-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add additional info for secret drivers #2738
Add additional info for secret drivers #2738
Conversation
Could it be that the CI integration test is not related to this PR? |
9448225
to
1bb52fa
Compare
Codecov Report
@@ Coverage Diff @@
## master #2738 +/- ##
=========================================
+ Coverage 61.84% 62% +0.16%
=========================================
Files 137 137
Lines 22047 22047
=========================================
+ Hits 13634 13670 +36
+ Misses 6945 6898 -47
- Partials 1468 1479 +11 |
I added |
1bb52fa
to
4369539
Compare
With docker/go-plugins-helpers#111 now merged, here's an example plugin that would use the additional info: https://gitlab.com/sirlatrom/docker-secretprovider-plugin-vault |
When this PR is merged, I can move on with integrating it in my plugin at https://gitlab.com/sirlatrom/docker-secretprovider-plugin-vault/merge_requests/4 |
d80c1c1
to
69dea6e
Compare
@dperny Any chance you could have a look at this? It would greatly enhance secret drivers' ability to deliver a timely and well-informed response. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
1fdde89
to
a1b2f46
Compare
I cannot reproduce the CI failure; seems to be flaky. I saw the same happening on #2735. |
@wk8 @dperny @anshulpundir |
@sirlatrom you can btw trigger rebuild example by changing commit text a bit and using git push -f after that. Failing test looks to be same than on #2559 |
@olljanat Yeah, thanks, I tried that a couple of times but ran out of creativity as for what I could mix up. What's funny is, the PR passed CI earlier, and I just wanted to rebase on master before pinging folks at Docker to merge. I'll change some random text until it passes, I guess. |
a1b2f46
to
3d21b49
Compare
This provides more context for the secret driver when it is requested the value for the secret. It is useful both for audit purposes, e.g. an external system logging which task requested what secret, as well as in a scenario where the plugin would return a different value (or error) based on e.g. labels on the secret. Signed-off-by: Sune Keller <absukl@almbrand.dk>
3d21b49
to
537000a
Compare
Yay, I won the CI lottery! 😅 |
jackpot! |
Changes included; - moby/swarmkit#2735 Assign secrets individually to each task - moby/swarmkit#2759 Adding a new `Deallocator` component - moby/swarmkit#2738 Add additional info for secret drivers - moby/swarmkit#2775 Increase grpc max recv message size - addresses moby#37941 - addresses moby#37997 - follow-up to moby#38103 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Changes included; - moby/swarmkit#2735 Assign secrets individually to each task - moby/swarmkit#2759 Adding a new `Deallocator` component - moby/swarmkit#2738 Add additional info for secret drivers - moby/swarmkit#2775 Increase grpc max recv message size - addresses moby/moby#37941 - addresses moby/moby#37997 - follow-up to moby/moby#38103 Signed-off-by: Sebastiaan van Stijn <github@gone.nl> Upstream-commit: be3843c8c8fb30b4a604dae9d0dad3d393db717c Component: engine
Changes included; - moby/swarmkit#2735 Assign secrets individually to each task - moby/swarmkit#2759 Adding a new `Deallocator` component - moby/swarmkit#2738 Add additional info for secret drivers - moby/swarmkit#2775 Increase grpc max recv message size - addresses moby#37941 - addresses moby#37997 - follow-up to moby#38103 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
- What I did
I added the following fields to the type SecretsProviderRequest:
This provides more context for the secret driver when it is requested the value for the secret. It is useful both for audit purposes, e.g. an external system (such as HashiCorp Vault) logging which task requested what secret, as well as in a scenario where the plugin would return a different value (or error) based on e.g. labels on the secret.
- How I did it
I added the fields to the type and to the struct when it is built for the request to be made.
- How to test it
Write a plugin that makes use of the new fields. This would be made easier if docker/go-plugins-helpers#111 were merged.
- Description for the changelog
Provide additional secret, task and node context for secret driver plugins.