Skip to content

Check secret existence #14865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 21, 2025
Merged

Check secret existence #14865

merged 1 commit into from
Feb 21, 2025

Conversation

CyberROFL
Copy link
Member

@CyberROFL CyberROFL commented Feb 20, 2025
edited
Loading

Changelog entry

...

Changelog category

  • Not for changelog (changelog entry is not required)

Description for reviewers

...

@CyberROFL CyberROFL self-assigned this Feb 20, 2025
@CyberROFL CyberROFL requested a review from jepett0 February 20, 2025 17:48
@CyberROFL CyberROFL marked this pull request as ready for review February 20, 2025 17:48
@CyberROFL CyberROFL requested a review from a team as a code owner February 20, 2025 17:48
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 20, 2025
edited
Loading

🟢 2025-02-20 17:55:16 UTC The validation of the Pull Request description is successful.

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 20, 2025
edited
Loading

2025-02-20 17:50:57 UTC Pre-commit check linux-x86_64-relwithdebinfo for ec8eca8 has started.
2025-02-20 17:57:42 UTC Artifacts will be uploaded here
2025-02-20 18:00:43 UTC ya make is running...
🟡 2025-02-20 18:49:23 UTC Some tests failed, follow the links below. Going to retry failed tests...

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
19190 17833 0 3 1222 132

2025-02-20 18:51:19 UTC ya make is running... (failed tests rerun, try 2)
🟢 2025-02-20 19:18:20 UTC Tests successful.

Test history | Ya make output | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
211 (only retried tests) 83 0 0 2 126

🟢 2025-02-20 19:18:27 UTC Build successful.
🟢 2025-02-20 19:18:49 UTC ydbd size 2.1 GiB changed* by +3.5 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash main: 1ab62a5 merge: ec8eca8 diff diff %
ydbd size 2 239 518 032 Bytes 2 239 521 624 Bytes +3.5 KiB +0.000%
ydbd stripped size 474 552 152 Bytes 474 552 152 Bytes 0 Bytes 0.000%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 20, 2025
edited
Loading

2025-02-20 17:57:36 UTC Pre-commit check linux-x86_64-release-asan for ec8eca8 has started.
2025-02-20 17:58:03 UTC Artifacts will be uploaded here
2025-02-20 18:00:53 UTC ya make is running...
🟡 2025-02-20 19:05:24 UTC Some tests failed, follow the links below. This fail is not in blocking policy yet Going to retry failed tests...

Test history | Ya make output | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
11874 11804 0 28 8 34

2025-02-20 19:06:41 UTC ya make is running... (failed tests rerun, try 2)
🟢 2025-02-20 19:24:56 UTC Tests successful.

Test history | Ya make output | Test bloat | Test bloat

TESTS PASSED ERRORS FAILED SKIPPED MUTED?
114 (only retried tests) 79 0 0 4 31

🟢 2025-02-20 19:25:03 UTC Build successful.
🟢 2025-02-20 19:25:27 UTC ydbd size 3.6 GiB changed* by +8.1 KiB, which is < 100.0 KiB vs main: OK

ydbd size dash main: 1ab62a5 merge: ec8eca8 diff diff %
ydbd size 3 895 685 312 Bytes 3 895 693 656 Bytes +8.1 KiB +0.000%
ydbd stripped size 1 364 075 232 Bytes 1 364 077 344 Bytes +2.1 KiB +0.000%

*please be aware that the difference is based on comparing your commit and the last completed build from the post-commit, check comparation

jepett0
jepett0 reviewed Feb 21, 2025
View reviewed changes
ydb/public/lib/ydb_cli/dump/restore_impl.cpp
@@ -1262,6 +1294,11 @@ TRestoreResult TRestoreClient::RestoreExternalDataSource(
}

TString query = ReadExternalDataSourceQuery(fsPath, Log.get());
if (const auto secretName = GetSecretName(query)) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

External data sources can depend on multiple secrets, see TAuth message describing the authorization for a particular data source

ydb/public/lib/ydb_cli/dump/util/query_utils.cpp
return GetToken(query, R"(-- database: ")");
}

TString GetSecretName(const TString& query) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function has very limited functionality. I guess it is enough to check restorability of an external data source that uses static authorization (login + password), or an authorization by token. However, there are a lot more supported authorization methods, which require different secret names.

Moreover, why even bother detecting missing secrets, if an external data source (and I guess an async replication too) will detect the missing secrets themselves on the creation attempt?

ydb/library/backup/backup.cpp
@@ -808,7 +808,7 @@ Ydb::Table::DescribeExternalDataSourceResult DescribeExternalDataSource(TDriver

std::string ToString(std::string_view key, std::string_view value) {
// indented to follow the default YQL formatting
return std::format(R"( {} = "{}")", key, value);
return std::format(R"( {} = '{}')", key, value);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nitpick: why 2 spaces and not 4? Isn't the 4 spaces the default formatting?

jepett0
jepett0 reviewed Feb 21, 2025
View reviewed changes
ydb/public/lib/ydb_cli/dump/restore_impl.cpp
@@ -1110,6 +1111,32 @@ TRestoreResult TRestoreClient::RestoreTopic(
return Result<TRestoreResult>(dbPath, std::move(result));
}

TRestoreResult TRestoreClient::CheckSecretExistence(const TString& secretName) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to see a little comment explaining how this is the only way to check the secret existence at the moment, because this approach is very counter intuitive. Possibly in the later PRs

@CyberROFL CyberROFL merged commit c062262 into ydb-platform:main Feb 21, 2025
16 checks passed
@CyberROFL CyberROFL deleted the check-secret-existence branch February 21, 2025 08:58
This was referenced Feb 21, 2025
Closed
Merged
@serbel324 serbel324 mentioned this pull request Feb 25, 2025
Merged
lberserq pushed a commit to lberserq/ydb that referenced this pull request Mar 3, 2025
@CyberROFL
Check secret existence (ydb-platform#14865)
b3e5767
@GrigoriyPA GrigoriyPA mentioned this pull request Mar 4, 2025
Closed
This was referenced Mar 10, 2025
Merged
Merged
blinkov pushed a commit that referenced this pull request Mar 21, 2025
@CyberROFL @blinkov
Check secret existence (#14865)
ebef1f0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pnv1 pnv1 pnv1 approved these changes

@jepett0 jepett0 jepett0 approved these changes

Assignees

@CyberROFL CyberROFL

Labels
not-for-changelog
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@CyberROFL @pnv1 @jepett0