Use secrets in operators #5197
Merged
Use secrets in operators #5197
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ed24e41 to
6709515
Compare
8868984 to
6d62550
Compare
6d62550 to
7046d7e
Compare
IyeOnline
added a commit
that referenced
this pull request
May 21, 2025
Since we merge secrets without any support in operators, we enable `tenzir.legacy-secret-model` by default for now. This also reverts/hides all docs and changelog entries, which will be in #5197
7046d7e to
859c64d
Compare
IyeOnline
added a commit
that referenced
this pull request
May 21, 2025
This adds a first class `secret` type to the TQL language that can "store" secrets. - See tenzir/issues#2781 The feature is currently disabled by default, to be re-enabled #5197
7d037b7 to
32a0298
Compare
📚 Documentation Preview🧹 Preview deployment has been cleaned up The documentation preview for this PR has been removed since the PR was closed. |
2cf3c39 to
eb7d4f0
Compare
eb7d4f0 to
4a492a0
Compare
8a36350 to
edf2377
Compare
c6c55bc to
481520b
Compare
dab2787 to
943ae99
Compare
943ae99 to
944e0d2
Compare
Includes `save_azure_blob_storage`
A format expression containing a `secret` will yield a `secret`.
Secret censoring now happens in the execution node's diagnostic handler. This has the advantage, that we cannot forget it. In order to not be overly aggressive, it now only censors the full values of managed secrets, ignoring incomplete parts.
This now enforces yielding and ensures the error cases are safe by not re-scheduling if a callback fails.
c34b0d6 to
7ce3dbb
Compare
jachris
approved these changes
Jun 27, 2025
jachris
reviewed
Jun 27, 2025
This also removes the TQL1 `python` operator.
This also removes the TQL1 `shell` and `apply` operators and ports tests that used these to TQL2.
7ce3dbb to
34a92dd
Compare
jachris
reviewed
Jun 27, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is the followup to #5065, actually making use of secrets in operators.
Outstanding operators/connectors:
@raxyte:
from_httphttp(transform)from_opensearch(nothing to be done)from_velociraptor(nothing to be done)@IyeOnline:
save_emailoptionsrecord may contain secrets)from_fileto_aslto_azure_log_analyticsto_clickhouseto_google_secopsto_google_cloud_loggingto_opensearchto_snowflaketo_splunk(done in the initial PR as a test)Operators not currently considered:
to_hive(postponed because of upcomming rewrite)load_file/save_file(local path)