feat(fetch_secret): Add possibility to call vault in windows context #29467
Conversation
chouetz
added
changelog/no-changelog
qa/no-code-change
|
[Fast Unit Tests Report] On pipeline 44802112 (CI Visibility). The following jobs did not run any unit tests: Jobs:
If you modified Go files and expected unit tests to run in these jobs, please double check the job logs. If you think tests should have been executed reach out to #agent-devx-help |
Regression DetectorRegression Detector ResultsRun ID: 04d5168f-890b-4713-9535-ff3752de2532 Metrics dashboard Target profiles Baseline: 0121fe2 Performance changes are noted in the perf column of each table:
No significant changes in experiment optimization goalsConfidence level: 90.00% There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.
|
| perf | experiment | goal | Δ mean % | Δ mean % CI | trials | links |
|---|---|---|---|---|---|---|
| ➖ | pycheck_lots_of_tags | % cpu utilization | +1.93 | [-0.73, +4.58] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api_cpu | % cpu utilization | +0.49 | [-0.28, +1.26] | 1 | Logs |
| ➖ | tcp_syslog_to_blackhole | ingress throughput | +0.47 | [+0.42, +0.52] | 1 | Logs |
| ➖ | basic_py_check | % cpu utilization | +0.28 | [-2.60, +3.15] | 1 | Logs |
| ➖ | file_tree | memory utilization | +0.15 | [+0.04, +0.27] | 1 | Logs |
| ➖ | uds_dogstatsd_to_api | ingress throughput | +0.00 | [-0.00, +0.00] | 1 | Logs |
| ➖ | tcp_dd_logs_filter_exclude | ingress throughput | -0.00 | [-0.01, +0.01] | 1 | Logs |
| ➖ | idle | memory utilization | -0.04 | [-0.08, +0.01] | 1 | Logs |
| ➖ | otel_to_otel_logs | ingress throughput | -0.73 | [-1.56, +0.09] | 1 | Logs |
Bounds Checks
| perf | experiment | bounds_check_name | replicates_passed |
|---|---|---|---|
| ❌ | idle | memory_usage | 9/10 |
Explanation
A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".
For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:
-
Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.
-
Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.
-
Its configuration does not mark it "erratic".
| @@ -383,7 +383,7 @@ def __repr__(self): | |||
| def list_get_parameter_calls(file): | |||
| aws_ssm_call = re.compile(r"^.+ssm get-parameter.+--name +(?P<param>[^ ]+).*$") | |||
| # remove the first letter of the script name because '\f' is badly interpreted for windows paths | |||
| wrapper_call = re.compile(r"^.+etch_secret.(sh|ps1)[\"]? +(?P<param>[^ )]+).*$") | |||
| wrapper_call = re.compile(r"^.+etch_secret.(sh|ps1)[\"]? (-parameterName )?+(?P<param>[^ )]+).*$") | |||
There was a problem hiding this comment.
❓ question: Should this match vault parameters? As it creates SSMParameterCalls maybe the vault parameters must be ignored. Otherwise, do we have to update this function and split ssm / vault parameters?
|
/merge |
|
🚂 MergeQueue: pull request added to the queue The median merge time in Use |
What does this PR do?
Modify the
fetch_secrets.ps1to be able to callvaultinstead ofaws ssmMotivation
JIRA - Security recommendation is to use
vaultDescribe how to test/QA your changes
Possible Drawbacks / Trade-offs
Additional Notes