Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix DatadogAgent secret backend usage #454

Merged
merged 3 commits into from
Mar 17, 2022
Merged

Fix DatadogAgent secret backend usage #454

merged 3 commits into from
Mar 17, 2022

Conversation

celenechang
Copy link
Contributor

What does this PR do?

The secret backend feature for DatadogAgent was not working properly. This fixes the feature so that any credentials can use it. In addition, the Operator no longer creates a secret if it's not needed (i.e. it will not create an empty secret).

Other changes:

  • create secret_common.go to hold common functions
  • add new examples/datadogagent/datadog-agent-secret-backend.yaml
  • update secret backed documentation

Motivation

Fix

Additional Notes

Anything else we should know when reviewing?

Describe your test plan

Use the new datadog-agent-secret-backend.yaml example file to test the secret backend feature.

For completeness, can test the following cases (make sure the keys are read properly and the Agent can connect to the Cluster Agent):

(Create a secret containing credentials with kubectl create secret generic test-secret --from-literal=api_key='<token>' --from-literal=app_key='<token>' --from-literal=token='<token>' )

  1. secret backend not used (check that Operator creates a secret based on provided credentials)
  2. only API key uses secret backend
  3. only App key uses secret backend
  4. only token uses secret backend
  5. all three (API key, App key, token) use secret backend
  6. set API key using APISecret
  7. set App key using APPSecret
  8. enable ExternalMetrics with keys configured in ExternalMetricsCredentials, no secret backend
  9. enable ExternalMetrics with keys configured in ExternalMetricsCredentials, with secret backend

@celenechang celenechang added bug Something isn't working documentation Improvements or additions to documentation component/controller labels Mar 10, 2022
@celenechang celenechang added this to the v0.8.0 milestone Mar 10, 2022
@celenechang celenechang requested review from a team as code owners March 10, 2022 16:39
@celenechang
Copy link
Contributor Author

working on tests

jtappa
jtappa approved these changes Mar 10, 2022
View reviewed changes
Copy link

@jtappa jtappa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻 from docs team

@celenechang celenechang force-pushed the celene/secretbackend_fix branch from 99ed7b0 to 79320f5 Compare March 11, 2022 13:54
@codecov-commenter
Copy link

codecov-commenter commented Mar 12, 2022
edited
Loading

Codecov Report

Merging #454 (0c9d8f0) into main (b5d7827) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #454   +/-   ##
=======================================
  Coverage   60.60%   60.60%           
=======================================
  Files           3        3           
  Lines         132      132           
=======================================
  Hits           80       80           
  Misses         40       40           
  Partials       12       12
Flag Coverage Δ
unittests 60.60% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b5d7827...0c9d8f0. Read the comment docs.

clamoriniere
clamoriniere reviewed Mar 14, 2022
View reviewed changes
docs/secret_management.md
Comment on lines +193 to +196
- name: DD_SECRET_BACKEND_COMMAND
value: "/readsecret.sh"
- name: DD_SECRET_BACKEND_ARGUMENTS
value: "/etc/secret-volume"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For v2.DatadogAgent we could imaging to have specific fields for configuring the secret-backend

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i have a list of a couple changes to make for v2 regarding this feature, will add this too

clamoriniere
clamoriniere approved these changes Mar 17, 2022
View reviewed changes
Copy link
Collaborator

@clamoriniere clamoriniere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💯

@celenechang celenechang merged commit 22cf913 into main Mar 17, 2022
@celenechang celenechang deleted the celene/secretbackend_fix branch March 17, 2022 13:42
@khewonc khewonc mentioned this pull request May 17, 2022
Merged
mftoure pushed a commit that referenced this pull request Oct 3, 2024
@celenechang
Fix DatadogAgent secret backend usage (#454)
268ccb0 
* secret backend fixes and test updates
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

@jtappa jtappa jtappa approved these changes

@clamoriniere clamoriniere clamoriniere approved these changes

Assignees
No one assigned
Labels
bug Something isn't working component/controller documentation Improvements or additions to documentation
Projects
None yet
Milestone
v0.8.0
Development

Successfully merging this pull request may close these issues.
4 participants
@celenechang @codecov-commenter @clamoriniere @jtappa