✨ feat(VaultClient): Ajoute la gestion des secrets de base de données du site web.
This commit is contained in:
Serreau Jovann
@@ -12,6 +12,7 @@ use App\Repository\EsyWebTutoRepository;
|
||||
use App\Service\Cloudflare\Client;
|
||||
use App\Service\License\LicenseManager;
|
||||
use App\Service\Logger\LoggerService;
|
||||
use App\Service\Vault\VaultClient;
|
||||
use App\Service\Website\EventCancelWebsite;
|
||||
use App\Service\Website\EventCreatedWebsite;
|
||||
use Cocur\Slugify\Slugify;
|
||||
@@ -30,6 +31,7 @@ class EsyWebController extends AbstractController
|
||||
public function websites(
|
||||
\App\Service\Dma\Client $clientDma,
|
||||
LicenseManager $licenseManager,
|
||||
VaultClient $vaultClient,
|
||||
Client $client,LoggerService $loggerService,EventDispatcherInterface $eventDispatcher,Request $request,EntityManagerInterface $entityManager,WebsiteRepository $websiteRepository)
|
||||
{
|
||||
$loggerService->log("VIEW","Affiche la page de site internet",$this->getUser());
|
||||
@@ -65,8 +67,34 @@ class EsyWebController extends AbstractController
|
||||
|
||||
$vd =$licenseManager->generateAndSaveLicense($website,'main_license');
|
||||
$entityManager->persist($vd);
|
||||
|
||||
$websiteKeyDatabase = new WebsiteKey();
|
||||
$websiteKeyDatabase->setType("db_name");
|
||||
$websiteKeyDatabase->setApiKey($vaultClient->encrypt('website_db',$slug->slugify($website->getTitle())));
|
||||
$websiteKeyDatabase->setWebsitre($website);
|
||||
$entityManager->persist($websiteKeyDatabase);
|
||||
|
||||
$websiteKeyDatabasePassword = new WebsiteKey();
|
||||
$websiteKeyDatabasePassword->setType("db_password");
|
||||
$websiteKeyDatabasePassword->setApiKey($vaultClient->encrypt('website_db',$slug->slugify($website->getTitle())));
|
||||
$websiteKeyDatabasePassword->setWebsitre($website);
|
||||
$entityManager->persist($websiteKeyDatabasePassword);
|
||||
|
||||
$websiteKeyDatabaseUsername = new WebsiteKey();
|
||||
$websiteKeyDatabaseUsername->setType("db_username");
|
||||
$websiteKeyDatabaseUsername->setApiKey($vaultClient->encrypt('website_db',$slug->slugify($website->getTitle())));
|
||||
$websiteKeyDatabaseUsername->setWebsitre($website);
|
||||
$entityManager->persist($websiteKeyDatabaseUsername);
|
||||
|
||||
$websiteKeyRedis = new WebsiteKey();
|
||||
$websiteKeyRedis->setType("redis_port");
|
||||
$websiteKeyRedis->setApiKey($vaultClient->encrypt('website_db',57000+$website->getId()));
|
||||
$websiteKeyRedis->setWebsitre($website);
|
||||
$entityManager->persist($websiteKeyRedis);
|
||||
|
||||
$entityManager->flush();
|
||||
|
||||
|
||||
$loggerService->log("VALIDATE","Validation du site internet",$this->getUser());
|
||||
return $this->redirectToRoute('artemis_esyweb');
|
||||
}
|
||||
@@ -75,7 +103,7 @@ class EsyWebController extends AbstractController
|
||||
]);
|
||||
}
|
||||
#[Route(path: '/artemis/esyweb/website/{id}', name: 'artemis_esyweb_view', methods: ['GET', 'POST'])]
|
||||
public function websiteView(?Website $website,LicenseManager $licenseManager,LoggerService $loggerService,Request $request,EntityManagerInterface $entityManager,WebsiteRepository $websiteRepository)
|
||||
public function websiteView(?Website $website,VaultClient $vaultClient,LicenseManager $licenseManager,LoggerService $loggerService,Request $request,EntityManagerInterface $entityManager,WebsiteRepository $websiteRepository)
|
||||
{
|
||||
if(is_null($website)) {
|
||||
return $this->redirectToRoute('artemis_esyweb');
|
||||
|
||||
@@ -14,6 +14,7 @@ class VaultClient
|
||||
'mainframe_logger',
|
||||
'mainframe_customer',
|
||||
'lc_private_key',
|
||||
'website_db',
|
||||
];
|
||||
|
||||
public function __construct(private readonly HttpClientInterface $httpClient)
|
||||
|
||||
@@ -12,6 +12,7 @@ use App\Entity\CustomerSplit;
|
||||
use App\Entity\EsyWeb\Website;
|
||||
use App\Entity\EsyWeb\WebsiteKey;
|
||||
use App\Entity\EsyWeb\WebsiteLicense;
|
||||
use App\Service\Vault\VaultClient;
|
||||
use Cocur\Slugify\Slugify;
|
||||
use Twig\Extension\AbstractExtension;
|
||||
use Twig\TwigFilter;
|
||||
@@ -19,6 +20,10 @@ use Twig\TwigFunction;
|
||||
|
||||
class TwigOrderExtensions extends AbstractExtension
|
||||
{
|
||||
public function __construct(private readonly VaultClient $vaultClient)
|
||||
{
|
||||
}
|
||||
|
||||
public function getFilters()
|
||||
{
|
||||
return [
|
||||
@@ -31,8 +36,17 @@ class TwigOrderExtensions extends AbstractExtension
|
||||
new TwigFilter('pubKey',[$this,'pubKey']),
|
||||
new TwigFilter('licNumber',[$this,'licNumber']),
|
||||
new TwigFilter('mainKey',[$this,'mainKey']),
|
||||
new TwigFilter('webDb',[$this,'webDb']),
|
||||
];
|
||||
}
|
||||
public function webDb(Website $website,string $type): ?string
|
||||
{
|
||||
/** @var WebsiteKey $apiKey */
|
||||
$apiKey = $website->getWebsiteKeys()->filter(function (WebsiteKey $websiteKey) use ($type){
|
||||
return $websiteKey->getType() == $type;
|
||||
})->first();
|
||||
return $this->vaultClient->decrypt('website_db',$apiKey->getApiKey());
|
||||
}
|
||||
|
||||
public function licNumber(Website $website): ?string
|
||||
{
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
[website_deploy]
|
||||
{% for website in websites %}
|
||||
{{ website.mainDns}} ansible_connection=ssh ansible_user=bot ansible_python_interpreter=/usr/bin/python3 path=/var/www/{{ website.title|slugify }} website_id={{ website.id }} api_key={{ website|mainKey }} dma_key={{ website|dmaKey }} public_key={{ website|pubKey }} license_number={{ website|licNumber }}
|
||||
{{ website.mainDns}} ansible_connection=ssh ansible_user=bot ansible_python_interpreter=/usr/bin/python3 path=/var/www/{{ website.title|slugify }} website_id={{ website.id }} api_key={{ website|mainKey }} dma_key={{ website|dmaKey }} public_key={{ website|pubKey }} license_number={{ website|licNumber }} db_name={{ website|webDb('db_name') }} db_password={{ website|webDb('db_password') }} db_username={{ website|webDb('db_username') }} redis_port={{ website|webDb('redis_port') }}
|
||||
{% endfor %}
|
||||
|
||||
Reference in New Issue
Block a user