Skip to content

Instantly share code, notes, and snippets.

@izgeri

izgeri/puppet-flow-without-deferred.md

Last active July 9, 2020 15:45
Show Gist options
  • Save izgeri/0b4ceebe572ae0b6271d33c4613e8a33 to your computer and use it in GitHub Desktop.
Save izgeri/0b4ceebe572ae0b6271d33c4613e8a33 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
puppet-flow-without-deferred.md

Draft flow for Puppet invocation of Conjur module:

+---------+                                                +-------+                                         +---------+                              
| server  |                                                | agent |                                         | conjur  |                              
+---------+                                                +-------+                                         +---------+                              
     |                                                         |                                                  |                                   
     |                                                         | Puppet facts collected                           |                                   
     |                                                         |-----------------------                           |                                   
     |                                                         |                      |                           |                                   
     |                                                         |<----------------------                           |                                   
     |                                                         |                                                  |                                   
     |                                                         | Send authentication request to Conjur            |                                   
     |                                                         |------------------------------------------------->|                                   
     |                                                         |                                                  |                                   
     |                                                         |             Return Conjur access token, or error |                                   
     |                                                         |<-------------------------------------------------|                                   
     |                                                         |                                                  |                                   
     |     Send Puppet facts to server, including Conjur token |                                                  |                                   
     |<--------------------------------------------------------|                                                  |                                   
     |                                                         |                                                  |                                   
     | Compile catalog based on agent facts                    |                                                  |                                   
     |-------------------------------------                    |                                                  |                                   
     |                                    |                    |                                                  |                                   
     |<------------------------------------                    |                                                  |                                   
     |                                                         |                                                  |                                   
     | Request secret values using Conjur access token         |                                                  |                                   
     |----------------------------------------------------------------------------------------------------------->|                                   
     |                                                         |                                                  |                                   
     |                                                         |                                                  | Verify host has access to secrets 
     |                                                         |                                                  |---------------------------------- 
     |                                                         |                                                  |                                 | 
     |                                                         |                                                  |<--------------------------------- 
     |                                                         |                                                  |                                   
     |                                                         |                   Return secret values, or error |                                   
     |<-----------------------------------------------------------------------------------------------------------|                                   
     |                                                         |                                                  |                                   
     | Return catalog, or error                                |                                                  |                                   
     |-------------------------------------------------------->|                                                  |                                   
     |                                                         |                                                  |                                   
     |                                                         | Make configuration updates based on catalog      |                                   
     |                                                         |--------------------------------------------      |                                   
     |                                                         |                                           |      |                                   
     |                                                         |<-------------------------------------------      |                                   
     |                                                         |                                                  |

This was generated by https://textart.io/sequence using the sequence

object server agent conjur
agent->agent: Puppet facts collected
agent->conjur: Send authentication request to Conjur 
conjur->agent: Return Conjur access token, or error
agent->server: Send Puppet facts to server, including Conjur token
server->server: Compile catalog based on agent facts
server->conjur: Request secret values using Conjur access token
conjur->conjur: Verify host has access to secrets
conjur->server: Return secret values, or error
server->agent: Return catalog, or error
agent->agent: Make configuration updates based on catalog
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment