chore: data plane changes for credentials in transformation

[kanishkkatara]

Description

Pass credentials along with events to Rudder Transformer, retrieved from the workspace configuration.

https://www.notion.so/rudderstacks/Transformation-secrets-5b234a813aa44e71948a68dffb0a66d2?pvs=4#89cddfd45a5343239e8d5398c7e61463

Linear Ticket

Fixes DAT-1204
https://linear.app/rudderstack/issue/DAT-1204/data-plane-flow

Security

• The code changed/added as part of this pull request won't create any security issues with how the software is being used.

Summary by CodeRabbit

• New Features

  • Introduced support for managing credentials within various configurations and processes.
  • Added the ability to include credentials in transformer events.

• Tests

  • Updated test cases to validate the new credentials functionality.

• Chores

  • Enhanced sample backend configuration data to include credentials for testing purposes.

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

The recent updates introduce a new Credential type and integrate it into the configuration and processing workflows. This includes adding a credentialsMap to the processor, updating various methods to handle credentials, and enhancing test cases to verify these changes. This enhancement aims to securely manage and utilize credentials within the system.

Changes

File Path	Change Summary
backend-config/backend-config.go	Added assignment of config.Credentials to modifiedConfig.Credentials in filterProcessorEnabledDestinations.
backend-config/types.go	Introduced Credential type and added Credentials field to ConfigT.
processor/processor.go	Added credentialsMap to Handle struct, initialized it, and updated relevant methods to use it.
processor/transformer/transformer.go	Updated TransformerEvent struct to include Credentials field.
processor/transformer/transformer_test.go	Enhanced test cases to include Credentials field in TestTransformer function.
schema-forwarder/internal/testdata/configdata.go	Updated SampleBackendConfig to include a Credentials field with sample entries.

Sequence Diagram(s) (Beta)

sequenceDiagram
    participant Client
    participant BackendConfig
    participant Processor
    participant Transformer

    Client->>BackendConfig: Request Configuration
    BackendConfig-->>Client: Return Config with Credentials
    BackendConfig->>Processor: Send Config with Credentials
    Processor->>Processor: Initialize credentialsMap
    Processor->>Transformer: Send TransformerEvent with Credentials
    Transformer-->>Processor: Process and Return Results
    Processor-->>Client: Return Processed Data

Loading

Poem

In the code where secrets hide,
Credentials now take their stride.
From backend to processor they flow,
Secure and swift, in tow they go.
Tests and configs, all aligned,
A seamless dance, so well-defined.
🌟✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[abhimanyubabbar]

Can you add a testcase to make sure the backend credentials will make it to the request to transformer in rudder-server ?!

[codecov]

Codecov Report

Attention: Patch coverage is 41.66667% with 7 lines in your changes missing coverage. Please review.

Project coverage is 73.40%. Comparing base (f2388e8) to head (9069873).
Report is 2 commits behind head on master.

Files	Patch %	Lines
processor/processor.go	36.36%	6 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4715      +/-   ##
==========================================
+ Coverage   73.30%   73.40%   +0.10%     
==========================================
  Files         416      416              
  Lines       48746    48763      +17     
==========================================
+ Hits        35731    35796      +65     
+ Misses      10676    10631      -45     
+ Partials     2339     2336       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[abhimanyubabbar]

Can we add tests for the change ?

[coderabbitai]

Actionable comments posted: 2

Outside diff range and nitpick comments (1)

processor/transformer/transformer.go (1)

99-106: Add documentation for the Credential struct and its fields.

It's good practice to provide comments explaining the purpose and usage of each field in a struct, especially for public or exported types. This helps other developers understand the code more quickly and can be crucial for maintaining the code in the future.

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 51e3e4e and b8d453c.

Files selected for processing (6)

• backend-config/backend-config.go (1 hunks)
• backend-config/types.go (2 hunks)
• processor/processor.go (7 hunks)
• processor/transformer/transformer.go (1 hunks)
• processor/transformer/transformer_test.go (7 hunks)
• schema-forwarder/internal/testdata/configdata.go (1 hunks)

Additional context used

golangci-lint

backend-config/types.go

91-91: undefined: EventReplayConfig (typecheck)

Additional comments not posted (8)

backend-config/types.go (1)

77-81: The addition of the Credential struct is well-defined and aligns with the PR's objectives to handle credentials securely.

schema-forwarder/internal/testdata/configdata.go (1)

192-203: The addition of the Credentials field in SampleBackendConfig with appropriate test credentials is correctly implemented and aligns with the changes in the main configuration types.

backend-config/backend-config.go (1)

145-145: The addition of the Credentials field in the filterProcessorEnabledDestinations function is correctly implemented, ensuring that credentials are appropriately passed through the system.

processor/transformer/transformer_test.go (1)

206-213: The addition of the Credentials field in various test cases is correctly implemented, ensuring comprehensive testing of the new credentials handling functionality.

Also applies to: 249-256, 366-373, 431-438, 564-571, 680-687, 763-770

processor/transformer/transformer.go (1)

99-100: The addition of the Credentials field to the TransformerEvent struct aligns with the PR's objectives.

This change enables the passing of multiple credentials with each event, enhancing the flexibility and security of the transformation process.

processor/processor.go (3)

850-861: Consider simplifying the conversion of credentialsMap to a list by using existing libraries or utility functions.
[REFACTOR_SUGGESTion]

- var credentialsList []transformer.Credential
- for id, credential := range credentialsMap {
-     credentialsList = append(credentialsList, transformer.Credential{
-         ID:       id,
-         Key:      credential.Key,
-         Value:    credential.Value,
-         IsSecret: credential.IsSecret,
-     })
- }
- return credentialsList
+ return lo.MapToSlice(credentialsMap, func(id string, credential backendconfig.Credential) transformer.Credential {
+     return transformer.Credential{
+         ID:       id,
+         Key:      credential.Key,
+         Value:    credential.Value,
+         IsSecret: credential.IsSecret,
+     }
+ })

---

801-801: Ensure proper initialization of credentialsMap to avoid nil map assignment errors.

- credentialsMap map[string][]transformer.Credential
+ credentialsMap map[string][]transformer.Credential = make(map[string][]transformer.Credential)

Likely invalid or redundant comment.

---

1125-1125: Ensure that the credentialsMap is properly accessed with a valid key to avoid potential runtime panics.

[coderabbitai]

Ensure proper initialization of credentialsMap to avoid nil map assignment errors.

- credentialsMap map[string][]transformer.Credential
+ credentialsMap map[string][]transformer.Credential = make(map[string][]transformer.Credential)

Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation.

Suggested change

	credentialsMap map[string][]transformer.Credential
	credentialsMap map[string][]transformer.Credential = make(map[string][]transformer.Credential)

[coderabbitai]

The addition of the Credentials field in ConfigT is appropriate for managing multiple credentials. However, there's an issue with an undefined EventReplayConfig type used elsewhere in the file.

+ import "path/to/event_replay_config" // Ensure this path is correct

Committable suggestion was skipped due to low confidence.

[achettyiitr]

Can you add a testcase to make sure the backend credentials will make it to the request to transformer in rudder-server ?!

We can write contract tests for the transformer. Something like this would be helpful? This way we make sure what metadata we expect in transformer. #4787

[ktgowtham]

do we need IsSecret at server end? I suppose workspace config gives the raw Value rt?

[kanishkkatara]

Yes, we receive IsSecret from the workspace config, and we need to send it to the transformer