Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update rbac to support secret backend multiple providers script #459

Merged
merged 2 commits into from
Apr 5, 2022
Merged

update rbac to support secret backend multiple providers script #459

merged 2 commits into from
Apr 5, 2022

Conversation

celenechang
Copy link
Contributor

What does this PR do?

To support use of the secret backend multiple providers script in the agent when deployed with the Datadog Operator.

Motivation

Feature parity

Additional Notes

Anything else we should know when reviewing?

Describe your test plan

  • Create a secret called test-secret (in the example below, it is in the system namespace)
  • Modify the examples/datadogagent/datadog-agent-secret-backend.yaml file to include the following:
spec:
  credentials:
    apiKey: ENC[k8s_secret@system/test-secret/api_key]
    appKey: ENC[k8s_secret@system/test-secret/app_key]
    useSecretBackend: true
  agent:
    env:
      - name: DD_SECRET_BACKEND_COMMAND
        value: "/readsecret_multiple_providers.sh"
  clusterAgent:
    enabled: true
    config:
      env:
        - name: DD_SECRET_BACKEND_COMMAND
          value: "/readsecret_multiple_providers.sh"
  • make sure that the agents and cluster agent start properly, and that the agent can connect to the cluster agent

@celenechang celenechang requested review from a team as code owners March 18, 2022 18:37
github-actions[bot]
github-actions bot requested changes Mar 18, 2022
View reviewed changes
Copy link

@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This pull request does not contain a valid label. Please add one of the following labels: bug, enhancement, refactoring, documentation, tooling

@celenechang celenechang added this to the v0.8.0 milestone Mar 18, 2022
@celenechang celenechang added documentation Improvements or additions to documentation enhancement New feature or request component/controller labels Mar 18, 2022
@codecov-commenter
Copy link

codecov-commenter commented Mar 18, 2022
edited
Loading

Codecov Report

Merging #459 (e0a013c) into main (22cf913) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #459   +/-   ##
=======================================
  Coverage   60.60%   60.60%           
=======================================
  Files           3        3           
  Lines         132      132           
=======================================
  Hits           80       80           
  Misses         40       40           
  Partials       12       12
Flag Coverage Δ
unittests 60.60% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 22cf913...e0a013c. Read the comment docs.

clamoriniere
clamoriniere reviewed Mar 18, 2022
View reviewed changes
docs/secret_management.md
Comment on lines +230 to +233
credentials:
apiKey: ENC[k8s_secret@default/test-secret/api_key]
appKey: ENC[k8s_secret@default/test-secret/app_key]
useSecretBackend: true
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of documenting how to add an envvar.
should we add an option in the credentials section to select which secret backend script they want to use?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was thinking of saving this for v2, i.e. creating a SecretBackend section (and removing credentials.useSecretBackend). I could add on to the existing credentials section for now if you think it's worth doing?

urseberry
urseberry approved these changes Mar 21, 2022
View reviewed changes
docs/secret_management.md Outdated Show resolved Hide resolved
@celenechang celenechang merged commit c5aa4c7 into main Apr 5, 2022
@celenechang celenechang deleted the celene/secret_backend_rbac branch April 5, 2022 15:54
@khewonc khewonc mentioned this pull request May 17, 2022
Merged
mftoure pushed a commit that referenced this pull request Oct 3, 2024
@celenechang @urseberry
update rbac to support secret backend multiple providers script (#459)
39f3f2e 
* update rbac to support secret backend multiple providers script

Co-authored-by: Ursula Chen <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@urseberry urseberry urseberry approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

@clamoriniere clamoriniere clamoriniere approved these changes

Assignees
No one assigned
Labels
component/controller documentation Improvements or additions to documentation enhancement New feature or request
Projects
None yet
Milestone
v0.8.0
Development

Successfully merging this pull request may close these issues.
4 participants
@celenechang @codecov-commenter @clamoriniere @urseberry