jtopjian / terraform-provider-sensu

A Terraform provider for Sensu Go
21 stars 11 forks source link

Support sensu secrets #43

Open kurtmc opened 4 years ago

kurtmc commented 4 years ago

I am keen to see sensu secrets get added to this provider. I am happy to help implement it.

I am thinking it could look something like this:

resource "sensu_secret" "check_1" {
  name     = "pagerduty_key"
  namespace = "default"
  spec {
    id = "SENSU_PAGERDUTY_KEY"
    provider = "env"
  }
}

I had a quick look at the sensu client code (https://github.com/jtopjian/terraform-provider-sensu/tree/master/vendor/github.com/sensu/sensu-go/cli/client) but it was not clear to me how to create/delete/update sensu secrets from there, I would definitely appreciate some pointers to where I could find that if you know!

jtopjian commented 4 years ago

@kurtmc Thanks for opening this issue.

I agree that secrets would be great to have, but it's currently a commercial feature. This is probably why the client API code isn't available - I could be totally wrong, though.

amdprophet commented 3 years ago

@kurtmc The API for secrets can be found in the docs: https://docs.sensu.io/sensu-go/latest/api/secrets/. Is this what you were looking for?

jtopjian commented 3 years ago

@amdprophet Those are the API docs for secrets, yes, but this provider is built using the Sensu Go client library. For example:

Unless I'm mistaken, the client library does not have support for secrets, though. Technically it would be possible to send raw GET, POST, etc requests to interact with the service-side secrets API, but that might require a good amount of work to handle authentication, data parsing, etc - all of which are already done in the client library for the other resource types.

It's a tough situation to be in. On one hand, I don't want to outright say "if it's not part of the open source version, it's not supported in this provider". On the other hand, implementing this might require duplicating a lot of functionality to perform "raw" REST requests that is already available in the client library. In addition, ensuring these features are supported in the CI environment might also be difficult.

amdprophet commented 3 years ago

@jtopjian I'll see about adding support to the CLI client. It's possible we just missed adding support for secrets to it.

jtopjian commented 3 years ago

@amdprophet That would be awesome - thank you 🙂

duckfez commented 2 years ago

Related, other sensu objects (handlers, for instance) have a secrets: component to their definition as well to refer to secrets. I'm not sure if the same CLI issues exist there or not. I'd be glad to try to help, but my golang skills aren't quite up to the task I don't think.

rshutt-va commented 2 years ago

Well ain't this just a buzzkill. I was evaluating this provider and while I could go and write my own code, it seems to make little sense given the holdup is actually on https://github.com/sensu/sensu-go/issues/4337. I can't imagine trying to decouple the secrets attrrib of the checks, handlers, etc... and go outside of the sensu-go client lib for those checks that require a secrets entry or for the creation of secrets themselves.

EDIT - I wonder how much work would be involved in strapping on the required types and their entanglements into the client library. And I wonder if we could ever fully integrate the code given that the CI environment likely cannot support integrated testing of the required bits of code since it is likely that the non-commercial version is used in testing.