Skip to content
This repository has been archived by the owner on Dec 19, 2022. It is now read-only.

feat(snap): support service secrets file config #151

Merged
merged 2 commits into from
Oct 28, 2021
Merged

feat(snap): support service secrets file config #151

merged 2 commits into from
Oct 28, 2021

Conversation

farshidtz
Copy link
Member

@farshidtz farshidtz commented Oct 27, 2021
edited
Loading

This change would enable setting snap config arguments for the secrets file feature added by edgexfoundry/go-mod-bootstrap#276.

It adds support for the following config items:

secret-store.secrets-file               // SecretStore.SecretsFile
secret-store.disable-scrub-secrets-file // SecretStore.DisableScrubSecretsFile

Package updates are added by canonical/edgex-snap-hooks#13.

There are also some minor updates and fixes to the snap/README.md

Signed-off-by: Farshid Tavakolizadeh [email protected]

If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/device-camera-go/blob/main/.github/Contributing.md

PR Checklist

Please check if your PR fulfills the following requirements:

  • I am not introducing a breaking change (if you are, flag in conventional commit message with BREAKING CHANGE: describing the break)
  • I am not introducing a new dependency (add notes below if you are)
  • I have added unit tests for the new feature or bug fix (if not, why?)
  • I have fully tested (add details below) this the new feature or bug fix (if not, why?)
  • I have opened a PR for the related docs change - in the same PR

Testing Instructions

  1. build
snapcraft clean
snapcraft
  1. Install, copy token, set conf, start, check logs:
$ sudo snap install ./edgex-device-camera_2.0.2-dev.2_amd64.snap --dangerous
$ sudo install -vDT /var/snap/edgexfoundry/current/secrets/device-camera/secrets-token.json /var/snap/edgex-device-camera/current/device-camera/secrets-token.json
$ sudo snap set edgex-device-camera env.secret-store.secrets-file=test.json 
$ sudo snap start edgex-device-camera.device-camera
$ sudo snap logs edgex-device-camera.device-camera -n 1000 | grep test.json
2021-10-27T11:23:49Z edgex-device-camera.device-camera[139535]: level=ERROR ts=2021-10-27T11:23:49.27008609Z app=device-camera source=bootstrap.go:46 msg="failed to create SecretProvider: seeding secrets failed: open test.json: no such file or directory"

New Dependency Instructions (If applicable)

@codecov-commenter
Copy link

codecov-commenter commented Oct 27, 2021
edited
Loading

Codecov Report

Merging #151 (9375604) into main (d4237ff) will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff          @@
##            main    #151   +/-   ##
=====================================
  Coverage   3.79%   3.79%           
=====================================
  Files          3       3           
  Lines        606     606           
=====================================
  Hits          23      23           
  Misses       583     583

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d4237ff...9375604. Read the comment docs.

@farshidtz
style(snap): fix markdown issues in readme
9375604 
Signed-off-by: Farshid Tavakolizadeh <[email protected]>
@farshidtz farshidtz changed the title build(snap): bump edgex-snap-hooks to support secretsfile config feat(snap): bump edgex-snap-hooks to support secretsfile config Oct 28, 2021
@farshidtz farshidtz changed the title feat(snap): bump edgex-snap-hooks to support secretsfile config feat(snap): support service secrets file config Oct 28, 2021
siggiskulason
siggiskulason approved these changes Oct 28, 2021
View reviewed changes
Copy link

@siggiskulason siggiskulason left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. I tested this by

  • Creating a test.json file as per feat: Add optional capability to seed service secrets go-mod-bootstrap#276
  • Copying that file to /var/snap/edgex-device-camera/current
  • sudo snap set edgex-device-camera env.secret-store.secrets-file="/var/snap/edgex-device-camera/current/test.json"
  • sudo snap set edgex-device-camera env.secret-store.disable-scrub-secrets-file=true
  • starting up the snap, confirming that the secrets get read in and processed. They also get overwritten, unless I set disable-scrub-secrets.

@siggiskulason siggiskulason merged commit 5f84f0f into edgexfoundry:main Oct 28, 2021
@MonicaisHer
Copy link
Contributor

I used these steps:

git clone https://github.com/farshidtz/device-camera-go.git
cd device-camera-go
git checkout snap-secretsfile
snapcraft

sudo snap remove --purge edgexfoundry 
sudo snap remove --purge edgex-device-camera
snap install edgexfoundry --channel=2.0
snap install edgex-device-camera_2.0.2-dev.1_amd64.snap --dangerous

sudo install -vDT /var/snap/edgexfoundry/current/secrets/device-camera/secrets-token.json /var/snap/edgex-device-camera/current/device-camera/secrets-token.json
sudo snap set edgex-device-camera env.secret-store.secrets-file="/var/snap/edgex-device-camera/current/device-camera/secrets-token.json"
sudo snap start edgex-device-camera.device-camera
sudo snap logs edgex-device-camera.device-camera

and I didnt got the error as yours (failed to create SecretProvider), instead I got a warning: failure while creating SecretClient.

2021-10-28T15:51:53Z edgex-device-camera.device-camera[1763636]: level=INFO ts=2021-10-28T15:51:53.494963473Z app=device-camera source=secret.go:59 msg="Reading secret store configuration and authentication token"
2021-10-28T15:51:53Z edgex-device-camera.device-camera[1763636]: level=WARN ts=2021-10-28T15:51:53.495218852Z app=device-camera source=secret.go:96 msg="Retryable failure while creating SecretClient: unexpected end of JSON input"

@siggiskulason
Copy link

That is because it's not the secrets-token.json file that we are using, but a file with secrets for the camera. So you need to create a file in `/var/snap/edgex-device-camera/current/test.json' containing:

{
    "secrets": [
        {
            "path": "credentials001",
            "imported": false,
            "secretData": [
                {
                    "key": "username",
                    "value": "my-user-1"
                },
                                {
                    "key": "password",
                    "value": "password-001"
                }
            ]
        }
    ]
}

and then set

sudo snap set edgex-device-camera env.secret-store.secrets-file="/var/snap/edgex-device-camera/current/test.json"

That should work!

@MonicaisHer
Copy link
Contributor

That is because it's not the secrets-token.json file that we are using, but a file with secrets for the camera. So you need to create a file in `/var/snap/edgex-device-camera/current/test.json' containing:

{
    "secrets": [
        {
            "path": "credentials001",
            "imported": false,
            "secretData": [
                {
                    "key": "username",
                    "value": "my-user-1"
                },
                                {
                    "key": "password",
                    "value": "password-001"
                }
            ]
        }
    ]
}

and then set

sudo snap set edgex-device-camera env.secret-store.secrets-file="/var/snap/edgex-device-camera/current/test.json"

That should work!

Thanks for your hints@siggiskulason! It works for me as well now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@siggiskulason siggiskulason siggiskulason approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@farshidtz @codecov-commenter @MonicaisHer @siggiskulason