studio/cli
2
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 4 Wiki Activity

feat: add impress image mirroring and docs secret seeding

Browse Source 
images.py: extend AMD64_ONLY_IMAGES with the three impress (La Suite Docs)
images — impress-backend, impress-frontend, impress-y-provider. Always pull
the amd64 manifest + layers by digest unconditionally before the blob check;
the prior guard skipped the pull when the index blob was present but layers
were missing, causing the OCI import to fail on arm64 hosts.

secrets.py: add docs KV path (django-secret-key, collaboration-secret) to
_seed_openbao so a fresh sunbeam seed generates all required credentials for
the impress deployment.
This commit is contained in:
Sienna Meridian Satterwhite
2026-03-03 14:23:42 +00:00
parent 14dd685398
commit de12847cf1
2 changed files with 24 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sunbeam/secrets.py
View File

@@ -170,6 +170,10 @@ def _seed_openbao() -> dict:
"csrf-cookie-secret": rand,
"admin-identity-ids": lambda: ""})
docs = get_or_create("docs",
**{"django-secret-key": rand,
"collaboration-secret": rand})
# Write all secrets to KV (idempotent -- puts same values back)
bao(f"BAO_ADDR=http://127.0.0.1:8200 BAO_TOKEN='{root_token}' sh -c '"
f"bao kv put secret/hydra system-secret=\"{hydra['system-secret']}\" cookie-secret=\"{hydra['cookie-secret']}\" pairwise-salt=\"{hydra['pairwise-salt']}\" && "
@@ -180,7 +184,8 @@ def _seed_openbao() -> dict:
f"bao kv put secret/livekit api-key=\"{livekit['api-key']}\" api-secret=\"{livekit['api-secret']}\" && "
f"bao kv put secret/people django-secret-key=\"{people['django-secret-key']}\" && "
f"bao kv put secret/login-ui cookie-secret=\"{login_ui['cookie-secret']}\" csrf-cookie-secret=\"{login_ui['csrf-cookie-secret']}\" && "
f"bao kv put secret/kratos-admin cookie-secret=\"{kratos_admin['cookie-secret']}\" csrf-cookie-secret=\"{kratos_admin['csrf-cookie-secret']}\" admin-identity-ids=\"{kratos_admin['admin-identity-ids']}\""
f"bao kv put secret/kratos-admin cookie-secret=\"{kratos_admin['cookie-secret']}\" csrf-cookie-secret=\"{kratos_admin['csrf-cookie-secret']}\" admin-identity-ids=\"{kratos_admin['admin-identity-ids']}\" && "
f"bao kv put secret/docs django-secret-key=\"{docs['django-secret-key']}\" collaboration-secret=\"{docs['collaboration-secret']}\""
f"'")
# Configure Kubernetes auth method so VSO can authenticate with OpenBao