Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

File/Directory watches not set for Generic Secrets via SDS #24481

Closed
ruwaifaa opened this issue Dec 9, 2022 · 7 comments
Closed

File/Directory watches not set for Generic Secrets via SDS #24481

ruwaifaa opened this issue Dec 9, 2022 · 7 comments
Labels
area/filesystem area/sds SDS related stale stalebot believes this issue/PR has not been touched recently

Comments

@ruwaifaa
Copy link

ruwaifaa commented Dec 9, 2022
edited
Loading

Title: GenericSecrets stored in separate files do not have inotify watches

Description:
Unlike for TLS certificates, envoy does not set inotify watches if the secrets are stored using filename as a datasource option

In the example config below, envoy won't set inotify watch on secret.txt so any changes in that file won't be picked up automatically

envoy.yaml

  credentials:
    token_secret:
      name: token
      sds_config:
        path_config_source: 
          path: "/Users/ruwaifaa/token.yaml"

token.yaml

resources:
  - "@type": "type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.Secret"
    name: token
    generic_secret:
      secret:
        filename: secret.txt

This happens because SDS API returns an empty vector for datasource filenames for generic secrets here

Inotify is set for the config file however, so any changes to inline_secret or inline_bytes get propagated properly. The issue only lies when filename option is used

Is someone working on it currently? I figure this would useful for existing oauth2 filter and also when developing custom filters involving generic secrets

[optional Relevant Links:]

Any extra documentation required to understand the issue.
@ruwaifaa ruwaifaa added the triage Issue requires triage label Dec 9, 2022
@phlax
Copy link
Member

phlax commented Dec 15, 2022

Is someone working on it currently?

not that im aware of

cc @ggreenway

@phlax phlax added area/sds SDS related area/filesystem and removed triage Issue requires triage labels Dec 15, 2022
@phlax
Copy link
Member

phlax commented Dec 15, 2022

possibly related #19582

cc @LuyaoZhong

@ggreenway
Copy link
Contributor

Is someone working on it currently?

not that im aware of

cc @ggreenway

SDS isn't my area of expertise

@phlax
Copy link
Member

phlax commented Dec 16, 2022

SDS isn't my area of expertise

apologies i was struggling to find a codeowner and thought you may have some expertise in this area

cc @adisuissa (who may know more)

@LuyaoZhong
Copy link
Contributor

possibly related #19582

cc @LuyaoZhong

This is not related to #19582, it should be developed as a separate feature.

@github-actions
Copy link

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or "no stalebot" or other activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale stalebot believes this issue/PR has not been touched recently label Jan 18, 2023
@github-actions
Copy link

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted" or "no stalebot". Thank you for your contributions.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jan 25, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/filesystem area/sds SDS related stale stalebot believes this issue/PR has not been touched recently
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@phlax @ggreenway @LuyaoZhong @ruwaifaa