add standalone demo doc (#82)

gtema · web-flow · commit b4a05ebefdea · 2022-05-23T15:31:14.000Z
add standalone demo doc

Reviewed-by: Rodion Gyrbu &lt;fpsoff@outlook.com&gt;
Reviewed-by: Anton Sidelnikov &lt;None&gt;
diff --git a/doc/source/examples/demo.rst b/doc/source/examples/demo.rst
@@ -0,0 +1,82 @@
+Demo
+====
+
+This article demonstrates how to install vault, add and configure plugin and
+perform invoke Terraform to query image_id for the image by name.
+
+- Install vault
+
+- Modify vault config file adding ``plugin_dir = "/opt/vault/plugin"``
+
+- Deploy the plugin
+
+  .. code-block:: console
+
+     wget https://github.com/opentelekomcloud/vault-plugin-secrets-openstack/releases/download/v1.0.2/vault-plugin-secrets-openstack_1.0.2_linux_amd64.tar.gz
+     tar xvf vault-plugin-secrets-openstack_1.0.2_linux_arm64.tar.gz -C /opt/vault/plugins
+
+- Register the plugin
+
+  .. code-block::
+
+     vault secrets enable -path="openstack" -plugin-name="vault-plugin-secrets-openstack" plugin
+
+- Register password policy
+
+  .. code-block::
+     :caption: os_policy.hcl
+
+     length = 20
+     rule "charset" {
+       charset = "abcdefghijklmnopqrstuvwxyz"
+       min-chars = 1
+     }
+     rule "charset" {
+       charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+       min-chars = 1
+     }
+     rule "charset" {
+       charset = "0123456789"
+       min-chars = 1
+     }
+     rule "charset" {
+       charset = "!@#$%^&*"
+       min-chars = 1
+     }
+
+  .. code-block:: console
+
+     vault write sys/policies/password/os-policy policy=@os_policy.hcl
+
+
+- Configure cloud root account
+
+  .. code-block::
+
+     vault write openstack/cloud/demo auth_url=https://<AUTH_URL> username=<USER> password=<PASSWORD> user_domain_name=<USER_DOMAIN_NAME> password_policy=os-policy
+
+- Configure root token role
+
+  .. code-block:: console
+
+     vault write /openstack/role/root_token cloud=demo project_name=<PROJECT_NAME> domain_name=<DOMAIN_NAME> root=true
+
+- Prepare Terraform configuration
+
+  .. literalinclude:: terraform_vault_openstack/settings.tf
+     :caption: settings.tf
+
+  .. literalinclude:: terraform_vault_openstack/vault_os_creds.tf
+     :caption: vault_os_cred.tf
+
+  .. literalinclude:: terraform_vault_openstack/variables.tf
+     :caption: variables.tf
+
+  It is required to populate tenant_name (project_name) of the OpenStack
+  provider when root token role is used.
+
+- Apply Terraform plan
+
+  .. code-block:: console
+
+     terraform apply
diff --git a/doc/source/examples/index.rst b/doc/source/examples/index.rst
@@ -8,3 +8,4 @@ There are multiple possibilities how to start using the plugin.
 
    configure_tf
    use_tf
+   demo
diff --git a/doc/source/examples/terraform_vault_openstack/settings.tf b/doc/source/examples/terraform_vault_openstack/settings.tf
@@ -16,8 +16,12 @@ provider "vault" {
   address = var.vault_public_addr
 }
 
+locals {
+  auth = jsondecode(data.vault_generic_secret.token.data["auth"])
+}
+
 provider "openstack" {
-  auth_url    = data.vault_generic_secret.token.data["auth_url"]
-  token       = data.vault_generic_secret.token.data["token"]
+  auth_url    = local.auth.auth_url
+  token       = local.auth.token
   tenant_name = var.project_name
 }

Original file line number	Diff line number	Diff line change
`@@ -8,3 +8,4 @@ There are multiple possibilities how to start using the plugin.`
`8`	`8`
`9`	`9`	`configure_tf`
`10`	`10`	`use_tf`
	`11`	`+ demo`
Original file line number	Diff line number	Diff line change
`@@ -16,8 +16,12 @@ provider "vault" {`
`16`	`16`	`address = var.vault_public_addr`
`17`	`17`	`}`
`18`	`18`
	`19`	`+locals {`
	`20`	`+ auth = jsondecode(data.vault_generic_secret.token.data["auth"])`
	`21`	`+}`
	`22`	`+`
`19`	`23`	`provider "openstack" {`
`20`		`- auth_url = data.vault_generic_secret.token.data["auth_url"]`
`21`		`- token = data.vault_generic_secret.token.data["token"]`
	`24`	`+ auth_url = local.auth.auth_url`
	`25`	`+ token = local.auth.token`
`22`	`26`	`tenant_name = var.project_name`
`23`	`27`	`}`