Merge pull request #1 from sitaramkm/update-readme

Updates to include new service name and changes to resource names created in Venafi Control Plane
Venafi · Jun 14, 2024 · e3c305e · e3c305e
2 parents 61c90a9 + d2b5b0e
commit e3c305e
Show file tree

Hide file tree

Showing 2 changed files with 75 additions and 27 deletions.
diff --git a/demo.ipynb b/demo.ipynb
@@ -13,43 +13,91 @@
    "cell_type": "markdown",
    "metadata": {},
    "source": [
-    "To run the the click through the following interactive steps. \n",
+    "### Set the API Key to connect to your Venafi Control Plane tenant\n",
     "\n",
-    "#### 1. Edit the `.env` to include a valid Venafi Cloud API key if you've not already done this. \n",
-    "#### 2. In the terminal, type or paste the following command: \n",
-    "\n",
-    "```docker compose --profile control-plane up```\n",
+    "Login to your tenant and copy the API Key associated with your tenant and set it below. The API key that will be used by the Docker compose file to generate a working Firefly configuration"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "vscode": {
+     "languageId": "shellscript"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "export TLSPC_API_KEY=REPLACE_WITH_YOUR_API_KEY_FROM_VENAFI_CLOUD"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "### Either type the following in the terminal or just click play to run it interactively\n",
     "\n",
-    "This will automate the creation of the required configuration items in the Venafi control plane. You can take a look by clicking through the various Firefly configuration tabs in the Venafi Web UI. The following new items should now exist under each of the sections: \n",
+    "The below command will create the required configurations in the Venafi Control Plane using API's. \n",
+    "The following new items will be created in your tenant after docker command is executed.\n",
     "\n",
-    "* Teams : basic-demo\n",
-    "* Service Account: basic-demo\n",
-    "* Sub CA Providers: basic-demo\n",
-    "* Policies: basic-demo\n",
-    "* Configurations: basic-demo\n",
+    "* Teams : **Firefly Playground**\n",
+    "* Service Account: **Firefly Playground**\n",
+    "* Sub CA Providers: **Firefly Playground**\n",
+    "* Policies: **Firefly Playground**\n",
+    "* Configurations: **Firefly Playground**\n",
     "\n",
-    "For the purposes of this demonstrations some simple policies have been created. "
+    "You can optionally run ```docker compose --profile remove-control-plane up``` to cleanup the resources created for demo."
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "metadata": {
+    "vscode": {
+     "languageId": "shellscript"
+    }
+   },
+   "outputs": [],
+   "source": [
+    "docker compose --profile control-plane up"
    ]
   },
   {
    "cell_type": "markdown",
    "metadata": {},
    "source": [
-    "Lets start by adding our Venafi cloud API key to the environment. The following command creates a new `.env` file that contains an API key that will be used by the Docker compose file to generate a working Firefly configuration. Replace the placeholder text with your own API key. "
+    "You can review the various items created using API's by navigating the UI. "
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "## Step 2 - Starting Firefly\n",
+    "Run the below command either in the terminal or simply click the play button to start **firefly**\n",
+    "\n",
+    "Feel free to review the docker compose file available [here](docker-compose.yml)"
    ]
   },
   {
    "cell_type": "code",
-   "execution_count": 1,
+   "execution_count": null,
    "metadata": {
     "vscode": {
      "languageId": "shellscript"
     }
    },
    "outputs": [],
    "source": [
-    "echo \"TLSPC_API_KEY=9a70a424-7cc1-49d0-b705-5279742dd766\" > .env\n",
-    "export TLSPC_API_KEY=9a70a424-7cc1-49d0-b705-5279742dd766"
+    "docker compose --profile firefly up"
+   ]
+  },
+  {
+   "cell_type": "markdown",
+   "metadata": {},
+   "source": [
+    "We will now request a token from the **firefly** that will be subsequently used for requesting certificates\n",
+    "Run the below command to set a **TOKEN** in the `.env` file.  "
    ]
   },
   {
@@ -81,7 +129,7 @@
     "     -H \"Content-Type: application/x-www-form-urlencoded\" \\\n",
     "     -X POST http://localhost:8001/token \\\n",
     "     -k -s |  jq -r  '.access_token' )\n",
-    "echo VTOKEN=$token >> .env\n",
+    "echo VTOKEN=$token > .env\n",
     "echo ${token}\n",
     "echo ${token} | jq -R 'split(\".\") | .[0],.[1] | @base64d | fromjson'\n"
    ]

diff --git a/docs/index.md b/docs/index.md
@@ -187,7 +187,7 @@ If you take a look at the `config.yaml` it will look something like this:
        privateKeyFile: /etc/firefly/private-key.pem  # (2)
        clientID: 8104b51c-bf7e-11ee-9c78-4a98e9dd68c7  # (3)
      csr:
-       instanceNaming: SKO Demo # (4)
+       instanceNaming: Firefly Playground # (4)
  server: # (5)
    rest: # (6)
      port: 8281 # (7)
@@ -219,18 +219,18 @@ If you take a look at the `config.yaml` it will look something like this:
 
 Now that we've configured the Control Plane, we can now start the Firefly container `public.ecr.aws/venafi-images/firefly` and the `tr1ck3r/jwt-this`. 
 
-To do this use the following `docker compose` command. The `--profile demo` flag tells Docker to run only the `public.ecr.aws/venafi-images/firefly` and the `tr1ck3r/jwt-this` containers.
+To do this use the following `docker compose` command. The `--profile firefly` flag tells Docker to run only the `public.ecr.aws/venafi-images/firefly` and the `tr1ck3r/jwt-this` containers.
 
 ``` bash title="Start Firefly & the JWT service"
-docker compose --profile demo up
+docker compose --profile firefly up
 ```
 
 This will create 2 containers
 
 You should see the following output. 
 
 ```bash title="Example output - Truncated"
-docker compose --profile demo up
+docker compose --profile firefly up
 [+] Running 2/0
  ✔ Container firefly-playground-jwt-this-1  Created                                                                                                                   0.0s 
  ✔ Container firefly-playground-firefly-1   Created                                                                                                                   0.0s 
@@ -260,9 +260,9 @@ firefly-1   | I0207 12:30:01.090982       1 readyz.go:68] "msg"="adding readines
 firefly-1   | I0207 12:30:01.091020       1 client.go:195] "msg"="creating vaas client" "logger"="agent.bootstrap.vaas.client"
 ...
 firefly-1   | I0207 12:30:02.061899       1 client.go:296] "msg"="retrieve issued intermediate certificate from VaaS" "logger"="agent.bootstrap.vaas.client"
-firefly-1   | I0207 12:30:02.169560       1 vaas.go:123] "msg"="issued intermediate certificate from VaaS" "CN"="Demo Issuer" "id"="9d03a130-c5b4-11ee-b282-75b352d68206" "logger"="agent.bootstrap.vaas"
+firefly-1   | I0207 12:30:02.169560       1 vaas.go:123] "msg"="issued intermediate certificate from VaaS" "CN"="Firefly Playground Issuer" "id"="9d03a130-c5b4-11ee-b282-75b352d68206" "logger"="agent.bootstrap.vaas"
 firefly-1   | I0207 12:30:02.172270       1 inmemory.go:49] "msg"="stored in memory certificate private key bundle" "logger"="agent.signer.inmemory"
-firefly-1   | I0207 12:30:02.172303       1 renewer.go:135] "msg"="fetched intermediate certificate from bootstrap" "CN"="Demo Issuer" "logger"="agent.agent_renewer"
+firefly-1   | I0207 12:30:02.172303       1 renewer.go:135] "msg"="fetched intermediate certificate from bootstrap" "CN"="Firefly Playground Issuer" "logger"="agent.agent_renewer"
 firefly-1   | I0207 12:30:02.172324       1 renewer.go:169] "msg"="waiting to renew certificate" "logger"="agent.agent_renewer" "renew_time"="2024-04-07 12:29:51 +0000 UTC"
 firefly-1   | I0207 12:30:02.172328       1 tls.go:144] "msg"="signing tls certificate" "logger"="agent.server.rest.tls"
 firefly-1   | I0207 12:30:02.173788       1 tls.go:169] "msg"="signed tls certificate" "logger"="agent.server.rest.tls" "renewal_time"="2024-02-08T04:30:02Z"
@@ -310,9 +310,9 @@ echo ${token} | jq -R 'split(".") | .[0],.[1] | @base64d | fromjson'
   "sub": "jwt-this",
   "venafi-firefly.allowAllPolicies": false,
   "venafi-firefly.allowedPolicies": [ # (1)
-    "Basic Demo"
+    "Firefly Playground"
   ],
-  "venafi-firefly.configuration": "Basic Demo" # (2)
+  "venafi-firefly.configuration": "Firefly Playground" # (2)
 }
 ```
 
@@ -349,7 +349,7 @@ curl 'https://localhost:8289/v1/certificatesigningrequest' \
  -H "Authorization: Bearer $token" \
 --data '{
     "request": "'"$csr"'",
-    "policyName": "Basic Demo"
+    "policyName": "Firefly Playground"
 }' -k -s 
 ```
 
@@ -376,7 +376,7 @@ You should see output similar to the following. Note: The response includes the
      -H "Authorization: Bearer $token" \
     --data '{
         "request": "'"$csr"'",
-        "policyName": "Basic Demo"
+        "policyName": "Firefly Playground"
     }' -k -s | jq -r .certificateChain
     ```