Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Succeeded: Change GetValue to GetValues for Providers to allow batch retrieval #1344

Closed
wants to merge 7 commits into from

Conversation

doodlesbykumbi
Copy link
Contributor

@doodlesbykumbi doodlesbykumbi commented Sep 24, 2020

GetValues works exactly the same as GetValue, however GetValues gives providers the ability to implement arbitrary batch retrieval mechanisms.

Succeeded by #1356 (Cobertura got in the way)

What does this PR do?

  • What's changed? Why were these changes made?
  • How should the reviewer approach this PR, especially if manual tests are required?
  • Are there relevant screenshots you can add to the PR description?

What ticket does this PR close?

Connected to #[relevant GitHub issues, eg 76]

Checklists

Change log

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code changes, or
  • The changes in this PR do not require tests

Documentation

  • This PR does not require updating any documentation, or
  • Docs (e.g. READMEs) were updated in this PR, and/or there is a follow-on issue to update docs

(For releases only) Manual tests

internal/plugin/resolver.go Outdated Show resolved Hide resolved
internal/providers/awssecrets/provider.go Outdated Show resolved Hide resolved
internal/providers/conjur/provider.go Outdated Show resolved Hide resolved
internal/providers/env/provider.go Outdated Show resolved Hide resolved
internal/providers/file/provider.go Outdated Show resolved Hide resolved
Copy link
Contributor

@sgnn7 sgnn7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@doodlesbykumbi Great progress forward with some mostly-small comments. I would like to see multi-value fetch tests for each provider though in the e2e tests too.

k8s-ci/k8s_crds/test Outdated Show resolved Hide resolved
k8s-ci/k8s_crds/test Outdated Show resolved Hide resolved
internal/summon/command/run.go Show resolved Hide resolved
internal/summon/command/run.go Show resolved Hide resolved
internal/summon/command/run.go Outdated Show resolved Hide resolved
internal/providers/vault/provider.go Outdated Show resolved Hide resolved
internal/plugin/v1/provider.go Show resolved Hide resolved
continue
}
}
if hasErrors {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This brings an interesting question: do we care about finishing resolution of all providers if we hit an error in any provider? My guess is that a single error in fetching variables is enough to throw an error but I'd like to hear your thoughts on this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the developer UX of getting all the useful information about errors would be better here. There's no added cost because secret fetching is delegated to the provider and it is at the provider's discretion to fail fast or not. If we have the additional error info I think we ought to show it.

internal/plugin/resolver.go Show resolved Hide resolved
internal/plugin/resolver.go Show resolved Hide resolved
@doodlesbykumbi doodlesbykumbi force-pushed the batch-provider branch 4 times, most recently from 4d5cc41 to edb41de Compare October 13, 2020 00:46
@doodlesbykumbi doodlesbykumbi marked this pull request as ready for review October 13, 2020 09:59
@doodlesbykumbi doodlesbykumbi requested a review from a team as a code owner October 13, 2020 09:59
Copy link
Contributor

@sgnn7 sgnn7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@doodlesbykumbi Just a few more comments but it's almost there!

go.sum Outdated
@@ -29,6 +29,8 @@ github.com/containerd/containerd v1.3.2 h1:ForxmXkA6tPIvffbrDAcPUIB32QgXkt2XFj+F
github.com/containerd/containerd v1.3.2/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA=
github.com/cyberark/conjur-api-go v0.5.2 h1:8ntk07YNRz5bBwjNXkDEAPR70Yr+J2MN8NGlkhaMC3k=
github.com/cyberark/conjur-api-go v0.5.2/go.mod h1:hwaReWirzgKor+JtH6vbwZaASDXulvd0SzGCloC5uOc=
github.com/cyberark/conjur-authn-k8s-client v0.13.0/go.mod h1:JTeGIeRO59J7mMEc5yF6FPtk1QnaAzs4GyZa4WldqZc=
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmmm.. why do we have both v0.13.0 and v0.19.0 of authn-k8s module here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Resolved

go.sum Outdated
@@ -244,6 +246,7 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
go.mongodb.org/mongo-driver v1.4.2 h1:WlnEglfTg/PfPq4WXs2Vkl/5ICC6hoG8+r+LraPmGk4=
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is leftover from your other PR

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Definitely. Taken out

internal/plugin/resolver.go Show resolved Hide resolved
internal/plugin/v1/provider.go Outdated Show resolved Hide resolved
internal/summon/command/run.go Show resolved Hide resolved
k8s-ci/k8s_crds/test Show resolved Hide resolved
internal/plugin/v1/testutils/testutils.go Show resolved Hide resolved
@doodlesbykumbi doodlesbykumbi force-pushed the batch-provider branch 2 times, most recently from ff68070 to 4909a67 Compare October 14, 2020 14:21
@doodlesbykumbi doodlesbykumbi force-pushed the batch-provider branch 2 times, most recently from 6d9302e to e9eeaf1 Compare October 15, 2020 11:41
@doodlesbykumbi doodlesbykumbi changed the title WIP: Accommodate batch retrieval for Providers Change GetValue to GetValues for Providers to allow batch retrieval Oct 15, 2020
Copy link
Contributor

@sgnn7 sgnn7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@doodlesbykumbi Great work! There's only a few more things in the new code added that need a bit of attention.

internal/summon/command/temp_factory.go Outdated Show resolved Hide resolved
}
return

if atLeastOneVar := len(varSecretsSpecPaths) > 0; !atLeastOneVar {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a blocker but this could have been simpler with just the condition:

# If there are no variables to resolve, return what we have
if len(varSecretsSpecPaths) == 0 {

}
tf = nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Two things here:

  • If we're not clearing the object (which I agree is weird), we need to at least reset tf.files[] to an empty array so that repeated invocation won't try to delete already-deleted files.
  • If we're not clearing the object here too, it is a bit problematic that we remove the directory in cleanup since it allows for calling Push() again but the directory won't be there.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is no such thing as clearing an object in Go as far as I know. But tf.files = nil is a worthwhile thing.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tf.files = nil is a worthwhile thing.

This may need to be a new empty array though instead of nil

So(err, ShouldNotBeNil)
So(err.Error(), ShouldContainSubstring, "no such file or directory")
})

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Stray newline

internal/plugin/resolver.go Outdated Show resolved Hide resolved
// Sort the error strings to provide deterministic output
sort.Strings(errorStrings)

err = fmt.Errorf(strings.Join(errorStrings, "; "))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What will this look like printed out? Should we separate with newlines as well?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here's an example,ERROR: Resolving credentials from provider 'env' failed: env cannot find environment variable 'something-also-not-in-env', env cannot find environment variable 'something-not-in-env'; ERROR: Resolving credentials from provider 'file' failed: open something-not-on-file: no such file or directory. Hmm maybe newlines are a better option

Copy link
Contributor

@BradleyBoutcher BradleyBoutcher left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: Don't forget to update the changelog and any applicable README's!

@doodlesbykumbi doodlesbykumbi force-pushed the batch-provider branch 2 times, most recently from dacda87 to 7b86082 Compare October 16, 2020 19:06
GetValues works exactly the same as GetValue, however GetValues gives providers the ability to implement arbitrary batch retrieval mechanisms.
This return type provides Value and Error for each variable, and simplifies mapping from input ids to response without relying on order
@codeclimate
Copy link

codeclimate bot commented Oct 16, 2020

Code Climate has analyzed commit 26246a8 and detected 0 issues on this pull request.

The test coverage on the diff in this pull request is 90.9% (50% is the threshold).

This pull request will bring the total coverage in the repository to 53.0% (2.7% change).

View more on Code Climate.

@doodlesbykumbi
Copy link
Contributor Author

@BradleyBoutcher re:

Nit: Don't forget to update the changelog and any applicable README's!.

This is entirely an internal change so I think neither of these are needed

@doodlesbykumbi doodlesbykumbi changed the title Change GetValue to GetValues for Providers to allow batch retrieval Stale: Change GetValue to GetValues for Providers to allow batch retrieval Oct 19, 2020
@doodlesbykumbi
Copy link
Contributor Author

Succeeded by #1356 (Cobertura got in the way)

@doodlesbykumbi doodlesbykumbi deleted the batch-provider branch October 19, 2020 15:10
@doodlesbykumbi doodlesbykumbi changed the title Stale: Change GetValue to GetValues for Providers to allow batch retrieval Succeeded: Change GetValue to GetValues for Providers to allow batch retrieval Oct 19, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants