[native] Add support for env vars providing property values #23880
Conversation
|
TODo add documentation in the PrestoC++ section. |
4a0e096 to
18373b8
Compare
|
@majetideepak FYI |
18373b8 to
d7d834c
Compare
d7d834c to
9fc8fbb
Compare
| std::optional<std::string> value{std::nullopt}; | ||
| if (str.size() >= 3 && str.substr(0, 2) == "${" && | ||
| str[str.size() - 1] == '}') { | ||
| auto env_name = std::string(str.substr(2, str.size() - 3)); |
There was a problem hiding this comment.
@majetideepak we discussed using string_view here but we need a null terminated char* so we need to construct something from the substring string_view to pass to getenv.
There was a problem hiding this comment.
Thanks for clarifying. Maybe add a comment for this to ensure someone else does not make this change.
| @@ -333,3 +333,31 @@ This only applies if ``system-mem-pushback-enabled`` is ``true``. | |||
|
|
|||
| Specifies the amount of memory to shrink when the memory pushback is | |||
| triggered. This only applies if ``system-mem-pushback-enabled`` is ``true``. | |||
|
|
|||
| Environment variables as values for worker properties | |||
There was a problem hiding this comment.
Title should be camel case.
| The environment variable name must match exactly with the defined variable. | ||
|
|
||
| This allows a worker to read sensitive data e.g. for access keys from an | ||
| environment variable rather than having the actual value hard coded in a comnfiguration |
|
|
||
| This allows a worker to read sensitive data e.g. for access keys from an | ||
| environment variable rather than having the actual value hard coded in a comnfiguration | ||
| file on disk enhancing the security stance of deployments. |
| file on disk enhancing the security stance of deployments. | ||
|
|
||
| For example, consider the hive connector's `hive.s3.aws-access-key` property. | ||
| This is sensitive data and can be stored in an environment variable, for example, |
There was a problem hiding this comment.
May also add to this the real usage of how these key values can be stored encrypted on disk and are decrypted during deployment as passed as environment variables.
| std::optional<std::string> extractValueIfEnvironmentVariable( | ||
| std::string_view str) { | ||
| std::optional<std::string> value{std::nullopt}; | ||
| if (str.size() >= 3 && str.substr(0, 2) == "${" && |
There was a problem hiding this comment.
nit: str.size() > 3. Let's skip empty ${} as well.
| std::string ENV_VAR = "PRESTO_READ_CONFIG_TEST_VAR"; | ||
|
|
||
| writeConfigFile( | ||
| fmt::format("{}={}\n", "plain-text", "plain-text-value") + |
There was a problem hiding this comment.
use constants for "plain-text" and other keys to be consistent when reading them below.
| fmt::format("{}={}}}\n", "env-var3", ENV_VAR) + | ||
| fmt::format("{}=${{}}\n", "no-env-var")); | ||
|
|
||
| setenv(ENV_VAR.c_str(), "env-var-value", 1); |
There was a problem hiding this comment.
Add a test for empty value. It should be enough to check that it does not introduce a crash.
| std::optional<std::string> value{std::nullopt}; | ||
| if (str.size() >= 3 && str.substr(0, 2) == "${" && | ||
| str[str.size() - 1] == '}') { | ||
| auto env_name = std::string(str.substr(2, str.size() - 3)); |
There was a problem hiding this comment.
Thanks for clarifying. Maybe add a comment for this to ensure someone else does not make this change.
| str[str.size() - 1] == '}') { | ||
| auto env_name = std::string(str.substr(2, str.size() - 3)); | ||
|
|
||
| char* envval = std::getenv(env_name.c_str()); |
presto-native-execution/presto_cpp/main/common/ConfigReader.cpp
Outdated
Show resolved
Hide resolved
cfed7b5 to
aa87ffd
Compare
| // Does nothing if the input doesn't look like "${...}". | ||
| void extractValueIfEnvironmentVariable(std::string& value) { | ||
| if (value.size() > 3 && value.substr(0, 2) == "${" && value.back() == '}') { | ||
| auto env_name = value.substr(2, value.size() - 3); |
presto-native-execution/presto_cpp/main/common/ConfigReader.cpp
Outdated
Show resolved
Hide resolved
aa87ffd to
fbeee81
Compare
There was a problem hiding this comment.
@steveburnett Can you please take another look at the doc changes?
@czentgr this looks great. I like that the new API leaves the existing value as is if the env var is missing.
| if (envVal != nullptr) { | ||
| if (strlen(envVal) == 0) { | ||
| LOG(WARNING) << fmt::format( | ||
| "Config environment variable {} was empty.", envVal); |
There was a problem hiding this comment.
This should be envName.
| One mechanism is to create a preload library that is injected at the time | ||
| presto_server is started. It decrypts encrypted secrets and sets environment | ||
| variables specific to the presto_server process. These can then be referenced | ||
| in the properies. |
There was a problem hiding this comment.
| in the properies. | |
| in the properties. |
fbeee81 to
74e6c34
Compare
|
The presto_serve_test failure could be due to the image update. I will take a look. |
presto-native-execution/presto_cpp/main/common/ConfigReader.cpp
Outdated
Show resolved
Hide resolved
Likely non-deterministic. Can you rerun the test? |
76a6e2f
This allows a user to configure the value of an environment variable to be used as value for a configuration property. For example, the configuration file may contain keys that would be hard coded. The values can now be replaced by environment variables that are read at startup time and the keys don't require hard coding in the configuration file. Co-authored-by: ashkrisk <ashwin.kumar6@ibm.com>
76a6e2f to
853778f
Compare
Done. |
This allows a user to configure the value of an environment variable to be used as value for a configuration property. For example, the configuration file may contain keys that would be hard coded. The values can now be replaced by environment variables that are read at startup time and the keys don't require hard coding in the configuration file.
Description
This change allows reading of a config value that references an environment variable that contains the value as opposed to providing the value directly in the config file.
Motivation and Context
This can be used if certain values should not be hard coded, e.g. keys in configuration files.
Impact
User can provide config values using environment variables and refer to the environment variable name as the value in the configuration file.
Test Plan
Added unit test.
Contributor checklist
Release Notes
Please follow release notes guidelines and fill in the release notes below.