secret management #104
Merged
secret management #104
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sujen1412
reviewed
Aug 28, 2024
maap/Secrets.py
Outdated
| headers=self._api_header | ||
| ) | ||
|
|
||
| return json.loads(response.text) |
There was a problem hiding this comment.
I think this should just return a value and not a dict.
Returning a dict object can complicate users code using maag.py
For eg.
token = maap.Secrets().get_secret("name").get("name")
vs if we return just the value it could look like
token = maap.Secrets().get_secret("name")
There was a problem hiding this comment.
Updated to support this.
|
|
||
| def add_secret(self, secret_name=None, secret_value=None): | ||
| """ | ||
| Adds a secret. Secret name must be provided. Secret value may be null. |
There was a problem hiding this comment.
What is the use-case of having a secret without a value ?
There was a problem hiding this comment.
Mostly because an empty string is a valid value and I don't see a good reason placing additional constraints on this. I was also thinking of cases where users might need to have the secret parameter exist but not necessarily care about the value itself.
There was a problem hiding this comment.
Saw this later, commented below.
maap/config_reader.py
Outdated
| @@ -81,6 +81,7 @@ def __init__(self, maap_host): | |||
| self.algorithm_build = self._get_api_endpoint("algorithm_build") | |||
| self.mas_algo = self._get_api_endpoint("mas_algo") | |||
| self.dps_job = self._get_api_endpoint("dps_job") | |||
| self.member_secrets = self._get_api_endpoint("member_secrets") | |||
There was a problem hiding this comment.
Has this new config also been added to the maap_api_settings file as default config ? here https://github.com/MAAP-Project/maap-api-nasa/blob/main/api/settings.py#L119-L132
There was a problem hiding this comment.
I went with the existing member endpoint.
| from maap.utils import requests_utils | ||
|
|
||
|
|
||
| class Secrets: |
There was a problem hiding this comment.
Could you add a section in the functional test to test adding, retrieving and deleting a secret?
https://github.com/MAAP-Project/maap-py/blob/master/test/functional_test.py
There was a problem hiding this comment.
Yeah, this is next on my to-do.
bsatoriu
previously approved these changes
Aug 29, 2024
There was a problem hiding this comment.
Looks good. Are we allowing empty secret values then? I'll need to update the API if so: https://github.com/MAAP-Project/maap-api-nasa/blob/develop/api/endpoints/members.py#L457-L459
|
I think we should allow empty strings for secret values, but not None. I just pushed a commit to ensure the secret_value is not None. |
Can you provide an example where this would be used ? I dont think we should allow empty strings either, unless we have a good reason. Edited |
|
The good reason I see is that an empty string is a valid string so we shouldn't arbitrarily not allow that. But if that doesn't sway you, I'm fine updating the code to not allow empty strings as values. |
|
At present, since I do not see a convincing use for an empty string as a secret it does not sway me. Maybe in the future this need might arise. I agree that an empty string is a valid string, but for secrets to me it implies an error on the user/systems part of not providing a valid (length > 0) value. We do not want to promote our secrets database being used as a boolean/parameter flag store. |
sujen1412
requested changes
Aug 30, 2024
| headers=self._api_header | ||
| ) | ||
| logger.debug(response.text) | ||
| return json.loads(response.text) |
There was a problem hiding this comment.
Should this be of type list or dict to match the doc string?
There was a problem hiding this comment.
It's a list of dicts. I've updated the doc string to provide an example.
maap/Secrets.py
Outdated
| response = response.json() | ||
| return response["secret_value"] | ||
|
|
||
| logger.debug(response.text) |
There was a problem hiding this comment.
Suggested change
| logger.debug(response.text) |
We should not be logging secrets anywhere.
There was a problem hiding this comment.
This is logging the api response and not the secret value.
maap/Secrets.py
Outdated
| url = self._members_endpoint, | ||
| headers=self._api_header | ||
| ) | ||
| logger.debug(response.text) |
There was a problem hiding this comment.
Suggested change
| logger.debug(response.text) | |
| Returns: | ||
| list: Secret names for a given user. | ||
| """ | ||
| try: |
There was a problem hiding this comment.
Suggested change
| try: | |
| try: | |
| logger.debug("Fetching all secrets") |
Just more informative to log what function is being called than just logging response.text.
sujen1412
approved these changes
Sep 5, 2024
marjo-luc
added a commit
that referenced
this pull request
Sep 12, 2024
* Remove the need to track maap.cfg file (#93) * Remove the need to track maap.cfg * Fix merge issues * Allow overriding of MAAP_API_HOST * Split config url construction into functions * Add test for config reader * Add script to perform functional test of maap-py * Construct api root url from provided maap host * Apply suggestions from code review Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Apply suggestions from code review to update url handling Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Remove unused code and memoize get config function * Update request utils to drop class and use methods * Use new request utils and pass maap config object * Update imports and url handling * Simplify boolean self-signed for request utils * Remove usage of os.path.join for constructing urls * Fix variable name in exception message * Remove incorrect import * Update functional tests --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added pagination to listJobs endpoint * change request * Issues/95: Add CICD pipeline (#101) * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Fetch full repo in checkout for sonar analysis * tweak pr template wording * /version 4.0.1a0 * /version 4.1.0a1 * added more query params (#98) * added more query params * added get_job_details flag * cleanup * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added docstring | updated param handling * review updates * review updates * renamed file --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * /version 4.1.0a2 * secret management (#104) * wip * cleanup * updated get_secret endpoint to return value * added tests for secrets management * updated error handling | added logging * review comments * /version 4.1.0a3 * /version 4.2.0a0 * added changelog entry * /version 4.1.0rc1 --------- Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com>
grallewellyn
added a commit
that referenced
this pull request
Feb 26, 2025
* Release/4.1.0 (#106) * Remove the need to track maap.cfg file (#93) * Remove the need to track maap.cfg * Fix merge issues * Allow overriding of MAAP_API_HOST * Split config url construction into functions * Add test for config reader * Add script to perform functional test of maap-py * Construct api root url from provided maap host * Apply suggestions from code review Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Apply suggestions from code review to update url handling Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Remove unused code and memoize get config function * Update request utils to drop class and use methods * Use new request utils and pass maap config object * Update imports and url handling * Simplify boolean self-signed for request utils * Remove usage of os.path.join for constructing urls * Fix variable name in exception message * Remove incorrect import * Update functional tests --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added pagination to listJobs endpoint * change request * Issues/95: Add CICD pipeline (#101) * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Fetch full repo in checkout for sonar analysis * tweak pr template wording * /version 4.0.1a0 * /version 4.1.0a1 * added more query params (#98) * added more query params * added get_job_details flag * cleanup * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added docstring | updated param handling * review updates * review updates * renamed file --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * /version 4.1.0a2 * secret management (#104) * wip * cleanup * updated get_secret endpoint to return value * added tests for secrets management * updated error handling | added logging * review comments * /version 4.1.0a3 * /version 4.2.0a0 * added changelog entry * /version 4.1.0rc1 --------- Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com> * /version 4.1.0 --------- Co-authored-by: Marjorie Lucas <47004511+marjo-luc@users.noreply.github.com> Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com>
grallewellyn
added a commit
that referenced
this pull request
Feb 26, 2025
* Release/4.1.0 (#106) * Remove the need to track maap.cfg file (#93) * Remove the need to track maap.cfg * Fix merge issues * Allow overriding of MAAP_API_HOST * Split config url construction into functions * Add test for config reader * Add script to perform functional test of maap-py * Construct api root url from provided maap host * Apply suggestions from code review Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Apply suggestions from code review to update url handling Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Remove unused code and memoize get config function * Update request utils to drop class and use methods * Use new request utils and pass maap config object * Update imports and url handling * Simplify boolean self-signed for request utils * Remove usage of os.path.join for constructing urls * Fix variable name in exception message * Remove incorrect import * Update functional tests --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added pagination to listJobs endpoint * change request * Issues/95: Add CICD pipeline (#101) * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Fetch full repo in checkout for sonar analysis * tweak pr template wording * /version 4.0.1a0 * /version 4.1.0a1 * added more query params (#98) * added more query params * added get_job_details flag * cleanup * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added docstring | updated param handling * review updates * review updates * renamed file --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * /version 4.1.0a2 * secret management (#104) * wip * cleanup * updated get_secret endpoint to return value * added tests for secrets management * updated error handling | added logging * review comments * /version 4.1.0a3 * /version 4.2.0a0 * added changelog entry * /version 4.1.0rc1 --------- Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com> * /version 4.1.0 --------- Co-authored-by: Marjorie Lucas <47004511+marjo-luc@users.noreply.github.com> Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com>
frankinspace
added a commit
that referenced
this pull request
Feb 26, 2025
rebased develop onto master and tweaked versions rebased develop onto master and tweaked versions Resolve conflicts (#112) * Release/4.1.0 (#106) * Remove the need to track maap.cfg file (#93) * Remove the need to track maap.cfg * Fix merge issues * Allow overriding of MAAP_API_HOST * Split config url construction into functions * Add test for config reader * Add script to perform functional test of maap-py * Construct api root url from provided maap host * Apply suggestions from code review Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Apply suggestions from code review to update url handling Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Remove unused code and memoize get config function * Update request utils to drop class and use methods * Use new request utils and pass maap config object * Update imports and url handling * Simplify boolean self-signed for request utils * Remove usage of os.path.join for constructing urls * Fix variable name in exception message * Remove incorrect import * Update functional tests --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added pagination to listJobs endpoint * change request * Issues/95: Add CICD pipeline (#101) * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Fetch full repo in checkout for sonar analysis * tweak pr template wording * /version 4.0.1a0 * /version 4.1.0a1 * added more query params (#98) * added more query params * added get_job_details flag * cleanup * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added docstring | updated param handling * review updates * review updates * renamed file --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * /version 4.1.0a2 * secret management (#104) * wip * cleanup * updated get_secret endpoint to return value * added tests for secrets management * updated error handling | added logging * review comments * /version 4.1.0a3 * /version 4.2.0a0 * added changelog entry * /version 4.1.0rc1 --------- Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com> * /version 4.1.0 --------- Co-authored-by: Marjorie Lucas <47004511+marjo-luc@users.noreply.github.com> Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com> Resolve conflicts (#111) * Release/4.1.0 (#106) * Remove the need to track maap.cfg file (#93) * Remove the need to track maap.cfg * Fix merge issues * Allow overriding of MAAP_API_HOST * Split config url construction into functions * Add test for config reader * Add script to perform functional test of maap-py * Construct api root url from provided maap host * Apply suggestions from code review Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Apply suggestions from code review to update url handling Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Remove unused code and memoize get config function * Update request utils to drop class and use methods * Use new request utils and pass maap config object * Update imports and url handling * Simplify boolean self-signed for request utils * Remove usage of os.path.join for constructing urls * Fix variable name in exception message * Remove incorrect import * Update functional tests --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added pagination to listJobs endpoint * change request * Issues/95: Add CICD pipeline (#101) * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Setup CICD * Fetch full repo in checkout for sonar analysis * tweak pr template wording * /version 4.0.1a0 * /version 4.1.0a1 * added more query params (#98) * added more query params * added get_job_details flag * cleanup * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * Update maap/maap.py Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * added docstring | updated param handling * review updates * review updates * renamed file --------- Co-authored-by: Chuck Daniels <chuck@developmentseed.org> * /version 4.1.0a2 * secret management (#104) * wip * cleanup * updated get_secret endpoint to return value * added tests for secrets management * updated error handling | added logging * review comments * /version 4.1.0a3 * /version 4.2.0a0 * added changelog entry * /version 4.1.0rc1 --------- Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com> * /version 4.1.0 --------- Co-authored-by: Marjorie Lucas <47004511+marjo-luc@users.noreply.github.com> Co-authored-by: Sujen Shah <sujen1412@users.noreply.github.com> Co-authored-by: Chuck Daniels <chuck@developmentseed.org> Co-authored-by: Frank Greguska <89428916+frankinspace@users.noreply.github.com> Co-authored-by: frankinspace <frankinspace@users.noreply.github.com> Co-authored-by: marjo-luc <marjo-luc@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added maap-py support for user secrets management. Users can now use the following four endpoints to get, add, and delete secrets:
Closes #102 & 1048