Add secret manager replication support #827
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
emillbrandt-ngt
commented
Dec 7, 2021
markuman
reviewed
Dec 10, 2021
markuman
reviewed
Dec 10, 2021
markuman
reviewed
Dec 10, 2021
markuman
reviewed
Dec 10, 2021
markuman
previously requested changes
Dec 10, 2021
There was a problem hiding this comment.
yeah, boto3 says:
Converts an existing secret to a multi-Region secret and begins replication the secret to a list of new regions.
I think the kms key id must be exists in the region where it is replicated. So the origin kms key id from the source region will not work.
Furthermore, according to the boto3 doc, you can replicate a secret to more than one region.
I think a better parameter pattern will be
- name: some secret
aws_secret:
name: "{{ secret_name }}"
state: present
secret_type: 'string'
region: eu-central-1
kms_key_id: some_key_in_eu_central_1
secret: "{{ super_secret_string }}"
replica:
- region: us-west-1
kms_key_id: some_key_in_us_west_1
- region: eu-north-1
kms_key_id: some_key_in_eu_north_1
register: result
|
I like your suggestion. I will refactor to use the pattern you described. |
markuman
reviewed
Dec 14, 2021
|
I've added the backport-3 label as long as 4.0.0 is not released |
markuman
reviewed
Feb 3, 2022
ansibullbot
added
feature
marknet15
reviewed
Mar 24, 2022
Signed-off-by: Eric Millbrandt <[email protected]>
…eak existing stuff)
tremble
force-pushed
the
secret_replication
branch
from
838523d
to
3a38adb
Compare
tremble
requested review from
markuman,
marknet15 and
alinabuzachis
and removed request for
marknet15
|
To try and get this moving again I've rebased and tweaked the tests. Because CI only supports us-east-1 at this time I've commented out the CI tests. However, I have tested these locally. |
Docs Build 📝Thank you for contribution!✨ This PR has been merged and your docs changes will be incorporated when they are next published. |
ansibullbot
added
community_review
and removed
needs_rebase
markuman
approved these changes
Jan 31, 2023
alinabuzachis
approved these changes
Jan 31, 2023
tremble
approved these changes
Jan 31, 2023
|
@emillbrandt-ngt Many thanks for taking the time to submit this PR, I'm sorry it's taken so long to get this merged. |
|
No worries. Thanks for taking it! |
Backport to stable-5: 💚 backport PR created✅ Backport PR branch: Backported as #1685 🤖 @patchback |
patchback bot
pushed a commit
that referenced
this pull request
Jan 31, 2023
Add secret manager replication support Signed-off-by: Eric Millbrandt [email protected] SUMMARY Add support for regional secret replication. The component now supports: Creating a secret with a regional replica Adding a region replica to a secret Removing a region replica from a secret ISSUE TYPE Feature Pull Request COMPONENT NAME aws_secret ADDITIONAL INFORMATION https://aws.amazon.com/about-aws/whats-new/2021/03/aws-secrets-manager-provides-support-to-replicate-secrets-in-aws-secrets-manager-to-multiple-aws-regions/ https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html Reviewed-by: Eric Millbrandt <[email protected]> Reviewed-by: Markus Bergholz <[email protected]> Reviewed-by: Mark Chappell <None> Reviewed-by: Alina Buzachis <None> Reviewed-by: Mark Woolley <[email protected]> (cherry picked from commit c7c6800)
softwarefactory-project-zuul bot
pushed a commit
that referenced
this pull request
Jan 31, 2023
[PR #827/c7c68009 backport][stable-5] Add secret manager replication support This is a backport of PR #827 as merged into main (c7c6800). Signed-off-by: Eric Millbrandt [email protected] SUMMARY Add support for regional secret replication. The component now supports: Creating a secret with a regional replica Adding a region replica to a secret Removing a region replica from a secret ISSUE TYPE Feature Pull Request COMPONENT NAME aws_secret ADDITIONAL INFORMATION https://aws.amazon.com/about-aws/whats-new/2021/03/aws-secrets-manager-provides-support-to-replicate-secrets-in-aws-secrets-manager-to-multiple-aws-regions/ https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html Reviewed-by: Mark Chappell <None>
abikouo
pushed a commit
to abikouo/community.aws
that referenced
this pull request
Oct 24, 2023
elb_classic_lb - Remove deprecated ec2_elb fact SUMMARY Remove previously deprecated ec2_elb fact from elb_classic_lb this only every returned the value 'info'. ISSUE TYPE Feature Pull Request COMPONENT NAME elb_classic_lb ADDITIONAL INFORMATION See also ansible-collections#552 and ansible-collections#377 for some of the history. Reviewed-by: Alina Buzachis <None>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Signed-off-by: Eric Millbrandt [email protected]
SUMMARY
Add support for regional secret replication. The component now supports:
ISSUE TYPE
COMPONENT NAME
aws_secret
ADDITIONAL INFORMATION
https://aws.amazon.com/about-aws/whats-new/2021/03/aws-secrets-manager-provides-support-to-replicate-secrets-in-aws-secrets-manager-to-multiple-aws-regions/
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/secretsmanager.html