From 65a1f85dc4aace06c8d95f8bd5bc7821c12a2c49 Mon Sep 17 00:00:00 2001 From: rahulkaukuntla Date: Tue, 4 Mar 2025 13:25:46 -0500 Subject: [PATCH 1/5] adding secret_refresh_interval_scatter config option --- comp/core/secrets/component.go | 19 ++++++++++--------- comp/core/secrets/secretsimpl/secrets.go | 11 ++++++++--- pkg/config/setup/config.go | 20 +++++++++++--------- 3 files changed, 29 insertions(+), 21 deletions(-) diff --git a/comp/core/secrets/component.go b/comp/core/secrets/component.go index fa774e801b30f..fdc2edca3f79e 100644 --- a/comp/core/secrets/component.go +++ b/comp/core/secrets/component.go @@ -14,15 +14,16 @@ import ( // ConfigParams holds parameters for configuration type ConfigParams struct { - Command string - Arguments []string - Timeout int - MaxSize int - RefreshInterval int - GroupExecPerm bool - RemoveLinebreak bool - RunPath string - AuditFileMaxSize int + Command string + Arguments []string + Timeout int + MaxSize int + RefreshInterval int + RefreshIntervalScatter int + GroupExecPerm bool + RemoveLinebreak bool + RunPath string + AuditFileMaxSize int } // Component is the component type. diff --git a/comp/core/secrets/secretsimpl/secrets.go b/comp/core/secrets/secretsimpl/secrets.go index 0088213ac3d75..e7c988e448966 100644 --- a/comp/core/secrets/secretsimpl/secrets.go +++ b/comp/core/secrets/secretsimpl/secrets.go @@ -13,6 +13,7 @@ import ( "encoding/json" "fmt" "io" + "math/rand" "net/http" "path/filepath" "regexp" @@ -88,8 +89,9 @@ type secretResolver struct { // responseMaxSize defines max size of the JSON output from a secrets reader backend responseMaxSize int // refresh secrets at a regular interval - refreshInterval time.Duration - ticker *time.Ticker + refreshInterval time.Duration + refreshIntervalScatter time.Duration + ticker *time.Ticker // filename to write audit records to auditFilename string auditFileMaxSize int @@ -216,6 +218,7 @@ func (r *secretResolver) Configure(params secrets.ConfigParams) { r.responseMaxSize = SecretBackendOutputMaxSizeDefault } r.refreshInterval = time.Duration(params.RefreshInterval) * time.Second + r.refreshIntervalScatter = time.Duration(params.RefreshIntervalScatter) * time.Second r.commandAllowGroupExec = params.GroupExecPerm r.removeTrailingLinebreak = params.RemoveLinebreak if r.commandAllowGroupExec { @@ -241,7 +244,9 @@ func (r *secretResolver) startRefreshRoutine() { if r.ticker != nil || r.refreshInterval == 0 { return } - r.ticker = time.NewTicker(r.refreshInterval) + // Generate a random value within the range [-r.refreshIntervalScatter, r.refreshIntervalScatter] + randDuration := time.Duration(rand.Int63n(2*int64(r.refreshIntervalScatter))) - r.refreshIntervalScatter + r.ticker = time.NewTicker(r.refreshInterval + randDuration) go func() { for { <-r.ticker.C diff --git a/pkg/config/setup/config.go b/pkg/config/setup/config.go index cd9d18f14e315..e829fb7736435 100644 --- a/pkg/config/setup/config.go +++ b/pkg/config/setup/config.go @@ -356,6 +356,7 @@ func InitConfig(config pkgconfigmodel.Setup) { config.BindEnvAndSetDefault("secret_backend_skip_checks", false) config.BindEnvAndSetDefault("secret_backend_remove_trailing_line_break", false) config.BindEnvAndSetDefault("secret_refresh_interval", 0) + config.BindEnvAndSetDefault("secret_refresh_interval_scatter", 0) config.SetDefault("secret_audit_file_max_size", 0) // IPC API server timeout @@ -2262,15 +2263,16 @@ func ResolveSecrets(config pkgconfigmodel.Config, secretResolver secrets.Compone // We have to init the secrets package before we can use it to decrypt // anything. secretResolver.Configure(secrets.ConfigParams{ - Command: config.GetString("secret_backend_command"), - Arguments: config.GetStringSlice("secret_backend_arguments"), - Timeout: config.GetInt("secret_backend_timeout"), - MaxSize: config.GetInt("secret_backend_output_max_size"), - RefreshInterval: config.GetInt("secret_refresh_interval"), - GroupExecPerm: config.GetBool("secret_backend_command_allow_group_exec_perm"), - RemoveLinebreak: config.GetBool("secret_backend_remove_trailing_line_break"), - RunPath: config.GetString("run_path"), - AuditFileMaxSize: config.GetInt("secret_audit_file_max_size"), + Command: config.GetString("secret_backend_command"), + Arguments: config.GetStringSlice("secret_backend_arguments"), + Timeout: config.GetInt("secret_backend_timeout"), + MaxSize: config.GetInt("secret_backend_output_max_size"), + RefreshInterval: config.GetInt("secret_refresh_interval"), + RefreshIntervalScatter: config.GetInt("secret_refresh_interval_scatter"), + GroupExecPerm: config.GetBool("secret_backend_command_allow_group_exec_perm"), + RemoveLinebreak: config.GetBool("secret_backend_remove_trailing_line_break"), + RunPath: config.GetString("run_path"), + AuditFileMaxSize: config.GetInt("secret_audit_file_max_size"), }) if config.GetString("secret_backend_command") != "" { From c05169dfdffc797be4f8fffcbcc784f00726f93d Mon Sep 17 00:00:00 2001 From: rahulkaukuntla Date: Thu, 6 Mar 2025 10:12:29 -0500 Subject: [PATCH 2/5] adding a test and only randomizing the first refresh --- comp/api/authtoken/go.sum | 2 + comp/core/config/go.mod | 1 + comp/core/log/fx/go.sum | 2 + comp/core/log/impl-trace/go.sum | 2 + comp/core/log/impl/go.sum | 2 + comp/core/secrets/component.go | 2 +- .../secrets/secretsimpl/fetch_secret_test.go | 28 +-- .../core/secrets/secretsimpl/info_nix_test.go | 8 +- .../secrets/secretsimpl/info_windows_test.go | 4 +- comp/core/secrets/secretsimpl/secrets.go | 41 ++++- comp/core/secrets/secretsimpl/secrets_mock.go | 2 +- comp/core/secrets/secretsimpl/secrets_test.go | 163 ++++++++++++++++-- comp/core/status/statusimpl/go.sum | 2 + comp/core/tagger/def/go.sum | 2 + comp/core/tagger/fx-remote/go.sum | 2 + comp/core/tagger/impl-remote/go.sum | 2 + comp/forwarder/defaultforwarder/go.sum | 2 + .../orchestrator/orchestratorinterface/go.sum | 2 + comp/logs/agent/config/go.sum | 2 + comp/otelcol/converter/impl/go.sum | 2 + comp/otelcol/ddprofilingextension/impl/go.sum | 2 + .../exporter/logsagentexporter/go.sum | 2 + .../exporter/serializerexporter/go.sum | 2 + .../processor/infraattributesprocessor/go.sum | 2 + comp/otelcol/otlp/testutil/go.sum | 2 + comp/otelcol/status/impl/go.sum | 2 + comp/serializer/logscompression/go.sum | 2 + comp/serializer/metricscompression/go.sum | 2 + pkg/api/go.sum | 2 + pkg/config/mock/go.sum | 2 + pkg/config/setup/config.go | 4 +- pkg/config/setup/go.mod | 1 + pkg/config/utils/go.sum | 2 + pkg/logs/auditor/go.sum | 2 + pkg/logs/diagnostic/go.sum | 2 + pkg/logs/message/go.sum | 2 + pkg/logs/sds/go.sum | 2 + pkg/logs/sources/go.sum | 2 + pkg/logs/util/testutils/go.sum | 2 + pkg/metrics/go.sum | 2 + pkg/serializer/go.sum | 2 + pkg/util/compression/go.sum | 2 + pkg/util/flavor/go.sum | 2 + pkg/util/grpc/go.sum | 2 + pkg/util/http/go.sum | 2 + pkg/util/log/setup/go.sum | 2 + 46 files changed, 283 insertions(+), 43 deletions(-) diff --git a/comp/api/authtoken/go.sum b/comp/api/authtoken/go.sum index 78e0db6bfec77..759d3cce32f0d 100644 --- a/comp/api/authtoken/go.sum +++ b/comp/api/authtoken/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/core/config/go.mod b/comp/core/config/go.mod index f06271415cb37..8c710527b4551 100644 --- a/comp/core/config/go.mod +++ b/comp/core/config/go.mod @@ -41,6 +41,7 @@ require ( github.com/DataDog/datadog-agent/pkg/version v0.62.3 // indirect github.com/DataDog/viper v1.14.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect + github.com/benbjohnson/clock v1.3.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575 // indirect diff --git a/comp/core/log/fx/go.sum b/comp/core/log/fx/go.sum index 78e0db6bfec77..759d3cce32f0d 100644 --- a/comp/core/log/fx/go.sum +++ b/comp/core/log/fx/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/core/log/impl-trace/go.sum b/comp/core/log/impl-trace/go.sum index 78e0db6bfec77..759d3cce32f0d 100644 --- a/comp/core/log/impl-trace/go.sum +++ b/comp/core/log/impl-trace/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/core/log/impl/go.sum b/comp/core/log/impl/go.sum index 78e0db6bfec77..759d3cce32f0d 100644 --- a/comp/core/log/impl/go.sum +++ b/comp/core/log/impl/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/core/secrets/component.go b/comp/core/secrets/component.go index fdc2edca3f79e..4b9972708a2eb 100644 --- a/comp/core/secrets/component.go +++ b/comp/core/secrets/component.go @@ -19,7 +19,7 @@ type ConfigParams struct { Timeout int MaxSize int RefreshInterval int - RefreshIntervalScatter int + RefreshIntervalScatter bool GroupExecPerm bool RemoveLinebreak bool RunPath string diff --git a/comp/core/secrets/secretsimpl/fetch_secret_test.go b/comp/core/secrets/secretsimpl/fetch_secret_test.go index e687454080c08..bb7fea2a415bd 100644 --- a/comp/core/secrets/secretsimpl/fetch_secret_test.go +++ b/comp/core/secrets/secretsimpl/fetch_secret_test.go @@ -123,13 +123,13 @@ func TestExecCommandError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) t.Run("Empty secretBackendCommand", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) _, err := resolver.execCommand(inputPayload) require.NotNil(t, err) }) t.Run("timeout", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "./test/timeout/timeout" + binExtension setCorrectRight(resolver.backendCommand) resolver.backendTimeout = 1 @@ -139,7 +139,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("No Error", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.Configure(secrets.ConfigParams{Command: "./test/simple/simple" + binExtension}) setCorrectRight(resolver.backendCommand) resp, err := resolver.execCommand(inputPayload) @@ -148,7 +148,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("Error returned", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "./test/error/error" + binExtension setCorrectRight(resolver.backendCommand) _, err := resolver.execCommand(inputPayload) @@ -156,7 +156,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("argument", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.Configure(secrets.ConfigParams{Command: "./test/argument/argument" + binExtension}) setCorrectRight(resolver.backendCommand) resolver.backendArguments = []string{"arg1"} @@ -169,7 +169,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("input", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.Configure(secrets.ConfigParams{Command: "./test/input/input" + binExtension}) setCorrectRight(resolver.backendCommand) resp, err := resolver.execCommand(inputPayload) @@ -178,7 +178,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("buffer limit", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.Configure(secrets.ConfigParams{Command: "./test/response_too_long/response_too_long" + binExtension}) setCorrectRight(resolver.backendCommand) resolver.responseMaxSize = 20 @@ -190,7 +190,7 @@ func TestExecCommandError(t *testing.T) { func TestFetchSecretExecError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.commandHookFunc = func(string) ([]byte, error) { return nil, fmt.Errorf("some error") } _, err := resolver.fetchSecret([]string{"handle1", "handle2"}) assert.NotNil(t, err) @@ -198,7 +198,7 @@ func TestFetchSecretExecError(t *testing.T) { func TestFetchSecretUnmarshalError(t *testing.T) { tel := fxutil.Test[telemetry.Mock](t, telemetryimpl.MockModule()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{"), nil } _, err := resolver.fetchSecret([]string{"handle1", "handle2"}) assert.NotNil(t, err) @@ -213,7 +213,7 @@ func TestFetchSecretUnmarshalError(t *testing.T) { func TestFetchSecretMissingSecret(t *testing.T) { tel := fxutil.Test[telemetry.Mock](t, telemetryimpl.MockModule()) secrets := []string{"handle1", "handle2"} - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{}"), nil } _, err := resolver.fetchSecret(secrets) assert.NotNil(t, err) @@ -223,7 +223,7 @@ func TestFetchSecretMissingSecret(t *testing.T) { func TestFetchSecretErrorForHandle(t *testing.T) { tel := fxutil.Test[telemetry.Mock](t, telemetryimpl.MockModule()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{\"handle1\":{\"value\": null, \"error\": \"some error\"}}"), nil } @@ -235,7 +235,7 @@ func TestFetchSecretErrorForHandle(t *testing.T) { func TestFetchSecretEmptyValue(t *testing.T) { tel := fxutil.Test[telemetry.Mock](t, telemetryimpl.MockModule()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{\"handle1\":{\"value\": null}}"), nil } @@ -270,7 +270,7 @@ func checkErrorCountMetric(t *testing.T, tel telemetry.Mock, expected int, error func TestFetchSecret(t *testing.T) { secrets := []string{"handle1", "handle2"} tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) // some dummy value to check the cache is not purge resolver.cache["test"] = "yes" resolver.commandHookFunc = func(string) ([]byte, error) { @@ -292,7 +292,7 @@ func TestFetchSecret(t *testing.T) { func TestFetchSecretRemoveTrailingLineBreak(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{\"handle1\":{\"value\":\"some data\\r\\n\"}}"), nil } diff --git a/comp/core/secrets/secretsimpl/info_nix_test.go b/comp/core/secrets/secretsimpl/info_nix_test.go index 2cafc3cfc7903..d70d6eef33f55 100644 --- a/comp/core/secrets/secretsimpl/info_nix_test.go +++ b/comp/core/secrets/secretsimpl/info_nix_test.go @@ -32,7 +32,7 @@ instances: func TestGetExecutablePermissionsError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" _, err := resolver.getExecutablePermissions() @@ -60,7 +60,7 @@ func setupSecretCommand(t *testing.T, resolver *secretResolver) (string, string) func TestGetExecutablePermissionsSuccess(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) currentUser, currentGroup := setupSecretCommand(t, resolver) res, err := resolver.getExecutablePermissions() @@ -74,7 +74,7 @@ func TestGetExecutablePermissionsSuccess(t *testing.T) { func TestDebugInfo(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) currentUser, currentGroup := setupSecretCommand(t, resolver) resolver.commandHookFunc = func(string) ([]byte, error) { @@ -119,7 +119,7 @@ Secrets handle resolved: func TestDebugInfoError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" resolver.commandHookFunc = func(string) ([]byte, error) { diff --git a/comp/core/secrets/secretsimpl/info_windows_test.go b/comp/core/secrets/secretsimpl/info_windows_test.go index affad053ed79d..4d35e84994db5 100644 --- a/comp/core/secrets/secretsimpl/info_windows_test.go +++ b/comp/core/secrets/secretsimpl/info_windows_test.go @@ -24,7 +24,7 @@ import ( func TestGetExecutablePermissionsError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" res, err := resolver.getExecutablePermissions() @@ -54,7 +54,7 @@ func setupSecretCommmand(t *testing.T, resolver *secretResolver) { func TestGetExecutablePermissionsSuccess(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) setupSecretCommmand(t, resolver) res, err := resolver.getExecutablePermissions() diff --git a/comp/core/secrets/secretsimpl/secrets.go b/comp/core/secrets/secretsimpl/secrets.go index e7c988e448966..bec9716262426 100644 --- a/comp/core/secrets/secretsimpl/secrets.go +++ b/comp/core/secrets/secretsimpl/secrets.go @@ -36,6 +36,7 @@ import ( "github.com/DataDog/datadog-agent/pkg/util/fxutil" "github.com/DataDog/datadog-agent/pkg/util/log" "github.com/DataDog/datadog-agent/pkg/util/scrubber" + "github.com/benbjohnson/clock" ) const auditFileBasename = "secret-audit-file.json" @@ -77,6 +78,7 @@ type secretResolver struct { enabled bool lock sync.Mutex cache map[string]string + clk clock.Clock // list of handles and where they were found origin handleToContext @@ -90,8 +92,8 @@ type secretResolver struct { responseMaxSize int // refresh secrets at a regular interval refreshInterval time.Duration - refreshIntervalScatter time.Duration - ticker *time.Ticker + refreshIntervalScatter bool + ticker *clock.Ticker // filename to write audit records to auditFilename string auditFileMaxSize int @@ -112,7 +114,7 @@ type secretResolver struct { var _ secrets.Component = (*secretResolver)(nil) -func newEnabledSecretResolver(telemetry telemetry.Component) *secretResolver { +func newEnabledSecretResolver(telemetry telemetry.Component, clk clock.Clock) *secretResolver { return &secretResolver{ cache: make(map[string]string), origin: make(handleToContext), @@ -120,11 +122,12 @@ func newEnabledSecretResolver(telemetry telemetry.Component) *secretResolver { tlmSecretBackendElapsed: telemetry.NewGauge("secret_backend", "elapsed_ms", []string{"command", "exit_code"}, "Elapsed time of secret backend invocation"), tlmSecretUnmarshalError: telemetry.NewCounter("secret_backend", "unmarshal_errors_count", []string{}, "Count of errors when unmarshalling the output of the secret binary"), tlmSecretResolveError: telemetry.NewCounter("secret_backend", "resolve_errors_count", []string{"error_kind", "handle"}, "Count of errors when resolving a secret"), + clk: clk, } } func newSecretResolverProvider(deps dependencies) provides { - resolver := newEnabledSecretResolver(deps.Telemetry) + resolver := newEnabledSecretResolver(deps.Telemetry, nil) resolver.enabled = deps.Params.Enabled return provides{ Comp: resolver, @@ -218,7 +221,7 @@ func (r *secretResolver) Configure(params secrets.ConfigParams) { r.responseMaxSize = SecretBackendOutputMaxSizeDefault } r.refreshInterval = time.Duration(params.RefreshInterval) * time.Second - r.refreshIntervalScatter = time.Duration(params.RefreshIntervalScatter) * time.Second + r.refreshIntervalScatter = params.RefreshIntervalScatter r.commandAllowGroupExec = params.GroupExecPerm r.removeTrailingLinebreak = params.RemoveLinebreak if r.commandAllowGroupExec { @@ -244,14 +247,29 @@ func (r *secretResolver) startRefreshRoutine() { if r.ticker != nil || r.refreshInterval == 0 { return } - // Generate a random value within the range [-r.refreshIntervalScatter, r.refreshIntervalScatter] - randDuration := time.Duration(rand.Int63n(2*int64(r.refreshIntervalScatter))) - r.refreshIntervalScatter - r.ticker = time.NewTicker(r.refreshInterval + randDuration) + + if r.clk == nil { + r.clk = clock.New() + } + + if r.refreshIntervalScatter { + scatterDuration := time.Duration(rand.Int63n(int64(r.refreshInterval))) + r.ticker = r.clk.Ticker(scatterDuration) + } else { + r.ticker = r.clk.Ticker(r.refreshInterval) + } + go func() { + <-r.ticker.C + if _, err := r.Refresh(); err != nil { + log.Debug("First refresh error", "error", err) + } + r.ticker.Reset(r.refreshInterval) + for { <-r.ticker.C if _, err := r.Refresh(); err != nil { - log.Info(err) + log.Debug("Periodic refresh error", "error", err) } } }() @@ -666,4 +684,9 @@ func (r *secretResolver) GetDebugInfo(w io.Writer) { if err != nil { fmt.Fprintf(w, "error rendering secret info: %s", err) } + + if r.refreshIntervalScatter { + fmt.Fprintf(w, "The first secret refresh will happen at a random time between the starting of the agent and the set refresh interval") + } + } diff --git a/comp/core/secrets/secretsimpl/secrets_mock.go b/comp/core/secrets/secretsimpl/secrets_mock.go index 7c57c3fbc8af5..56361a8eae87e 100644 --- a/comp/core/secrets/secretsimpl/secrets_mock.go +++ b/comp/core/secrets/secretsimpl/secrets_mock.go @@ -48,7 +48,7 @@ func (m *MockSecretResolver) SetFetchHookFunc(f func([]string) (map[string]strin // newMock returns a MockSecretResolver func newMock(testDeps testDeps) MockProvides { r := &MockSecretResolver{ - secretResolver: newEnabledSecretResolver(testDeps.Telemetry), + secretResolver: newEnabledSecretResolver(testDeps.Telemetry, nil), } return MockProvides{ Comp: r, diff --git a/comp/core/secrets/secretsimpl/secrets_test.go b/comp/core/secrets/secretsimpl/secrets_test.go index e241ba575fc81..6b97bd5270410 100644 --- a/comp/core/secrets/secretsimpl/secrets_test.go +++ b/comp/core/secrets/secretsimpl/secrets_test.go @@ -7,12 +7,15 @@ package secretsimpl import ( "fmt" + "math/rand" "os" "slices" "sort" "strings" "testing" + "time" + "github.com/benbjohnson/clock" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -276,7 +279,7 @@ func TestIsEnc(t *testing.T) { func TestResolveNoCommand(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.fetchHookFunc = func([]string) (map[string]string, error) { return nil, fmt.Errorf("some error") } @@ -289,7 +292,7 @@ func TestResolveNoCommand(t *testing.T) { func TestResolveSecretError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" resolver.fetchHookFunc = func([]string) (map[string]string, error) { @@ -302,7 +305,7 @@ func TestResolveSecretError(t *testing.T) { func TestResolveDoestSendDuplicates(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" // test configuration has handle "pass1" appear twice, but fetch should only get one handle @@ -496,7 +499,7 @@ func TestResolve(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" if tc.secretCache != nil { resolver.cache = tc.secretCache @@ -517,7 +520,7 @@ func TestResolve(t *testing.T) { func TestResolveNestedWithSubscribe(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" resolver.cache = map[string]string{"pass3": "password3"} @@ -558,7 +561,7 @@ func TestResolveNestedWithSubscribe(t *testing.T) { func TestResolveCached(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" resolver.cache = map[string]string{"pass1": "password1"} @@ -588,7 +591,7 @@ func TestResolveThenRefresh(t *testing.T) { defer func() { allowlistEnabled = true }() tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" resolver.cache = map[string]string{} @@ -664,7 +667,7 @@ func TestResolveThenRefresh(t *testing.T) { // test that the allowlist only lets setting paths that match it get Refreshed func TestRefreshAllowlist(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" resolver.cache = map[string]string{"handle": "value"} resolver.origin = handleToContext{ @@ -710,7 +713,7 @@ func TestRefreshAllowlist(t *testing.T) { // about changed secret values from a Refresh func TestRefreshAllowlistAppliesToEachSettingPath(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" resolver.fetchHookFunc = func([]string) (map[string]string, error) { @@ -758,7 +761,7 @@ func TestRefreshAddsToAuditFile(t *testing.T) { defer func() { allowlistPaths = originalAllowlistPaths }() tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel) + resolver := newEnabledSecretResolver(tel, nil) resolver.backendCommand = "some_command" resolver.cache = map[string]string{"handle": "value"} resolver.origin = handleToContext{ @@ -801,6 +804,146 @@ func TestRefreshAddsToAuditFile(t *testing.T) { } } +func TestStartRefreshRoutineWithScatter(t *testing.T) { + mockClock := clock.NewMock() + + tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) + + testCases := []struct { + name string + scatter bool + expectedSubsequentTick time.Duration + }{ + { + name: "Without scatter", + scatter: false, + expectedSubsequentTick: 10 * time.Second, + }, + { + name: "With scatter", + scatter: true, + expectedSubsequentTick: 10 * time.Second, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + resolver := newEnabledSecretResolver(tel, mockClock) + originalAllowListEnabled := allowlistEnabled + allowlistEnabled = false + defer func() { + allowlistEnabled = originalAllowListEnabled + }() + + resolver.refreshInterval = 10 * time.Second + resolver.refreshIntervalScatter = tc.scatter + + if tc.scatter { + rand.Seed(12345) + } + + resolver.cache = map[string]string{ + "test-handle": "initial-value", + } + resolver.origin = map[string][]secretContext{ + "test-handle": { + { + origin: "test-origin", + path: []string{"test-path"}, + }, + }, + } + + refreshCalls := 0 + refreshCalledChan := make(chan struct{}, 3) + + resolver.fetchHookFunc = func(_ []string) (map[string]string, error) { + refreshCalls++ + refreshCalledChan <- struct{}{} + + return map[string]string{ + "test-handle": fmt.Sprintf("updated-value-%d", refreshCalls), + }, nil + } + + changeDetected := make(chan struct{}, 3) + resolver.SubscribeToChanges(func(_, _ string, _ []string, _, _ any) { + changeDetected <- struct{}{} + }) + + if resolver.ticker == nil { + t.Fatal("Ticker was not created") + } + + if tc.scatter { + // In scattered case, first we advance 1/4 of the refresh interval + mockClock.Add(resolver.refreshInterval / 4) + + refreshHappened := false + select { + case <-refreshCalledChan: + refreshHappened = true + case <-time.After(100 * time.Millisecond): + // No refresh yet + } + + if !refreshHappened { + // If no refresh yet, advance to 3/4 of the refresh interval + mockClock.Add(resolver.refreshInterval / 2) + + select { + case <-refreshCalledChan: + refreshHappened = true + case <-time.After(100 * time.Millisecond): + // Still no refresh + } + } + + if !refreshHappened { + // If still no refresh, advance to the full refresh interval + mockClock.Add(resolver.refreshInterval / 4) + + select { + case <-refreshCalledChan: + case <-time.After(1 * time.Second): + t.Fatal("First refresh didn't occur even after full interval") + } + } + } else { + // Without scatter, the first tick should be at the full refresh interval + mockClock.Add(resolver.refreshInterval) + + select { + case <-refreshCalledChan: + case <-time.After(1 * time.Second): + t.Fatal("First refresh didn't occur at expected time") + } + } + + // Now test that subsequent ticks use the full refresh interval regardless of scatter setting + mockClock.Add(tc.expectedSubsequentTick) + + select { + case <-refreshCalledChan: + case <-time.After(1 * time.Second): + t.Fatal("Second refresh didn't occur at expected time") + } + + mockClock.Add(tc.expectedSubsequentTick) + + select { + case <-refreshCalledChan: + case <-time.After(1 * time.Second): + t.Fatal("Third refresh didn't occur at expected time") + } + + if refreshCalls != 3 { + t.Errorf("Expected 3 refresh calls, got %d", refreshCalls) + } + }) + } +} + // helper to read number of rows in the audit file func auditFileNumRows(filename string) int { data, _ := os.ReadFile(filename) diff --git a/comp/core/status/statusimpl/go.sum b/comp/core/status/statusimpl/go.sum index 062fd9a47d9e8..3a670d730c384 100644 --- a/comp/core/status/statusimpl/go.sum +++ b/comp/core/status/statusimpl/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/core/tagger/def/go.sum b/comp/core/tagger/def/go.sum index 0d9acb46e889b..30e1995d0cdc5 100644 --- a/comp/core/tagger/def/go.sum +++ b/comp/core/tagger/def/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/core/tagger/fx-remote/go.sum b/comp/core/tagger/fx-remote/go.sum index 2c482dfc8519c..c3d9e3cf878d5 100644 --- a/comp/core/tagger/fx-remote/go.sum +++ b/comp/core/tagger/fx-remote/go.sum @@ -16,6 +16,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/core/tagger/impl-remote/go.sum b/comp/core/tagger/impl-remote/go.sum index 5a1a81728c7ac..d2cfb318d5537 100644 --- a/comp/core/tagger/impl-remote/go.sum +++ b/comp/core/tagger/impl-remote/go.sum @@ -16,6 +16,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/forwarder/defaultforwarder/go.sum b/comp/forwarder/defaultforwarder/go.sum index 8dfc3b54a235f..93922b89310a8 100644 --- a/comp/forwarder/defaultforwarder/go.sum +++ b/comp/forwarder/defaultforwarder/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/forwarder/orchestrator/orchestratorinterface/go.sum b/comp/forwarder/orchestrator/orchestratorinterface/go.sum index 496c1ac56b396..5dc07e7f3e181 100644 --- a/comp/forwarder/orchestrator/orchestratorinterface/go.sum +++ b/comp/forwarder/orchestrator/orchestratorinterface/go.sum @@ -13,6 +13,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/logs/agent/config/go.sum b/comp/logs/agent/config/go.sum index 78e0db6bfec77..759d3cce32f0d 100644 --- a/comp/logs/agent/config/go.sum +++ b/comp/logs/agent/config/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/otelcol/converter/impl/go.sum b/comp/otelcol/converter/impl/go.sum index 808c5daee006a..814acc66e7b2d 100644 --- a/comp/otelcol/converter/impl/go.sum +++ b/comp/otelcol/converter/impl/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/otelcol/ddprofilingextension/impl/go.sum b/comp/otelcol/ddprofilingextension/impl/go.sum index a882421d0860a..7a6191b79374c 100644 --- a/comp/otelcol/ddprofilingextension/impl/go.sum +++ b/comp/otelcol/ddprofilingextension/impl/go.sum @@ -38,6 +38,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/otelcol/otlp/components/exporter/logsagentexporter/go.sum b/comp/otelcol/otlp/components/exporter/logsagentexporter/go.sum index f7b086a84b29e..6fe7918fb0cba 100644 --- a/comp/otelcol/otlp/components/exporter/logsagentexporter/go.sum +++ b/comp/otelcol/otlp/components/exporter/logsagentexporter/go.sum @@ -23,6 +23,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/otelcol/otlp/components/exporter/serializerexporter/go.sum b/comp/otelcol/otlp/components/exporter/serializerexporter/go.sum index 8a7323b6813b2..6fa83bf5f261b 100644 --- a/comp/otelcol/otlp/components/exporter/serializerexporter/go.sum +++ b/comp/otelcol/otlp/components/exporter/serializerexporter/go.sum @@ -31,6 +31,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/otelcol/otlp/components/processor/infraattributesprocessor/go.sum b/comp/otelcol/otlp/components/processor/infraattributesprocessor/go.sum index 0d4bad53b2ae8..57c534f5a856d 100644 --- a/comp/otelcol/otlp/components/processor/infraattributesprocessor/go.sum +++ b/comp/otelcol/otlp/components/processor/infraattributesprocessor/go.sum @@ -16,6 +16,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/otelcol/otlp/testutil/go.sum b/comp/otelcol/otlp/testutil/go.sum index 74eb9644f2c4a..b7a403a19c7f3 100644 --- a/comp/otelcol/otlp/testutil/go.sum +++ b/comp/otelcol/otlp/testutil/go.sum @@ -17,6 +17,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/otelcol/status/impl/go.sum b/comp/otelcol/status/impl/go.sum index c24e31e17bf13..34b38146831f2 100644 --- a/comp/otelcol/status/impl/go.sum +++ b/comp/otelcol/status/impl/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/serializer/logscompression/go.sum b/comp/serializer/logscompression/go.sum index 8274d8643e556..293815f668d61 100644 --- a/comp/serializer/logscompression/go.sum +++ b/comp/serializer/logscompression/go.sum @@ -13,6 +13,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/comp/serializer/metricscompression/go.sum b/comp/serializer/metricscompression/go.sum index 8274d8643e556..293815f668d61 100644 --- a/comp/serializer/metricscompression/go.sum +++ b/comp/serializer/metricscompression/go.sum @@ -13,6 +13,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/api/go.sum b/pkg/api/go.sum index 78e0db6bfec77..759d3cce32f0d 100644 --- a/pkg/api/go.sum +++ b/pkg/api/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/config/mock/go.sum b/pkg/config/mock/go.sum index 1743aa220b2b0..c6a5f69534eec 100644 --- a/pkg/config/mock/go.sum +++ b/pkg/config/mock/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/config/setup/config.go b/pkg/config/setup/config.go index e829fb7736435..a9ab3664bb2da 100644 --- a/pkg/config/setup/config.go +++ b/pkg/config/setup/config.go @@ -356,7 +356,7 @@ func InitConfig(config pkgconfigmodel.Setup) { config.BindEnvAndSetDefault("secret_backend_skip_checks", false) config.BindEnvAndSetDefault("secret_backend_remove_trailing_line_break", false) config.BindEnvAndSetDefault("secret_refresh_interval", 0) - config.BindEnvAndSetDefault("secret_refresh_interval_scatter", 0) + config.BindEnvAndSetDefault("secret_refresh_interval_scatter", true) config.SetDefault("secret_audit_file_max_size", 0) // IPC API server timeout @@ -2268,7 +2268,7 @@ func ResolveSecrets(config pkgconfigmodel.Config, secretResolver secrets.Compone Timeout: config.GetInt("secret_backend_timeout"), MaxSize: config.GetInt("secret_backend_output_max_size"), RefreshInterval: config.GetInt("secret_refresh_interval"), - RefreshIntervalScatter: config.GetInt("secret_refresh_interval_scatter"), + RefreshIntervalScatter: config.GetBool("secret_refresh_interval_scatter"), GroupExecPerm: config.GetBool("secret_backend_command_allow_group_exec_perm"), RemoveLinebreak: config.GetBool("secret_backend_remove_trailing_line_break"), RunPath: config.GetString("run_path"), diff --git a/pkg/config/setup/go.mod b/pkg/config/setup/go.mod index ac4f27c62d656..0a2270530a363 100644 --- a/pkg/config/setup/go.mod +++ b/pkg/config/setup/go.mod @@ -40,6 +40,7 @@ require ( github.com/DataDog/datadog-agent/pkg/version v0.62.3 // indirect github.com/DataDog/viper v1.14.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect + github.com/benbjohnson/clock v1.3.5 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cihub/seelog v0.0.0-20170130134532-f561c5e57575 // indirect diff --git a/pkg/config/utils/go.sum b/pkg/config/utils/go.sum index 1743aa220b2b0..c6a5f69534eec 100644 --- a/pkg/config/utils/go.sum +++ b/pkg/config/utils/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/logs/auditor/go.sum b/pkg/logs/auditor/go.sum index 1743aa220b2b0..c6a5f69534eec 100644 --- a/pkg/logs/auditor/go.sum +++ b/pkg/logs/auditor/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/logs/diagnostic/go.sum b/pkg/logs/diagnostic/go.sum index 78e0db6bfec77..759d3cce32f0d 100644 --- a/pkg/logs/diagnostic/go.sum +++ b/pkg/logs/diagnostic/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/logs/message/go.sum b/pkg/logs/message/go.sum index 1743aa220b2b0..c6a5f69534eec 100644 --- a/pkg/logs/message/go.sum +++ b/pkg/logs/message/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/logs/sds/go.sum b/pkg/logs/sds/go.sum index 2dbcc7c16e382..83f57c151f45f 100644 --- a/pkg/logs/sds/go.sum +++ b/pkg/logs/sds/go.sum @@ -13,6 +13,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/logs/sources/go.sum b/pkg/logs/sources/go.sum index 1743aa220b2b0..c6a5f69534eec 100644 --- a/pkg/logs/sources/go.sum +++ b/pkg/logs/sources/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/logs/util/testutils/go.sum b/pkg/logs/util/testutils/go.sum index 1743aa220b2b0..c6a5f69534eec 100644 --- a/pkg/logs/util/testutils/go.sum +++ b/pkg/logs/util/testutils/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/metrics/go.sum b/pkg/metrics/go.sum index f6b50943895c6..1e57015f8e385 100644 --- a/pkg/metrics/go.sum +++ b/pkg/metrics/go.sum @@ -17,6 +17,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/serializer/go.sum b/pkg/serializer/go.sum index 2ba91c6624bbf..cec61c681b760 100644 --- a/pkg/serializer/go.sum +++ b/pkg/serializer/go.sum @@ -25,6 +25,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/util/compression/go.sum b/pkg/util/compression/go.sum index e4f96071709b7..e63c55e621a2a 100644 --- a/pkg/util/compression/go.sum +++ b/pkg/util/compression/go.sum @@ -13,6 +13,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/util/flavor/go.sum b/pkg/util/flavor/go.sum index 1743aa220b2b0..c6a5f69534eec 100644 --- a/pkg/util/flavor/go.sum +++ b/pkg/util/flavor/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/util/grpc/go.sum b/pkg/util/grpc/go.sum index 3d0c0b3ad9554..2e833b727aecc 100644 --- a/pkg/util/grpc/go.sum +++ b/pkg/util/grpc/go.sum @@ -14,6 +14,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/util/http/go.sum b/pkg/util/http/go.sum index cd426b1b23415..9e26ca0cc9617 100644 --- a/pkg/util/http/go.sum +++ b/pkg/util/http/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= diff --git a/pkg/util/log/setup/go.sum b/pkg/util/log/setup/go.sum index b5f658714f330..edec7fb29204c 100644 --- a/pkg/util/log/setup/go.sum +++ b/pkg/util/log/setup/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From d178e4d163f8da1d28cf760199fc45263a42bd3a Mon Sep 17 00:00:00 2001 From: rahulkaukuntla Date: Fri, 7 Mar 2025 14:49:35 -0500 Subject: [PATCH 3/5] addressing comments --- .../secrets/secretsimpl/fetch_secret_test.go | 28 +++---- .../core/secrets/secretsimpl/info_nix_test.go | 8 +- .../secrets/secretsimpl/info_windows_test.go | 4 +- comp/core/secrets/secretsimpl/secrets.go | 25 +++--- comp/core/secrets/secretsimpl/secrets_mock.go | 2 +- comp/core/secrets/secretsimpl/secrets_test.go | 83 +++++++------------ pkg/config/setup/config.go | 4 +- 7 files changed, 67 insertions(+), 87 deletions(-) diff --git a/comp/core/secrets/secretsimpl/fetch_secret_test.go b/comp/core/secrets/secretsimpl/fetch_secret_test.go index bb7fea2a415bd..e687454080c08 100644 --- a/comp/core/secrets/secretsimpl/fetch_secret_test.go +++ b/comp/core/secrets/secretsimpl/fetch_secret_test.go @@ -123,13 +123,13 @@ func TestExecCommandError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) t.Run("Empty secretBackendCommand", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) _, err := resolver.execCommand(inputPayload) require.NotNil(t, err) }) t.Run("timeout", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "./test/timeout/timeout" + binExtension setCorrectRight(resolver.backendCommand) resolver.backendTimeout = 1 @@ -139,7 +139,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("No Error", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.Configure(secrets.ConfigParams{Command: "./test/simple/simple" + binExtension}) setCorrectRight(resolver.backendCommand) resp, err := resolver.execCommand(inputPayload) @@ -148,7 +148,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("Error returned", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "./test/error/error" + binExtension setCorrectRight(resolver.backendCommand) _, err := resolver.execCommand(inputPayload) @@ -156,7 +156,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("argument", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.Configure(secrets.ConfigParams{Command: "./test/argument/argument" + binExtension}) setCorrectRight(resolver.backendCommand) resolver.backendArguments = []string{"arg1"} @@ -169,7 +169,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("input", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.Configure(secrets.ConfigParams{Command: "./test/input/input" + binExtension}) setCorrectRight(resolver.backendCommand) resp, err := resolver.execCommand(inputPayload) @@ -178,7 +178,7 @@ func TestExecCommandError(t *testing.T) { }) t.Run("buffer limit", func(t *testing.T) { - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.Configure(secrets.ConfigParams{Command: "./test/response_too_long/response_too_long" + binExtension}) setCorrectRight(resolver.backendCommand) resolver.responseMaxSize = 20 @@ -190,7 +190,7 @@ func TestExecCommandError(t *testing.T) { func TestFetchSecretExecError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.commandHookFunc = func(string) ([]byte, error) { return nil, fmt.Errorf("some error") } _, err := resolver.fetchSecret([]string{"handle1", "handle2"}) assert.NotNil(t, err) @@ -198,7 +198,7 @@ func TestFetchSecretExecError(t *testing.T) { func TestFetchSecretUnmarshalError(t *testing.T) { tel := fxutil.Test[telemetry.Mock](t, telemetryimpl.MockModule()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{"), nil } _, err := resolver.fetchSecret([]string{"handle1", "handle2"}) assert.NotNil(t, err) @@ -213,7 +213,7 @@ func TestFetchSecretUnmarshalError(t *testing.T) { func TestFetchSecretMissingSecret(t *testing.T) { tel := fxutil.Test[telemetry.Mock](t, telemetryimpl.MockModule()) secrets := []string{"handle1", "handle2"} - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{}"), nil } _, err := resolver.fetchSecret(secrets) assert.NotNil(t, err) @@ -223,7 +223,7 @@ func TestFetchSecretMissingSecret(t *testing.T) { func TestFetchSecretErrorForHandle(t *testing.T) { tel := fxutil.Test[telemetry.Mock](t, telemetryimpl.MockModule()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{\"handle1\":{\"value\": null, \"error\": \"some error\"}}"), nil } @@ -235,7 +235,7 @@ func TestFetchSecretErrorForHandle(t *testing.T) { func TestFetchSecretEmptyValue(t *testing.T) { tel := fxutil.Test[telemetry.Mock](t, telemetryimpl.MockModule()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{\"handle1\":{\"value\": null}}"), nil } @@ -270,7 +270,7 @@ func checkErrorCountMetric(t *testing.T, tel telemetry.Mock, expected int, error func TestFetchSecret(t *testing.T) { secrets := []string{"handle1", "handle2"} tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) // some dummy value to check the cache is not purge resolver.cache["test"] = "yes" resolver.commandHookFunc = func(string) ([]byte, error) { @@ -292,7 +292,7 @@ func TestFetchSecret(t *testing.T) { func TestFetchSecretRemoveTrailingLineBreak(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.commandHookFunc = func(string) ([]byte, error) { return []byte("{\"handle1\":{\"value\":\"some data\\r\\n\"}}"), nil } diff --git a/comp/core/secrets/secretsimpl/info_nix_test.go b/comp/core/secrets/secretsimpl/info_nix_test.go index d70d6eef33f55..2cafc3cfc7903 100644 --- a/comp/core/secrets/secretsimpl/info_nix_test.go +++ b/comp/core/secrets/secretsimpl/info_nix_test.go @@ -32,7 +32,7 @@ instances: func TestGetExecutablePermissionsError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" _, err := resolver.getExecutablePermissions() @@ -60,7 +60,7 @@ func setupSecretCommand(t *testing.T, resolver *secretResolver) (string, string) func TestGetExecutablePermissionsSuccess(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) currentUser, currentGroup := setupSecretCommand(t, resolver) res, err := resolver.getExecutablePermissions() @@ -74,7 +74,7 @@ func TestGetExecutablePermissionsSuccess(t *testing.T) { func TestDebugInfo(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) currentUser, currentGroup := setupSecretCommand(t, resolver) resolver.commandHookFunc = func(string) ([]byte, error) { @@ -119,7 +119,7 @@ Secrets handle resolved: func TestDebugInfoError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" resolver.commandHookFunc = func(string) ([]byte, error) { diff --git a/comp/core/secrets/secretsimpl/info_windows_test.go b/comp/core/secrets/secretsimpl/info_windows_test.go index 4d35e84994db5..affad053ed79d 100644 --- a/comp/core/secrets/secretsimpl/info_windows_test.go +++ b/comp/core/secrets/secretsimpl/info_windows_test.go @@ -24,7 +24,7 @@ import ( func TestGetExecutablePermissionsError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" res, err := resolver.getExecutablePermissions() @@ -54,7 +54,7 @@ func setupSecretCommmand(t *testing.T, resolver *secretResolver) { func TestGetExecutablePermissionsSuccess(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) setupSecretCommmand(t, resolver) res, err := resolver.getExecutablePermissions() diff --git a/comp/core/secrets/secretsimpl/secrets.go b/comp/core/secrets/secretsimpl/secrets.go index bec9716262426..b65daf16409f6 100644 --- a/comp/core/secrets/secretsimpl/secrets.go +++ b/comp/core/secrets/secretsimpl/secrets.go @@ -41,6 +41,8 @@ import ( const auditFileBasename = "secret-audit-file.json" +var newClock = clock.New + type provides struct { fx.Out @@ -93,6 +95,7 @@ type secretResolver struct { // refresh secrets at a regular interval refreshInterval time.Duration refreshIntervalScatter bool + scatterDuration time.Duration ticker *clock.Ticker // filename to write audit records to auditFilename string @@ -114,7 +117,7 @@ type secretResolver struct { var _ secrets.Component = (*secretResolver)(nil) -func newEnabledSecretResolver(telemetry telemetry.Component, clk clock.Clock) *secretResolver { +func newEnabledSecretResolver(telemetry telemetry.Component) *secretResolver { return &secretResolver{ cache: make(map[string]string), origin: make(handleToContext), @@ -122,12 +125,12 @@ func newEnabledSecretResolver(telemetry telemetry.Component, clk clock.Clock) *s tlmSecretBackendElapsed: telemetry.NewGauge("secret_backend", "elapsed_ms", []string{"command", "exit_code"}, "Elapsed time of secret backend invocation"), tlmSecretUnmarshalError: telemetry.NewCounter("secret_backend", "unmarshal_errors_count", []string{}, "Count of errors when unmarshalling the output of the secret binary"), tlmSecretResolveError: telemetry.NewCounter("secret_backend", "resolve_errors_count", []string{"error_kind", "handle"}, "Count of errors when resolving a secret"), - clk: clk, + clk: newClock(), } } func newSecretResolverProvider(deps dependencies) provides { - resolver := newEnabledSecretResolver(deps.Telemetry, nil) + resolver := newEnabledSecretResolver(deps.Telemetry) resolver.enabled = deps.Params.Enabled return provides{ Comp: resolver, @@ -248,13 +251,10 @@ func (r *secretResolver) startRefreshRoutine() { return } - if r.clk == nil { - r.clk = clock.New() - } - if r.refreshIntervalScatter { - scatterDuration := time.Duration(rand.Int63n(int64(r.refreshInterval))) - r.ticker = r.clk.Ticker(scatterDuration) + r.scatterDuration = time.Duration(rand.Int63n(int64(r.refreshInterval))) + log.Infof("scatterDuration is %s", r.scatterDuration) + r.ticker = r.clk.Ticker(r.scatterDuration) } else { r.ticker = r.clk.Ticker(r.refreshInterval) } @@ -262,14 +262,15 @@ func (r *secretResolver) startRefreshRoutine() { go func() { <-r.ticker.C if _, err := r.Refresh(); err != nil { - log.Debug("First refresh error", "error", err) + log.Infof("Error with refreshing secrets: %s", err) } + // we want to reset the refresh interval to the refreshInterval after the first refresh in case a scattered first refresh interval was configured r.ticker.Reset(r.refreshInterval) for { <-r.ticker.C if _, err := r.Refresh(); err != nil { - log.Debug("Periodic refresh error", "error", err) + log.Infof("Error with refreshing secrets: %s", err) } } }() @@ -686,7 +687,7 @@ func (r *secretResolver) GetDebugInfo(w io.Writer) { } if r.refreshIntervalScatter { - fmt.Fprintf(w, "The first secret refresh will happen at a random time between the starting of the agent and the set refresh interval") + fmt.Fprintf(w, "'secret_refresh interval' enabled: the first refresh will happen at %s seconds and then every %s seconds", r.scatterDuration, r.refreshInterval) } } diff --git a/comp/core/secrets/secretsimpl/secrets_mock.go b/comp/core/secrets/secretsimpl/secrets_mock.go index 56361a8eae87e..7c57c3fbc8af5 100644 --- a/comp/core/secrets/secretsimpl/secrets_mock.go +++ b/comp/core/secrets/secretsimpl/secrets_mock.go @@ -48,7 +48,7 @@ func (m *MockSecretResolver) SetFetchHookFunc(f func([]string) (map[string]strin // newMock returns a MockSecretResolver func newMock(testDeps testDeps) MockProvides { r := &MockSecretResolver{ - secretResolver: newEnabledSecretResolver(testDeps.Telemetry, nil), + secretResolver: newEnabledSecretResolver(testDeps.Telemetry), } return MockProvides{ Comp: r, diff --git a/comp/core/secrets/secretsimpl/secrets_test.go b/comp/core/secrets/secretsimpl/secrets_test.go index 6b97bd5270410..031c3c7a486e5 100644 --- a/comp/core/secrets/secretsimpl/secrets_test.go +++ b/comp/core/secrets/secretsimpl/secrets_test.go @@ -279,7 +279,7 @@ func TestIsEnc(t *testing.T) { func TestResolveNoCommand(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.fetchHookFunc = func([]string) (map[string]string, error) { return nil, fmt.Errorf("some error") } @@ -292,7 +292,7 @@ func TestResolveNoCommand(t *testing.T) { func TestResolveSecretError(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" resolver.fetchHookFunc = func([]string) (map[string]string, error) { @@ -305,7 +305,7 @@ func TestResolveSecretError(t *testing.T) { func TestResolveDoestSendDuplicates(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" // test configuration has handle "pass1" appear twice, but fetch should only get one handle @@ -499,7 +499,7 @@ func TestResolve(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" if tc.secretCache != nil { resolver.cache = tc.secretCache @@ -520,7 +520,7 @@ func TestResolve(t *testing.T) { func TestResolveNestedWithSubscribe(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" resolver.cache = map[string]string{"pass3": "password3"} @@ -561,7 +561,7 @@ func TestResolveNestedWithSubscribe(t *testing.T) { func TestResolveCached(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" resolver.cache = map[string]string{"pass1": "password1"} @@ -591,7 +591,7 @@ func TestResolveThenRefresh(t *testing.T) { defer func() { allowlistEnabled = true }() tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" resolver.cache = map[string]string{} @@ -667,7 +667,7 @@ func TestResolveThenRefresh(t *testing.T) { // test that the allowlist only lets setting paths that match it get Refreshed func TestRefreshAllowlist(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" resolver.cache = map[string]string{"handle": "value"} resolver.origin = handleToContext{ @@ -713,7 +713,7 @@ func TestRefreshAllowlist(t *testing.T) { // about changed secret values from a Refresh func TestRefreshAllowlistAppliesToEachSettingPath(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" resolver.fetchHookFunc = func([]string) (map[string]string, error) { @@ -761,7 +761,7 @@ func TestRefreshAddsToAuditFile(t *testing.T) { defer func() { allowlistPaths = originalAllowlistPaths }() tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - resolver := newEnabledSecretResolver(tel, nil) + resolver := newEnabledSecretResolver(tel) resolver.backendCommand = "some_command" resolver.cache = map[string]string{"handle": "value"} resolver.origin = handleToContext{ @@ -805,10 +805,6 @@ func TestRefreshAddsToAuditFile(t *testing.T) { } func TestStartRefreshRoutineWithScatter(t *testing.T) { - mockClock := clock.NewMock() - - tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) - testCases := []struct { name string scatter bool @@ -828,17 +824,28 @@ func TestStartRefreshRoutineWithScatter(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { - resolver := newEnabledSecretResolver(tel, mockClock) - originalAllowListEnabled := allowlistEnabled + // Create a new mock clock instance for every test case + mockClock := clock.NewMock() + originalNewClock := newClock + newClock = func() clock.Clock { + return mockClock + } + t.Cleanup(func() { + newClock = originalNewClock + }) + tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) + + resolver := newEnabledSecretResolver(tel) + defer func(resetValue bool) { + allowlistEnabled = resetValue + }(allowlistEnabled) allowlistEnabled = false - defer func() { - allowlistEnabled = originalAllowListEnabled - }() resolver.refreshInterval = 10 * time.Second resolver.refreshIntervalScatter = tc.scatter if tc.scatter { + // Seed the random number generator to make the test deterministic rand.Seed(12345) } @@ -870,44 +877,16 @@ func TestStartRefreshRoutineWithScatter(t *testing.T) { resolver.SubscribeToChanges(func(_, _ string, _ []string, _, _ any) { changeDetected <- struct{}{} }) - - if resolver.ticker == nil { - t.Fatal("Ticker was not created") - } + require.NotNil(t, resolver.ticker) if tc.scatter { - // In scattered case, first we advance 1/4 of the refresh interval - mockClock.Add(resolver.refreshInterval / 4) + // The set random seed has a the scatterDuration is 5.477027098s + mockClock.Add(6 * time.Second) - refreshHappened := false select { case <-refreshCalledChan: - refreshHappened = true - case <-time.After(100 * time.Millisecond): - // No refresh yet - } - - if !refreshHappened { - // If no refresh yet, advance to 3/4 of the refresh interval - mockClock.Add(resolver.refreshInterval / 2) - - select { - case <-refreshCalledChan: - refreshHappened = true - case <-time.After(100 * time.Millisecond): - // Still no refresh - } - } - - if !refreshHappened { - // If still no refresh, advance to the full refresh interval - mockClock.Add(resolver.refreshInterval / 4) - - select { - case <-refreshCalledChan: - case <-time.After(1 * time.Second): - t.Fatal("First refresh didn't occur even after full interval") - } + case <-time.After(1 * time.Second): + t.Fatal("First refresh didn't occur even after full interval") } } else { // Without scatter, the first tick should be at the full refresh interval diff --git a/pkg/config/setup/config.go b/pkg/config/setup/config.go index a9ab3664bb2da..3f40b1eef4113 100644 --- a/pkg/config/setup/config.go +++ b/pkg/config/setup/config.go @@ -356,7 +356,7 @@ func InitConfig(config pkgconfigmodel.Setup) { config.BindEnvAndSetDefault("secret_backend_skip_checks", false) config.BindEnvAndSetDefault("secret_backend_remove_trailing_line_break", false) config.BindEnvAndSetDefault("secret_refresh_interval", 0) - config.BindEnvAndSetDefault("secret_refresh_interval_scatter", true) + config.BindEnvAndSetDefault("secret_refresh_scatter", true) config.SetDefault("secret_audit_file_max_size", 0) // IPC API server timeout @@ -2268,7 +2268,7 @@ func ResolveSecrets(config pkgconfigmodel.Config, secretResolver secrets.Compone Timeout: config.GetInt("secret_backend_timeout"), MaxSize: config.GetInt("secret_backend_output_max_size"), RefreshInterval: config.GetInt("secret_refresh_interval"), - RefreshIntervalScatter: config.GetBool("secret_refresh_interval_scatter"), + RefreshIntervalScatter: config.GetBool("secret_refresh_scatter"), GroupExecPerm: config.GetBool("secret_backend_command_allow_group_exec_perm"), RemoveLinebreak: config.GetBool("secret_backend_remove_trailing_line_break"), RunPath: config.GetString("run_path"), From c4f50993e754120d145235ea1bea1d2e4d427f96 Mon Sep 17 00:00:00 2001 From: rahulkaukuntla Date: Fri, 7 Mar 2025 15:12:31 -0500 Subject: [PATCH 4/5] dda inv tidy --- comp/core/configsync/go.sum | 2 ++ 1 file changed, 2 insertions(+) diff --git a/comp/core/configsync/go.sum b/comp/core/configsync/go.sum index 524c2795c251f..c58a73e01a4ad 100644 --- a/comp/core/configsync/go.sum +++ b/comp/core/configsync/go.sum @@ -11,6 +11,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= github.com/antihax/optional v0.0.0-20180407024304-ca021399b1a6/go.mod h1:V8iCPQYkqmusNa815XgQio277wI47sdRh1dUOLdyC6Q= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= +github.com/benbjohnson/clock v1.3.5 h1:VvXlSJBzZpA/zum6Sj74hxwYI2DIxRWuNIoXAzHZz5o= +github.com/benbjohnson/clock v1.3.5/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= From 3ca5ade36f944c6584dcae8d429d7ce289eeb20e Mon Sep 17 00:00:00 2001 From: rahulkaukuntla Date: Fri, 7 Mar 2025 15:56:53 -0500 Subject: [PATCH 5/5] avoiding a data race --- comp/core/secrets/secretsimpl/secrets.go | 22 +++++++++++++++---- comp/core/secrets/secretsimpl/secrets_test.go | 16 +++++++++----- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/comp/core/secrets/secretsimpl/secrets.go b/comp/core/secrets/secretsimpl/secrets.go index b65daf16409f6..1615948f78c49 100644 --- a/comp/core/secrets/secretsimpl/secrets.go +++ b/comp/core/secrets/secretsimpl/secrets.go @@ -22,6 +22,7 @@ import ( "strconv" "strings" "sync" + "sync/atomic" "text/template" "time" @@ -407,11 +408,24 @@ var ( "additional_endpoints", } // tests override this to test refresh logic - allowlistEnabled = true + // Using uint32 for atomic operations + allowlistEnabledAtomic uint32 = 1 // Default to true ) +func isAllowlistEnabled() bool { + return atomic.LoadUint32(&allowlistEnabledAtomic) == 1 +} + +func setAllowlistEnabled(value bool) { + var intValue uint32 + if value { + intValue = 1 + } + atomic.StoreUint32(&allowlistEnabledAtomic, intValue) +} + func secretMatchesAllowlist(secretCtx secretContext) bool { - if !allowlistEnabled { + if !isAllowlistEnabled() { return true } for _, allowedKey := range allowlistPaths { @@ -426,7 +440,7 @@ func secretMatchesAllowlist(secretCtx secretContext) bool { // handle appears at against the allowlist func (r *secretResolver) matchesAllowlist(handle string) bool { // if allowlist is disabled, consider every handle a match - if !allowlistEnabled { + if !isAllowlistEnabled() { return true } for _, secretCtx := range r.origin[handle] { @@ -492,7 +506,7 @@ func (r *secretResolver) Refresh() (string, error) { // get handles from the cache that match the allowlist newHandles := maps.Keys(r.cache) - if allowlistEnabled { + if isAllowlistEnabled() { filteredHandles := make([]string, 0, len(newHandles)) for _, handle := range newHandles { if r.matchesAllowlist(handle) { diff --git a/comp/core/secrets/secretsimpl/secrets_test.go b/comp/core/secrets/secretsimpl/secrets_test.go index 031c3c7a486e5..fff85a8dbc86c 100644 --- a/comp/core/secrets/secretsimpl/secrets_test.go +++ b/comp/core/secrets/secretsimpl/secrets_test.go @@ -587,8 +587,11 @@ func TestResolveCached(t *testing.T) { func TestResolveThenRefresh(t *testing.T) { // disable the allowlist for the test, let any secret changes happen - allowlistEnabled = false - defer func() { allowlistEnabled = true }() + originalValue := isAllowlistEnabled() + setAllowlistEnabled(false) + defer func() { + setAllowlistEnabled(originalValue) + }() tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) resolver := newEnabledSecretResolver(tel) @@ -836,10 +839,11 @@ func TestStartRefreshRoutineWithScatter(t *testing.T) { tel := fxutil.Test[telemetry.Component](t, nooptelemetry.Module()) resolver := newEnabledSecretResolver(tel) - defer func(resetValue bool) { - allowlistEnabled = resetValue - }(allowlistEnabled) - allowlistEnabled = false + originalValue := isAllowlistEnabled() + setAllowlistEnabled(false) + defer func() { + setAllowlistEnabled(originalValue) + }() resolver.refreshInterval = 10 * time.Second resolver.refreshIntervalScatter = tc.scatter