Record Vault token and add JWT support (#31)

README.md

@@ -48,9 +48,9 @@ $ source ./setenv-curl-local.sh
 # Health check
 $ ./health.sh
 # Get token
-$ ./config-jenkins.sh
+$ ./provision-db-demo.sh
 # Get secret id for provisioning fluentbit
-$ ./provision-fluent-bit.sh
+$ ./provision-fluentbit-demo.sh
 ```
 
 ## Test

helm/broker-app/Chart.yaml

@@ -20,4 +20,4 @@ version: 1.0.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: "1.4.1"
+appVersion: "1.5.0"

helm/broker-app/templates/statefulset.yaml

@@ -80,6 +80,21 @@ spec:
                 secretKeyRef:
                   name: nr-broker-basic-creds
                   key: password
+            - name: JWT_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: nr-broker-jwt-creds
+                  key: secret
+            - name: JWT_VALIDATION_SUB
+              valueFrom:
+                secretKeyRef:
+                  name: nr-broker-jwt-validation
+                  key: sub-allow-list
+            - name: JWT_VALIDATION_JTI_DENY
+              valueFrom:
+                secretKeyRef:
+                  name: nr-broker-jwt-validation
+                  key: jti-deny-list
             - name: USER_ADMIN
               valueFrom:
                 secretKeyRef:

helm/broker-secrets/templates/secret-jwt-auth.yaml

@@ -0,0 +1,10 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: nr-broker-jwt-creds
+  labels:
+    app: "nr-broker-app"
+    helm.sh/chart: "nr-broker-app"
+    name: "nr-broker-app"
+stringData:
+  secret: {{ .Values.auth.jwt_secret }}

helm/broker-secrets/values.tpl.yaml

@@ -8,3 +8,5 @@ vault:
 auth:
   user: ""
   password: ""
+  jwt_secret: ""
+