8000 fix(config): allows fetching secrets from AWS secrets manager with sso profiles by britton-from-notion · Pull Request #21038 · vectordotdev/vector · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

fix(config): allows fetching secrets from AWS secrets manager with sso profiles #21038

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 13, 2024
Merged

fix(config): allows fetching secrets from AWS secrets manager with sso profiles #21038

merged 5 commits into from
Aug 13, 2024

Conversation

britton-from-notion
Copy link
Contributor

Changes

  • updates aws-config dependency to add the sso cargo feature

Issue

When testing Vector configs locally that make use of the aws_secrets_manager secret backend and using an AWS Profile that leverages SSO, the ProfileFile provider from the aws sdk causes vector to fail. It notes the issue being a missing cargo feature, sso.

Given the following style of AWS config profile and secret configuration, the proceeding error will surface.

Profile

[profile example]
sso_start_url=https://example.com
sso_region=us-east-1
sso_account_id=12345678
sso_role_name=example-role-name
region=us-east-1
output=json

Secret Config

secret:
  my_token:
    type: "aws_secrets_manager"
    secret_id: "staging/my-token"

Output

vector test *.yml

Running tests
2024-08-09T21:50:16.839325Z  WARN aws_config::meta::credentials::chain: provider failed to provide credentials provider=Profile error=the credentials provider was not properly configured: ProfileFile provider could not be built: This behavior requires following cargo feature(s) enabled: sso.  (InvalidConfiguration(InvalidConfiguration { source: "ProfileFile provider could not be built: This behavior requires following cargo feature(s) enabled: sso. " }))
2024-08-09T21:50:16.846118Z ERROR vector::unit_test: Failed to execute tests:
Error while retrieving secret from backend "splunk_hec_token": dispatch failure..

Solution

By following the error message's recommendations and adding the sso cargo feature, this error is fixed and vector pulls the secret successfully. After making the change and rebuilding vector, the error goes away and all the tests run successfully.

@britton-from-notion britton-from-notion requested a review from a team as a code owner August 9, 2024 22:30
@bits-bot
Copy link
bits-bot commented Aug 9, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

jszwedko
jszwedko reviewed Aug 12, 2024
View reviewed changes
Copy link
Member
@jszwedko jszwedko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch, thanks @britton-from-notion !

Do you mind adding a changelog entry describing the fix to use in the release notes for the next release? See https://github.com/vectordotdev/vector/blob/master/changelog.d/README.md for the format.

@britton-from-notion
Copy link
Contributor Author

Yep! Happy to!

@britton-from-notion
Copy link
Contributor Author

@jszwedko I've added a changelog entry ✅

jszwedko
jszwedko approved these changes Aug 12, 2024
View reviewed changes
Copy link
Member
@jszwedko jszwedko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perfect, thank you!

@jszwedko jszwedko enabled auto-merge August 12, 2024 18:45
auto-merge was automatically disabled August 12, 2024 18:57

Head branch was pushed to by a user without write access

@britton-from-notion
Copy link
Contributor Author

@jszwedko realized I mis-named the changelog file so you may have to re-enable auto merge now that I fixed that

@jszwedko
add newline
8e18e4f 
Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
@jszwedko
Copy link
Member

No worries!

@jszwedko jszwedko enabled auto-merge August 12, 2024 19:18
@jszwedko
Regenerate licenses
42ffc7a 
Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
@jszwedko jszwedko added this pull request to the merge queue Aug 13, 2024
@github-actions GitHub Actions
Copy link

Regression Detector Results

Run ID: 92eaa963-27de-4260-8fdd-9e61d1b7584c Metrics dashboard

Baseline: fb9e6d2
Comparison: 7f206cd

Performance changes are noted in the perf column of each table:

  • ✅ = significantly better comparison variant performance
  • ❌ = significantly worse comparison variant performance
  • ➖ = no significant change in performance

No significant changes in experiment optimization goals

Confidence level: 90.00%
Effect size tolerance: |Δ mean %| ≥ 5.00%

There were no significant changes in experiment optimization goals at this confidence level and effect size tolerance.

Experiments ignored for regressions

Regressions in experiments with settings containing erratic: true are ignored.

perf experiment goal Δ mean % Δ mean % CI links
file_to_blackhole egress throughput +18.78 [+11.14, +26.43]

Fine details of change detection per experiment

perf experiment goal Δ mean % Δ mean % CI links
file_to_blackhole egress throughput +18.78 [+11.14, +26.43]
socket_to_socket_blackhole ingress throughput +3.72 [+3.64, +3.80]
syslog_humio_logs ingress throughput +2.34 [+2.20, +2.48]
otlp_http_to_blackhole ingress throughput +2.15 [+2.01, +2.29]
datadog_agent_remap_datadog_logs ingress throughput +1.61 [+1.40, +1.82]
http_elasticsearch ingress throughput +1.52 [+1.35, +1.69]
datadog_agent_remap_datadog_logs_acks ingress throughput +1.35 [+1.16, +1.54]
http_to_http_acks ingress throughput +1.30 [-0.02, +2.62]
datadog_agent_remap_blackhole_acks ingress throughput +0.83 [+0.69, +0.98]
http_text_to_http_json ingress throughput +0.74 [+0.59, +0.90]
fluent_elasticsearch ingress throughput +0.63 [+0.14, +1.12]
syslog_regex_logs2metric_ddmetrics ingress throughput +0.05 [-0.13, +0.22]
splunk_hec_to_splunk_hec_logs_noack ingress throughput +0.02 [-0.07, +0.12]
http_to_http_noack ingress throughput +0.02 [-0.02, +0.05]
http_to_http_json ingress throughput +0.01 [-0.02, +0.04]
splunk_hec_to_splunk_hec_logs_acks ingress throughput +0.00 [-0.11, +0.11]
splunk_hec_indexer_ack_blackhole ingress throughput -0.01 [-0.10, +0.07]
http_to_s3 ingress throughput -0.18 [-0.46, +0.09]
otlp_grpc_to_blackhole ingress throughput -1.27 [-1.39, -1.15]
datadog_agent_remap_blackhole ingress throughput -1.28 [-1.38, -1.17]
syslog_splunk_hec_logs ingress throughput -1.38 [-1.48, -1.28]
syslog_loki ingress throughput -1.48 [-1.56, -1.40]
syslog_log2metric_tag_cardinality_limit_blackhole ingress throughput -1.58 [-1.72, -1.45]
splunk_hec_route_s3 ingress throughput -2.16 [-2.50, -1.83]
syslog_log2metric_splunk_hec_metrics ingress throughput -2.64 [-2.80, -2.49]
syslog_log2metric_humio_metrics ingress throughput -2.83 [-3.01, -2.64]

Explanation

A regression test is an A/B test of target performance in a repeatable rig, where "performance" is measured as "comparison variant minus baseline variant" for an optimization goal (e.g., ingress throughput). Due to intrinsic variability in measuring that goal, we can only estimate its mean value for each experiment; we report uncertainty in that value as a 90.00% confidence interval denoted "Δ mean % CI".

For each experiment, we decide whether a change in performance is a "regression" -- a change worth investigating further -- if all of the following criteria are true:

  1. Its estimated |Δ mean %| ≥ 5.00%, indicating the change is big enough to merit a closer look.

  2. Its 90.00% confidence interval "Δ mean % CI" does not contain zero, indicating that if our statistical model is accurate, there is at least a 90.00% chance there is a difference in performance between baseline and comparison variants.

  3. Its configuration does not mark it "erratic".

Merged via the queue into vectordotdev:master with commit 7f206cd Aug 13, 2024
49 checks passed
ym pushed a commit to ym/vector that referenced this pull request Aug 18, 2024
@britton-from-notion @jszwedko @ym
fix(config): allows fetching secrets from AWS secrets manager with ss…
72ca4ac 
…o profiles (vectordotdev#21038)

* fix: allows fetching secrets from AWS secrets manager with sso profiles

* docs: updated changelog for pr vectordotdev#20138

* fix: unique name for changelog file

* add newline

Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>

* Regenerate licenses

Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>

---------

Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
Co-authored-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
@britton-from-notion britton-from-notion deleted the feat/aws-config-support-sso branch September 18, 2024 19:00
AndrooTheChen pushed a commit to discord/vector that referenced this pull request Sep 23, 2024
@britton-from-notion @jszwedko @AndrooTheChen
fix(config): allows fetching secrets from AWS secrets manager with ss…
a8909e0 
…o profiles (vectordotdev#21038)

* fix: allows fetching secrets from AWS secrets manager with sso profiles

* docs: updated changelog for pr vectordotdev#20138

* fix: unique name for changelog file

* add newline

Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>

* Regenerate licenses

Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>

---------

Signed-off-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
Co-authored-by: Jesse Szwedko <jesse.szwedko@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jszwedko jszwedko jszwedko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@britton-from-notion @bits-bot @jszwedko
0