Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

container_app_job: support secrets from Key Vault #25969

Merged
merged 5 commits into from
Jun 3, 2024
Merged

container_app_job: support secrets from Key Vault #25969

merged 5 commits into from
Jun 3, 2024

Conversation

Botje
Copy link
Contributor

@Botje Botje commented May 15, 2024
edited
Loading

Community Note

  • Please vote on this PR by adding a 👍 reaction to the original PR to help the community and maintainers prioritize for review
  • Please do not leave "+1" or "me too" comments, they generate extra noise for PR followers and do not help prioritize for review

Description

This PR adds support for referencing Key Vault secrets from Container App Jobs and lifts the restriction on removing secrets.
This code is ported from the Container Apps resource.

PR Checklist

  • I have followed the guidelines in our Contributing Documentation.
  • I have checked to ensure there aren't other open Pull Requests for the same update/change.
  • I have checked if my changes close any open issues. If so please include appropriate closing keywords below.
  • I have updated/added Documentation as required written in a helpful and kind way to assist users that may be unfamiliar with the resource / data source.
  • I have used a meaningful PR title to help maintainers and other users understand this change and help prevent duplicate work.
    For example: “resource_name_here - description of change e.g. adding property new_property_name_here

Changes to existing Resource / Data Source

  • I have added an explanation of what my changes do and why I'd like you to include them (This may be covered by linking to an issue above, but may benefit from additional explanation).
  • I have written new tests for my resource or datasource changes & updated any relevent documentation.
  • I have successfully run tests with my changes locally. If not, please provide details on testing challenges that prevented you running the tests.
  • (For changes that include a state migration only). I have manually tested the migration path between relevant versions of the provider.

Testing

  • My submission includes Test coverage as described in the Contribution Guide and the tests pass. (if this is not possible for any reason, please include details of why you did or could not add test coverage)
Testing evidence 
TF_ACC=1 go test -v ./internal/services/containerapps -run=TestAccContainerAppJob_withKeyVault -timeout 60m -ldflags="-X=github.com/hashicorp/terraform-provider-azurerm/version.ProviderVersion=acc"
=== RUN   TestAccContainerAppJob_withKeyVaultSecret
=== PAUSE TestAccContainerAppJob_withKeyVaultSecret
=== RUN   TestAccContainerAppJob_withKeyVaultSecretVersioningUpdate
=== PAUSE TestAccContainerAppJob_withKeyVaultSecretVersioningUpdate
=== RUN   TestAccContainerAppJob_withKeyVaultSecretIdentityUpdate
=== PAUSE TestAccContainerAppJob_withKeyVaultSecretIdentityUpdate
=== CONT  TestAccContainerAppJob_withKeyVaultSecret
=== CONT  TestAccContainerAppJob_withKeyVaultSecretIdentityUpdate
=== CONT  TestAccContainerAppJob_withKeyVaultSecretVersioningUpdate
--- PASS: TestAccContainerAppJob_withKeyVaultSecret (894.40s)
--- PASS: TestAccContainerAppJob_withKeyVaultSecretVersioningUpdate (974.74s)
--- PASS: TestAccContainerAppJob_withKeyVaultSecretIdentityUpdate (1019.78s)
PASS
ok  	github.com/hashicorp/terraform-provider-azurerm/internal/services/containerapps	1022.386s

Change Log

Below please provide what should go into the changelog (if anything) conforming to the Changelog Format documented here.

  • container_app_job - support secrets from Key Vault [GH-0000]
  • container_app_job - allow removing secrets [GH-0000]

This is a (please select all that apply):

  • Bug Fix
  • New Feature (ie adding a service, resource, or data source)
  • Enhancement
  • Breaking Change

Related Issue(s)

Fixes #25934
Fixes #25994

Note

If this PR changes meaningfully during the course of review please update the title and description as required.

@Botje Botje force-pushed the f/25934/ca-job-support-kv-secrets branch from 9187e7a to 87f7153 Compare May 15, 2024 07:12
@catriona-m catriona-m requested a review from jackofallops May 15, 2024 13:55
@oWretch oWretch mentioned this pull request May 27, 2024
Merged
13 tasks
jackofallops
jackofallops requested changes May 31, 2024
View reviewed changes
Copy link
Member

@jackofallops jackofallops left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Botje - We're having trouble running the tests for this PR due to some dependency changes/issues with main that have crept in somewhere. Are you able to update your fork's main and rebase to allow us to run the tests?

Scratch that - sorry - appears to have been a problem with our CI system picking up changes... will loop back asap.

@Botje
Copy link
Contributor Author

Botje commented May 31, 2024

Despite subscribing to the linked issue, I did not get a notification. I will update the tests anyway, as promised.

@Botje Botje force-pushed the f/25934/ca-job-support-kv-secrets branch from 87f7153 to e4da14d Compare May 31, 2024 09:30
@Botje
Copy link
Contributor Author

Botje commented May 31, 2024
edited
Loading

Rebased on current main branch and converted the tests to use secret and registry.

@Botje Botje force-pushed the f/25934/ca-job-support-kv-secrets branch from e4da14d to 15d989d Compare May 31, 2024 09:32
jackofallops
jackofallops requested changes Jun 3, 2024
View reviewed changes
Copy link
Member

@jackofallops jackofallops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @Botje - Thanks for the rebase and update. Just one minor docs change to look at and then I think this will be good to go, pending testing.

jackofallops
jackofallops approved these changes Jun 3, 2024
View reviewed changes
Copy link
Member

@jackofallops jackofallops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @Botje for the updates. This LGTM, I'll get the tests run now.

@jackofallops
Copy link
Member

Tests look fine (failures are unrelated to change)

image

@jackofallops jackofallops merged commit 4210ad6 into hashicorp:main Jun 3, 2024
33 checks passed
@github-actions github-actions bot added this to the v3.107.0 milestone Jun 3, 2024
jackofallops added a commit that referenced this pull request Jun 3, 2024
@jackofallops
Update CHANGELOG.md for #25969
07af30c
@Botje Botje deleted the f/25934/ca-job-support-kv-secrets branch June 3, 2024 20:36
dduportal added a commit to jenkins-infra/azure that referenced this pull request Jun 11, 2024
@jenkins-infra-updatecli @jenkins-infra-bot @dduportal
Bump Terraform azurerm provider version to 3.107.0 (#708)
392a0d1 
<Actions>
<action
id="f410411e63aff4bb73a81c2aec1d373cf8a903e63b30dee2006b0030d8a94cc8">
        <h3>Bump Terraform `azurerm` provider version</h3>
<details
id="1d9343c012f5434ac9fe8a98135bae3667b399259be16d9b14302ea3bd424a24">
            <summary>Update Terraform lock file</summary>
<p>changes detected:&#xA;&#x9;&#34;hashicorp/azurerm&#34; updated from
&#34;3.104.2&#34; to &#34;3.107.0&#34; in file
&#34;.terraform.lock.hcl&#34;</p>
            <details>
                <summary>3.107.0</summary>
<pre>Changelog retrieved
from:&#xA;&#x9;https://github.com/hashicorp/terraform-provider-azurerm/releases/tag/v3.107.0&#xA;FEATURES:&#xA;&#xA;*
**New Resource:**
`azurerm_data_protection_backup_policy_postgresql_flexible_server`
([#26024](https://github.com/hashicorp/terraform-provider-azurerm/issues/26024))&#xA;&#xA;ENHANCEMENTS:&#xA;&#xA;*
dependencies: updating to `v0.20240604.1114748` of
`github.com/hashicorp/go-azure-sdk`
([#26216](hashicorp/terraform-provider-azurerm#26216
`advisor`: update API version to `2023-01-01`
([#26205](hashicorp/terraform-provider-azurerm#26205
`keyvault`: handling the Resources API returning Key Vaults that have
been deleted when populating the cache
([#26199](hashicorp/terraform-provider-azurerm#26199
`machinelearning`: update API version to `2024-04-01`
([#26168](hashicorp/terraform-provider-azurerm#26168
`network/privatelinkservices` - update to use `hashicorp/go-azure-sdk`
([#26212](hashicorp/terraform-provider-azurerm#26212
`network/serviceendpointpolicies` - update to use
`hashicorp/go-azure-sdk`
([#26196](hashicorp/terraform-provider-azurerm#26196
`network/virtualnetworks` - update to use `hashicorp/go-azure-sdk`
([#26217](hashicorp/terraform-provider-azurerm#26217
`network/virtualwans`: update route resources to use
`hashicorp/go-azure-sdk`
([#26189](hashicorp/terraform-provider-azurerm#26189
`azurerm_container_app_job` - support for the `key_vault_secret_id` and
`identity` properties in the `secret` block
([#25969](hashicorp/terraform-provider-azurerm#25969
`azurerm_kubernetes_cluster` - support forthe `dns_zone_ids` popperty in
the `web_app_routing` block
([#26117](hashicorp/terraform-provider-azurerm#26117
`azurerm_notification_hub_authorization_rule` - support for the
`primary_connection_string` and `secondary_connection_string` properties
([#26188](hashicorp/terraform-provider-azurerm#26188
`azurerm_subnet` - support for the `default_outbound_access_enabled`
property
([#25259](https://github.com/hashicorp/terraform-provider-azurerm/issues/25259))&#xA;&#xA;BUG
FIXES:&#xA;&#xA;* `azurerm_api_management_named_value` - will now
enforce setting the `secret` property when setting the
`value_from_key_vault` property
([#26150](hashicorp/terraform-provider-azurerm#26150
`azurerm_storage_sync_server_endpoint` - improve pooling to work around
api inconsistencies
([#26204](hashicorp/terraform-provider-azurerm#26204
`azurerm_virtual_network` - split create and update function to fix
lifecycle - ignore
([#26246](hashicorp/terraform-provider-azurerm#26246
`azurerm_vpn_server_configuration` - split create and update function to
fix lifecycle - ignore
([#26175](hashicorp/terraform-provider-azurerm#26175
`azurerm_vpn_server_configuration_policy_group` - split create and
update function to fix lifecycle - ignore
([#26207](hashicorp/terraform-provider-azurerm#26207
`azurerm_vpn_site` - split create and update function to fix lifecycle -
ignore changes
([#26163](https://github.com/hashicorp/terraform-provider-azurerm/issues/26163))&#xA;&#xA;DEPRECATIONS:&#xA;&#xA;*
`azurerm_kubernetes_cluster` - the property `dns_zone_id` has been
superseded by the property `dns_zone_ids` in the `web_app_routing` block
([#26117](hashicorp/terraform-provider-azurerm#26117
`azurerm_nginx_deployment` - the block `configuration` has been
deprecated and superseded by the resource `azurerm_nginx_configuration`
([#25773](https://github.com/hashicorp/terraform-provider-azurerm/issues/25773))&#xA;&#xA;&#xA;</pre>
            </details>
        </details>
<a
href="https://infra.ci.jenkins.io/job/updatecli/job/azure/job/main/229/">Jenkins
pipeline link</a>
    </action>
</Actions>

---

<table>
  <tr>
    <td width="77">
<img src="https://www.updatecli.io/images/updatecli.png" alt="Updatecli
logo" width="50" height="50">
    </td>
    <td>
      <p>
Created automatically by <a
href="https://www.updatecli.io/">Updatecli</a>
      </p>
      <details><summary>Options:</summary>
        <br />
<p>Most of Updatecli configuration is done via <a
href="https://www.updatecli.io/docs/prologue/quick-start/">its
manifest(s)</a>.</p>
        <ul>
<li>If you close this pull request, Updatecli will automatically reopen
it, the next time it runs.</li>
<li>If you close this pull request and delete the base branch, Updatecli
will automatically recreate it, erasing all previous commits made.</li>
        </ul>
        <p>
Feel free to report any issues at <a
href="https://github.com/updatecli/updatecli/issues">github.com/updatecli/updatecli</a>.<br
/>
If you find this tool useful, do not hesitate to star <a
href="https://github.com/updatecli/updatecli/stargazers">our GitHub
repository</a> as a sign of appreciation, and/or to tell us directly on
our <a
href="https://matrix.to/#/#Updatecli_community:gitter.im">chat</a>!
        </p>
      </details>
    </td>
  </tr>
</table>

---------

Signed-off-by: Damien Duportal <[email protected]>
Co-authored-by: Jenkins Infra Bot (updatecli) <[email protected]>
Co-authored-by: Damien Duportal <[email protected]>
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 4, 2024

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 4, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@jackofallops jackofallops jackofallops approved these changes

Assignees
No one assigned
Labels
documentation service/container-apps size/XL
Projects
None yet
Milestone
v3.107.0
2 participants
@Botje @jackofallops