Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support for credentials in AWS Secrets Manager #174

Merged
merged 7 commits into from
Jan 4, 2024
Merged

feat: support for credentials in AWS Secrets Manager #174

merged 7 commits into from
Jan 4, 2024

Conversation

petedannemann
Copy link
Contributor

@petedannemann petedannemann commented Dec 28, 2023
edited
Loading

Add support for credentials stored in AWS Secrets Manager.

The Amazon Resource Name (ARN) of a secret in AWS Secrets Manager can be provided
in a cluster.yaml file as a way to provide credentials for SASL authentication. The secret in Secrets Manager must have a value in the format
shown below, identical to what AWS MSK requires.

{
  "username": "alice",
  "password": "alice-secret"
}

An example of secrets manager being used can be seen below. Be sure to include the 6Random-Characters
AWS Secrets Manager tacks on to the end of a secrets ARN.

sasl:
    enabled: true
    mechanism: SCRAM-SHA-512
    secretsManagerArn: arn:aws:secretsmanager:<Region>:<AccountId>:secret:SecretName-6RandomCharacters

Further documentation on how can be used can be seen in examples/auth/cluster.yaml or the README

petedannemann
petedannemann commented Dec 29, 2023
View reviewed changes
cmd/topicctl/subcmd/apply.go
applyConfig.dryRun,
applyConfig.shared.saslUsername,
applyConfig.shared.saslPassword,
config.AdminClientOpts{
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I refactored NewAdminClient to take in a struct of AdminClientOpts instead of continuing our anti-pattern of passing in an ever growing list of configuration options as separate parameters. There are many instances of this change in this PR

@petedannemann petedannemann marked this pull request as ready for review December 29, 2023 17:41
@petedannemann petedannemann requested a review from a team as a code owner December 29, 2023 17:41
erushing
erushing approved these changes Jan 4, 2024
View reviewed changes
Copy link
Contributor

@erushing erushing left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me

@petedannemann petedannemann merged commit 336ade4 into master Jan 4, 2024
8 checks passed
@petedannemann petedannemann deleted the feat/aws-secrets-manager branch January 4, 2024 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erushing erushing erushing approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@petedannemann @erushing