Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(secretstores): Add http plugin #13150

Merged
merged 34 commits into from
May 24, 2023
Merged

feat(secretstores): Add http plugin #13150

merged 34 commits into from
May 24, 2023

Conversation

srebhan
Copy link
Member

@srebhan srebhan commented Apr 26, 2023

This PR adds a secret-store plugin to query secrets from a HTTP server. The data can be transmitted in an encrypted form if necessary.

srebhan added 24 commits April 26, 2023 10:55
@srebhan
Implement http secret-store plugin.
1a3747e
@srebhan
Simplify cipher param checking and use standard lib.
50eb764
@srebhan
Move encryption/decryption stuff to common.
5ea4e21
@srebhan
Completely abstract decryption to common.
a8a2da8
@srebhan
Do not make assumptions on the JSON but expect key-value pairs after …
f29a88a 
…transformation.
@srebhan
Rename encryption file.
4b75430
@srebhan
Add sample config bits and pieces.
97e33cf
@srebhan
Add http secret-store helper.
ab80f49
@srebhan
Clarify and reorganize PBKDF.
01e28b4
@srebhan
Avoid duplicate newlines when including files.
8ba52a4
@srebhan
Add missing file.
927b628
@srebhan
Update documentation.
5fbd939
@srebhan
Merge common/encryption code back to http secret-store as it is the o…
fd26c07 
…nly user.
@srebhan
Merge docs.
cedc0ab
@srebhan
Remove common/encryption left-over.
3fb1487
@srebhan
Merge trimming into decryption.
cbed4c3
@srebhan
Revert lint-ignore to master.
16d37ae
@srebhan
Remove left-over import.
613ac7d
@srebhan
Make linter happy.
0e50dcb
@srebhan
Fix empty-detection when setting a secret.
464e0bc
@srebhan
Improve code
e70bf31
@srebhan
Add unit-tests.
9383db7
@srebhan
Improve error handling.
9b6ee2e
@srebhan
More tests.
ac01573
@telegraf-tiger telegraf-tiger bot added the feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin label Apr 26, 2023
@srebhan srebhan changed the title feat(secretstores): Add `http plugin feat(secretstores): Add http plugin Apr 26, 2023
@srebhan srebhan requested a review from jdstrand April 26, 2023 20:23
jdstrand
jdstrand suggested changes May 3, 2023
View reviewed changes
Copy link
Contributor

@jdstrand jdstrand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In all, I think this looks good. I was asked to look at the AES options and they seem fine. I have quite a few comments, questions and suggestions inline. I mentioned a number of places where we lack test coverage and it would be nice to expand at least some of the tests for this.

@srebhan srebhan requested review from jdstrand and powersj May 16, 2023 19:32
@srebhan srebhan added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label May 16, 2023
jdstrand
jdstrand suggested changes May 22, 2023
View reviewed changes
Copy link
Contributor

@jdstrand jdstrand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates and added tests! This is quite close. I think I answered the open questions. There's just a few places for 'wiping' strings by reassigning them something other than the token that I think would be a nice hardening measure.

@powersj powersj removed the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label May 23, 2023
@powersj
Copy link
Contributor

powersj commented May 23, 2023

@srebhan re-assigning back to you, to go through Jamie's review

@powersj powersj removed their assignment May 23, 2023
@srebhan srebhan requested a review from jdstrand May 24, 2023 13:11
@srebhan
Copy link
Member Author

srebhan commented May 24, 2023

@jdstrand I wiped some more memory portions. I think we cannot do more here...

jdstrand
jdstrand approved these changes May 24, 2023
View reviewed changes
Copy link
Contributor

@jdstrand jdstrand left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates!

@srebhan srebhan added the ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review. label May 24, 2023
@telegraf-tiger
Copy link
Contributor

Download PR build artifacts for linux_amd64.tar.gz, darwin_amd64.tar.gz, and windows_amd64.zip.
Downloads for additional architectures and packages are available below.

🥳 This pull request decreases the Telegraf binary size by -8.98 % for linux amd64 (new size: 168.8 MB, nightly size 185.4 MB)

📦 Click here to get additional PR build artifacts

Artifact URLs

DEB RPM TAR GZ ZIP
amd64.deb aarch64.rpm darwin_amd64.tar.gz windows_amd64.zip
arm64.deb armel.rpm darwin_arm64.tar.gz windows_arm64.zip
armel.deb armv6hl.rpm freebsd_amd64.tar.gz windows_i386.zip
armhf.deb i386.rpm freebsd_armv7.tar.gz
i386.deb ppc64le.rpm freebsd_i386.tar.gz
mips.deb riscv64.rpm linux_amd64.tar.gz
mipsel.deb s390x.rpm linux_arm64.tar.gz
ppc64el.deb x86_64.rpm linux_armel.tar.gz
riscv64.deb linux_armhf.tar.gz
s390x.deb linux_i386.tar.gz
linux_mips.tar.gz
linux_mipsel.tar.gz
linux_ppc64le.tar.gz
linux_riscv64.tar.gz
linux_s390x.tar.gz

@srebhan srebhan assigned powersj and unassigned srebhan May 24, 2023
@powersj powersj merged commit 272add9 into influxdata:master May 24, 2023
@chenrui333 chenrui333 mentioned this pull request Jun 13, 2023
Merged
@srebhan srebhan added this to the v1.27.0 milestone Jun 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Hipska Hipska Hipska left review comments

@jdstrand jdstrand jdstrand approved these changes

@powersj powersj powersj approved these changes

Assignees

@powersj powersj

Labels
feat Improvement on an existing feature such as adding a new setting/mode to an existing plugin new plugin plugin/secretstores ready for final review This pull request has been reviewed and/or tested by multiple users and is ready for a final review.
Projects
None yet
Milestone
v1.27.0
Development

Successfully merging this pull request may close these issues.
4 participants
@srebhan @powersj @Hipska @jdstrand