Skip to content

feat: Add support for GCP Secret Manager #124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 24 commits into from
May 26, 2023
Merged

feat: Add support for GCP Secret Manager #124

merged 24 commits into from
May 26, 2023

Conversation

gr0
Copy link
Collaborator

@gr0 gr0 commented May 22, 2023

Handles #108 and introduces the GCP Secret Manager to Chainloop. Allows the user to provide the project identifier and the key enabling access to the secret manager.

Any comments, suggestions, review is more than welcome :)

@migmartri migmartri requested review from danlishka and migmartri May 22, 2023 17:21
@migmartri migmartri changed the title Add support for GCP Secret Manager feat: Add support for GCP Secret Manager May 22, 2023
@migmartri
Copy link
Member

migmartri commented May 23, 2023
edited
Loading

@gr0 please rebase main to include this check too #126

Thanks!

@migmartri
Copy link
Member

go mod tidy in this code will fails and this is the culprit #127

gRPC v1.55.0 is a dependency for the latest version of secretmanager which was added in this patch. The bad news is that kratos is not compatible with gRPC v1.55.0 yet go-kratos/kratos#2832 and the fix will be in the next release.

Until then my suggestion to move forward would be to keep back gRPC and secret manager

You can achieve that by running

$ go get google.golang.org/grpc@v1.54.0
go: downloading cloud.google.com/go/secretmanager v1.10.0
go: downgraded cloud.google.com/go/secretmanager v1.10.1 => v1.10.0
go: downgraded google.golang.org/grpc v1.55.0 => v1.54.0

I've created this other issue to tackle the upgrade when possible #127

gr0 and others added 6 commits May 23, 2023 13:33
@gr0
feat: add GCP secrect manager support - the code handling GCP integra…
f919052 
…tion

Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
feat: add GCP secrect manager support - CLI support for controlplane
5fd5faa 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
feat: add GCP secrect manager support - support for artifact-cas
0d8c81b 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
Lint
660d168 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: downgrade GRPC to 1.54.0 to avoid problems with dependencies
6762a66 
Signed-off-by: gr0 <r.kuc@solr.pl>
@migmartri @gr0
chore(ci): check go mod tidiness (chainloop-dev#126)
6366ab5 
Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0 gr0 force-pushed the rafal/add-support-for-gcp-secret-manager branch from 70a8c1a to 6366ab5 Compare May 23, 2023 11:34
migmartri
migmartri reviewed May 23, 2023
View reviewed changes
Copy link
Member

@migmartri migmartri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is awesome! Thanks a lot for the contribution!

Note that you might notice that I am being more strict with this code than with the foundation that you've worked on top of.

That's right, I am not super proud with some of the code I wrote, and I'd love to improve it. Via both contributions like yours and also by my own contributions, for which I expect you to be strict with me too! :)

Thanks for your patience and great work!

Let me know if you want to chat over discord or smth if it simplifies, speeds up the review process! :)

gr0 added 7 commits May 25, 2023 14:03
@gr0
fix: move marshaling to the beginning of the function to fail fast if…
fb779a9 
… there are issues with marshaling

Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
feat: improve logging for GCP secret manager
68d0faf 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix(docs): add information about support for GCP Secres Manager to CA…
7d6610f 
…S README.md file

Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
Merge branch 'main' into rafal/add-support-for-gcp-secret-manager
a7b75c2
@gr0
fix: remove the check when initializing credentials manager
ce48562 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: initialize logger in tests
15bb5af 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: remove the unused Close() function from GCP secrets manager and …
d61212d 
…regenerate the mock

Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0 gr0 marked this pull request as draft May 25, 2023 14:07
gr0 added 5 commits May 25, 2023 16:29
@gr0
fix: provide an example configuration and use key instead of passing …
3613713 
…the full credentials in configuration

Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: add support for secret prefix in GCP and use the gRPC client
4739865 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: logging adjustment
93f62a1 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: rename the configuration related the GCP key'
be5c440 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: avoid checking for existence of the secret before deletion
3088ab7 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0 gr0 requested a review from migmartri May 25, 2023 15:23
@gr0 gr0 marked this pull request as ready for review May 25, 2023 15:24
@gr0
fix: remove extra lines
27c3f38 
Signed-off-by: gr0 <r.kuc@solr.pl>
migmartri
migmartri reviewed May 25, 2023
View reviewed changes
Copy link
Member

@migmartri migmartri left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good :), not approving modulo making sure the PK comment gets reviewed, see below.

gr0 added 3 commits May 26, 2023 15:55
@gr0
fix: improve docs and check for credentials reader configuration
fc87113 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: improve tests and make the key empty
0927225 
Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: improve tests and use redacted key
49cd080 
Signed-off-by: gr0 <r.kuc@solr.pl>
migmartri
migmartri reviewed May 26, 2023
View reviewed changes
gr0 added 2 commits May 26, 2023 16:36
@gr0
fix: redact the key used in unit tests to make sure it is clear the k…
ec456df 
…ey is redacted

Signed-off-by: gr0 <r.kuc@solr.pl>
@gr0
fix: typo correct
335789b 
Signed-off-by: gr0 <r.kuc@solr.pl>
migmartri
migmartri approved these changes May 26, 2023
View reviewed changes
Copy link
Member

@migmartri migmartri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Thanks a lot for the contribution! 🎉

@migmartri migmartri merged commit 27077d1 into chainloop-dev:main May 26, 2023
@migmartri migmartri mentioned this pull request May 29, 2023
Closed
@migmartri migmartri mentioned this pull request Dec 12, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@migmartri migmartri migmartri approved these changes

@danlishka danlishka Awaiting requested review from danlishka

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gr0 @migmartri