Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: secrets manager interface #75

Merged
merged 11 commits into from
Mar 24, 2025
Merged

feat: secrets manager interface #75

merged 11 commits into from
Mar 24, 2025

Conversation

leoparente
Copy link
Contributor

@leoparente leoparente commented Mar 19, 2025
edited
Loading

This pull request introduces a new secrets management system to the orb-agent by integrating a secretsmgr package and updating relevant parts of the codebase to support it. The most important changes include adding a new secrets manager, updating the configuration structures, and modifying the ConfigManager to handle secrets.

Integration of Secrets Management:

  • agent/agent.go: Added secretsmgr.Manager to the orbAgent struct and initialized it in the New function. The secretsManager is now started in the Start method. [1] [2] [3] [4]
  • agent/config/types.go: Introduced new configuration types VaultManager, SecretsSources, and ManagerSecrets to support secrets management. Updated OrbAgent struct to include ManagerSecrets. [1] [2]

Modifications to Config Manager:

  • agent/configmgr/manager.go: Updated the New function to accept a secretsmgr.Manager and pass it to the localConfigManager and gitConfigManager. [1] [2]
  • agent/configmgr/git.go and agent/configmgr/local.go: Added secretsmgr.Manager to the configuration managers and modified the applyPolicies method to use SolveSecrets for processing secrets. [1] [2] [3] [4]

New Secrets Manager Implementation:

  • agent/secretsmgr/manager.go: Introduced the secretsmgr package with an interface for managing secrets and a factory method for creating instances based on configuration.
  • agent/secretsmgr/vault.go: Implemented vaultManager for managing secrets using HashiCorp Vault, including methods for starting the manager, registering update callbacks, and solving secrets.
  • agent/secretsmgr/vault_auth.go: Added various authentication methods for Vault, including token, AppRole, userpass, Kubernetes, and LDAP.

Dependency Updates:

  • go.mod: Added the github.com/hashicorp/vault/api dependency to support Vault integration.

@leoparente leoparente self-assigned this Mar 19, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Mar 19, 2025
edited
Loading

Go test coverage

STATUS ELAPSED PACKAGE COVER PASS FAIL SKIP
🟢 PASS 1.02s github.com/netboxlabs/orb-agent/agent 0.0% 1 0 0
🟢 PASS 0.15s github.com/netboxlabs/orb-agent/agent/backend 0.0% 0 0 0
🟢 PASS 0.00s github.com/netboxlabs/orb-agent/agent/backend/devicediscovery 0.0% 0 0 0
🟢 PASS 0.01s github.com/netboxlabs/orb-agent/agent/backend/networkdiscovery 0.0% 0 0 0
🟢 PASS 0.00s github.com/netboxlabs/orb-agent/agent/backend/otel 0.0% 0 0 0
🟢 PASS 0.00s github.com/netboxlabs/orb-agent/agent/backend/pktvisor 0.0% 0 0 0
🟢 PASS 0.00s github.com/netboxlabs/orb-agent/agent/backend/worker 0.0% 0 0 0
🟢 PASS 0.00s github.com/netboxlabs/orb-agent/agent/configmgr 0.0% 0 0 0
🟢 PASS 0.00s github.com/netboxlabs/orb-agent/agent/policies 0.0% 0 0 0
🟢 PASS 0.00s github.com/netboxlabs/orb-agent/agent/policymgr 0.0% 0 0 0
🟢 PASS 1.73s github.com/netboxlabs/orb-agent/agent/secretsmgr 8.0% 7 0 0
🟢 PASS 1.01s github.com/netboxlabs/orb-agent/agent/version 100.0% 1 0 0

Total coverage: 1.7%

@leoparente leoparente marked this pull request as ready for review March 21, 2025 12:31
mfiedorowicz
mfiedorowicz approved these changes Mar 24, 2025
View reviewed changes
Copy link
Member

@mfiedorowicz mfiedorowicz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, one ask though

@leoparente leoparente merged commit 3e04f6a into develop Mar 24, 2025
5 checks passed
@leoparente leoparente deleted the feat/OBS-827-secrets-manager-interface branch March 24, 2025 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ltucker ltucker ltucker approved these changes

@mfiedorowicz mfiedorowicz mfiedorowicz approved these changes

@rboucher-me rboucher-me Awaiting requested review from rboucher-me

Assignees

@leoparente leoparente

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@leoparente @ltucker @mfiedorowicz