SecretStores advertise supported Features(). #2069
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tmacam
force-pushed
the
SecretStoreFeature_I2047
branch
from
a4c06a3 to
8bf16c7
Compare
mcandeia
suggested changes
Sep 12, 2022
secretstores/feature.go
Outdated
| @@ -0,0 +1,33 @@ | |||
| /* | |||
| Copyright 2021 The Dapr Authors | |||
secretstores/feature.go
Outdated
| ) | ||
|
|
||
| // Feature names a feature that can be implemented by Secret Store components. | ||
| type Feature string |
There was a problem hiding this comment.
nit: invert the declaring order: Define type feature first then define by its values below
There was a problem hiding this comment.
I was following the example from state/feature.go and pubsub/feature.go but yeah, you are right, it would look and read better inverted. Fixed in next revision.
| s.Init(m) | ||
| t.Run("no features are advertised", func(t *testing.T) { | ||
| f := s.Features() | ||
| assert.Equal(t, 0, len(f)) |
There was a problem hiding this comment.
nit:
Suggested change
| assert.Equal(t, 0, len(f)) | |
| assert.Empty(t, f) |
There was a problem hiding this comment.
I am pushing a revision with this change.
| // Yes, we are skipping initialization as feature retrieval doesn't depend on it. | ||
| t.Run("no features are advertised", func(t *testing.T) { | ||
| f := s.Features() | ||
| assert.Equal(t, 0, len(f)) |
There was a problem hiding this comment.
Suggested change
| assert.Equal(t, 0, len(f)) | |
| assert.Empty(t, f) |
| s := smSecretStore{} | ||
| t.Run("no features are advertised", func(t *testing.T) { | ||
| f := s.Features() | ||
| assert.Equal(t, 0, len(f)) |
There was a problem hiding this comment.
nit
Suggested change
| assert.Equal(t, 0, len(f)) | |
| assert.Empty(t, f) |
| // Yes, we are skipping initialization as feature retrieval doesn't depend on it. | ||
| t.Run("no features are advertised", func(t *testing.T) { | ||
| f := s.Features() | ||
| assert.Equal(t, 0, len(f)) |
There was a problem hiding this comment.
nit:
Suggested change
| assert.Equal(t, 0, len(f)) | |
| assert.Empty(t, f) |
| json: jsoniter.ConfigFastest, | ||
| client: &http.Client{}, | ||
| logger: logger, | ||
| features: []secretstores.Feature{secretstores.FeatureMultipleKeyValuesPerSecret}, |
There was a problem hiding this comment.
is there a reason to keep the features as a property? I mean, if not, I think you can return straight the feature array on line 512
There was a problem hiding this comment.
Not really. I thought this would be more aligned to what I saw on other implementations (state store ones) but I guess simpler is better here, I will update the code.
| // Yes, we are skipping initialization as feature retrieval doesn't depend on it. | ||
| t.Run("no features are advertised", func(t *testing.T) { | ||
| f := s.Features() | ||
| assert.Equal(t, 0, len(f)) |
There was a problem hiding this comment.
nit
Suggested change
| assert.Equal(t, 0, len(f)) | |
| assert.Empty(t, f) |
| // Yes, we are skipping initialization as feature retrieval doesn't depend on it. | ||
| t.Run("no features are advertised", func(t *testing.T) { | ||
| f := s.Features() | ||
| assert.Equal(t, 0, len(f)) |
There was a problem hiding this comment.
nit:
Suggested change
| assert.Equal(t, 0, len(f)) | |
| assert.Empty(t, f) |
| // Yes, we are skipping initialization as feature retrieval doesn't depend on it. | ||
| t.Run("no features are advertised", func(t *testing.T) { | ||
| f := s.Features() | ||
| assert.Equal(t, 0, len(f)) |
There was a problem hiding this comment.
nit:
Suggested change
| assert.Equal(t, 0, len(f)) | |
| assert.Empty(t, f) |
This PR is aimed at addressing issue dapr#2047. In the [Secret API Documentation](https://docs.dapr.io/reference/api/secrets_api/#response-body) it is stated: > If a secret store has support for multiple keys in a secret, a JSON payload is returned with the key names as fields and their respective values. > > In case of a secret store that only has name/value semantics, a JSON payload is returned with the name of the secret as the field and the value of the secret as the value. There are two classes of secret stores but there isn't a way to tell them apart at run-time. This limits the ability of conformance tests to verify the behavior of secret stores supporting multiple keys. We address this by augmenting SecretStores with the ability to advetise `Features`. This is similar to what PubSub and StateStores do. Feature `MULTIPLE_KEY_VALUES_PER_SECRET` was added and is advertised by Hashicorp Vault (default behaviour) and by Local File SecretStore (depending on its configuration). Updated tests to account to new method and ensure expected behavior. Fixes dapr#2047 Signed-off-by: Tiago Alves Macambira <tmacam@burocrata.org>
tmacam
force-pushed
the
SecretStoreFeature_I2047
branch
from
8bf16c7 to
2fe9bc9
Compare
ItalyPaleAle
approved these changes
Sep 13, 2022
Codecov Report
@@ Coverage Diff @@
## master #2069 +/- ##
==========================================
+ Coverage 37.74% 37.79% +0.04%
==========================================
Files 192 192
Lines 24062 24090 +28
==========================================
+ Hits 9083 9105 +22
- Misses 14209 14215 +6
Partials 770 770
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
berndverst
approved these changes
Sep 13, 2022
berndverst
added
automerge
documentation required
|
@tmacam can you please raise a docs issue to add this as a column in the SecretStores table? |
Done: created issue dapr/docs#2787 and mentioned that table specifically at it. |
shubham1172
pushed a commit
to shubham1172/components-contrib
that referenced
this pull request
Sep 20, 2022
This PR is aimed at addressing issue dapr#2047. In the [Secret API Documentation](https://docs.dapr.io/reference/api/secrets_api/#response-body) it is stated: > If a secret store has support for multiple keys in a secret, a JSON payload is returned with the key names as fields and their respective values. > > In case of a secret store that only has name/value semantics, a JSON payload is returned with the name of the secret as the field and the value of the secret as the value. There are two classes of secret stores but there isn't a way to tell them apart at run-time. This limits the ability of conformance tests to verify the behavior of secret stores supporting multiple keys. We address this by augmenting SecretStores with the ability to advetise `Features`. This is similar to what PubSub and StateStores do. Feature `MULTIPLE_KEY_VALUES_PER_SECRET` was added and is advertised by Hashicorp Vault (default behaviour) and by Local File SecretStore (depending on its configuration). Updated tests to account to new method and ensure expected behavior. Fixes dapr#2047 Signed-off-by: Tiago Alves Macambira <tmacam@burocrata.org> Signed-off-by: Tiago Alves Macambira <tmacam@burocrata.org> Co-authored-by: Bernd Verst <4535280+berndverst@users.noreply.github.com>
tmacam
added a commit
to tmacam/dapr
that referenced
this pull request
Sep 20, 2022
PR dapr/components-contrib#2069 added Features() as an API to secret stores. Unfortunatelly, Dapr Metadata APIs would not contain any information regarding Secret Store features or capabilities in its output. This PR addresses this. Signed-off-by: Tiago Alves Macambira <tmacam@burocrata.org>
This was referenced Sep 20, 2022
dapr-bot
added a commit
to dapr/dapr
that referenced
this pull request
Sep 22, 2022
* Expose SecretStore features through metadata APIs. PR dapr/components-contrib#2069 added Features() as an API to secret stores. Unfortunatelly, Dapr Metadata APIs would not contain any information regarding Secret Store features or capabilities in its output. This PR addresses this. Signed-off-by: Tiago Alves Macambira <tmacam@burocrata.org> * PubSubs features are not reported by Metadata API. While fixing the previous commit I noticed PubSubs features are also not output by Metadata API. Addressing that and adding tests. Signed-off-by: Tiago Alves Macambira <tmacam@burocrata.org> * Fix PubSub mock initialization Signed-off-by: Tiago Alves Macambira <tmacam@burocrata.org> Signed-off-by: Tiago Alves Macambira <tmacam@burocrata.org> Co-authored-by: Artur Souza <artursouza.ms@outlook.com> Co-authored-by: Dapr Bot <56698301+dapr-bot@users.noreply.github.com>
4 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR is aimed at addressing issue #2047.
In the Secret API Documentation it is stated:
There are two classes of secret stores but there isn't a way to tell them apart at run-time. This limits the ability of conformance tests to verify the behavior of secret stores supporting multiple keys.
We address this by augmenting SecretStores with the ability to advetise
Features. This is similar to what PubSub and StateStores do. FeatureMULTIPLE_KEY_VALUES_PER_SECRETwas added and is advertised by Hashicorp Vault (default behaviour) and by Local File SecretStore (depending on its configuration).Updated tests to account to new method and ensure expected behavior.
Issue reference
Please reference the issue this PR will close: #2047
Checklist
Please make sure you've completed the relevant tasks for this PR, out of the following list:
Featuresfeature docs#2787