Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature add secrets store resources #52

Merged
merged 4 commits into from
Nov 22, 2024
Merged

Feature add secrets store resources #52

merged 4 commits into from
Nov 22, 2024

Conversation

AngeloB-AIS
Copy link
Contributor

No description provided.

@AngeloB-AIS
Copy link
Contributor Author

@CodiumAI-Agent /describe

@CodiumAI-Agent
Copy link

Title

Feature add secrets store resources

PR Type

enhancement, configuration changes

Description

  • Added support for AWS Secrets Manager integration using the Secrets Store CSI Driver.
  • Introduced new ClusterRole and ClusterRoleBinding for managing secrets access.
  • Updated server, worker, and temporal deployments to use secrets from AWS Secrets Manager.
  • Added service account configuration with optional annotations.
  • Enhanced configuration files to conditionally handle database credentials based on secrets store settings.

Changes walkthrough 📝

Relevant files
Configuration changes
multiwoven-cluster-role.yaml
Add ClusterRole and Binding for Secrets Store CSI Driver 

charts/multiwoven/templates/multiwoven-cluster-role.yaml

  • Added ClusterRole and ClusterRoleBinding for secrets-store-csi-driver.
  • Defined access rules for Kubernetes secrets.
    		•  +26/-0   
    multiwoven-config.yaml
    Update Database Configuration with Conditional Secrets Handling

    charts/multiwoven/templates/multiwoven-config.yaml

  • Added conditional logic for DB_PASSWORD and DB_USERNAME based on
    secretsStore.
  • Introduced DB_PORT configuration.
    		•  +3/-1     
    multiwoven-secret-provider-class.yaml
    Add SecretProviderClass for AWS Secrets Manager Integration

    charts/multiwoven/templates/multiwoven-secret-provider-class.yaml

  • Added SecretProviderClass for AWS Secrets Manager integration.
  • Mapped AWS secrets to Kubernetes secret objects.
    		•  +30/-0   
    multiwoven-service-account.yaml
    Add ServiceAccount Template with Annotations                         

    charts/multiwoven/templates/multiwoven-service-account.yaml

    • Added ServiceAccount template with optional annotations.
    		 +13/-0   
    values.yaml
    Add Configuration for Service Account and Secrets Store   

    charts/multiwoven/values.yaml

    • Added configuration for serviceAccount and secretsStore.
    		 +11/-0   
    Enhancement
    multiwoven-server-deployment.yaml
    Integrate Secrets Store and Service Account in Server Deployment

    charts/multiwoven/templates/multiwoven-server-deployment.yaml

  • Integrated secrets-store-csi-driver for DB credentials.
  • Added service account configuration.
    		•  +32/-2   
    multiwoven-worker-deployment.yaml
    Integrate Secrets Store and Service Account in Worker Deployment

    charts/multiwoven/templates/multiwoven-worker-deployment.yaml

  • Integrated secrets-store-csi-driver for DB credentials.
  • Added service account configuration.
    		•  +32/-2   
    temporal-deployment.yaml
    Integrate Secrets Store and Service Account in Temporal Deployment

    charts/multiwoven/templates/temporal-deployment.yaml

  • Integrated secrets-store-csi-driver for DB credentials.
  • Added service account configuration.
    		•  +32/-0   

    💡 PR-Agent usage: Comment /help "your question" on any pull request to receive relevant information

    @AngeloB-AIS
    Copy link
    Contributor Author

    @CodiumAI-Agent /review

    @CodiumAI-Agent
    Copy link

    CodiumAI-Agent commented Nov 21, 2024
    edited
    Loading

    PR Reviewer Guide 🔍

    (Review updated until commit cb413ff)

    Here are some key observations to aid the review process:

    ⏱️ Estimated effort to review: 3 🔵🔵🔵⚪⚪
    🧪 No relevant tests
    🔒 Security concerns

    Sensitive information exposure:
    The configuration files may expose sensitive database credentials when the secrets store is disabled. This could lead to accidental exposure if not handled correctly.

    ⚡ Recommended focus areas for review

    Configuration Logic
    The logic to include DB credentials directly in the configuration file should be reviewed to ensure it aligns with best practices for handling sensitive information, especially when the secrets store is disabled.

    Permissions Scope
    The permissions granted to the secrets-store-csi-driver allow 'create' and 'update' operations on secrets, which might be overly permissive depending on the intended use cases.

    @AngeloB-AIS
    Copy link
    Contributor Author

    @CodiumAI-Agent /improve

    @CodiumAI-Agent
    Copy link

    PR Code Suggestions ✨

    No code suggestions found for the PR.

    @AngeloB-AIS
    Copy link
    Contributor Author

    @CodiumAI-Agent /improve
    --pr_code_suggestions.num_code_suggestions_per_chunk="4"

    @CodiumAI-Agent
    Copy link

    PR Code Suggestions ✨

    No code suggestions found for the PR.

    @subintp
    Copy link
    Collaborator

    subintp commented Nov 21, 2024

    @CodiumAI-Agent /review

    @CodiumAI-Agent
    Copy link

    Persistent review updated to latest commit cb413ff

    @AngeloB-AIS AngeloB-AIS merged commit 9d72321 into main Nov 22, 2024
    2 checks passed
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Reviewers

    @RafaelOAiSquared RafaelOAiSquared RafaelOAiSquared approved these changes

    Assignees
    No one assigned
    Labels
    deploy-to-staging
    Projects
    None yet
    Milestone
    No milestone
    Development

    Successfully merging this pull request may close these issues.
    4 participants
    @AngeloB-AIS @CodiumAI-Agent @subintp @RafaelOAiSquared