Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: re-work user secrets #538

Merged
merged 24 commits into from
Dec 6, 2024
Merged

feat!: re-work user secrets #538

merged 24 commits into from
Dec 6, 2024

Conversation

leafty
Copy link
Member

@leafty leafty commented Nov 19, 2024
edited
Loading

Part of #509.

Re-work user secrets to make them more usable in Renku 2.0.

Changes:

  • Change the name field to be default_filename. This field is only meaningful in the context of Renku 1.0.
  • Add a new name field (which does not have constraints) to let users name their secrets, e.g. "AWS Secret Key ID for Project XYZ".
  • User secret objects now include back references to Session secret slots and Data connectors -> session_secret_slot_ids and data_connector_ids fields returned from the API.
  • The UserSecretsRepo class has been split into LowLevelUserSecretsRepo and UserSecretsRepo. LowLevelUserSecretsRepo is used internally, e.g. for key rotation and UserSecretsRepo is used for the UserSecretsBP blueprint.

The database migration has been tested here -> SwissDataScienceCenter/renku#3845.

  1. Deploy prior to this PR.
  2. Create secrets (user secret, data connector secret, session secret).
  3. Update deployment to be latest commit in this PR.
  4. Verify that the secrets are working.

@leafty leafty force-pushed the leafty/session-secrets-5 branch from 28a47c8 to 07a5ced Compare November 20, 2024 12:37
@leafty leafty force-pushed the leafty/session-secrets-6 branch from f59b37a to 97f191d Compare November 20, 2024 12:38
@leafty leafty force-pushed the leafty/session-secrets-5 branch from 07a5ced to 3f25446 Compare November 22, 2024 09:52
@leafty leafty mentioned this pull request Nov 22, 2024
Closed
@leafty leafty force-pushed the leafty/session-secrets-6 branch from f01c85c to 4f61bdc Compare November 22, 2024 10:24
@leafty leafty force-pushed the leafty/session-secrets-5 branch from bfc1946 to 8b17e2a Compare November 22, 2024 11:56
@leafty leafty force-pushed the leafty/session-secrets-6 branch 5 times, most recently from 907cdea to 123d7a9 Compare November 22, 2024 15:45
@leafty leafty mentioned this pull request Nov 27, 2024
Open
@leafty leafty force-pushed the leafty/session-secrets-5 branch from 8b17e2a to 3be57a8 Compare November 27, 2024 10:20
@leafty leafty force-pushed the leafty/session-secrets-6 branch from 97ce3b8 to 841bc01 Compare November 27, 2024 14:26
@leafty leafty force-pushed the leafty/session-secrets-5 branch from 3be57a8 to 9c7479b Compare December 2, 2024 08:05
@leafty leafty force-pushed the leafty/session-secrets-6 branch from 841bc01 to 4ef9480 Compare December 2, 2024 08:59
@leafty leafty marked this pull request as ready for review December 3, 2024 09:11
@leafty leafty requested a review from a team as a code owner December 3, 2024 09:11
olevski
olevski requested changes Dec 5, 2024
View reviewed changes
Copy link
Member

@olevski olevski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks Flora. Just a few changes and questions.

components/renku_data_services/app_config/config.py Outdated Show resolved Hide resolved
components/renku_data_services/data_connectors/db.py Show resolved Hide resolved
components/renku_data_services/secrets/low_level_db.py Outdated Show resolved Hide resolved
components/renku_data_services/users/api.spec.yaml Show resolved Hide resolved
components/renku_data_services/secrets/models.py Outdated Show resolved Hide resolved
Base automatically changed from leafty/session-secrets-5 to build/session-secrets December 5, 2024 09:30
@leafty leafty force-pushed the leafty/session-secrets-6 branch from 76e6bbd to 7035b09 Compare December 5, 2024 09:33
@leafty leafty requested a review from olevski December 5, 2024 09:56
@leafty leafty merged commit d4d85bd into build/session-secrets Dec 6, 2024
15 checks passed
@leafty leafty deleted the leafty/session-secrets-6 branch December 6, 2024 08:57
@leafty leafty mentioned this pull request Dec 6, 2024
Draft
leafty added a commit that referenced this pull request Dec 6, 2024
@leafty
feat!: re-work user secrets (#538)
ec4cbe1 
Re-work user secrets to make them more usable in Renku 2.0.

Changes:
* Change the `name` field to be `default_filename`. This field is only meaningful in the context of Renku 1.0.
* Add a new `name` field (which does not have constraints) to let users name their secrets, e.g. "AWS Secret Key ID for Project XYZ".
* User secret objects now include back references to Session secret slots and Data connectors -> `session_secret_slot_ids` and `data_connector_ids` fields returned from the API.
* The `UserSecretsRepo` class has been split into `LowLevelUserSecretsRepo` and `UserSecretsRepo`. `LowLevelUserSecretsRepo` is used internally, e.g. for key rotation  and `UserSecretsRepo` is used for the `UserSecretsBP` blueprint.
leafty added a commit that referenced this pull request Dec 9, 2024
@leafty
feat!: re-work user secrets (#538)
a566df5 
Re-work user secrets to make them more usable in Renku 2.0.

Changes:
* Change the `name` field to be `default_filename`. This field is only meaningful in the context of Renku 1.0.
* Add a new `name` field (which does not have constraints) to let users name their secrets, e.g. "AWS Secret Key ID for Project XYZ".
* User secret objects now include back references to Session secret slots and Data connectors -> `session_secret_slot_ids` and `data_connector_ids` fields returned from the API.
* The `UserSecretsRepo` class has been split into `LowLevelUserSecretsRepo` and `UserSecretsRepo`. `LowLevelUserSecretsRepo` is used internally, e.g. for key rotation  and `UserSecretsRepo` is used for the `UserSecretsBP` blueprint.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olevski olevski olevski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@leafty @olevski