Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

saving cosmosdb keys as secrets #935

Merged
merged 18 commits into from
Apr 20, 2020
Merged

saving cosmosdb keys as secrets #935

merged 18 commits into from
Apr 20, 2020

Conversation

jpflueger
Copy link
Contributor

Closes #879

What this PR does / why we need it:
Saves the connection strings and account keys as secrets.

Special notes for your reviewer:

  • After successfully provisioning, verify there is secret named after the database
  • After deleting the resource, verify the secret is also deleted

How does this PR make you feel:
gif

If applicable:

  • this PR contains documentation
  • this PR contains tests

@jpflueger jpflueger self-assigned this Apr 14, 2020
frodopwns
frodopwns reviewed Apr 14, 2020
View reviewed changes
pkg/resourcemanager/cosmosdbs/cosmosdb.go Outdated

result, err := client.ListKeys(ctx, groupName, accountName)
if err != nil {
return nil, errhelp.NewAzureErrorAzureError(err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

normally we just return the error and convert it to an AzureError on the other side...any reason to deviate here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I originally did this for all of the AzureCosmosDBManager functions because it would simplify the Ensure function which tend to grow pretty large. I can change it to pass just an error if that's preferrable?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would be OK as a proposed change to all operators but not a good idea for just this one operator.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The best thing you can do to clean up the Ensure function would be to reduce the cyclomatic complexity.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I re-wrote most of the ensure function. I was able to reduce the cyclomatic complexity until I realized I wasn't handling a few error cases so it is about the same as before. I'll let you resolve this one when you feel like it's addressed.

frodopwns
frodopwns reviewed Apr 14, 2020
View reviewed changes
Copy link
Contributor

@frodopwns frodopwns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

some initial comments/questions

pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go Outdated Show resolved Hide resolved
pkg/resourcemanager/cosmosdbs/cosmosdb_reconcile.go Outdated Show resolved Hide resolved
@jpflueger jpflueger mentioned this pull request Apr 15, 2020
Merged
2 tasks
@frodopwns
Copy link
Contributor

/azp test

@azure-pipelines
Copy link

Command 'test' is not supported by Azure Pipelines.

Supported commands
  • help:
    • Get descriptions, examples and documentation about supported commands
    • Example: help "command_name"
  • list:
    • List all pipelines for this repository using a comment.
    • Example: "list"
  • run:
    • Run all pipelines or specific pipelines for this repository using a comment. Use this command by itself to trigger all related pipelines, or specify specific pipelines to run.
    • Example: "run" or "run pipeline_name, pipeline_name, pipeline_name"
  • where:
    • Report back the Azure DevOps orgs that are related to this repository and org
    • Example: "where"

See additional documentation.

@frodopwns
Copy link
Contributor

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@jpflueger
Copy link
Contributor Author

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

frodopwns
frodopwns approved these changes Apr 20, 2020
View reviewed changes
Copy link
Contributor

@frodopwns frodopwns left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@jpflueger jpflueger merged commit 5b9018f into Azure:master Apr 20, 2020
@jpflueger jpflueger deleted the cosmosdb-secret-output branch April 20, 2020 21:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frodopwns frodopwns frodopwns approved these changes

Assignees

@jpflueger jpflueger

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Task: CosmosDB: Store outputs from provisioning as secrets in kube or global keyvault or per resource keyvault
2 participants
@jpflueger @frodopwns