New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for default secret service and config #12140
Add support for default secret service and config #12140
Conversation
@marcparadise what do you think? p.s. good design on your initial cut! How do I know that? I could easily add a new feature without changing any of the pre-existing code. 👍 |
5bcf56e
to
65f7004
Compare
we could support blocks to do this temporarily and then restore the old settings, that would look like this:
i am... not entirely wild about this actually. |
This looks good, other than our conversation in review about moving the config into the run context so that it's not persisted globally. The way you've written this will make it pretty easy to take on the next step too, where we allow default secret config in Chef::Config. |
I'm not opposed to this one, but I would like to hold off on merging it until we can have some conversations with customers around how they plan to use this resource. We get one take at how we define the defaults and we want to make sure we get it right. |
68e1ea3
to
8db6505
Compare
I just finished adding this in a separate commit. It's not exactly elegant but I think it at least captures the concept. |
954f2f7
to
fd1519c
Compare
Alright ya'll, this is ready to go when you are. I would love for the Chef community to give any feedback regarding this PR. |
fd1519c
to
882a489
Compare
@tas50 thoughts? this is still in a holding pattern. |
Still awaiting feedback |
@marcparadise this is another good one for you to look at |
882a489
to
07a8539
Compare
As a customer I'm not sure how to get on the feedback list for this feature. We're +1 on this PR. In our case we've had a Chef Vault wrapper from the beginning Our typical case is several to dozens of secrets used by one team. Our desired outcome would be able to document a migration path where we tell the team to add the new initialization call (this PR) and existing This PR would mean we wouldn't need to manage provider defaults in our |
6303050
to
bd8242c
Compare
I just rebased onto the main branch |
Hi, can you please rebase off master again, we just corrected some problems with the Windows kitchen test setup files. Look for changes in .github/workflows/kitchen.yml that move the ansidecl.h file to it's correct location. The Ubuntu test looks like it was a timeout issue. This should run now. |
bd8242c
to
3737d0d
Compare
@johnmccrae just rebased. |
Signed-off-by: Jason Barnett <jason.w.barnett@gmail.com>
3737d0d
to
ff68fd0
Compare
Waiting on a quick review from Marc Paradise before I merge this. |
This looks good, the only thing I'm wondering is if we need |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Look
yeah i'm good not having that at least for the first cut. |
…ret-api Backport #12140 to chef-17
Description
This gives users the ability to set a default secret service and secret service configuration
Initially I wrote no tests. I want to get in sync on the high level API before diving in to testing.
Before
After
Azure use case
You have multiple managed identities used to access different azure key vaults.
Related Issue
N/A
Types of changes
Checklist: