Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(vault): implements custom secret folder config #4385

Merged
merged 4 commits into from
Sep 19, 2024
Merged

feat(vault): implements custom secret folder config #4385

merged 4 commits into from
Sep 19, 2024

Conversation

saschaisele-zf
Copy link
Contributor

What this PR changes/adds

Adds the possibility to configure a folder for the storage of secrets inside Hashicorp Vault.

Why it does that

Additional feature, as described in the discussion and issue.

Linked Issue(s)

Closes #4384

Please be sure to take a look at the contributing guidelines and our etiquette for pull requests.

@saschaisele-zf saschaisele-zf marked this pull request as ready for review July 31, 2024 16:06
@codecov-commenter
Copy link

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 74.96%. Comparing base (7f20ba5) to head (e41143d).
Report is 373 commits behind head on main.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #4385      +/-   ##
==========================================
+ Coverage   71.74%   74.96%   +3.22%     
==========================================
  Files         919     1071     +152     
  Lines       18457    21478    +3021     
  Branches     1037     1175     +138     
==========================================
+ Hits        13242    16102    +2860     
- Misses       4756     4852      +96     
- Partials      459      524      +65

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@florianrusch-zf florianrusch-zf self-requested a review July 31, 2024 19:24
@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 8, 2024

This pull request is stale because it has been open for 7 days with no activity.

@github-actions github-actions bot added the stale Open for x days with no activity label Aug 8, 2024
florianrusch
florianrusch suggested changes Aug 8, 2024
View reviewed changes
...t/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultExtension.java Outdated
@@ -71,6 +71,9 @@ public class HashicorpVaultExtension implements ServiceExtension {
@Setting(value = "The URL path of the vault's /secret endpoint", defaultValue = VAULT_API_SECRET_PATH_DEFAULT)
public static final String VAULT_API_SECRET_PATH = "edc.vault.hashicorp.api.secret.path";

@Setting(value = "The path of the folder that the secret is stored in", required = false, defaultValue = "")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, the original is correct and more concise

...t/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultExtension.java
@@ -71,6 +71,9 @@ public class HashicorpVaultExtension implements ServiceExtension {
@Setting(value = "The URL path of the vault's /secret endpoint", defaultValue = VAULT_API_SECRET_PATH_DEFAULT)
public static final String VAULT_API_SECRET_PATH = "edc.vault.hashicorp.api.secret.path";

@Setting(value = "The path of the folder that the secret is stored in", required = false, defaultValue = "")
public static final String VAULT_FOLDER_PATH = "edc.vault.hashicorp.folder";
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we maybe name it subfolder?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The question is whether the path is relative or absolute, not if it is a subfolder

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess it depends on how you define relative/absolute in this case, right? 😄

For example the "full" URL would be: https://the-vault.com/v1/secrets/data/some/deep/deep/deep/folder/my-secret
This url splits up in the following parts:

  • https://the-vault.com/v1/secrets (already covered by VAULT_URL and VAULT_API_SECRET_PATH)
  • data (or metadata)
  • some/deep/deep/deep/folder (will be covered by VAULT_FOLDER_PATH
  • my-secret

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An absolute path always starts with a scheme, so I don't think there is any ambiguity here. From the example, the path is always relative so it should explicitly state that, "The path of the folder relative to VAULT_FOLDER_PATH..."

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@SaschaIsele can you please align the changes

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

changed the description to reflect the relative nature of the path

jimmarino
jimmarino reviewed Aug 8, 2024
View reviewed changes
...t/vault-hashicorp/src/main/java/org/eclipse/edc/vault/hashicorp/HashicorpVaultExtension.java Outdated
@@ -71,6 +71,9 @@ public class HashicorpVaultExtension implements ServiceExtension {
@Setting(value = "The URL path of the vault's /secret endpoint", defaultValue = VAULT_API_SECRET_PATH_DEFAULT)
public static final String VAULT_API_SECRET_PATH = "edc.vault.hashicorp.api.secret.path";

@Setting(value = "The path of the folder that the secret is stored in", required = false, defaultValue = "")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, the original is correct and more concise

@github-actions github-actions bot removed the stale Open for x days with no activity label Aug 9, 2024
@github-actions GitHub Actions
Copy link

This pull request is stale because it has been open for 7 days with no activity.

@github-actions github-actions bot added stale Open for x days with no activity and removed stale Open for x days with no activity labels Aug 17, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 6, 2024

This pull request is stale because it has been open for 7 days with no activity.

@github-actions github-actions bot added the stale Open for x days with no activity label Sep 6, 2024
@github-actions github-actions bot removed the stale Open for x days with no activity label Sep 7, 2024
saschaisele-zf and others added 2 commits September 9, 2024 17:15
@saschaisele-zf @SaschaIsele
feat(vault): implements custom secret folder config
1de44d3 
Signed-off-by: Sascha Isele <sascha.isele.external@zf.com>
@SaschaIsele
feat(vault): review suggestions
9b53e68 
Signed-off-by: Sascha Isele <s.isele@cluetec.de>
@ndr-brt ndr-brt added the enhancement New feature or request label Sep 19, 2024
@ndr-brt ndr-brt merged commit efdeccd into eclipse-edc:main Sep 19, 2024
22 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmarino jimmarino jimmarino left review comments

@florianrusch florianrusch florianrusch requested changes

@SaschaIsele SaschaIsele SaschaIsele left review comments

@ndr-brt ndr-brt ndr-brt approved these changes

@paullatzelsperger paullatzelsperger Awaiting requested review from paullatzelsperger paullatzelsperger is a code owner

@florianrusch-zf florianrusch-zf Awaiting requested review from florianrusch-zf

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Hashicorp Vault folder configuration
6 participants
@saschaisele-zf @codecov-commenter @jimmarino @florianrusch @ndr-brt @SaschaIsele