Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aws secretsmanager additions #6381

Open
wants to merge 54 commits into
base: main
Choose a base branch
from
Open

Aws secretsmanager additions #6381

wants to merge 54 commits into from
+214 −20

Conversation

mpechner-akasa
Copy link

@mpechner-akasa mpechner-akasa commented Nov 29, 2024
edited by JorTurFer
Loading

This adds the ability to specify a secretKey in the awsSecretManager TriggerAuthentication. This will allow parsing of secrets that contain Key/Value pairs (returned in JSON format).

Resubmission of #6031

Provide a description of what has been changed

Checklist

Fixes #5940

Relates to #

@mpechner-akasa mpechner-akasa requested a review from a team as a code owner November 29, 2024 18:28
@mpechner-akasa mpechner-akasa force-pushed the aws-secretsmanager-additions branch from a4701ef to 23175d8 Compare November 29, 2024 20:09
zroubalik
zroubalik reviewed Dec 4, 2024
View reviewed changes
Copy link
Member

@zroubalik zroubalik left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, thanks. We should also update docs

mpechner-akasa added a commit to mpechner-akasa/keda-docs that referenced this pull request Dec 5, 2024
@mpechner-akasa
Documented adding secretKey parameter to access aws secret manager
2c33b1b 
Doc for issue: kedacore/keda#5940
PR: kedacore/keda#6381

Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa mpechner-akasa mentioned this pull request Dec 5, 2024
Open
1 task
@mpechner-akasa
Copy link
Author

#5940

docs. kedacore/keda-docs#1508

JorTurFer
JorTurFer reviewed Dec 15, 2024
View reviewed changes
Copy link
Member

@JorTurFer JorTurFer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really nice job! some comments inline

tests/secret-providers/aws_secretmanager/aws_secretmanager_test.go Outdated Show resolved Hide resolved
tests/secret-providers/aws_secretmanager/aws_secretmanager_test.go Outdated Show resolved Hide resolved
tests/secret-providers/aws_secretmanager_pod_identity/aws_secretmanager_pod_identity_test.go Outdated Show resolved Hide resolved
@mpechner-akasa mpechner-akasa force-pushed the aws-secretsmanager-additions branch 2 times, most recently from 36f2dcc to a6b4067 Compare December 16, 2024 22:38
@mpechner-akasa
remoace tab with spaces
1f34e8f 
Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
Merge branch 'main' into aws-secretsmanager-additions
decfda0
@mpechner-akasa
Needed the hlper added in here
3e92f5c 
Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
Merge branch 'aws-secretsmanager-additions' of github.com:nrichardson…
45e365c 
…-akasa/keda into aws-secretsmanager-additions
@mpechner-akasa
only changed awssecreetmanager_test.go to see if my approach is corr…
e6ec7c4 
…ect.

Will remove  REMOVETestAwsSecretManagerJSONFormat and change aws_secret_manager_pod_identity.go once I have changed this file as expected.

Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
nd keeps removing
a0a839a 
// Local imports
	. "github.com/kedacore/keda/v2/tests/helper"

Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
Not sure what the correct way to import the local helper is.
f294e18 
Signed-off-by: michael pechner <[email protected]>
JorTurFer
JorTurFer approved these changes Jan 17, 2025
View reviewed changes
Copy link
Member

@JorTurFer JorTurFer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice job! Thanks a lot ❤️

@JorTurFer
Copy link
Member

JorTurFer commented Jan 17, 2025
edited by github-actions bot
Loading

/run-e2e aws
Update: You can check the progress here

@JorTurFer
Copy link
Member

JorTurFer commented Jan 17, 2025
edited
Loading

e2e tests are failing because the secret has the same name in both cases. This makes that one case passes and the other one fails because the e2e test is trying to create a secret with the same name and the secret is in deletion process

You can't create this secret because a secret with this name is already scheduled for deletion

You need to update the value of AwsCredentialsSecretName to include a different value per test case (as well as the random number to not conflict between tests). e.g: You can move the value calculation to the function getTemplateData and append a suffix with the test case

@mpechner-akasa
In both tests deleteAWSSecret() is already coded to immediately delet…
bdcace4 
…e the secret.

Instead of tryinfg to further randomize the secretname, just let the code do what it should.
Added a poll to wait on the secret to be removed.  Hoping 2 minniutes is more than enough.

Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
In both tests deleteAWSSecret() is already coded to immediately delet…
c045b80 
…e the secret.

Instead of trying to further randomize the secretname, just let the code do what it should.
Added a poll to wait on the secret to be removed.

Should happen within a few seconds.  But we are talking AWS.  5 minutes really should be more then enough.

Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
Merge branch 'aws-secretsmanager-additions' of github.com:nrichardson…
210fe63 
…-akasa/keda into aws-secretsmanager-additions
@mpechner-akasa
forgot the import
5d0cf03 
Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
format
982c17f 
Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
Sorry. did not realize the needed imcludes for the wait code.
1b9c9d9 
Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
compiles clean. found types.ResourceNotFoundException
f78158e 
Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
swapped wait.PollImmediate for wait.PollUntilContextTimeout
ff4e466 
Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
forgot to fmt 1
89335bb 
Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
as requested. removed wait on secret delete.
f069c35 
made sure we set a new secret name for each run

Signed-off-by: michael pechner <[email protected]>
@mpechner-akasa
Merge branch 'main' into aws-secretsmanager-additions
b35c611 
Signed-off-by: Michael D Pechner - Akasa <[email protected]>
JorTurFer
JorTurFer reviewed Feb 3, 2025
View reviewed changes
Copy link
Member

@JorTurFer JorTurFer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really great job! 2 small comments inline and we are almost there!

tests/secret-providers/aws_secretmanager/aws_secretmanager_test.go Outdated
@@ -70,6 +76,7 @@ type templateData struct {
SecretManagerSecretName string
AwsAccessKeyID string
AwsSecretAccessKey string
useJSONSecretFormat bool
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this isn't used anymore

tests/secret-providers/aws_secretmanager_pod_identity/aws_secretmanager_pod_identity_test.go Outdated
@@ -70,6 +76,7 @@ type templateData struct {
SecretManagerSecretName string
AwsAccessKeyID string
AwsSecretAccessKey string
useJSONSecretFormat bool
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this isn't used anymore

@JorTurFer
Copy link
Member

JorTurFer commented Feb 3, 2025
edited by github-actions bot
Loading

/run-e2e aws
Update: You can check the progress here

@JorTurFer
Copy link
Member

JorTurFer commented Feb 3, 2025
edited by github-actions bot
Loading

/run-e2e aws
Update: You can check the progress here

JorTurFer
JorTurFer reviewed Feb 3, 2025
View reviewed changes
tests/secret-providers/aws_secretmanager/aws_secretmanager_test.go Outdated
@@ -315,6 +375,7 @@ var data = templateData{
AwsSecretAccessKey: base64.StdEncoding.EncodeToString([]byte(awsSecretAccessKey)),
AwsRegion: awsRegion,
AwsCredentialsSecretName: awsCredentialsSecretName,
useJSONSecretFormat: false,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete the assignment from here too

tests/secret-providers/aws_secretmanager_pod_identity/aws_secretmanager_pod_identity_test.go Outdated
@@ -305,6 +364,7 @@ var data = templateData{
AwsSecretAccessKey: base64.StdEncoding.EncodeToString([]byte(awsSecretAccessKey)),
AwsRegion: awsRegion,
AwsCredentialsSecretName: awsCredentialsSecretName,
useJSONSecretFormat: false,
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need to delete the assignment from here too

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JorTurFer JorTurFer JorTurFer approved these changes

@zroubalik zroubalik zroubalik left review comments

@mpechner mpechner mpechner left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
5 participants
@mpechner-akasa @zroubalik @JorTurFer @mpechner @nrichardson-akasa