Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improving error handling in SecretManager #9429

Merged
merged 6 commits into from
Aug 4, 2023
Merged

Improving error handling in SecretManager #9429

merged 6 commits into from
Aug 4, 2023

Conversation

aishwaryabh
Copy link
Contributor

@aishwaryabh aishwaryabh commented Jul 28, 2023
edited
Loading

Issue describing the changes in this PR

This PR improves error handling in the Secret manager so that if there's a race condition (ie multiple secret repositories are created, each try to create their own version of a secret, and whichever one actually creates it first succeeds and the rest error out). If an error happens with WriteAsync, we simply call LoadSecretsAsync first before failing and throwing an exception to make sure the issue is not a race condition

resolves #8731

Pull request checklist

  • My changes do not require documentation changes
    • Otherwise: Documentation issue linked to PR
  • My changes should not be added to the release notes for the next release
    • Otherwise: I've added my notes to release_notes.md
  • My changes do not need to be backported to a previous version
    • Otherwise: Backport tracked by issue/PR #issue_or_pr
  • My changes do not require diagnostic events changes
    • Otherwise: I have added/updated all related diagnostic events and their documentation (Documentation issue linked to PR)
  • I have added all required tests (Unit tests, E2E tests)

Additional information

Additional PR information

@aishwaryabh aishwaryabh requested a review from a team as a code owner July 28, 2023 22:49
@aishwaryabh @liliankasem
Update src/WebJobs.Script.WebHost/Security/KeyManagement/SecretManage…
a3e3c31 
…r.cs

Co-authored-by: Lilian Kasem <likasem@microsoft.com>
github-advanced-security[bot]
github-advanced-security bot found potential problems Aug 2, 2023
View reviewed changes
src/WebJobs.Script.WebHost/Security/KeyManagement/SecretManager.cs
{
// no secrets exist for this function so generate them
string message = string.Format(Resources.TraceFunctionSecretGeneration, functionName);
_logger.LogDebug(message);

Check failure

Code scanning / CodeQL

Log entries created from user input

This log entry depends on a [user-provided value](1). This log entry depends on a [user-provided value](2).
brettsam
brettsam reviewed Aug 3, 2023
View reviewed changes
Copy link
Member

@brettsam brettsam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple comments on the error messages...

src/WebJobs.Script.WebHost/Security/KeyManagement/SecretManager.cs Outdated Show resolved Hide resolved
src/WebJobs.Script.WebHost/Security/KeyManagement/SecretManager.cs Outdated Show resolved Hide resolved
@aishwaryabh aishwaryabh merged commit cad7621 into dev Aug 4, 2023
@aishwaryabh aishwaryabh deleted the aibhandari/secret-manager-conflict branch August 4, 2023 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jviau jviau jviau left review comments

@liliankasem liliankasem liliankasem left review comments

@mathewc mathewc mathewc left review comments

@satvu satvu satvu approved these changes

@brettsam brettsam brettsam approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Improve error handling in SecretManager
6 participants
@aishwaryabh @mathewc @brettsam @liliankasem @jviau @satvu