search

acorn-io / runtime

A simple application deployment framework built on Kubernetes
https://docs.acorn.io/
Apache License 2.0
1.13k stars 100 forks source link

Secrets with type "credential.acorn.io" need to show which Acorns are referencing them. #2387

Open sangee2004 opened 9 months ago

sangee2004 commented 9 months ago

acorn version - v0.10.0-rc1-7-g8b9acb47+8b9acb47

Steps to reproduce the problem:

  1. Deploy app with secrets with type "credential.acorn.io" using the following Acornfile - acorn run -n mytestsec
secrets:
{ 
config: {
    type: "credential.acorn.io/mytest"
    params: {
        promptOrder: ["proto", "address", "port", "adminUsername", "adminPassword", "username", "password"]
    }
    data: {
        address:       ""
        port:          ""
        username:      ""
        password:      ""
        adminUsername: ""
        adminPassword: ""
        proto:         ""
        dbName:        ""
    }
}
mytestsec: type: "token"
}
  1. Once the app is deployed, notice that the credential - config created does not indicate that app deployed in step1 is referencing this credential.
acorn secrets
NAME                  TYPE                          KEYS                                                                        CREATED
config-84pkz          credential.acorn.io/mytest    [address adminPassword adminUsername dbName password port proto username]   8s ago
mytestsec.mytestsec   token                         [token]                                                                     22s ago

Expected Behavior: Credential needs to show which Acorns are referencing them.

g-linville commented 8 months ago

@sangee2004 I got confirmation from @ibuildthecloud that these credentials secrets are intentionally named that way, so we don't want to change them by adding app name prefixes. I think this issue can just be closed.

sangee2004 commented 8 months ago

@g-linville Is there any other way of letting the user know which credential is the associated with the app ? It feels odd for user to not know this when the secret definition is present in the Acornfile that is used for deployment of this secret .

g-linville commented 8 months ago

I'm gonna bring this up with the team and see what they think the UX should be.

cloudnautique commented 8 months ago

It would be helpful to know:

  1. What app created the credential. Then you could see if it exists or not.
  2. What apps are referencing the credential.

In the case of services, multiple "Credentials" can be created that connect to different database instances. They all end up with the same name. Which makes it difficult to figure out which credential is the one needed.

Also, when apps are deleted, the credentials are not, and they can build up over time and the user has no idea which is which, or if they can re-use one.