-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ACI - added secure environment variables #2024
ACI - added secure environment variables #2024
Conversation
This PR replaces #1874 I am still working through the feedback and will give indication when this is ready for review. |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Outstanding Issues from corrupt PR: |
@neilpeterson please go ahead with current SDK version. |
@neilpeterson Please add description for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add the missed documentation change in the PR.
vendor/vendor.json
Outdated
"path": "github.com/Azure/go-autorest/logger", | ||
"revision": "a35eae345f69bbfbe3b8fa0b1d3fe98f8430b21a", | ||
"revisionTime": "2018-08-30T19:44:05Z" | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to update go-autorest/logger here?
vendor/vendor.json
Outdated
"revisionTime": "2018-08-30T19:44:05Z" | ||
}, | ||
{ | ||
"checksumSHA1": "scpSozMdk4sqSpkbQqupLKUfLiM=", | ||
"path": "github.com/Azure/go-autorest/version", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need to change it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was unable to successfully run make vendor-status
without this change.
@metacpp thanks a bunch. I had checked the build and everything looked good. My apologies for these issues. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@neilpeterson @jeffreyCline Please resolve the comment in PR.
ForceNew: true, | ||
}, | ||
|
||
"sensitive_environment_variables": { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We may need to align with Azure documentation:
https://docs.microsoft.com/en-us/azure/container-instances/container-instances-environment-variables#secure-values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I disagree, as this implies a higher level of security that isn't there since the values are persisted in the HCL file plan test. Since it is not encrypted I would feel better if we would expose it as sensitive and in the code pass it as secureValue as required by the API.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think there was a misunderstanding that this wasn't surfacing something the API here internally. While these variable are not "secure" in Terraform, they are more secure in the container group and that is the name used in the API, so we should probably match it.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, I have reverted back to using the secure name instead of sensitive.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM but please do more testing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, more testing is needed and more test cases need to be added, but this is a functional resource for the happy path scenario.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@katbyte Appreciate the updates to the lookup, code LGTM
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks! |
This PR adds Azure Container Instances secure environment variables.
Fundamentally the only difference between an environment variable and a secured variable is the value property name (Value vs. SecureValue), however for ease of use I am treating them as separate properties (seen in the below sample).