-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Aws secretsmanager additions #6381
base: main
Are you sure you want to change the base?
Aws secretsmanager additions #6381
Conversation
Signed-off-by: Nick Richardson <[email protected]>
Signed-off-by: Nick Richardson <[email protected]>
Signed-off-by: Nick Richardson <[email protected]>
Signed-off-by: Nick Richardson <[email protected]>
Signed-off-by: Nick Richardson <[email protected]>
Signed-off-by: Nick Richardson <[email protected]>
a4701ef
to
23175d8
Compare
Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good, thanks. We should also update docs
Doc for issue: kedacore/keda#5940 PR: kedacore/keda#6381 Signed-off-by: michael pechner <[email protected]>
docs. kedacore/keda-docs#1508 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really nice job! some comments inline
tests/secret-providers/aws_secretmanager/aws_secretmanager_test.go
Outdated
Show resolved
Hide resolved
func TestAwsSecretManager(t *testing.T) { | ||
var useJSONSecretFormat = false | ||
require.NotEmpty(t, awsAccessKeyID, "TF_AWS_ACCESS_KEY env variable is required for AWS Secret Manager test") | ||
require.NotEmpty(t, awsSecretAccessKey, "TF_AWS_SECRET_KEY env variable is required for AWS Secret Manager test") | ||
|
||
// Create the secret in AWS | ||
err := createAWSSecret(t, useJSONSecretFormat) | ||
assert.NoErrorf(t, err, "cannot create AWS Secret Manager secret - %s", err) | ||
|
||
// Create kubernetes resources for PostgreSQL server | ||
kc := GetKubernetesClient(t) | ||
data, postgreSQLtemplates := getPostgreSQLTemplateData() | ||
|
||
CreateKubernetesResources(t, kc, testNamespace, data, postgreSQLtemplates) | ||
|
||
assert.True(t, WaitForStatefulsetReplicaReadyCount(t, kc, postgreSQLStatefulSetName, testNamespace, 1, 60, 3), | ||
"replica count should be %d after 3 minutes", 1) | ||
|
||
createTableSQL := "CREATE TABLE task_instance (id serial PRIMARY KEY,state VARCHAR(10));" | ||
psqlCreateTableCmd := fmt.Sprintf("psql -U %s -d %s -c \"%s\"", postgreSQLUsername, postgreSQLDatabase, createTableSQL) | ||
|
||
ok, out, errOut, err := WaitForSuccessfulExecCommandOnSpecificPod(t, postgresqlPodName, testNamespace, psqlCreateTableCmd, 60, 3) | ||
assert.True(t, ok, "executing a command on PostreSQL Pod should work; Output: %s, ErrorOutput: %s, Error: %s", out, errOut, err) | ||
|
||
// Create kubernetes resources for testing | ||
data, templates := getTemplateData(useJSONSecretFormat) | ||
|
||
KubectlApplyMultipleWithTemplate(t, data, templates) | ||
assert.True(t, WaitForDeploymentReplicaReadyCount(t, kc, deploymentName, testNamespace, minReplicaCount, 60, 3), | ||
"replica count should be %d after 3 minutes", minReplicaCount) | ||
|
||
testScaleOut(t, kc, data) | ||
|
||
// cleanup | ||
KubectlDeleteMultipleWithTemplate(t, data, templates) | ||
DeleteKubernetesResources(t, testNamespace, data, postgreSQLtemplates) | ||
|
||
// Delete the secret in AWS | ||
err = deleteAWSSecret(t) | ||
assert.NoErrorf(t, err, "cannot delete AWS Secret Manager secret - %s", err) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we create a function for the test and pass the required changes? 'TestAwsSecretManager' and 'TestAwsSecretManagerJSONFormat' are almost the same, maybe we can create a function like testAwsSecretManager
with the changes as arguments (useJSONSecretFormat , the templates, etc)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you want testAwsSecretManager refactored? Or a new function?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My proposal is to create a new function that can be called with both configurations to reduce the amount of duplicated code, the name was tentative and just a suggestion
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok thanks.
@@ -247,11 +276,54 @@ spec: | |||
) | |||
|
|||
func TestAwsSecretManager(t *testing.T) { | |||
var useJSONSecretFormat = false |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same as the other test
36f2dcc
to
a6b4067
Compare
Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
…-akasa/keda into aws-secretsmanager-additions
…ect. Will remove REMOVETestAwsSecretManagerJSONFormat and change aws_secret_manager_pod_identity.go once I have changed this file as expected. Signed-off-by: michael pechner <[email protected]>
// Local imports . "github.com/kedacore/keda/v2/tests/helper" Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
…the the helper. Fixed type Ti -> T Signed-off-by: michael pechner <[email protected]>
AwsSecretManager() does not return anything, so fixed the calling test Signed-off-by: michael pechner <[email protected]>
added test code back and making AwsSecretmanager() return nil Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
Signed-off-by: michael pechner <[email protected]>
This adds the ability to specify a secretKey in the awsSecretManager TriggerAuthentication. This will allow parsing of secrets that contain Key/Value pairs (returned in JSON format).
Resubmission of #6031
Provide a description of what has been changed
Checklist
Fixes #5940
Relates to #