-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Aws secretsmanager additions #6381
base: main
Are you sure you want to change the base?
Aws secretsmanager additions #6381
Conversation
Signed-off-by: Nick Richardson <nicholas.richardson@akasa.com>
Signed-off-by: Nick Richardson <nicholas.richardson@akasa.com>
Signed-off-by: Nick Richardson <nicholas.richardson@akasa.com>
Signed-off-by: Nick Richardson <nicholas.richardson@akasa.com>
Signed-off-by: Nick Richardson <nicholas.richardson@akasa.com>
Signed-off-by: Nick Richardson <nicholas.richardson@akasa.com>
a4701ef
to
23175d8
Compare
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good, thanks. We should also update docs
Doc for issue: kedacore/keda#5940 PR: kedacore/keda#6381 Signed-off-by: michael pechner <mike.pechner@akasa.com>
docs. kedacore/keda-docs#1508 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really nice job! some comments inline
tests/secret-providers/aws_secretmanager/aws_secretmanager_test.go
Outdated
Show resolved
Hide resolved
tests/secret-providers/aws_secretmanager/aws_secretmanager_test.go
Outdated
Show resolved
Hide resolved
tests/secret-providers/aws_secretmanager_pod_identity/aws_secretmanager_pod_identity_test.go
Outdated
Show resolved
Hide resolved
36f2dcc
to
a6b4067
Compare
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
…-akasa/keda into aws-secretsmanager-additions
…ect. Will remove REMOVETestAwsSecretManagerJSONFormat and change aws_secret_manager_pod_identity.go once I have changed this file as expected. Signed-off-by: michael pechner <mike.pechner@akasa.com>
// Local imports . "github.com/kedacore/keda/v2/tests/helper" Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
AwsSecretManager() does not return anything, so fixed the calling test Signed-off-by: michael pechner <mike.pechner@akasa.com>
added test code back and making AwsSecretmanager() return nil Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
/run-e2e aws |
Will work on this next weekend 1/11-1/12 |
…rue and false Signed-off-by: michael pechner <mike.pechner@akasa.com>
igoland linter keeps removng it. Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice job! Thanks a lot ❤️
/run-e2e aws |
e2e tests are failing because the secret has the same name in both cases. This makes that one case passes and the other one fails because the e2e test is trying to create a secret with the same name and the secret is in deletion process You can't create this secret because a secret with this name is already scheduled for deletion You need to update the value of |
…e the secret. Instead of tryinfg to further randomize the secretname, just let the code do what it should. Added a poll to wait on the secret to be removed. Hoping 2 minniutes is more than enough. Signed-off-by: michael pechner <mike.pechner@akasa.com>
…e the secret. Instead of trying to further randomize the secretname, just let the code do what it should. Added a poll to wait on the secret to be removed. Should happen within a few seconds. But we are talking AWS. 5 minutes really should be more then enough. Signed-off-by: michael pechner <mike.pechner@akasa.com>
…-akasa/keda into aws-secretsmanager-additions
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
Signed-off-by: michael pechner <mike.pechner@akasa.com>
err = wait.PollUntilContextTimeout(ctx, 2*time.Second, 300*time.Second, true, func(ctx context.Context) (done bool, err error) { | ||
_, err = client.DescribeSecret(ctx, &secretsmanager.DescribeSecretInput{ | ||
SecretId: &secretManagerSecretName, | ||
}) | ||
if err != nil { | ||
var notFoundErr *types.ResourceNotFoundException | ||
if errors.As(err, ¬FoundErr) { | ||
// Secret successfully deleted | ||
return true, nil | ||
} | ||
// Unexpected error | ||
return false, err | ||
} | ||
// If the secret still exists | ||
return false, nil | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that just using another secret name will be better as the test doesn't need to wait until the secret is deleted (not slowing the test execution). My suggestion was just appending the test case suffix to the secretManagerSecretName
in the beginning of the test. I mean, currently the value of secretManagerSecretName
is generated for both test in the startup of the file -> https://github.com/nrichardson-akasa/keda/blob/aws-secretsmanager-additions/tests/secret-providers/aws_secretmanager_pod_identity/aws_secretmanager_pod_identity_test.go#L62, the suggestion that I'm giving is overriding that variable during each case:
func TestAwsSecretManager(t *testing.T) {
// Run the test twice with two different flag values
flags := []bool{true, false}
for _, useJSONSecretFormat := range flags {
// THIS ASSIGNMENT SOLVES THE ISSUE
secretManagerSecretName = fmt.Sprintf("connectionString-%d", GetRandomNumber())
// Define a subtest for each flag value
t.Run(getTestNameForFlag(useJSONSecretFormat), func(t *testing.T) {
err := AwsSecretManager(t, useJSONSecretFormat)
if err != nil {
t.Errorf("AwsSecretManager(%v) failed: %v", getTestNameForFlag(useJSONSecretFormat), err)
}
})
}
}
Just adding the line secretManagerSecretName = fmt.Sprintf("connectionString-%d", GetRandomNumber())
will use different secret names and you won't have to check if it has been deleted or not before creating it again
This adds the ability to specify a secretKey in the awsSecretManager TriggerAuthentication. This will allow parsing of secrets that contain Key/Value pairs (returned in JSON format).
Resubmission of #6031
Provide a description of what has been changed
Checklist
Fixes #5940
Relates to #