Key vault reference support #6
Conversation
keyvault.go
Outdated
| // keyVaultReferenceResolver resolves Key Vault references to their actual secret values | ||
| type keyVaultReferenceResolver struct { | ||
| clients map[string]secretClient | ||
| resolver SecretResolver |
There was a problem hiding this comment.
No, we export SecretResolver interface which need to be implemented by user.
keyvault.go
Outdated
| return nil, fmt.Errorf("failed to create Key Vault client: %w", err) | ||
| } | ||
|
|
||
| r.clients[vaultURL] = client |
There was a problem hiding this comment.
resolveSecrets would be called concurrently in different routines, hence this resovler.getSecretClient. Becareful of clients, it needs to be multi-routine-safe, too.
41f7d58 to
d783da6
Compare
| // SecretResolver is an interface to resolve secret from key vault reference | ||
| type SecretResolver interface { | ||
| // keyVaultReference: "https://{keyVaultName}.vault.azure.net/secrets/{secretName}/{secretVersion}" | ||
| ResolveSecret(ctx context.Context, keyVaultReference url.URL) (string, error) |
There was a problem hiding this comment.
How about rename this parameter to secretUrl?
There was a problem hiding this comment.
Prefer keyVaultReference since it's widely used in our public docs
jhzhu89
left a comment
There was a problem hiding this comment.
LGTM.
Maybe you could consider adding some test cases for covering concurrent r/w scenarios, you can run these tests with race enabled. It could help you capture race conditions are not well handled.
No description provided.