Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Qualified names for reserved secret data fields in Provisioned Service #96

Closed
baijum opened this issue Sep 4, 2020 · 5 comments
Closed

Qualified names for reserved secret data fields in Provisioned Service #96

baijum opened this issue Sep 4, 2020 · 5 comments

Comments

@baijum
Copy link
Member

baijum commented Sep 4, 2020
edited
Loading

Current specification mandate using generic names as reserved secret data field names in Provisioned Service. The keys' names are type and provider. In real-world, these names could conflict with existing service secrets. I propose to qualify these reserved names with some prefix.

I would suggest names like this:

  • service_binding_type
  • service_binding_provider

Apart from potential name conflicts, the name qualification will help to easily differentiate these names from other secret data fields.
@scothis
Copy link
Contributor

scothis commented Sep 9, 2020

Do you have an example conflict? Changing the key names doesn't eliminate the possibility of a conflict.

In my mind this is why it can be problematic to think of any arbitrary Secret as material for a binding instead of a Secret being a vehicle for the binding material. Bindable Secrets have additional requirements over opaque Secrets. The spec is clear about what those requirements are and among them is that the type and provider keys are reserved.

@scothis scothis mentioned this issue Sep 9, 2020
Closed
@nebhale
Copy link
Member

nebhale commented Sep 9, 2020

I concur with this as well. Not just any Secret can be a Bindable Secret.

@baijum
Copy link
Member Author

baijum commented Sep 10, 2020

Do you have an example conflict?

No. I don't have any specific examples.

Changing the key names doesn't eliminate the possibility of a conflict.

Yes. But a more qualified name reduces the probability of conflicts.

In my mind this is why it can be problematic to think of any arbitrary Secret as material for a binding instead of a Secret being a vehicle for the binding material. Bindable Secrets have additional requirements over opaque Secrets. The spec is clear about what those requirements are and among them is that the type and provider keys are reserved.

Since these values are injected as volume mounts into the container, I am fine with the generic names. For environment-variables users can still re-use these names, right?

@scothis
Copy link
Contributor

scothis commented Sep 10, 2020

For environment-variables users can still re-use these names, right?

All envvars aside from SERVICE_BINDING_ROOT are custom and the user can specify any name they want.

@baijum
Copy link
Member Author

baijum commented Sep 10, 2020

For environment-variables users can still re-use these names, right?

All envvars aside from SERVICE_BINDING_ROOT are custom and the user can specify any name they want.

Thanks for the clarification. I am closing this issue!

@baijum baijum closed this as completed Sep 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nebhale @baijum @scothis