Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config Generation: Generate resources with sensitive attributes #1715

Merged
merged 3 commits into from
Jul 26, 2024
Merged

Config Generation: Generate resources with sensitive attributes #1715

merged 3 commits into from
Jul 26, 2024

Conversation

julienduchesne
Copy link
Member

This is a fairly complex one but it's the last missing piece to full config generation

The terraform plan -generate-config-out command is overly aggressive in redacting sensitive values

Whenever a child attribute of a block is sensitive, the whole block is redacted, meaning that the generated resources are invalid if the block was required

In this PR:

  • Add listers for grafana_user and grafana_contact_point
  • Replace nulled sensitive attributes with a placeholder (example: password in grafana_user_)
  • Generate "sensitive" blocks by making all attribute non-sensitive. This is a bit hacky but it's integrated well enough and I haven't found a better way (tried lots of things)

@julienduchesne
Config Generation: Generate resources with sensitive attributes
8a4ed6b 
This is a fairly complex one but it's the last missing piece to full config generation

The `terraform plan -generate-config-out` command is overly aggressive in redacting sensitive values

Whenever a child attribute of a block is sensitive, the whole block is redacted, meaning that the generated resources are invalid if the block was required

In this PR:
- Add listers for `grafana_user` and `grafana_contact_point`
- Replace nulled sensitive attributes with a placeholder (example: `password` in `grafana_user`_)
- Generate "sensitive" blocks by making all attribute non-sensitive. This is a bit hacky but it's integrated well enough and I haven't found a better way (tried lots of things)
@github-actions GitHub Actions
Copy link

In order to lower resource usage and have a faster runtime, PRs will not run Cloud tests automatically.
To do so, a Grafana Labs employee must trigger the cloud acceptance tests workflow manually.

@julienduchesne julienduchesne marked this pull request as ready for review July 25, 2024 15:03
@julienduchesne julienduchesne requested review from a team as code owners July 25, 2024 15:03
@julienduchesne julienduchesne merged commit e83dd62 into main Jul 26, 2024
26 checks passed
@julienduchesne julienduchesne deleted the julienduchesne/generate-secrets branch July 26, 2024 19:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@julienduchesne