feat(openbao): enable bao.coulomb.social ingress and Traefik middlewares
Expose OpenBao UI via TLS ingress with rate-limit and HSTS middlewares. Track netkingdom OIDC mount in authenticated verify checks.
This commit is contained in:
@@ -15,7 +15,7 @@ Usage: scripts/openbao-verify-authenticated.sh [--dry-run] [--use-token-helper]
|
||||
Runs authenticated, non-mutating OpenBao readiness checks:
|
||||
- audit list includes file/
|
||||
- secrets list includes platform/
|
||||
- auth list includes kubernetes/ and keycape/
|
||||
- auth list includes kubernetes/, netkingdom/, and keycape/
|
||||
- audit log exists and is non-empty
|
||||
|
||||
The token is read from OPENBAO_TOKEN_FILE or an interactive hidden prompt. The
|
||||
@@ -130,6 +130,7 @@ Path Type
|
||||
---- ----
|
||||
keycape/ oidc
|
||||
kubernetes/ kubernetes
|
||||
netkingdom/ oidc
|
||||
token/ token
|
||||
AUTH
|
||||
;;
|
||||
@@ -210,6 +211,7 @@ step "Auth methods"
|
||||
if auth_output="$(remote_bao "$token" auth list 2>&1)"; then
|
||||
printf '%s\n' "$auth_output"
|
||||
require_pattern "kubernetes/ auth method is visible" "$auth_output" '(^|[[:space:]])kubernetes/'
|
||||
require_pattern "netkingdom/ auth method is visible" "$auth_output" '(^|[[:space:]])netkingdom/'
|
||||
require_pattern "keycape/ auth method is visible" "$auth_output" '(^|[[:space:]])keycape/'
|
||||
else
|
||||
printf '%s\n' "$auth_output" >&2
|
||||
|
||||
Reference in New Issue
Block a user