Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(remote/aws): support AWS Secrets Manager as remote component #718

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

feat(remote/aws): support AWS Secrets Manager as remote component #718

Changes from 1 commit
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
0613cec
feat(comp/common/cfg/aws): separate package for common typse and func…
hainenber Apr 30, 2024
4043010
feat(comp/remote/s3): use util func and type for AWS client config
hainenber Apr 30, 2024
cbdb0e3
feat(comp/test): expose internal test component to check for its health
hainenber Apr 30, 2024
7824d1d
feat(comp/remote/aws/secrets_manager): add `remote.aws.secrets_manager`
hainenber Apr 30, 2024
5ccfc92
fix(comp/remote/aws/secret_manager): correct go:build directive to ru…
hainenber Apr 30, 2024
631a2a2
feat(remote/aws/secrets_manager): implement poller + update doc
hainenber May 1, 2024
4a9dc80
fix(remote/aws/secrets_manager): only reset poller's ticker when init…
hainenber May 2, 2024
21f1b2e
Apply suggestions from Clayton's code review
hainenber May 8, 2024
1e2dcfc
chore: clean up `go.mod`
hainenber May 14, 2024
20a34d0
chore: use renamed `internal/runtime` for component test
hainenber May 16, 2024
a417e68
Merge branch 'main' into support-aws-secret-manager-as-remote-component
hainenber Jul 9, 2024
48fd080
chore(build): reconcile go.sum
hainenber Jul 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
feat(comp/common/cfg/aws): separate package for common typse and func… 
…tions used in remote AWS components

Signed-off-by: hainenber <[email protected]>
  • Loading branch information
@hainenber
hainenber committed May 16, 2024
commit 0613cec1498773a976759a5b285a3befcc376ec1
86 changes: 86 additions & 0 deletions internal/component/common/config/aws/aws.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
package aws

import (
"context"
"crypto/tls"
"fmt"
"net/http"

"github.com/aws/aws-sdk-go-v2/aws"
aws_config "github.com/aws/aws-sdk-go-v2/config"
"github.com/grafana/alloy/syntax/alloytypes"
)

// Client implements specific AWS configuration options
type Client struct {
AccessKey string `alloy:"key,attr,optional"`
Secret alloytypes.Secret `alloy:"secret,attr,optional"`
Endpoint string `alloy:"endpoint,attr,optional"`
DisableSSL bool `alloy:"disable_ssl,attr,optional"`
Region string `alloy:"region,attr,optional"`
SigningRegion string `alloy:"signing_region,attr,optional"`
}

func GenerateAWSConfig(o Client) (*aws.Config, error) {
configOptions := make([]func(*aws_config.LoadOptions) error, 0)
// Override the endpoint.
if o.Endpoint != "" {
endFunc := aws.EndpointResolverWithOptionsFunc(func(service, region string, _ ...interface{}) (aws.Endpoint, error) {
// The S3 compatible system used for testing with does not require signing region, so it's fine to be blank
// but when using a proxy to real S3 it needs to be injected.
return aws.Endpoint{
PartitionID: "aws",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wasn't set before in the old code; does this break anything for remote.s3?

URL: o.Endpoint,
SigningRegion: o.SigningRegion,
}, nil
})
endResolver := aws_config.WithEndpointResolverWithOptions(endFunc)
configOptions = append(configOptions, endResolver)
}

// This incredibly nested option turns off SSL.
if o.DisableSSL {
httpOverride := aws_config.WithHTTPClient(
&http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: o.DisableSSL,
},
},
},
)
configOptions = append(configOptions, httpOverride)
}

if o.Region != "" {
configOptions = append(configOptions, aws_config.WithRegion(o.Region))
}
Comment on lines +55 to +57
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This wasn't set before in the old code; does this break anything for remote.s3?


// Check to see if we need to override the credentials, else it will use the default ones.
// https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
if o.AccessKey != "" {
if o.Secret == "" {
return nil, fmt.Errorf("if accesskey or secret are specified then the other must also be specified")
}
credFunc := aws.CredentialsProviderFunc(func(ctx context.Context) (aws.Credentials, error) {
return aws.Credentials{
AccessKeyID: o.AccessKey,
SecretAccessKey: string(o.Secret),
}, nil
})
credProvider := aws_config.WithCredentialsProvider(credFunc)
configOptions = append(configOptions, credProvider)
}

cfg, err := aws_config.LoadDefaultConfig(context.TODO(), configOptions...)
if err != nil {
return nil, err
}

// Set region.
if o.Region != "" {
cfg.Region = o.Region
}

return &cfg, nil
}