Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

4.x: Adds OciSecretsConfigSourceProvider.java #7391

Merged
merged 15 commits into from
Aug 21, 2023

Conversation

ljnelson
Copy link
Member

Addresses issue #4238.

Description: OciSecretsConfigSourceProvider is a Helidon SE ConfigSourceProvider that creates a ConfigSource that sources its information from an OCI Vault using the OCI Secrets Retrieval and Vaults APIs. The ConfigSource so created is, as I've been directed, a NodeConfigSource and a PollableSource. Its "have I been modified?" logic is based on metadata also sourced from the vault.

This PR supersedes other PRs that I've made in this general area as it now follows the most recent instructions and directions in this area that I've received. It should be easily back-portable to the helidon-3.x branch. If I understand properly, it should be usable as-is by Helidon's MicroProfile Config implementation via already-present Helidon mechanisms for including ConfigSourceProvider implementations, though I'm not personally familiar yet with how to do this.

I will be closing and re-pointing other PRs here.

Once this PR is approved (if), I will backport it to helidon-3.x.

Documentation impact: There will need to be a couple of examples showing how to configure this ConfigSourceProvider in a meta-config.yaml. (Examples already exist showing how to configure other ConfigSourceProviders; this one is not very different.) Javadoc already exists in this PR to show usage and a sample configuration.

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
@ljnelson ljnelson self-assigned this Aug 16, 2023
@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Aug 16, 2023
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
…ptions

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
…g out into its own method

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
…s for more clarity

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
…ition

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
…etc.

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
@tomas-langer tomas-langer changed the title 4.x/main: Adds OciSecretsConfigSourceProvider.java 4.x: Adds OciSecretsConfigSourceProvider.java Aug 17, 2023
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
@ljnelson ljnelson requested a review from tomas-langer August 17, 2023 16:18
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
…ght annotation per instruction

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
…om.xml from other OCI projects

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
}

@Test
void testUsage() {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'm still not seeing the name change or other pure unit test coverage here.

Copy link
Member Author

@ljnelson ljnelson Aug 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you give me an idea of what you would like to see tested? The reason I ask is because everything else about this is part of Helidon Config, so all of those mechanisms are tested. NodeConfigSources return NodeContent and the Helidon Config framework takes it from there. Everything else in this class is related to connecting to OCI and actually getting a secret. So I'm genuinely not sure what to unit test.

If you have a suggestion for the name of whatever test you're thinking of I am happy to use it.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is some 400+ lines in OciSecretsConfigSourceProvider that should be tested since as it is right now there is nothing currently test covered in the normal case where the pipeline or developer typically does not have an $HOME/.oci/config present in their environment. I am suggesting we have some unit-test coverage on this code for the typical case. Perhaps even consider making more methods package private to be able to test them in isolation, eg. static boolean isModified(Instant pollInstant, Instant closestSecretExpirationInstant), static void completeAllSecretsTasks(Collection<? extends Callable<Void>> tasks, AutoCloseable secrets), Optional<NodeContent> load(Supplier<? extends Vaults> vaultsSupplier, Supplier<? extends Secrets> secretsSupplier, ListSecretsRequest listSecretsRequest) with some fakes or mocks, etc.

Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
@trentjeff trentjeff added the 3.x Issues for 3.x version branch label Aug 21, 2023
trentjeff
trentjeff previously approved these changes Aug 21, 2023
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
@ljnelson ljnelson merged commit fcf588c into helidon-io:main Aug 21, 2023
@ljnelson ljnelson deleted the 4.x-oci-configsource-0 branch August 21, 2023 18:32
ljnelson added a commit to ljnelson/helidon that referenced this pull request Aug 21, 2023
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
ljnelson added a commit that referenced this pull request Aug 21, 2023
Signed-off-by: Laird Nelson <laird.nelson@oracle.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3.x Issues for 3.x version branch 4.x Version 4.x config OCA Verified All contributors have signed the Oracle Contributor Agreement. OCI P2
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

3 participants