-
Notifications
You must be signed in to change notification settings - Fork 681
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add env_name to Secrets #6160
Add env_name to Secrets #6160
Conversation
Signed-off-by: Thomas J. Fan <[email protected]>
Signed-off-by: Thomas J. Fan <[email protected]>
Code Review Agent Run #40b3bcActionable Suggestions - 2
Review Details
|
Changelist by BitoThis pull request implements the following key changes.
|
if secret.GetEnvName() != "" { | ||
extraEnvVar := *envVar.DeepCopy() | ||
extraEnvVar.Name = secret.GetEnvName() | ||
|
||
p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, extraEnvVar) | ||
p.Spec.Containers = AppendEnvVars(p.Spec.Containers, extraEnvVar) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider extracting the duplicate environment variable injection logic into a helper function. The same pattern of copying and injecting environment variables appears in multiple places. A similar issue was also found in flytepropeller/pkg/webhook/k8s_secrets.go (line 79-82).
Code suggestion
Check the AI-generated fix before applying
if secret.GetEnvName() != "" { | |
extraEnvVar := *envVar.DeepCopy() | |
extraEnvVar.Name = secret.GetEnvName() | |
p.Spec.InitContainers = AppendEnvVars(p.Spec.InitContainers, extraEnvVar) | |
p.Spec.Containers = AppendEnvVars(p.Spec.Containers, extraEnvVar) | |
} | |
if secret.GetEnvName() != "" { | |
injectEnvVarToContainers(p, envVar, secret.GetEnvName()) | |
} |
Code Review Run #40b3bc
Is this a valid issue, or was it incorrectly flagged by the Agent?
- it was incorrectly flagged
func CreateVolumeMountEnvVarForSecretWithEnvName(secret *core.Secret) corev1.EnvVar { | ||
return corev1.EnvVar{ | ||
Name: secret.GetEnvName(), | ||
Value: filepath.Join(filepath.Join(K8sSecretPathPrefix...), strings.ToLower(secret.GetGroup()), strings.ToLower(secret.GetKey())), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Consider using path.Join()
instead of filepath.Join()
for URL-like paths. The filepath.Join()
uses OS-specific path separators which may cause issues if the path is used in URLs or container environments.
Code suggestion
Check the AI-generated fix before applying
Value: filepath.Join(filepath.Join(K8sSecretPathPrefix...), strings.ToLower(secret.GetGroup()), strings.ToLower(secret.GetKey())), | |
Value: path.Join(path.Join(K8sSecretPathPrefix...), strings.ToLower(secret.GetGroup()), strings.ToLower(secret.GetKey())), |
Code Review Run #40b3bc
Is this a valid issue, or was it incorrectly flagged by the Agent?
- it was incorrectly flagged
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #6160 +/- ##
=======================================
Coverage 37.02% 37.03%
=======================================
Files 1317 1317
Lines 132523 132557 +34
=======================================
+ Hits 49066 49086 +20
- Misses 79211 79225 +14
Partials 4246 4246
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
Signed-off-by: Thomas J. Fan <[email protected]>
Code Review Agent Run Status
|
Tracking issue
Related to #6141 (comment)
Why are the changes needed?
This PR adds an
env_name
to the Secrets IDL, which has the follow behavior:ENV_VAR
, then we set an environment variable namedenv_name
to the value of the secret.FILE
, then we set an environment variable namedenv_name
to the path of the mounted secret.What changes were proposed in this pull request?
This PR adds
env_name
to theSecrets IDL
. This makes it easy to configure a secret in a Flyte task. For example, one can easily set a hugging face secret:Or for secrets that require a file:
How was this patch tested?
I ran the following to try the two different modes:
Summary by Bito
This PR implements custom environment variable naming for Flyte secrets by adding an env_name field to the Secret message type. The enhancement supports both ENV_VAR and FILE mount types, allowing users to specify custom environment variable names for secret values and file paths. The implementation includes protobuf definition updates and generated code across multiple languages (Go, TypeScript, JavaScript, Python, Rust).Unit tests added: True
Estimated effort to review (1-5, lower is better): 3