-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[feat][io] Support configuration secret interpolation #20901
[feat][io] Support configuration secret interpolation #20901
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
/pulsarbot rerun-failure-checks |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/LGTM
@@ -33,4 +41,15 @@ public class EnvironmentBasedSecretsProvider implements SecretsProvider { | |||
public String provideSecret(String secretName, Object pathToSecret) { | |||
return System.getenv(secretName); | |||
} | |||
|
|||
@Override | |||
public String interpolateSecretForValue(String value) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's better to add unit tests to the method separately.
Codecov Report
@@ Coverage Diff @@
## master #20901 +/- ##
=============================================
+ Coverage 36.84% 73.10% +36.25%
- Complexity 12195 32255 +20060
=============================================
Files 1698 1875 +177
Lines 129852 139455 +9603
Branches 14161 15334 +1173
=============================================
+ Hits 47843 101946 +54103
+ Misses 75680 29448 -46232
- Partials 6329 8061 +1732
Flags with carried forward coverage won't be shown. Click here to find out more.
|
PIP: apache#20903 Relates to: apache#20862 The primary motivation is to make it possible to configure Pulsar Connectors in a secure, non-plaintext way. See the PIP for background and relevant details. The new interpolation feature only applies when deploying with functions to Kubernetes. * Add `SecretsProvider#interpolateSecretForValue` method with a default that maintains the current behavior. * Override `interpolateSecretForValue` in the `EnvironmentBasedSecretsProvider` so that configuration values formatted as `${my-env-var}` will be replaced with the result of `System.getEnv("my-env-var")` if the result is not `null`. * Implement a recursive string interpolation method that will replace any configuration value that the `interpolateSecretForValue` implementation determines ought to be replaced. Tests are added/modified. - [x] `doc-required` PR in forked repository: michaeljmarshall#55 (cherry picked from commit bfde0de)
PIP: #20903
Relates to: #20862
Motivation
The primary motivation is to make it possible to configure Pulsar Connectors in a secure, non-plaintext way. See the PIP for background and relevant details. The new interpolation feature only applies when deploying with functions to Kubernetes.
Modifications
SecretsProvider#interpolateSecretForValue
method with a default that maintains the current behavior.interpolateSecretForValue
in theEnvironmentBasedSecretsProvider
so that configuration values formatted as${my-env-var}
will be replaced with the result ofSystem.getEnv("my-env-var")
if the result is notnull
.interpolateSecretForValue
implementation determines ought to be replaced.Verifying this change
Tests are added/modified.
Documentation
doc-required
Matching PR in forked repository
PR in forked repository: michaeljmarshall#55