Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AWS Replicator - regex match secretsmanager secrets based on their ARNs #70

Merged
merged 5 commits into from
Jul 17, 2024
Merged

AWS Replicator - regex match secretsmanager secrets based on their ARNs #70

merged 5 commits into from
Jul 17, 2024

Conversation

robertlcx
Copy link
Contributor

Description

Specific proxy configs like:

services:
  secretsmanager:
    resources:
      # list of ARNs of secrets to proxy to real AWS
      - 'arn:aws:secretsmanager:.+:secret:airflow/variables/.*'
    operations:
      # list of operation name regex patterns to include all operations
      - '.*'
    # optionally, specify if only read requests should be allowed; false allows all operations
    # read_only: true

Should be able to cast requests to upstream AWS for ARNs like arn:aws:secretsmanager:.+:secret:airflow/variables/.*, and everything else to LocalStack.

Limitations

Currently, this is only applicable to direct gets on said resources. The merging of the results from LocalStack and upstream AWS still has to be implemented in a subsequent PR.

In addition to that, regex matching the account_id and region_name params won't work because it will not represent the real values coming from upstream AWS. @whummer let me know if I'm missing anything here.

Future selves

Tests ought to be added as well in future PRs.

@robertlcx robertlcx added the enhancement New feature or request label Jul 3, 2024
@robertlcx robertlcx self-assigned this Jul 3, 2024
@robertlcx robertlcx requested a review from whummer as a code owner July 3, 2024 18:11
whummer
whummer reviewed Jul 12, 2024
View reviewed changes
Copy link
Member

@whummer whummer left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 👍 Can we please bump the version and add a short entry to the change log in the README @robertlcx ? (then we can release a new version right after merging..)

@alexrashed alexrashed force-pushed the aws-replicator-regex-match-secretsmanager-service branch from dd1f928 to 386c374 Compare July 17, 2024 09:25
whummer
whummer approved these changes Jul 17, 2024
View reviewed changes
Copy link
Member

@whummer whummer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

@whummer whummer merged commit 2f0ac6f into main Jul 17, 2024
1 check passed
@whummer whummer deleted the aws-replicator-regex-match-secretsmanager-service branch July 17, 2024 15:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@whummer whummer whummer approved these changes

Assignees

@robertlcx robertlcx

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@robertlcx @whummer @RobertLucian