Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add juju secrets backend and wire up to api facade #13239

Merged
merged 1 commit into from Aug 17, 2021
Merged

Add juju secrets backend and wire up to api facade #13239

merged 1 commit into from Aug 17, 2021

Conversation

wallyworld
Copy link
Member

Add the backend secrets infrastructure for a juju secrets provider:

  • secrets manager API facade
  • juju secrets service provider
  • mongo secrets store
  • secrets URL parser

This PR provides a minimal implementation for create secret and get secret value - these now work end to end.
There's still a lot more todo but this is a start.

QA steps

export JUJU_DEV_FEATURE_FLAGS=secrets
juju bootstrap lxd 
juju deploy ubuntu

juju exec --unit ubuntu/0 "secret-create password foo=bar hello=world"
secret://v1/f96c6f1b-9f81-41bf-890e-76a4f648b0fa/3547afab-0a6a-48be-87ca-1a5e3672a417/ubuntu.password

juju exec --unit ubuntu/0 "secret-get secret://v1/f96c6f1b-9f81-41bf-890e-76a4f648b0fa/3547afab-0a6a-48be-87ca-1a5e3672a417/ubuntu.password --format yaml"
foo: bar
hello: world

Also connect to mongo and inspect the secretMetadata and secretValues collections to see the secret info.
eg

juju:PRIMARY> db.secretValues.find().pretty()
{
        "_id" : "secret://v1/f96c6f1b-9f81-41bf-890e-76a4f648b0fa/3547afab-0a6a-48be-87ca-1a5e3672a417/ubuntu.password",
        "data" : {
                "foo" : "YmFy",
                "hello" : "d29ybGQ="
        },
        "txn-revno" : NumberLong(2),
        "txn-queue" : [
                "61161e533eeee028f25688e2_153e13c2"
        ]
}

@wallyworld
Copy link
Member Author

secrets api facade

@wallyworld wallyworld force-pushed the secrets-backend branch 3 times, most recently from 8ae4461 to dd38aa3 Compare August 15, 2021 21:30
@hpidcock hpidcock added the 2.9 label Aug 16, 2021
hpidcock
hpidcock approved these changes Aug 16, 2021
View reviewed changes
Copy link
Member

@hpidcock hpidcock left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a few things but LGTM

core/secrets/secret.go Outdated Show resolved Hide resolved
core/secrets/secret.go Outdated Show resolved Hide resolved
core/secrets/secret_test.go Show resolved Hide resolved
secrets/interface.go Show resolved Hide resolved
@wallyworld wallyworld force-pushed the secrets-backend branch 2 times, most recently from ede52c0 to 4f07c06 Compare August 16, 2021 23:18
@wallyworld
Copy link
Member Author

$$merge$$

@wallyworld
Copy link
Member Author

$$merge$$

@jujubot jujubot merged commit b9e7bba into juju:2.9 Aug 17, 2021
@wallyworld wallyworld mentioned this pull request Aug 19, 2021
Merged
jujubot added a commit that referenced this pull request Aug 23, 2021
@jujubot
Merge pull request #13266 from wallyworld/merge-2.9-20210820
2af7482 
#13266

Merge 2.9

#13242 Fix test run steps for assess_caas_deploy_kubeflow
#13239 Add juju secrets backend and wire up to api facade
#13247 Create a channel in a more permissive manner
#13248 Use system state to construct StateControllerConfig for remote relations
#13246 Add list-secrets CLI
#13252 Use tox to run tests for github kubeflow action test;
#13250 Simplify ec2 ConfigSuite.
#13255 Secret get attribute
#13256 Ensure unsubscribe on error
#13257 Only update homebrew release on juju/juju
#13258 Make it clearer that model-default affects new models
#13261 Move snap proxy setting to cloud init runcmd rather than bootcmd
#13263 Do not get address device via machine
#13261 Move snap proxy setting to cloud init runcmd rather than bootcmd
#13238 Apply a floor to the calculated next lease manager tick
#13264 Use upstream hashicorp/raft
#13267 secret-create passes through the rotate duration
#13268 Remove raftleaseservice worker

Conflicts mainly in deleted files and removal of restore

```
# Conflicts:
# cmd/jujud/agent/machine/manifolds_test.go
# mongo/internal_test.go
# state/backups/backups_linux.go
# state/backups/backups_nonlinux.go
# state/backups/restore.go
# state/backups/restore_test.go
```

## QA steps

See PRs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juanmanuel-tirado juanmanuel-tirado juanmanuel-tirado left review comments

@hpidcock hpidcock hpidcock approved these changes

Assignees
No one assigned
Labels
2.9
Projects
None yet
Milestone
No milestone
4 participants
@wallyworld @juanmanuel-tirado @hpidcock @jujubot