 'required': ['url', 'secret_path', 'token'], +} + + +def hashi_backend(**kwargs): + token = kwargs.get('token') + url = kwargs.get('url') + secret_path = kwargs.get('secret_path') + secret_field = kwargs.get('secret_field', None) + verify = kwargs.get('verify', False) + + client = Client(url=url, token=token, verify=verify) + response = client.read(secret_path) + + if secret_field: + return response['data'][secret_field] + return response['data'] + + +hashivault_plugin = CredentialPlugin('Hashivault', inputs=hashi_inputs, backend=hashi_backend) diff --git a/awx/main/credential_plugins/plugin.py b/awx/main/credential_plugins/plugin.py new file mode 100644 index 0000000000..c5edde7bc1 --- /dev/null +++ b/awx/main/credential_plugins/plugin.py @@ -0,0 +1,3 @@ +from collections import namedtuple + +CredentialPlugin = namedtuple('CredentialPlugin', ['name', 'inputs', 'backend']) diff --git a/awx/main/management/commands/setup_managed_credential_types.py b/awx/main/management/commands/setup_managed_credential_types.py new file mode 100644 index 0000000000..04e170528d --- /dev/null +++ b/awx/main/management/commands/setup_managed_credential_types.py @@ -0,0 +1,14 @@ +# Copyright (c) 2019 Ansible by Red Hat +# All Rights Reserved. + +from django.core.management.base import BaseCommand + +from awx.main.models import CredentialType + + +class Command(BaseCommand): + + help = 'Load default managed credential types.' + + def handle(self, *args, **options): + CredentialType.setup_tower_managed_defaults() diff --git a/awx/main/migrations/0067_v350_credential_plugins.py b/awx/main/migrations/0067_v350_credential_plugins.py new file mode 100644 index 0000000000..0d0e65255b --- /dev/null +++ b/awx/main/migrations/0067_v350_credential_plugins.py @@ -0,0 +1,51 @@ +# -*- coding: utf-8 -*- +from __future__ import unicode_literals + +from django.conf import settings +from django.db import migrations, models +import django.db.models.deletion +import taggit.managers + +# AWX +from awx.main.models import CredentialType + + +def setup_tower_managed_defaults(apps, schema_editor): + CredentialType.setup_tower_managed_defaults() + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ('taggit', '0002_auto_20150616_2121'), + ('main', '0066_v350_inventorysource_custom_virtualenv'), + ] + + operations = [ + migrations.CreateModel( + name='CredentialInputSource', + fields=[ + ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), + ('created', models.DateTimeField(default=None, editable=False)), + ('modified', models.DateTimeField(default=None, editable=False)), + ('description', models.TextField(blank=True, default='')), + ('input_field_name', models.CharField(max_length=1024)), + ('created_by', models.ForeignKey(default=None, editable=False, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name="{'class': 'credentialinputsource', 'model_name': 'credentialinputsource', 'app_label': 'main'}(class)s_created+", to=settings.AUTH_USER_MODEL)), + ('modified_by', models.ForeignKey(default=None, editable=False, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name="{'class': 'credentialinputsource', 'model_name': 'credentialinputsource', 'app_label': 'main'}(class)s_modified+", to=settings.AUTH_USER_MODEL)), + ('source_credential', models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='target_input_source', to='main.Credential')), + ('tags', taggit.managers.TaggableManager(blank=True, help_text='A comma-separated list of tags.', through='taggit.TaggedItem', to='taggit.Tag', verbose_name='Tags')), + ('target_credential', models.ForeignKey(null=True, on_delete=django.db.models.deletion.CASCADE, related_name='input_source', to='main.Credential')), + ], + ), + migrations.AlterField( + model_name='credentialtype', + name='kind', + field=models.CharField(choices=[('ssh', 'Machine'), ('vault', 'Vault'), ('net', 'Network'), ('scm', 'Source Control'), ('cloud', 'Cloud'), ('insights', 'Insights'), ('external', 'External')], max_length=32), + ), + migrations.AlterUniqueTogether( + name='credentialinputsource', + unique_together=set([('target_credential', 'input_field_name')]), + ), + migrations.RunPython(setup_tower_managed_defaults), + ] diff --git a/awx/main/models/__init__.py b/awx/main/models/__init__.py index 848db3b593..2e4821dcff 100644 --- a/awx/main/models/__init__.py +++ b/awx/main/models/__init__.py @@ -16,7 +16,7 @@ from awx.main.models.organization import ( # noqa Organization, Profile, Team, UserSessionMembership ) from awx.main.models.credential import ( # noqa - Credential, CredentialType, ManagedCredentialType, V1Credential, build_safe_env + Credential, CredentialType, CredentialInputSource, ManagedCredentialType, V1Credential, build_safe_env ) from awx.main.models.projects import Project, ProjectUpdate # noqa from awx.main.models.inventory import ( # noqa diff --git a/awx/main/models/credential/__init__.py b/awx/main/models/credential/__init__.py index 1db1cedc44..ba50d7b723 100644 --- a/awx/main/models/credential/__init__.py +++ b/awx/main/models/credential/__init__.py @@ -4,6 +4,7 @@ import functools import inspect import logging import os +from pkg_resources import iter_entry_points import re import stat import tempfile @@ -26,7 +27,11 @@ from awx.main.fields import (ImplicitRoleField, CredentialInputField, from awx.main.utils import decrypt_field, classproperty from awx.main.utils.safe_yaml import safe_dump from awx.main.validators import validate_ssh_private_key -from awx.main.models.base import CommonModelNameNotUnique, PasswordFieldsModel +from awx.main.models.base import ( + CommonModelNameNotUnique, + PasswordFieldsModel, + PrimordialModel +) from awx.main.models.mixins import ResourceMixin from awx.main.models.rbac import ( ROLE_SINGLETON_SYSTEM_ADMINISTRATOR, @@ -35,9 +40,10 @@ from awx.main.models.rbac import ( from awx.main.utils import encrypt_field from . import injectors as builtin_injectors -__all__ = ['Credential', 'CredentialType', 'V1Credential', 'build_safe_env'] +__all__ = ['Credential', 'CredentialType', 'CredentialInputSource', 'V1Credential', 'build_safe_env'] logger = logging.getLogger('awx.main.models.credential') +credential_plugins = [ep.load() for ep in iter_entry_points('awx.credential_plugins')] HIDDEN_PASSWORD = '**********' @@ -220,7 +226,6 @@ class V1Credential(object): } - class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): ''' A credential contains information about how to talk to a remote resource @@ -275,6 +280,10 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): 'admin_role', ]) + def __init__(self, *args, **kwargs): + super(Credential, self).__init__(*args, **kwargs) + self.dynamic_input_fields = self._get_dynamic_input_field_names() + def __getattr__(self, item): if item != 'inputs': if item in V1Credential.FIELDS: @@ -441,6 +450,8 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): :param field_name(str): The name of the input field. :param default(optional[str]): A default return value to use. """ + if field_name in self.dynamic_input_fields: + return self._get_dynamic_input(field_name) if field_name in self.credential_type.secret_fields: try: return decrypt_field(self, field_name) @@ -461,8 +472,18 @@ class Credential(PasswordFieldsModel, CommonModelNameNotUnique, ResourceMixin): raise AttributeError(field_name) def has_input(self, field_name): + if field_name in self.dynamic_input_fields: + return True return field_name in self.inputs and self.inputs[field_name] not in ('', None) + def _get_dynamic_input_field_names(self): + input_sources = CredentialInputSource.objects.filter(target_credential=self) + return [obj.input_field_name for obj in input_sources] + + def _get_dynamic_input(self, field_name): + input_sources = CredentialInputSource.objects.filter(target_credential=self) + return input_sources.filter(input_field_name=field_name).first().get_input_value() + class CredentialType(CommonModelNameNotUnique): ''' @@ -484,6 +505,7 @@ class CredentialType(CommonModelNameNotUnique): ('scm', _('Source Control')), ('cloud', _('Cloud')), ('insights', _('Insights')), + ('external', _('External')), ) kind = models.CharField( @@ -583,6 +605,15 @@ class CredentialType(CommonModelNameNotUnique): created.inputs = created.injectors = {} created.save() + @classmethod + def load_plugin(cls, plugin): + ManagedCredentialType( + namespace=plugin.name.lower(), + name=plugin.name, + kind='external', + inputs=plugin.inputs + ) + @classmethod def from_v1_kind(cls, kind, data={}): match = None @@ -1253,3 +1284,61 @@ ManagedCredentialType( } }, ) + + +class CredentialInputSource(PrimordialModel): + + class Meta: + app_label = 'main' + unique_together = (('target_credential', 'input_field_name'),) + + target_credential = models.ForeignKey( + 'Credential', + related_name='input_source', + on_delete=models.CASCADE, + null=True, + ) + source_credential = models.ForeignKey( + 'Credential', + related_name='target_input_source', + on_delete=models.CASCADE, + null=True, + ) + input_field_name = models.CharField( + max_length=1024, + ) + + def clean_target_credential(self): + if self.target_credential.kind == 'external': + raise ValidationError(_('Target must be a non-external credential')) + return self.target_credential + + def clean_source_credential(self): + if self.source_credential.kind != 'external': + raise ValidationError(_('Source must be an external credential')) + return self.source_credential + + def clean_input_field_name(self): + if self.input_field_name not in self.target_credential.credential_type.defined_fields: + raise ValidationError(_('Input field must be defined on target credential.')) + return self.input_field_name + + def save(self, *args, **kwargs): + self.full_clean() + super(CredentialInputSource, self).save(*args, **kwargs) + + def get_input_value(self): + plugin_name = self.source_credential.credential_type.name + [backend] = [p.backend for p in credential_plugins if p.name == plugin_name] + + backend_kwargs = {} + for field_name, value in self.source_credential.inputs.items(): + if field_name in self.source_credential.credential_type.secret_fields: + backend_kwargs[field_name] = decrypt_field(self.source_credential, field_name) + else: + backend_kwargs[field_name] = value + return backend(**backend_kwargs) + + +for plugin in credential_plugins: + CredentialType.load_plugin(plugin) diff --git a/awx/main/tests/conftest.py b/awx/main/tests/conftest.py index ed4acd4b48..e79fb7b67a 100644 --- a/awx/main/tests/conftest.py +++ b/awx/main/tests/conftest.py @@ -4,6 +4,7 @@ import pytest from unittest import mock from contextlib import contextmanager +from awx.main.models import Credential from awx.main.tests.factories import ( create_organization, create_job_template, @@ -139,3 +140,10 @@ def pytest_runtest_teardown(item, nextitem): # this is a local test cache, so we want every test to start with empty cache cache.clear() +@pytest.fixture(scope='session', autouse=True) +def mock_external_credential_input_sources(): + # Credential objects query their related input sources on initialization. + # We mock that behavior out of credentials by default unless we need to + # test it explicitly. + with mock.patch.object(Credential, '_get_dynamic_input_field_names', new=lambda _: []) as _fixture: + yield _fixture diff --git a/awx/main/tests/functional/test_credential.py b/awx/main/tests/functional/test_credential.py index 4b3ff2d75e..6ccbfc6344 100644 --- a/awx/main/tests/functional/test_credential.py +++ b/awx/main/tests/functional/test_credential.py @@ -79,6 +79,7 @@ def test_default_cred_types(): 'azure_rm', 'cloudforms', 'gce', + 'hashivault', 'insights', 'net', 'openstack', diff --git a/docs/credential_plugins.md b/docs/credential_plugins.md new file mode 100644 index 0000000000..3cf07cf6c5 --- /dev/null +++ b/docs/credential_plugins.md @@ -0,0 +1,9 @@ +Credential Plugins +================================ +### Development +```shell +# The vault server will be available at localhost:8200. +# From within the awx container, the vault server is reachable at hashivault:8200. +# See docker-hashivault-override.yml for the development root token. +make docker-compose-hashivault +``` diff --git a/docs/licenses/hvac.txt b/docs/licenses/hvac.txt new file mode 100644 index 0000000000..8dada3edaf --- /dev/null +++ b/docs/licenses/hvac.txt @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/requirements/requirements.in b/requirements/requirements.in index 8ba7cb07dc..bf8b9cd577 100644 --- a/requirements/requirements.in +++ b/requirements/requirements.in @@ -49,3 +49,4 @@ uWSGI==2.0.17 uwsgitop==0.10.0 pip==9.0.1 setuptools==36.0.1 +hvac==0.7.1 diff --git a/requirements/requirements.txt b/requirements/requirements.txt index df2cbfd26a..2137d01e17 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -39,6 +39,7 @@ django==1.11.16 djangorestframework-yaml==1.0.3 djangorestframework==3.7.7 future==0.16.0 # via django-radius +hvac==0.7.1 hyperlink==18.0.0 # via twisted idna==2.8 # via hyperlink incremental==17.5.0 # via twisted diff --git a/setup.py b/setup.py index 294190104b..38bb8b84f0 100755 --- a/setup.py +++ b/setup.py @@ -114,6 +114,9 @@ setup( 'console_scripts': [ 'awx-manage = awx:manage', ], + 'awx.credential_plugins': [ + 'hashivault = awx.main.credential_plugins.hashivault:hashivault_plugin', + ] }, data_files = proc_data_files([ ("%s" % homedir, ["config/wsgi.py", diff --git a/tools/docker-compose/awx.egg-info/entry_points.txt b/tools/docker-compose/awx.egg-info/entry_points.txt index a0ad90d8ce..dbfc7331f7 100644 --- a/tools/docker-compose/awx.egg-info/entry_points.txt +++ b/tools/docker-compose/awx.egg-info/entry_points.txt @@ -2,3 +2,5 @@ tower-manage = awx:manage awx-manage = awx:manage +[awx.credential_plugins] +hashivault = awx.main.credential_plugins.hashivault:hashivault_plugin diff --git a/tools/docker-hashivault-override.yml b/tools/docker-hashivault-override.yml new file mode 100644 index 0000000000..8ada54abcb --- /dev/null +++ b/tools/docker-hashivault-override.yml @@ -0,0 +1,15 @@ +version: '2' +services: + # Primary Tower Development Container link + awx: + links: + - hashivault + hashivault: + image: vault:1.0.1 + container_name: tools_hashivault_1 + ports: + - '8200:8200' + cap_add: + - IPC_LOCK + environment: + VAULT_DEV_ROOT_TOKEN_ID: 'vaultdev'