Install AWS Secrets Manager storage backend with Capact Action #59
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Changes proposed in this pull request:
Testing
Install Capact (any method you want)
Set manifest location to my fork
Wait until the manifests are populated
Create AWS security credentials with
SecretsManagerReadWrite
policy and export the environment variables:Create AWS credentials TypeInstance: https://capact.io/docs/next/example/typeinstances#aws-credentials
Export it as
TI_ID
.Update Global policy (once the Add common TypeInstance injection capact#646 is merged):
Create parameters:
Create Action:
Run Action:
Watch the Action for completion:
Optionally, watch the logs with:
Get output TypeInstances:
See the details of the installed AWS storage backend:
Configure it as a default backend for all TypeInstances:
Create and run Action to test the new default storage:
Create TypeInstances:
Create Action input:
Run Action
capact act create cap.interface.capactio.capact.validation.action.passing --name test --type-instances-from-file /tmp/act-input-ti.yaml
Run
capact act run test
andcapact act watch test
Get Action output TypeInstances:
Observe the Backend ID near the
cap.type.capactio.capact.validation.upload
TypeInstance.Use
capact ti get {id} -oyaml
to see the details.See the AWS Secrets Manager UI to double confirm the TypeInstance value has been stored externally.
Clean up the secret from AWS UI (as the delete functionality is not implemented yet).
Test storage schema
After following all above steps, you can switch to the test mode of Secret Storage Backend:
You can use this TypeInstance for further testing (capactio/capact#634)
Related issue(s)
capactio/capact#647