feat(secrets/gcs): Added GcsSecretEngine for decrypting secrets in GCS #380
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@cfieber mind taking a look at this please? |
cfieber
approved these changes
Sep 19, 2019
ezimanyi
requested changes
Sep 20, 2019
kork-secrets-gcp/src/main/java/com/netflix/spinnaker/kork/secrets/engines/GcsSecretEngine.java
Outdated
Show resolved
Hide resolved
kork-secrets-gcp/src/main/java/com/netflix/spinnaker/kork/secrets/engines/GcsSecretEngine.java
Outdated
Show resolved
Hide resolved
|
|
||
| public class GoogleCredentials { | ||
|
|
||
| private static final long CONNECT_TIMEOUT = TimeUnit.MINUTES.toMillis(2); |
There was a problem hiding this comment.
Since these timeouts are needed as int everywhere they are used, I'd suggest just doing the cast directly here:
private static final int CONNECT_TIMEOUT = (int) TimeUnit.MINUTES.toMillis(2);
Also, 2 min seems like a pretty long connection timeout...how did you pick that value?
There was a problem hiding this comment.
I grabbed this code from how Halyard reads BOM's stored in GCS. I'll decrease the timeout to 20 seconds if that sounds better.
There was a problem hiding this comment.
I think 20 seconds sounds more reasonable for a connection timeout, and is more in line with other places in Spinnaker.
kork-secrets-gcp/src/main/java/com/netflix/spinnaker/kork/secrets/engines/GcsSecretEngine.java
Outdated
Show resolved
Hide resolved
kork-secrets-gcp/src/main/java/com/netflix/spinnaker/kork/secrets/engines/GcsSecretEngine.java
Outdated
Show resolved
Hide resolved
kork-secrets-gcp/src/main/java/com/netflix/spinnaker/kork/secrets/engines/GcsSecretEngine.java
Outdated
Show resolved
Hide resolved
kork-secrets-gcp/src/main/java/com/netflix/spinnaker/kork/secrets/engines/GcsSecretEngine.java
Outdated
Show resolved
Hide resolved
...-secrets-gcp/src/main/java/com/netflix/spinnaker/kork/secrets/engines/GoogleCredentials.java
Outdated
Show resolved
Hide resolved
...-secrets-gcp/src/main/java/com/netflix/spinnaker/kork/secrets/engines/GoogleCredentials.java
Outdated
Show resolved
Hide resolved
ezimanyi
reviewed
Sep 23, 2019
| import java.security.GeneralSecurityException; | ||
| import java.util.concurrent.TimeUnit; | ||
|
|
||
| public class GoogleHttpUtils { |
There was a problem hiding this comment.
I know this isn't something we often do currently in the Spinnaker codebase, but I think this is a good candidate for being package-private, as presumably no other classes outside GcsSecretEngine would need to know about it.
This was referenced Oct 2, 2019
claymccoy
pushed a commit
to claymccoy/kork
that referenced
this pull request
Mar 3, 2020
* refactor(core): Convert echo-core to Java Echo-core is almost completely java, with the exception of two easy-to-convert files. Finish the conversion and change the top-level source directory from groovy to java. Also, add some explicit gradle dependencies. * feat(core): Add support for requesting build info Add the required infrastructure for echo to request build info from Igor. * feat(core): Add pipeline post-processor functionality Add functionality to post-process pipelines before sending them to orca for execution. In particular, add a post-processor to add build info to the trigger, and a (not-yet-implemented) post-processor to inflate artifacts using a Jina template. * feat(core): Add igor endpoint to halyard base config * style(core): Address code review comments * refactor(core): Don't rely on autowiring for ordering Add functionality for ordering pipeline post-processors that doesn't depend on Spring autowiring the post-processors in the order specified by @order. * style(core): Address PR comments * Clean up EchoRetrofitConfig * Add retry to igor communication
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New
GcsSecretEnginefor decrypting secrets of the formencrypted:gcs!b:bucket!f:file[!k:key-in-file].Some of the code is copied from how Halyard downloads Spinnaker BOM's from GCS.