Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use openAppSecrets instead of list+Open secret in DataSourceVaultSecr… #826

Merged
merged 5 commits into from
May 2, 2024
Merged

use openAppSecrets instead of list+Open secret in DataSourceVaultSecr… #826

merged 5 commits into from
May 2, 2024

Conversation

hghaf099
Copy link
Contributor

@hghaf099 hghaf099 commented Apr 29, 2024
edited
Loading

🛠️ Description

Addresses: https://hashicorp.atlassian.net/browse/VAULT-26495
We currently call ListAppSecrets, iterate over each secret and individually invoke OpenAppSecret here. This is both inefficient for us and causes additional API usage for the clients.

I think switching to OpenAppSecrets for this data source would be best.

🏗️ Acceptance tests

  • Are there any feature flags that are required to use this functionality?
  • Have you added an acceptance test for the functionality being added?
  • Have you run the acceptance tests on this branch?

Output from acceptance testing:

$ make testacc TESTARGS='-run=TestAcc_dataSourceVaultSecretsApp'

...

=== RUN   TestAcc_dataSourceVaultSecretsAppMigration
--- PASS: TestAcc_dataSourceVaultSecretsAppMigration (12.94s)
=== RUN   TestAcc_dataSourceVaultSecretsApp
    data_source_vault_secrets_app_test.go:97: secrets:  secret_one  =  hey, this is version 1!
    data_source_vault_secrets_app_test.go:97: secrets:  secret_two  =  hey, this is version 2!
--- PASS: TestAcc_dataSourceVaultSecretsApp (6.39s)
PASS
ok      github.com/hashicorp/terraform-provider-hcp/internal/provider/vaultsecrets      20.318s
testing: warning: no tests to run
PASS

To test this, I also created the following helper function:


func openTestAppSecret(t *testing.T, appName string) {
	t.Helper()

	client := acctest.HCPClients(t)

	loc := &sharedmodels.HashicorpCloudLocationLocation{
		OrganizationID: client.Config.OrganizationID,
		ProjectID:      client.Config.ProjectID,
	}

	secrets, err := clients.OpenVaultSecretsAppSecrets(context.Background(), client, loc, appName)
	if err != nil {
		t.Fatal(err)
	}
	if len(secrets) != 2 {
		t.Fatal("failed to read the secrets")
	}
	for _, s := range secrets {
		t.Log("secrets: ", s.Name, " = ", s.Version.Value)
	}

}

Added the above function to TestAcc_dataSourceVaultSecretsApp test on line 97 (which is after the test creates two secrets). The test passes and generates the following DD log:

image

@hghaf099 hghaf099 requested review from codergs, a team and averche April 29, 2024 20:55
codergs
codergs reviewed Apr 29, 2024
View reviewed changes
Copy link
Contributor

@codergs codergs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, this looks good me!

codergs
codergs reviewed Apr 29, 2024
View reviewed changes
internal/clients/vault_secrets.go

var secrets *secret_service.OpenAppSecretsOK
var err error
for attempt := 0; attempt < retryCount; attempt++ {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: I know this bloats code, but to provide an abstraction with type casting to all known vault secrets input/output types seems poor for readability to me personally, but we can always consider doing that. also, should be a separate ticket.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with the type casting, which I think I tried to avoid it. The type is being examined in the body of this function. But, then the generic part of retry logic is refactored.
I considered working on the refactoring part in another ticket, but, the change I believe is small enough to include it here.

@codergs
Copy link
Contributor

codergs commented Apr 29, 2024

Not seeing the test openTestAppSecret you mentioned in the comments.

@hghaf099
Copy link
Contributor Author

Not seeing the test openTestAppSecret you mentioned in the comments.

I provided a snippet of that. I just used that for local testing.

@codergs
Copy link
Contributor

codergs commented Apr 29, 2024

Not seeing the test openTestAppSecret you mentioned in the comments.

I provided a snippet of that. I just used that for local testing.

If you want this test persisted, then we should be able to extend our acceptance tests easily.

@hghaf099
Copy link
Contributor Author

Not seeing the test openTestAppSecret you mentioned in the comments.

I provided a snippet of that. I just used that for local testing.

If you want this test persisted, then we should be able to extend our acceptance tests easily.

So, the TestAcc_dataSourceVaultSecretsApp test actually practices the new code path. So, this data source runs the new code for which I have posted the DD log screen shot. The code snippet I provided was just for own sake as part of double assurance. But, that is really not necessary in my view.

@codergs
Copy link
Contributor

codergs commented Apr 29, 2024

Not seeing the test openTestAppSecret you mentioned in the comments.

I provided a snippet of that. I just used that for local testing.

If you want this test persisted, then we should be able to extend our acceptance tests easily.

So, the TestAcc_dataSourceVaultSecretsApp test actually practices the new code path. So, this data source runs the new code for which I have posted the DD log screen shot. The code snippet I provided was just for own sake as part of double assurance. But, that is really not necessary in my view.

Ahh, understood. Existing test is fine then.

@codergs
Copy link
Contributor

codergs commented Apr 30, 2024

Can't approve as it's in draft.

@hghaf099 hghaf099 marked this pull request as ready for review April 30, 2024 15:06
@hghaf099 hghaf099 requested review from a team as code owners April 30, 2024 15:06
@hghaf099 hghaf099 requested review from himran92 and codergs April 30, 2024 15:06
@hghaf099 hghaf099 requested a review from a team April 30, 2024 15:26
manish-hashicorp
manish-hashicorp approved these changes Apr 30, 2024
View reviewed changes
Copy link
Contributor

@manish-hashicorp manish-hashicorp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rubber stamping

internal/clients/response.go Show resolved Hide resolved
nywilken
nywilken approved these changes May 1, 2024
View reviewed changes
Copy link
Contributor

@nywilken nywilken left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@hghaf099 hghaf099 merged commit 94891cd into main May 2, 2024
6 checks passed
@hghaf099 hghaf099 deleted the use-OpenAppSecrets-instead branch May 2, 2024 15:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@manish-hashicorp manish-hashicorp manish-hashicorp approved these changes

@codergs codergs codergs approved these changes

@nywilken nywilken nywilken approved these changes

@averche averche Awaiting requested review from averche

@himran92 himran92 Awaiting requested review from himran92 himran92 was automatically assigned from hashicorp/vault-cloud

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hghaf099 @codergs @nywilken @manish-hashicorp