Skip to content

Commit

Permalink
Merge pull request #3032 from Infisical/correct-app-connections-docs
Browse files Browse the repository at this point in the history 
Improvements: Minor Secret Sync improvements and Correct App Connections Env Vars and Move Sync/Connections to Groups in Docs
  • Loading branch information
@maidul98
maidul98 authored Jan 23, 2025
2 parents 114b89c + 8142019 commit 784acf1
Show file tree
Hide file tree
Showing 8 changed files with 71 additions and 68 deletions.
11 changes: 7 additions & 4 deletions backend/src/services/app-connection/aws/aws-connection-fns.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,19 +81,22 @@ export const getAwsConnectionConfig = async (appConnection: TAwsConnectionConfig
};

export const validateAwsConnectionCredentials = async (appConnection: TAwsConnectionConfig) => {
const awsConfig = await getAwsConnectionConfig(appConnection);
const sts = new AWS.STS(awsConfig);
let resp: Awaited<ReturnType<ReturnType<typeof sts.getCallerIdentity>["promise"]>>;
let resp: AWS.STS.GetCallerIdentityResponse & {
$response: AWS.Response<AWS.STS.GetCallerIdentityResponse, AWS.AWSError>;
};

try {
const awsConfig = await getAwsConnectionConfig(appConnection);
const sts = new AWS.STS(awsConfig);

resp = await sts.getCallerIdentity().promise();
} catch (e: unknown) {
throw new BadRequestError({
message: `Unable to validate connection - verify credentials`
});
}

if (resp.$response.httpResponse.statusCode !== 200)
if (resp?.$response.httpResponse.statusCode !== 200)
throw new InternalServerError({
message: `Unable to validate credentials: ${
resp.$response.error?.message ??
Expand Down
Binary file added docs/images/app-connections/aws/access-key-create-policy.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/images/app-connections/aws/assume-role-create-policy.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
31 changes: 11 additions & 20 deletions docs/integrations/app-connections/aws.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,6 @@ Infisical supports two methods for connecting to AWS.
<Tab title="Assume Role (Recommended)">
Infisical will assume the provided role in your AWS account securely, without the need to share any credentials.

**Prerequisites:**

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)

<Accordion title="Self-Hosted Instance">
To connect your self-hosted Infisical instance with AWS, you need to set up an AWS IAM User account that can assume the configured AWS IAM Role.

Expand Down Expand Up @@ -47,8 +43,8 @@ Infisical supports two methods for connecting to AWS.
![Access Key Step 3](/images/integrations/aws/integrations-aws-access-key-3.png)
</Step>
<Step title="Set Up Connection Keys">
1. Set the access key as **INF_APP_CONNECTION_AWS_CLIENT_ID**.
2. Set the secret key as **INF_APP_CONNECTION_AWS_CLIENT_SECRET**.
1. Set the access key as **INF_APP_CONNECTION_AWS_ACCESS_KEY_ID**.
2. Set the secret key as **INF_APP_CONNECTION_AWS_SECRET_ACCESS_KEY**.
</Step>
</Steps>
</Accordion>
Expand All @@ -63,7 +59,11 @@ Infisical supports two methods for connecting to AWS.
4. Optionally, enable **Require external ID** and enter your **Organization ID** to further enhance security.
</Step>

<Step title="Add Required Permissions for the IAM Role">
<Step title="Add Required Permissions to the IAM Role">
Navigate to your IAM role permissions and click **Create Inline Policy**.

![IAM Role Create Policy](/images/app-connections/aws/assume-role-create-policy.png)

Depending on your use case, add one or more of the following policies to your IAM Role:

<Tabs>
Expand Down Expand Up @@ -199,22 +199,13 @@ Infisical supports two methods for connecting to AWS.
<Tab title="Access Key">
Infisical will use the provided **Access Key ID** and **Secret Key** to connect to your AWS instance.

**Prerequisites:**

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)

<Steps>
<Step title="Create the Managing User IAM Role for Infisical">
1. Navigate to the [Create IAM Role](https://console.aws.amazon.com/iamv2/home#/roles/create?step=selectEntities) page in your AWS Console.
![IAM Role Creation](/images/integrations/aws/integration-aws-iam-assume-role.png)
<Step title="Add Required Permissions to the IAM User">
Navigate to your IAM user permissions and click **Create Inline Policy**.

2. Select **AWS Account** as the **Trusted Entity Type**.
3. Choose **Another AWS Account** and enter **381492033652** (Infisical AWS Account ID). This restricts the role to be assumed only by Infisical. If self-hosting, provide your AWS account number instead.
4. Optionally, enable **Require external ID** and enter your **Organization ID** to further enhance security.
</Step>
![User IAM Create Policy](/images/app-connections/aws/access-key-create-policy.png)

<Step title="Add Required Permissions for the IAM Role">
Depending on your use case, add one or more of the following policies to your IAM Role:
Depending on your use case, add one or more of the following policies to your user:

<Tabs>
<Tab title="Secret Sync">
Expand Down
14 changes: 3 additions & 11 deletions docs/integrations/app-connections/github.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,10 +9,6 @@ Infisical supports two methods for connecting to GitHub.
<Tab title="GitHub App (Recommended)">
Infisical will use a GitHub App with finely grained permissions to connect to GitHub.

**Prerequisites:**

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)

<Accordion title="Self-Hosted Instance">
Using the GitHub integration with app authentication on a self-hosted instance of Infisical requires configuring an application on GitHub
and registering your instance with it.
Expand Down Expand Up @@ -61,9 +57,9 @@ Infisical supports two methods for connecting to GitHub.

- `INF_APP_CONNECTION_GITHUB_APP_CLIENT_ID`: The **Client ID** of your GitHub application.
- `INF_APP_CONNECTION_GITHUB_APP_CLIENT_SECRET`: The **Client Secret** of your GitHub application.
- `INF_APP_CONNECTION_GITHUB_APP_CLIENT_SLUG`: The **Slug** of your GitHub application. This is the one found in the URL.
- `INF_APP_CONNECTION_GITHUB_APP_CLIENT_APP_ID`: The **App ID** of your GitHub application.
- `INF_APP_CONNECTION_GITHUB_APP_CLIENT_PRIVATE_KEY`: The **Private Key** of your GitHub application.
- `INF_APP_CONNECTION_GITHUB_APP_SLUG`: The **Slug** of your GitHub application. This is the one found in the URL.
- `INF_APP_CONNECTION_GITHUB_APP_ID`: The **App ID** of your GitHub application.
- `INF_APP_CONNECTION_GITHUB_APP_PRIVATE_KEY`: The **Private Key** of your GitHub application.

Once added, restart your Infisical instance and use the GitHub integration via app authentication.
</Step>
Expand Down Expand Up @@ -100,10 +96,6 @@ Infisical supports two methods for connecting to GitHub.
<Tab title="OAuth">
Infisical will use an OAuth App to connect to GitHub.

**Prerequisites:**

- Set up and add envars to [Infisical Cloud](https://app.infisical.com)

<Accordion title="Self-Hosted Instance">
Using the GitHub integration on a self-hosted instance of Infisical requires configuring an OAuth application in GitHub
and registering your instance with it.
Expand Down
18 changes: 14 additions & 4 deletions docs/mint.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -347,16 +347,26 @@
"group": "App Connections",
"pages": [
"integrations/app-connections/overview",
"integrations/app-connections/aws",
"integrations/app-connections/github"
{
"group": "Connections",
"pages": [
"integrations/app-connections/aws",
"integrations/app-connections/github"
]
}
]
},
{
"group": "Secret Syncs",
"pages": [
"integrations/secret-syncs/overview",
"integrations/secret-syncs/aws-parameter-store",
"integrations/secret-syncs/github"
{
"group": "Syncs",
"pages": [
"integrations/secret-syncs/aws-parameter-store",
"integrations/secret-syncs/github"
]
}
]
},
{
Expand Down
58 changes: 30 additions & 28 deletions ...nager/IntegrationsListPage/components/SecretSyncsTab/SecretSyncTable/SecretSyncsTable.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -289,34 +289,36 @@ export const SecretSyncsTable = ({ secretSyncs }: Props) => {
</DropdownMenuTrigger>
<DropdownMenuContent className="thin-scrollbar max-h-[70vh] overflow-y-auto" align="end">
<DropdownMenuLabel>Status</DropdownMenuLabel>
{Object.values(SecretSyncStatus).map((status) => (
<DropdownMenuItem
onClick={(e) => {
e.preventDefault();
setFilters((prev) => ({
...prev,
status: prev.status.includes(status)
? prev.status.filter((s) => s !== status)
: [...prev.status, status]
}));
}}
key={status}
icon={
filters.status.includes(status) && (
<FontAwesomeIcon className="text-primary" icon={faCheckCircle} />
)
}
iconPos="right"
>
<div className="flex items-center gap-2">
<FontAwesomeIcon
icon={STATUS_ICON_MAP[status].icon}
className={STATUS_ICON_MAP[status].className}
/>
<span className="capitalize">{STATUS_ICON_MAP[status].name}</span>
</div>
</DropdownMenuItem>
))}
{[SecretSyncStatus.Running, SecretSyncStatus.Succeeded, SecretSyncStatus.Failed].map(
(status) => (
<DropdownMenuItem
onClick={(e) => {
e.preventDefault();
setFilters((prev) => ({
...prev,
status: prev.status.includes(status)
? prev.status.filter((s) => s !== status)
: [...prev.status, status]
}));
}}
key={status}
icon={
filters.status.includes(status) && (
<FontAwesomeIcon className="text-primary" icon={faCheckCircle} />
)
}
iconPos="right"
>
<div className="flex items-center gap-2">
<FontAwesomeIcon
icon={STATUS_ICON_MAP[status].icon}
className={STATUS_ICON_MAP[status].className}
/>
<span className="capitalize">{STATUS_ICON_MAP[status].name}</span>
</div>
</DropdownMenuItem>
)
)}
<DropdownMenuLabel>Service</DropdownMenuLabel>
{secretSyncs.length ? (
[...new Set(secretSyncs.map(({ destination }) => destination))].map((destination) => {
Expand Down
7 changes: 6 additions & 1 deletion ...rc/pages/secret-manager/SecretSyncDetailsByIDPage/components/SecretSyncDetailsSection.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ import { FontAwesomeIcon } from "@fortawesome/react-fontawesome";
import { format } from "date-fns";

import { ProjectPermissionCan } from "@app/components/permissions";
import { SecretSyncLabel } from "@app/components/secret-syncs";
import { SecretSyncLabel, SecretSyncStatusBadge } from "@app/components/secret-syncs";
import { IconButton } from "@app/components/v2";
import { ProjectPermissionSub } from "@app/context";
import { ProjectPermissionSecretSyncActions } from "@app/context/ProjectPermissionContext/types";
Expand Down Expand Up @@ -57,6 +57,11 @@ export const SecretSyncDetailsSection = ({ secretSync, onEditDetails }: Props) =
<div className="space-y-3">
<SecretSyncLabel label="Name">{name}</SecretSyncLabel>
<SecretSyncLabel label="Description">{description}</SecretSyncLabel>
{syncStatus && (
<SecretSyncLabel label="Status">
<SecretSyncStatusBadge status={syncStatus} />
</SecretSyncLabel>
)}
{lastSyncedAt && (
<SecretSyncLabel label="Last Synced">
{format(new Date(lastSyncedAt), "yyyy-MM-dd, hh:mm aaa")}
Expand Down

0 comments on commit 784acf1

Please sign in to comment.