Succeeded: Change GetValue to GetValues for Providers to allow batch retrieval #1344
Conversation
![codeclimate[bot]](https://avatars.githubusercontent.com/in/9403?s=60&v=4){kind=small}
doodlesbykumbi
force-pushed
the
batch-provider
branch
3 times, most recently
from
7fc7a42 to
683407f
Compare
There was a problem hiding this comment.
@doodlesbykumbi Great progress forward with some mostly-small comments. I would like to see multi-value fetch tests for each provider though in the e2e tests too.
internal/plugin/resolver.go
Outdated
| continue | ||
| } | ||
| } | ||
| if hasErrors { |
There was a problem hiding this comment.
This brings an interesting question: do we care about finishing resolution of all providers if we hit an error in any provider? My guess is that a single error in fetching variables is enough to throw an error but I'd like to hear your thoughts on this.
There was a problem hiding this comment.
I think the developer UX of getting all the useful information about errors would be better here. There's no added cost because secret fetching is delegated to the provider and it is at the provider's discretion to fail fast or not. If we have the additional error info I think we ought to show it.
doodlesbykumbi
force-pushed
the
batch-provider
branch
4 times, most recently
from
4d5cc41 to
edb41de
Compare
doodlesbykumbi
force-pushed
the
batch-provider
branch
from
c776af8 to
a1d8733
Compare
There was a problem hiding this comment.
@doodlesbykumbi Just a few more comments but it's almost there!
go.sum
Outdated
| @@ -29,6 +29,8 @@ github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F | |||
| github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= | |||
| github.com/cyberark/conjur-api-go v0.5.2 h1:8ntk07YNRz5bBwjNXkDEAPR70Yr+J2MN8NGlkhaMC3k= | |||
| github.com/cyberark/conjur-api-go v0.5.2/go.mod h1:hwaReWirzgKor+JtH6vbwZaASDXulvd0SzGCloC5uOc= | |||
| github.com/cyberark/conjur-authn-k8s-client v0.13.0/go.mod h1:JTeGIeRO59J7mMEc5yF6FPtk1QnaAzs4GyZa4WldqZc= | |||
There was a problem hiding this comment.
Hmmm.. why do we have both v0.13.0 and v0.19.0 of authn-k8s module here?
go.sum
Outdated
| @@ -244,6 +246,7 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ | |||
| github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= | |||
| github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= | |||
| github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= | |||
| go.mongodb.org/mongo-driver v1.4.2 h1:WlnEglfTg/PfPq4WXs2Vkl/5ICC6hoG8+r+LraPmGk4= | |||
There was a problem hiding this comment.
I think this is leftover from your other PR
There was a problem hiding this comment.
Definitely. Taken out
doodlesbykumbi
force-pushed
the
batch-provider
branch
2 times, most recently
from
ff68070 to
4909a67
Compare
doodlesbykumbi
force-pushed
the
batch-provider
branch
2 times, most recently
from
6d9302e to
e9eeaf1
Compare
doodlesbykumbi
changed the title
There was a problem hiding this comment.
@doodlesbykumbi Great work! There's only a few more things in the new code added that need a bit of attention.
internal/summon/command/run.go
Outdated
| } | ||
| return | ||
|
|
||
| if atLeastOneVar := len(varSecretsSpecPaths) > 0; !atLeastOneVar { |
There was a problem hiding this comment.
Not a blocker but this could have been simpler with just the condition:
# If there are no variables to resolve, return what we have
if len(varSecretsSpecPaths) == 0 {| } | ||
| tf = nil |
There was a problem hiding this comment.
Two things here:
- If we're not clearing the object (which I agree is weird), we need to at least reset
tf.files[]to an empty array so that repeated invocation won't try to delete already-deleted files. - If we're not clearing the object here too, it is a bit problematic that we remove the directory in cleanup since it allows for calling
Push()again but the directory won't be there.
There was a problem hiding this comment.
There is no such thing as clearing an object in Go as far as I know. But tf.files = nil is a worthwhile thing.
There was a problem hiding this comment.
tf.files = nilis a worthwhile thing.
This may need to be a new empty array though instead of nil
| So(err, ShouldNotBeNil) | ||
| So(err.Error(), ShouldContainSubstring, "no such file or directory") | ||
| }) | ||
|
|
internal/plugin/resolver.go
Outdated
| // Sort the error strings to provide deterministic output | ||
| sort.Strings(errorStrings) | ||
|
|
||
| err = fmt.Errorf(strings.Join(errorStrings, "; ")) |
There was a problem hiding this comment.
What will this look like printed out? Should we separate with newlines as well?
There was a problem hiding this comment.
Here's an example,ERROR: Resolving credentials from provider 'env' failed: env cannot find environment variable 'something-also-not-in-env', env cannot find environment variable 'something-not-in-env'; ERROR: Resolving credentials from provider 'file' failed: open something-not-on-file: no such file or directory. Hmm maybe newlines are a better option
doodlesbykumbi
force-pushed
the
batch-provider
branch
2 times, most recently
from
dacda87 to
7b86082
Compare
GetValues works exactly the same as GetValue, however GetValues gives providers the ability to implement arbitrary batch retrieval mechanisms.
This return type provides Value and Error for each variable, and simplifies mapping from input ids to response without relying on order
doodlesbykumbi
force-pushed
the
batch-provider
branch
from
7b86082 to
26246a8
Compare
|
Code Climate has analyzed commit 26246a8 and detected 0 issues on this pull request. The test coverage on the diff in this pull request is 90.9% (50% is the threshold). This pull request will bring the total coverage in the repository to 53.0% (2.7% change). View more on Code Climate. |
|
@BradleyBoutcher re:
This is entirely an internal change so I think neither of these are needed |
doodlesbykumbi
changed the title
|
Succeeded by #1356 (Cobertura got in the way) |
doodlesbykumbi
changed the title
GetValues works exactly the same as GetValue, however GetValues gives providers the ability to implement arbitrary batch retrieval mechanisms.
Succeeded by #1356 (Cobertura got in the way)
What does this PR do?
What ticket does this PR close?
Connected to #[relevant GitHub issues, eg 76]
Checklists
Change log
Test coverage
Documentation
READMEs) were updated in this PR, and/or there is a follow-on issue to update docs(For releases only) Manual tests