Allow env mapping for secrets

[jonnylangefeld]

This was previously not possible. This is a non breaking way of fixing #99. Other ways would introduce breaking changes to variable names.

Additional features:

• allow to rename secret keys in env variables (see https://github.com/cruise-automation/daytona/issues/99\#issuecomment-1492390145)
• allow to store selected secret keys as env variables and in a file

Example:

DAYTONA_SECRET_DESTINATION_CHAOS_DB=/Users/jonny.langefeld/data/repos/daytona/secrets.json \
K8S_AUTH=true \
K8S_AUTH_MOUNT=kubernetes-gcp-paas-dev-us-west1 \
SECRET_ENV=true \
VAULT_AUTH_ROLE=junogen-chaos-demo-0922 \
VAULT_SECRET_CHAOS_DB=secret-paas/project/jonny-1-click/dev/us-central1/crossplane/cruise-spanner-db/jonnys-spanner \
VAULT_VALUE_KEY_CHAOS_DB_SPANNERDATABASE=SPANNER_DATABASE_ID \
VAULT_VALUE_KEY_CHAOS_DB_SPANNERINSTANCE=SPANNER_INSTANCE_ID \
daytona -entrypoint -- printenv | grep SPANNER
{"level":"info","applicationName":"daytona","version":"","time":"2023-04-04T15:10:36-07:00","message":"Starting..."}
{"level":"info","applicationName":"daytona","time":"2023-04-04T15:10:36-07:00","message":"Attempting to automatically infer some k8s configuration data"}
{"level":"info","applicationName":"daytona","time":"2023-04-04T15:10:36-07:00","message":"Checking for an existing, valid vault token"}
{"level":"info","applicationName":"daytona","time":"2023-04-04T15:10:36-07:00","message":"Couldn't use VAULT_TOKEN, attempting file token instead: no pre-existing client token detected"}
{"level":"info","applicationName":"daytona","tokenPath":"/Users/jonny.langefeld/.vault-token","time":"2023-04-04T15:10:37-07:00","message":"Found an existing token at token path, setting as client token"}
{"level":"info","applicationName":"daytona","time":"2023-04-04T15:10:37-07:00","message":"Starting secret fetch"}
{"level":"debug","applicationName":"daytona","time":"2023-04-04T15:10:37-07:00","message":"reading secret path for VAULT_SECRET_CHAOS_DB=secret-paas/project/jonny-1-click/dev/us-central1/crossplane/cruise-spanner-db/jonnys-spanner"}
{"level":"debug","applicationName":"daytona","secret_count":5,"time":"2023-04-04T15:10:37-07:00","message":"finished reading paths for VAULT_SECRET_CHAOS_DB=secret-paas/project/jonny-1-click/dev/us-central1/crossplane/cruise-spanner-db/jonnys-spanner"}
{"level":"info","applicationName":"daytona","var":"JONNYS-SPANNER_SPANNER_PROJECT_ID","time":"2023-04-04T15:10:37-07:00","message":"Set env var"}
{"level":"info","applicationName":"daytona","var":"JONNYS-SPANNER_KEY.JSON","time":"2023-04-04T15:10:37-07:00","message":"Set env var"}
{"level":"info","applicationName":"daytona","var":"JONNYS-SPANNER_METADATA:SECRET.CROSSPLANE.IO/OWNER-UID","time":"2023-04-04T15:10:37-07:00","message":"Set env var"}
{"level":"info","applicationName":"daytona","var":"JONNYS-SPANNER_SPANNER_DATABASE_ID","time":"2023-04-04T15:10:37-07:00","message":"Set env var"}
{"level":"info","applicationName":"daytona","var":"JONNYS-SPANNER_SPANNER_INSTANCE_ID","time":"2023-04-04T15:10:37-07:00","message":"Set env var"}
{"level":"info","applicationName":"daytona","count":5,"outputDestination":"/Users/jonny.langefeld/data/repos/daytona/secrets.json","time":"2023-04-04T15:10:37-07:00","message":"Wrote secret"}
{"level":"info","applicationName":"daytona","args":["printenv"],"time":"2023-04-04T15:10:37-07:00","message":"Will exec"}
VAULT_VALUE_KEY_CHAOS_DB_SPANNERDATABASE=SPANNER_DATABASE_ID
VAULT_VALUE_KEY_CHAOS_DB_SPANNERINSTANCE=SPANNER_INSTANCE_ID
jonnys-spanner_SPANNER_PROJECT_ID=ca-persistent-systems-dev-qh38
jonnys-spanner_SPANNER_DATABASE_ID=jonnys-spanner
jonnys-spanner_SPANNER_INSTANCE_ID=test-persistent-systems-vmtv6-6bb89

[broamski]

Can we please limit this to the problem described in #99 and attempt to solve vault key re-mapping in a separate PR? We may want to add this capability to an upcoming 2.0.0 release. Thank you!

[jonnylangefeld]

Got it! I opened a new PR #101. Feel free to close this one or keep it open for the 2.0.0 release. This PR basically addressed only https://github.com/cruise-automation/daytona/issues/99#issuecomment-1492390145 and not #101 itself. So it looks like @massenz's comment should be filed as new issue.