Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

secrets: add support for default config from ohai data #11853

Merged
merged 2 commits into from
Jul 26, 2021
Merged

secrets: add support for default config from ohai data #11853

merged 2 commits into from
Jul 26, 2021

Conversation

marcparadise
Copy link
Member

@marcparadise marcparadise commented Jul 22, 2021
edited

This change provides access to the run_context for secrets fetchers and specifically allows the ec2 fetcher to determine region from ohai data.

The config fetch priority is:

  • explicitly provided config
  • aws global config
  • node ohai data

This provides a sane and predictable way to play nicely with AWS SDK's
default config loading behavior while still supporting loading config based on node/ohai attributes

TLDR - region is not required to fetch an AWS secret, assuming that the ec2 ohai plugin is not disabled.

Closes #11851

@marcparadise marcparadise marked this pull request as ready for review July 26, 2021 20:55
@marcparadise marcparadise requested review from a team as code owners July 26, 2021 20:55
@tas50 tas50 added the Expeditor: Bump Version Minor Used by github.minor_bump_labels to bump the Minor version number. label Jul 26, 2021
@marcparadise
Provide run context to secret fetchers
8c1c3f4 
This will allow them to use node attributes for configuration, such
as ohai data for determining region.

Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
@marcparadise
secrets: aws fetcher uses node attributes for region
1ce6fa2 
When region is not specified and is not in AWS global configuration,
we'll now default to the region in `node["ec2"]["region"]`; and we will
fail if that is also not provided.

This provides a sane and predictable way to play nicely with AWS SDK's
default config loading behavior.

Signed-off-by: Marc A. Paradise <marc.paradise@gmail.com>
@tas50 tas50 merged commit 9029bb1 into master Jul 26, 2021
@tas50 tas50 deleted the mp/11851 branch July 26, 2021 22:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lamont-granquist lamont-granquist lamont-granquist approved these changes

Assignees
No one assigned
Labels
Expeditor: Bump Version Minor Used by github.minor_bump_labels to bump the Minor version number.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

secrets: Avoid the need to specify the region when using aws
3 participants
@marcparadise @lamont-granquist @tas50