add shared path support to credhub#9615
Conversation
taylorsilva
left a comment
There was a problem hiding this comment.
This looks good! Change the lookup path logic for it and then this looks good to merge.
| if c.sharedPath != "" { | ||
| lookupPaths = append(lookupPaths, creds.NewSecretLookupWithPrefix(c.sharedPath+"/")) | ||
| } |
There was a problem hiding this comment.
I think this should also include the c.prefix. I think the credhub semantics are similar to Vault's. Both var sources have a PathPrefix that is, as per their descriptions:
Path under which to namespace credential lookup.
Which in Vault means all secret lookups happen under the PathPrefix. See
concourse/atc/creds/vault/vault.go
Lines 43 to 45 in 6d8aee7
Contrasting that, we don't do that in the SSM cred manager:
concourse/atc/creds/ssm/ssm.go
Lines 49 to 51 in 6d8aee7
but that's because it has no
PathPrefix: concourse/atc/creds/ssm/manager.go
Lines 22 to 31 in 6d8aee7
|
|
||
| PathPrefix string `long:"path-prefix" default:"/concourse" description:"Path under which to namespace credential lookup."` | ||
|
|
||
| SharedPath string `long:"shared-path" description:"CredHub parameter path used for shared parameters"` |
There was a problem hiding this comment.
nit: change description to match Vault's
| SharedPath string `long:"shared-path" description:"CredHub parameter path used for shared parameters"` | |
| SharedPath string `long:"shared-path" description:"Path under which to namespace credential lookup."` |
|
Thanks for the review, I will have a look at the comments & update the PR |
Changes proposed by this PR
As of now, it is not possible to configure shared paths for Credhub cred manager as opposed to other cred managers such as Vault,AWS. So I propose to add a new parameter --credhub-shared-path similar to the Vault cred manager. This parameter can be optional (as with Vault). This PR provides all the changes needed for this functionality.
Notes to reviewer
Release Note
PR is for the issue: #9062