Add support for azure keyvault backend #87
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fcgravalos
reviewed
Apr 4, 2022
backend/azure_kv.go
Outdated
| // There below line was added to access the azure data plane | ||
| // Which is required to access secrets in keyvault | ||
|
|
||
| clientCredentialConfig.Resource = "https://vault.azure.net" |
There was a problem hiding this comment.
should we make vault.azure.net a constant, kind of:
azureKVEndpoint = "vault.azure.net"
fcgravalos
reviewed
Apr 4, 2022
backend/azure_kv.go
Outdated
|
|
||
| func (c *azureKVClient) ReadSecret(path string, key string) (string, error) { | ||
| data := "" | ||
| uri := fmt.Sprintf("https://%s.vault.azure.net", c.keyvaultName) |
There was a problem hiding this comment.
see my comment above about the constant and lmk what do you think
fcgravalos
reviewed
Apr 4, 2022
errors/errors.go
Outdated
| @@ -7,6 +7,7 @@ const ( | |||
| UnknownErrorType = "UnknownError" | |||
| BackendNotImplementedErrorType = "BackendNotImplementedError" | |||
| BackendSecretNotFoundErrorType = "BackendSecretNotFoundError" | |||
| BackendSecretForbiddenErrorType = "BackendSecretForbiddenError" | |||
| K8sSecretNotFoundErrorType = "K8sSecretNotFoundError" | |||
| InvalidConfigmapNameErrorType = "InvalidConfigmapNameError" | |||
There was a problem hiding this comment.
I think this might be a leftover from the migration from configmap to CRDs?
fcgravalos
reviewed
Apr 5, 2022
backend/azure_kv.go
Outdated
| uri := fmt.Sprintf("https://%s.%s", c.keyvaultName, azureKVEndpoint) | ||
|
|
||
| // TODO: Add support for secret version? | ||
| result, err := c.client.GetSecret(context.Background(), uri, path, "") |
There was a problem hiding this comment.
let's inject the context that we create in main ?
fcgravalos
reviewed
Apr 5, 2022
backend/backend.go
Outdated
Comment on lines
11
to
12
| const vaultBackendName = "vault" | ||
| const azureKVBackendName = "azure-kv" |
There was a problem hiding this comment.
const (
vaultBackendName = "vault"
azureKVBackendName = "azure-kv"
)
added 7 commits
April 5, 2022 15:46
…ironment variables (native handler)
…ith how code is written
Codecov Report
@@ Coverage Diff @@
## master #87 +/- ##
==========================================
- Coverage 85.26% 81.19% -4.08%
==========================================
Files 9 11 +2
Lines 482 553 +71
==========================================
+ Hits 411 449 +38
- Misses 53 86 +33
Partials 18 18
Continue to review full report at Codecov.
|
added 2 commits
April 8, 2022 12:08
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
READY/
Migrations
NO
Description
Add support Azure KeyVault secrets backend.
List of fixes # (issue)
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes.
Provide instructions so we can reproduce.
Please also list any relevant details for your test configuration
Checklist: