Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improving SS as a source of truth #56

Closed
quinnwai opened this issue Jun 28, 2024 · 2 comments
Closed

Improving SS as a source of truth #56

quinnwai opened this issue Jun 28, 2024 · 2 comments
Assignees
@quinnwai

Comments

@quinnwai
Copy link

quinnwai commented Jun 28, 2024
edited
Loading

Problem(s)

  1. pushing up to SS is prompted with make local. At “make” time, you don’t know if your secrets work yet
  2. Even if we fix this and push to SS, we aren’t making use of SS as a common source of truth right now. We should test and work towards a common Secrets file to reduce the amount of local changes each individual has to make as patches made do not have to be created.
  3. Even then, it is still different to see what has changed since SS doesn’t store a history of secret versions
    1. The following solutions assume that we are tied to using SS

Design/Goals

  1. Create a push-secret make command which isn’t called in make local (usage make push-secrets DEPLOY=local)
  2. Enable a secrets-local-test file so that we only update secrets-local with secrets-local-test once it has been tested on all of our local branches (ie make local)
    1. Ensure that the current secrets-local on SS works on all our locals
  3. SSClient.py: Along with enabling above, create a description to add to each push-secret (just like commit message since there’s no versioning)
    1. Note: will not do for now, as descriptions are non-editable for each individual update to secrets
@quinnwai quinnwai self-assigned this Jun 28, 2024
@matthewpeterkort
Copy link
Collaborator

yeah these are good improvements

@quinnwai
Copy link
Author

quinnwai commented Jun 28, 2024
edited
Loading

Tried to create a description to add to each action, but the actions in the Audit (ie history tab) are not editable. Let me know if you think commit messages / descriptions are still important or if we should just leave it... code below to keep it somewhere

# edit the description for most recent update
        actions_url = f"{OHSU_SECRET_SERVER_ENDPOINT}/api/v1/secrets/{id}/audits" \
                        "?filter.Action=Update&skip=0&take=1&sort=Date&dir=desc"
        
        # TODO
        commit_msg = "DESCRIPTION"

        response = session.get(actions_url, headers=headers)
        response.raise_for_status()
        latest_update = response.json()["records"][0]
        
        if latest_update:
            update_url = f"{OHSU_SECRET_SERVER_ENDPOINT}/api/v1/audit/{latest_update['id']}"
            data = {"notes": commit_msg}
            response = session.patch(update_url, headers=headers, json=data)
            response.raise_for_status()
            print("Description updated successfully!")
        else:
            print("No 'Update' actions found in the audit history.")

        
        response = session.patch(update_url, json=data)
        data = {"Notes": commit_msg}  # Set the desired description
        print("updated commit message")

@quinnwai quinnwai mentioned this issue Jun 28, 2024
Merged
quinnwai added a commit that referenced this issue Jul 1, 2024
@quinnwai
Improving SS as a source of truth (#56) (#57)
277535f 
* split up make local with a new `push-secrets` command
* update SS-related comments
@quinnwai quinnwai closed this as completed Jul 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@quinnwai quinnwai

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@matthewpeterkort @quinnwai