Minimally Working Version of VSecM Scout (#1214)

* work in progress

Signed-off-by: Volkan Özçelik <[email protected]>

* minimal VSecM Scout implementation

Signed-off-by: Volkan Özçelik <[email protected]>

---------

Signed-off-by: Volkan Özçelik <[email protected]>

README.md

@@ -79,14 +79,6 @@ at: <https://hub.docker.com/u/vsecm>.
 
 [You can also build **VMware Secrets Manager** from the source][build].
 
-## The Roadmap
-
-[We publicly track all **VMware Secrets Manager** plans on this 
-roadmap page][roadmap].
-
-You can check it out to get a glimpse of the current planned features and how
-the future of **VMware Secrets Manager** looks like.
-
 ## Status of This Software
 
 **VMware Secrets Manager** is under dynamic and progressive development.
@@ -235,11 +227,6 @@ There are special long-living branches that the project maintains.
 You can find the changelog and migration/upgrade instructions (*if any*)
 on [**VMware Secrets Manager**'s Changelog Page][changelog].
 
-## What's Coming Up Next?
-
-You can see the project's progress [in this **VMware Secrets Manager** 
-roadmap][roadmap].
-
 ## Code Of Conduct
 
 [Be a nice citizen](CODE_OF_CONDUCT.md).
@@ -287,7 +274,6 @@ We'd love to have them.
 [pkg-go-dev]: https://pkg.go.dev/github.com/vmware-tanzu/secrets-manager "VSecM Go Docs"
 [production]: https://vsecm.com/documentation/production/overview/ "VSecM Production Deployment"
 [quickstart]: https://vsecm.com/documentation/getting-started/overview/ "VSecM Quickstart"
-[roadmap]: https://vsecm.com/timeline/roadmap/ "VSecM Roadmap"
 [sdk]: https://vsecm.com/documentation/usage/sdk/ "VSecM Developer SDK"
 [slack-invite]: https://join.slack.com/t/a-101-103-105-s/shared_invite/zt-287dbddk7-GCX495NK~FwO3bh_DAMAtQ "Join VSecM Slack"
 [spire]: https://spiffe.io/ "SPIFFE: Secure Production Identity Framework for Everyone"

app/scout/cmd/main.go

@@ -25,10 +25,11 @@ func main() {
 
 	http.HandleFunc("/webhook", nets.Webhook)
 
-	// Has side effect of initializing jwt token if provided.
-	tlsConfig := nets.TlsConfig()
-
 	if env.ScoutTlsEnabled() {
+		log.InfoLn(&id, "scout: TLS enabled")
+
+		tlsConfig := nets.TlsConfig()
+
 		server := &http.Server{
 			Addr:      env.ScoutHttpPort(),
 			TLSConfig: tlsConfig,
@@ -43,6 +44,8 @@ func main() {
 		}
 
 		return
+	} else {
+		log.InfoLn(&id, "scout: TLS disabled")
 	}
 
 	log.InfoLn(&id, "Server is running on", env.ScoutHttpPort())

app/scout/internal/net/tls.go

@@ -7,7 +7,6 @@ import (
 	"fmt"
 	"github.com/spiffe/vsecm-sdk-go/sentry"
 	"log"
-	"strings"
 )
 
 var (
@@ -37,17 +36,23 @@ func TlsConfig() *tls.Config {
 		value := secret["value"].(string)
 
 		switch name {
+		// do this initialization elsewhere
+		// also you might need a lock since jwtsecret is a shared resource.
 		//case "raw:vsecm-scout-jwt-secret":
 		//	jwtSecret = value
 		case "raw:vsecm-scout-crt":
 			serverCert = value
 		case "raw:vsecm-scout-key":
 			serverKey = value
-		default:
-			if strings.HasPrefix(name, "raw:") &&
-				!strings.HasPrefix(name, "raw:vsecm-scout") {
-				secretsToServe[strings.TrimPrefix(name, "raw:")] = value
-			}
+
+			// This is not related to TLS config. Move it elsewhere.
+			// Ideally, update it in a loop. Also, `secretsToServe` is a shared
+			// resource; so you might want a thread-safe map for it.
+			//default:
+			//	if strings.HasPrefix(name, "raw:") &&
+			//		!strings.HasPrefix(name, "raw:vsecm-scout") {
+			//		secretsToServe[strings.TrimPrefix(name, "raw:")] = value
+			//	}
 		}
 	}
 

docs/content/community/hello.md

@@ -13,18 +13,6 @@ title = "VSecM Community"
 weight = 1
 +++
 
-<!--
-/*
-|    Protect your secrets, protect your sensitive data.
-:    Explore VMware Secrets Manager docs at https://vsecm.com/
-</
-<>/  keep your secrets... secret
->/
-<>/' Copyright 2023-present VMware Secrets Manager contributors.
->/'  SPDX-License-Identifier: BSD-2-Clause
-*/
--->
-
 > **Hi 👋**
 >
 > Thank you for wanting to be part of the community ❤️.
@@ -62,36 +50,6 @@ channel, rather than dispersing them across multiple platforms.
 
 [kampus]: https://discord.gg/kampus "Join Kampus Discord Server"
 
-## Join Our Public Meetings
-
-> **We Are Stronger Together**
->
-> **VMware Secrets Manager** meetings are open for everyone, you are more than
-> welcome to join.
-
-
-### VSecM Contributor Sync
-
-* **Date/Time**: Every last Thursday on every month @ 08:00am Pacific
-* [**Calendar ICS**](https://calendar.google.com/calendar/ical/0ef770e47ae11cea2b00a743eed3812768cc3f9c2a45fee6207f4c9c8b0dc5ce%40group.calendar.google.com/public/basic.ics)
-* [**Meetings Notes**](https://docs.google.com/document/d/19Al-IEEdvrcted9HdXCYyiHRCJSJs2Di9uYPZ_ssygs)
-* [**Zoom Meeting**](https://us06web.zoom.us/j/82734769083?pwd=NDJBR2RIZjR6KzhhK2pNL1ZsRzRJZz09)
-
-#### Goals
-
-* Discuss **VMware Secrets Manager** project direction and roadmap.
-* Provide a high-bandwidth forum in which the community can voice needs and make proposals.
-* Achieve maintainer consensus on architectural decisions related to major
-  **VMware Secrets Manager** features.
-
-#### Non-Goals
-
-* **VMware Secrets Manager** maintenance.
-* Triaging, troubleshooting, and resolving issues.
-
-[contributing]: https://github.com/vmware-tanzu/secrets-manager/blob/main/CONTRIBUTING.md
-[code-of-conduct]: https://github.com/vmware-tanzu/secrets-manager/blob/main/CODE_OF_CONDUCT.md
-
 ## Thank You  ❤️
 
 Thanks so much for your interest: It means a lot 🙏.

docs/content/timeline/_index.md

@@ -12,7 +12,7 @@
 title = "Timeline"
 weight = 3
 sort_by = "weight"
-redirect_to = "timeline/roadmap"
+redirect_to = "timeline/changelog"
 insert_anchor_links = "left"
 +++