Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

perf(jans-pycloudlib): handle google secret versioning #7971

Merged
merged 9 commits into from
Mar 11, 2024
Merged

perf(jans-pycloudlib): handle google secret versioning #7971

merged 9 commits into from
Mar 11, 2024

Conversation

iromli
Copy link
Contributor

@iromli iromli commented Mar 5, 2024

Prepare

Description

Target issue

closes #7944

Implementation Details

Test and Document the changes

  • Static code analysis has been run locally and issues have been fixed
  • Relevant unit and integration tests have been added/updated
  • Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

@iromli iromli requested a review from misba7 March 5, 2024 19:12
@mo-auto mo-auto added comp-jans-pycloudlib kind-enhancement Issue or PR is an enhancement to an existing functionality labels Mar 5, 2024
@codecov Codecov
Copy link

codecov bot commented Mar 5, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 14.81481% with 46 lines in your changes are missing coverage. Please review.

❗ No coverage uploaded for pull request base (main@7128760). Click here to learn what that means.

Files Patch % Lines
...pycloudlib/jans/pycloudlib/config/google_config.py 14.28% 24 Missing ⚠️
...pycloudlib/jans/pycloudlib/secret/google_secret.py 15.38% 22 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #7971   +/-   ##
=======================================
  Coverage        ?   60.41%           
=======================================
  Files           ?       36           
  Lines           ?     3165           
  Branches        ?        0           
=======================================
  Hits            ?     1912           
  Misses          ?     1253           
  Partials        ?        0
Flag Coverage Δ
unittests 60.41% <14.81%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@iromli iromli marked this pull request as ready for review March 8, 2024 21:39
@iromli iromli requested a review from moabu as a code owner March 8, 2024 21:39
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 8, 2024

Quality Gate Failed Quality Gate failed for 'jans-pycloudlib'

Failed conditions
64 Duplicated Lines on New Code (required ≤ 20)

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 8, 2024

Quality Gate Passed Quality Gate passed for 'jans-core'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 8, 2024

Quality Gate Passed Quality Gate passed for 'orm'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 8, 2024

Quality Gate Passed Quality Gate passed for 'jans-config-api-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@iromli iromli marked this pull request as draft March 10, 2024 21:30
@iromli iromli marked this pull request as ready for review March 10, 2024 23:47
@moabu
Copy link
Member

moabu commented Mar 11, 2024

I do have a concern regarding possible leftover versions from race conditions or failed operations. I'm thinking we add a check in certmanager to run it after key rotation which would make sure old versions are cleaned up and only the last CN_GOOGLE_SECRET_MAX_VERSIONS are kept

@iromli
Copy link
Contributor Author

iromli commented Mar 11, 2024

It is taken care by lower-level jans-pycloudlib google wrapper.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed for 'jans-cli'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

@moabu moabu merged commit 254b1a5 into main Mar 11, 2024
6 checks passed
@moabu moabu deleted the cn-google-versioning branch March 11, 2024 12:17
yuriyz pushed a commit that referenced this pull request Nov 7, 2024
@iromli @moabu
perf(jans-pycloudlib): handle google secret versioning (#7971)
de82b36 
* perf(jans-pycloudlib): handle google secret versioning

Signed-off-by: iromli <[email protected]>

* refactor(jans-pycloudlib): add configurable max active versions for google secrets

Signed-off-by: iromli <[email protected]>

* refactor(jans-pycloudlib): add configurable max active versions for google configuration

Signed-off-by: iromli <[email protected]>

* refactor(jans-pycloudlib): update google secret only if values changed

Signed-off-by: iromli <[email protected]>

* refactor(jans-pycloudlib): remove code smells

Signed-off-by: iromli <[email protected]>

* feat: keep certain number of google secret versions

Signed-off-by: iromli <[email protected]>

* docs(kubernetes): add section mentioning google secret versions

Signed-off-by: iromli <[email protected]>

---------

Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
Former-commit-id: 254b1a5
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu moabu approved these changes

@misba7 misba7 Awaiting requested review from misba7

Assignees
No one assigned
Labels
comp-jans-pycloudlib kind-enhancement Issue or PR is an enhancement to an existing functionality
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

perf(jans-pycloudlib): handeling secret versioning
3 participants
@iromli @moabu @mo-auto