Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SLS-3123: Remove old code that caused a crash when trying to retrieve secrets manager keys #15551

Merged
merged 4 commits into from
Feb 14, 2023
Merged

SLS-3123: Remove old code that caused a crash when trying to retrieve secrets manager keys #15551

merged 4 commits into from
Feb 14, 2023

Conversation

IvanTopolcic
Copy link
Contributor

What does this PR do?

This PR fixes a crash caused by trying to access a malformed secrets manager key, or a key which you do not have permission to access.

This code doesn't actually directly fix the issue, but removes obsolete code that caused the crash. This code should have been removed earlier but was mistakenly left in after a refactor.

The removed code is entirely duplicated in the following code:

// Set secrets from the environment that are suffixed with
// KMS_ENCRYPTED or SECRET_ARN
setSecretsFromEnv(os.Environ())

which we call directly above the removed code. This code is responsible for decrypting KMS environment variables, as well as calling secrets manager. I've tested this code with both working and malformed KMS keys and Secret ARNs. All four cases work.

Motivation

Additional Notes

Possible Drawbacks / Trade-offs

Describe how to test/QA your changes

Reviewer's Checklist

  • If known, an appropriate milestone has been selected; otherwise the Triage milestone is set.
  • Use the major_change label if your change either has a major impact on the code base, is impacting multiple teams or is changing important well-established internals of the Agent. This label will be use during QA to make sure each team pay extra attention to the changed behavior. For any customer facing change use a releasenote.
  • A release note has been added or the changelog/no-changelog label has been applied.
  • Changed code has automated tests for its functionality.
  • Adequate QA/testing plan information is provided if the qa/skip-qa label is not applied.
  • At least one team/.. label has been applied, indicating the team(s) that should QA this change.
  • If applicable, docs team has been notified or an issue has been opened on the documentation repo.
  • If applicable, the need-change/operator and need-change/helm labels have been applied.
  • If applicable, the k8s/<min-version> label, indicating the lowest Kubernetes version compatible with this feature.
  • If applicable, the config template has been updated.

@IvanTopolcic IvanTopolcic added changelog/no-changelog [deprecated] qa/skip-qa - use other qa/ labels [DEPRECATED] Please use qa/done or qa/no-code-change to skip creating a QA card team/serverless labels Feb 10, 2023
@IvanTopolcic IvanTopolcic added this to the 7.42.0 milestone Feb 10, 2023
@IvanTopolcic IvanTopolcic requested a review from a team as a code owner February 10, 2023 22:21
@IvanTopolcic IvanTopolcic requested review from a team as code owners February 13, 2023 15:50
@IvanTopolcic IvanTopolcic force-pushed the ivan.topolcic/fix-aws-lambda-secrets-manager-crashes branch from e885a89 to 28032ba Compare February 13, 2023 15:54
@paulcacheux paulcacheux removed request for a team February 13, 2023 16:07
@IvanTopolcic IvanTopolcic merged commit e110a28 into main Feb 14, 2023
@IvanTopolcic IvanTopolcic deleted the ivan.topolcic/fix-aws-lambda-secrets-manager-crashes branch February 14, 2023 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hghotra hghotra hghotra approved these changes

Assignees
No one assigned
Labels
changelog/no-changelog [deprecated] qa/skip-qa - use other qa/ labels [DEPRECATED] Please use qa/done or qa/no-code-change to skip creating a QA card team/serverless
Projects
None yet
Milestone
7.42.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@IvanTopolcic @hghotra