CLI in local and Secret Automation in CI

dtruong
dtruong
Community Member
edited May 2021 in Secrets Automation


I've created a setup that provides a single entry point between OP CLI for local users and OP SA for CI.
There was complexity around CircleCI constraints, but I've managed to get it running on my builds.
Right now it is in a place where I need to decide whether i accept setup complexity (orchestration of the two tools) for user experience (local development and secret admin).

Possibly not how the tools were designed to be used, but would be keen to get feedback and suggestions
https://github.com/dtruong0/1password-secret-automation-ci


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • dtruong
    dtruong
    Community Member

    I have also noticed a reproducible bug
    
On circle CI If you make a secret request to connect-api as soon as the api begins accepting requests it will fail with this error
 {"status":500,"message":"failed to initiate, review service logs for details"}'

    Sync-api logs

    {"log_message":"(I) [discovery-local] starting discovery, advertising endpoint 8080 /meta/message","timestamp":"2021-04-26T00:23:00.251304284Z","level":3}
    {"log_message":"(I) starting 1Password Connect Sync ...","timestamp":"2021-04-26T00:23:00.253058056Z","level":3}
    {"log_message":"(I) serving on :8080","timestamp":"2021-04-26T00:23:00.253093214Z","level":3}
    {"log_message":"(I) database initialization complete","timestamp":"2021-04-26T00:23:00.257781677Z","level":3}
    {"log_message":"(I) ### syncer credentials bootstrap ### ","timestamp":"2021-04-26T00:23:00.258025603Z","level":3}
    
    

    Connect-api logs

    {"log_message":"(I) [discovery-local] starting discovery, advertising endpoint 8080 /meta/message","timestamp":"2021-04-26T00:22:59.479050881Z","level":3}
    {"log_message":"(I) starting 1Password Connect API ...","timestamp":"2021-04-26T00:22:59.479532167Z","level":3}
    {"log_message":"(I) serving on :8080","timestamp":"2021-04-26T00:22:59.479789076Z","level":3}
    {"log_message":"(E) failed to connectEndpoint for discovered peer: failed to transport.CreateConnection: [transport-websocket] failed to Dial endpoint: dial tcp 172.23.0.3:8080: connect: connection refused","timestamp":"2021-04-26T00:23:00.252528238Z","level":1}
    {"log_message":"(I) GET /v1/vaults/<vault-id>/items?filter=title%20eq%20%22<secret-name>%22","timestamp":"2021-04-26T00:23:04.03869959Z","level":3,"scope":{"request_id":"6a134224-8a53-4ea3-81e1-d59b4c43476e"}}
    {"log_message":"(I) notifying syncer of new token","timestamp":"2021-04-26T00:23:04.039431222Z","level":3,"scope":{"request_id":"6a134224-8a53-4ea3-81e1-d59b4c43476e","jti":"gztizaxkcwkeeietbz4gz6ante"}}
    {"log_message":"(I) awaiting healthy syncer before continuing","timestamp":"2021-04-26T00:23:04.039848505Z","level":3,"scope":{"request_id":"6a134224-8a53-4ea3-81e1-d59b4c43476e","jti":"gztizaxkcwkeeietbz4gz6ante"}}
    {"log_message":"(E) syncer did not become healthy, terminating request","timestamp":"2021-04-26T00:23:10.260223836Z","level":1,"scope":{"request_id":"6a134224-8a53-4ea3-81e1-d59b4c43476e","jti":"gztizaxkcwkeeietbz4gz6ante"}}
    {"log_message":"(I) GET /v1/vaults/<vault-id>/items?filter=title%20eq%20%22<secret-name>%22 completed (500: Internal Server Error)","timestamp":"2021-04-26T00:23:10.260635225Z","level":3,"scope":{"request_id":"6a134224-8a53-4ea3-81e1-d59b4c43476e","jti":"gztizaxkcwkeeietbz4gz6ante"}}
    
    

    But you will not get an error if you add a sleep here
    https://github.com/dtruong0/1password-secret-automation-ci/blob/master/scripts/env/docker-compose.yml#L13

This discussion has been closed.