Add OpenBao and mc-terrarium integration

[yunkon-kim]

This PR integrates mc-terrarium v0.1.0 and OpenBao.
It involves broad internal changes, but the usage remains mostly the same except for the new .env setup.

What's changed

• Add OpenBao service for centralized CSP credential management
• Integrate mc-terrarium v0.1.0 for infrastructure enrichment (VPN)
• Add auto-init/unseal logic for OpenBao in Makefile
• Register CSP credentials to OpenBao via init.py
• Remove .env from tracking, add .env.example template
• Update docker-compose.yaml with mc-terrarium and OpenBao services
• Simplify API auth to plaintext for dev (remove bcrypt)
• New ports:

Service	Port
MC-Terrarium	:8055
OpenBao	:8200

Maintainer & Contributor To-Dos 😉

.env is no longer tracked by Git. Please configure your .env before running make compose or make up:

cp .env.example .env
# Edit .env to set API credentials (TB, Spider, Terrarium)
# VAULT_TOKEN will be auto-initialized by make compose on first run

Warning

Notes for maintainers and contributors

• secrets/openbao-init.json: Generated on first make compose. Stores unseal key/root token. Keep it safe; data is inaccessible if lost. (Git-ignored).
• make clean-all: Now also wipes OpenBao data, secrets, and .env VAULT_TOKEN. Run make compose && make init to restore the environment.
• conf/openbao-config.hcl: Tracked by Git (intentional exception to conf/* ignore).

✅ Tests passed as follows

Feel free to share your thoughts or report any issues 💬

1. Clean and initialize

cp .env.example .env   # Set up .env (VAULT_TOKEN left empty — auto-set by make compose)
    ↓
make clean-all         # Stop services + delete DB + wipe OpenBao data and token
    ↓
make up                # Build images + initialize OpenBao (no VAULT_TOKEN → run init-openbao.sh) + unseal + start all services
    ↓
make init              # Decrypt credentials.yaml.enc → register to CB-Spider + register CSP credentials to OpenBao KV v2

2. Create a testbed infra (by Terrarium)

Access Terrarium API UI   # http://localhost:8055/terrarium/api/index.html
    ↓
Create a terrarium        # trId: testbed01
    ↓
Create a testbed          # trId: testbed01

3. Create an MCI (on Map UI)

Access MapUI                          # http://localhost:1324
    ↓
Click and select VM spec and image    # ap-northeast-2
    ↓
Create the MCI

Next Steps

⏭️ Test and update Tumblebug VPN features/APIs for mc-terrarium v0.1.0 compatibility

Future Scope

The OpenBao integration is currently a minimal baseline. Looking forward to contributions to extend and improve its scope.

---

Ref: #2350 (Task 1)

[seokho-son]

@yunkon-kim

[seokho-son]

@yunkon-kim
make up ▶ make gen-cred ▶ (edit credentials) ▶ make enc-cred ▶ make init"

관련하여, 혹시 make compose 와 make up 를
구분하여 사용하게 하려는 의도가 있으셨던 것인지 문의 드립니다.

기존에, make up 은 make compose 와 동일한 기능이었고, make compose 라는 표현은 사실 deprecate를 대비하며 기존 사용자들을 위해서 남겨뒀던 키워드였습니다.

컨테이너 빌드 모드로 처리할지 여부를 구분하는 방법이 아니긴 했습니다. :)

[seokho-son]

make up (기본 빌드모드. 컨테이너 빌드 해제하려면 docker-compose.yaml 에서 build 파트 주석 처리), make ps, make down. 이런 식으로 짧은 커맨드로 유도하고 있었습니다. ;)

[yunkon-kim]

@seokho-son

원래 Tumblebug의 의도대로 1가지 방식으로 통일해 놓겠습니다 :)

[yunkon-kim]

@seokho-son

script/set-tb.sh와 README 에서 ./init/genCredential.sh, ./init/encCredential.sh를 사용하는 부분이 있던데요. make gen-cred, make enc-cred 로 각각 수정해 놓겠습니다.

[yunkon-kim]

@seokho-son

코멘트 반영을 위한 업데이트를 진행했습니다.

• 업데이트 후 테스트 결과: Passed
• 본문 설명에서 make compose를 make up으로 수정

[seokho-son]

/approve

[yunkon-kim]

Feel free to report any further issues in #2350 or create a new issue.