fix(AWS SecretsManager): update to v2

ForgeRock / secret-agent

Generate random Kubernetes secrets and optionally store them in a Cloud Secret Manager

Apache License 2.0

17 stars 20 forks source link

fix(AWS SecretsManager): update to v2 #255

Closed dnitsch closed 6 months ago

dnitsch commented 7 months ago

update go 1.21 update AWS SDK v2 for secrets manager add interface for easier testing

deals with #256

closes #253

dnitsch commented 7 months ago

I am not sure what I am doing wrong here 😐 - locally running inside the build secret-agent-tester container this command works controller-gen "crd:crdVersions=v1" rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases. Not sure I am looking in the right place though.

Any help @lee-baines or anyone able to help would be useful.

williamayerst commented 7 months ago

LGTM!

lee-baines commented 6 months ago

Thanks for the PR @dnitsch. What is the issue you are seeing? Or is it resolved now?

dnitsch commented 6 months ago

Hi @lee-baines - it's resolved now thank you, just FYI had to set GOFLAG buildvcs to false inside the build and test containers.

All of this is most likely caused by the upgrade to 1.21 - I hope you are OK with the update - didn't want to push to 1.22 just yet as it's very new, but you will still get a lot of incremental benefits from the 1.16 - 1.21 jump.

Let me know if you have any other comments, but if possible could we cut a new version soon, it does seem automated now.

lee-baines commented 6 months ago

Thanks @dnitsch. Your change is fine. Feel free to merge change then I'll create a new release

dnitsch commented 6 months ago

Thanks @lee-baines - I am not able to merge it, haven't got write access or do you mean something else?

lee-baines commented 6 months ago

I've merged the PR @dnitsch

dnitsch commented 6 months ago

@lee-baines thanks - I'll try and find the time to submit another PR for the additional security fixes.

lee-baines commented 4 months ago

@dnitsch There is something broken in this PR. I missed it when reviewing but it looks like you've taken the region property out of the AWS manager. So when customers deploy the latest version of the secret-agent, it can't find the region property: https://github.com/ForgeRock/secret-agent/pull/255/files#diff-de57ac7dfa2cb769f9b1a03b027f45cc8c5f0bbaba7101cdda63f7189289370e

This is the error: namespace\":\"rdgpreprod\",\"secret_name\":\"amster-env-secrets\",\"data_key\":\"IDM_PROVISIONING_CLIENT_SECRET\",\"secret_type\":\"password\",\" error \":\"failed api call to secret manager: operation error Secrets Manager: GetSecretValue, failed to resolve service endpoint, endpoint rule error , Invalid Configuration: Missing Region\",\"errorVerbose\":\"operation error Secrets Manager: GetSecretValue, failed to resolve service endpoint, endpoint rule error