Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support gcp secret manager #11436

Open
wants to merge 28 commits into
base: master
Choose a base branch
from
Open

feat: support gcp secret manager #11436

wants to merge 28 commits into from
+1,383 −1

Conversation

HuanXin-Chen
Copy link
Contributor

Description

Many enterprises are utilizing cloud services from AWS and GCP, relying on the secret manager provided by these platforms to handle sensitive information. Integrating Apache APISIX with these secret managers can streamline the process of using sensitive information within APISIX, enabling users to manage and utilize cloud-stored sensitive data more conveniently, thus enhancing the overall security and usability of the system.

This PR has completed the support for GCP. It added the gcp.lua file to the original secret module, allowing users to store their secret information on GCP using the same reference method as before.

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

soulbird
soulbird reviewed Aug 5, 2024
View reviewed changes
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
@dosubot dosubot bot added the size:XXL This PR changes 1000+ lines, ignoring generated files. label Aug 9, 2024
@bzp2010 bzp2010 self-requested a review September 4, 2024 07:40
bzp2010
bzp2010 reviewed Sep 4, 2024
View reviewed changes
apisix/utils/google-cloud-oauth.lua Outdated Show resolved Hide resolved
apisix/utils/google-cloud-oauth.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
t/secret/conf/success.json Show resolved Hide resolved
@bzp2010 bzp2010 requested a review from kayx23 September 4, 2024 08:02
@bzp2010
Copy link
Contributor

bzp2010 commented Sep 4, 2024

Hi @kayx23

Please take a look at the documentation when you are free to see if there are any problems. 🫡

membphis
membphis reviewed Sep 4, 2024
View reviewed changes
apisix/utils/google-cloud-oauth.lua Outdated Show resolved Hide resolved
apisix/utils/google-cloud-oauth.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/utils/google-cloud-oauth.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Show resolved Hide resolved
apisix/secret/gcp.lua Show resolved Hide resolved
t/secret/gcp.t Outdated Show resolved Hide resolved
membphis
membphis reviewed Sep 9, 2024
View reviewed changes
t/secret/gcp.t Outdated

__DATA__

=== TEST 1: sanity
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

change sanity to a meaningful title, and it should contain schema and validate

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All Resolved.
I have fixed these issues, please review them again.

apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/utils/google-cloud-oauth.lua
aud = self.token_uri,
scope = self.scope,
iat = get_timestamp(),
exp = get_timestamp() + (60 * 60)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

60 * 60, it is a magic number, pls add a comment

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we know exactly what it means because the code is a simple copy of the apisix/plugins/google-cloud-logging/oauth.lua file.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to create an issue to make apisix/plugins/google-cloud-logging/oauth.lua use this new file?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, when this PR is merged, I will create a new PR to use this new file.

@HuanXin-Chen HuanXin-Chen mentioned this pull request Sep 11, 2024
Open
5 tasks
@HuanXin-Chen
Copy link
Contributor Author

@bzp2010 @kayx23 @membphis @soulbird I have fixed some issues in the code. Please review it again when you have time. Thank you very much. 🙏

@bzp2010
Copy link
Contributor

bzp2010 commented Sep 12, 2024

@HuanXin-Chen There were some failures in CI involving traffic-split3.t, no worries, just merge the master branch into your dev branch feat-gcp-secret, we've fixed that.

shreemaan-abhishek
shreemaan-abhishek reviewed Sep 12, 2024
View reviewed changes
apisix/secret/gcp.lua Show resolved Hide resolved
apisix/secret/gcp.lua Outdated Show resolved Hide resolved
apisix/secret/gcp.lua Show resolved Hide resolved
@shreemaan-abhishek shreemaan-abhishek mentioned this pull request Sep 13, 2024
Open
@HuanXin-Chen
Copy link
Contributor Author

@bzp2010 @membphis @soulbird @kayx23 @shreemaan-abhishek
I think there's no problem in my pr. Some failures in CI are not related to my code, no worries, just retry may solve it.
Please review it when you're free. Only after this branch is merged can I proceed with the next step of work: #11576. Thank you!💗

membphis
membphis previously approved these changes Sep 18, 2024
View reviewed changes
Copy link
Member

@membphis membphis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, I mainly check the code style, doc and test case

t/secret/gcp.t Outdated Show resolved Hide resolved
membphis
membphis approved these changes Sep 19, 2024
View reviewed changes
Copy link
Member

@membphis membphis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thx for your nice PR

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@membphis membphis membphis approved these changes

@soulbird soulbird Awaiting requested review from soulbird

@nic-6443 nic-6443 Awaiting requested review from nic-6443

@moonming moonming Awaiting requested review from moonming

@bzp2010 bzp2010 Awaiting requested review from bzp2010

@kayx23 kayx23 Awaiting requested review from kayx23

@shreemaan-abhishek shreemaan-abhishek Awaiting requested review from shreemaan-abhishek

At least 3 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
size:XXL This PR changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@HuanXin-Chen @bzp2010 @membphis @soulbird @kayx23 @shreemaan-abhishek