From 5ec222dfd0d3fc55a155c6fe2e817f0033840a96 Mon Sep 17 00:00:00 2001 From: Alberto Llamas Date: Tue, 21 Jun 2022 11:52:01 +0200 Subject: [PATCH] update --- apis/externalsecrets/v1beta1/secretstore_aws_types.go | 5 ----- cmd/root.go | 6 ++++++ .../bases/external-secrets.io_clustersecretstores.yaml | 5 ----- config/crds/bases/external-secrets.io_secretstores.yaml | 5 ----- deploy/charts/external-secrets/templates/deployment.yaml | 3 +++ deploy/charts/external-secrets/values.yaml | 3 +++ deploy/crds/bundle.yaml | 6 ------ pkg/provider/aws/auth/auth.go | 9 ++++----- 8 files changed, 16 insertions(+), 26 deletions(-) diff --git a/apis/externalsecrets/v1beta1/secretstore_aws_types.go b/apis/externalsecrets/v1beta1/secretstore_aws_types.go index b00a497e3..5acefda69 100644 --- a/apis/externalsecrets/v1beta1/secretstore_aws_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_aws_types.go @@ -73,9 +73,4 @@ type AWSProvider struct { // AWS Region to be used for the provider Region string `json:"region"` - - // SessionCache defines if the AWS session should be reused, - // if not set the operator will issues a fresh session for each request. - // +optional - SessionCache bool `json:"sessionCache,omitempty"` } diff --git a/cmd/root.go b/cmd/root.go index fbbaede7b..71186416e 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -38,6 +38,7 @@ import ( "github.com/external-secrets/external-secrets/pkg/controllers/clusterexternalsecret" "github.com/external-secrets/external-secrets/pkg/controllers/externalsecret" "github.com/external-secrets/external-secrets/pkg/controllers/secretstore" + awsauth "github.com/external-secrets/external-secrets/pkg/provider/aws/auth" ) var ( @@ -61,6 +62,7 @@ var ( secretName, secretNamespace string crdRequeueInterval time.Duration certCheckInterval time.Duration + enableAWSSession bool ) const ( @@ -159,6 +161,9 @@ var rootCmd = &cobra.Command{ os.Exit(1) } } + if enableAWSSession { + awsauth.EnableCache = true + } setupLog.Info("starting manager") if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil { setupLog.Error(err, "problem running manager") @@ -185,4 +190,5 @@ func init() { rootCmd.Flags().BoolVar(&enableClusterExternalSecretReconciler, "enable-cluster-external-secret-reconciler", true, "Enable cluster external secret reconciler.") rootCmd.Flags().DurationVar(&storeRequeueInterval, "store-requeue-interval", time.Minute*5, "Default Time duration between reconciling (Cluster)SecretStores") rootCmd.Flags().BoolVar(&enableFloodGate, "enable-flood-gate", true, "Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state.") + rootCmd.Flags().BoolVar(&enableAWSSession, "experimental-enable-aws-session-cache", false, "Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request.") } diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 30c1ce143..c2b2b8e40 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -1665,11 +1665,6 @@ spec: - SecretsManager - ParameterStore type: string - sessionCache: - description: SessionCache defines if the AWS session should - be reused, if not set the operator will issues a fresh session - for each request. - type: boolean required: - region - service diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index c6c805019..1dedf26a0 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -1668,11 +1668,6 @@ spec: - SecretsManager - ParameterStore type: string - sessionCache: - description: SessionCache defines if the AWS session should - be reused, if not set the operator will issues a fresh session - for each request. - type: boolean required: - region - service diff --git a/deploy/charts/external-secrets/templates/deployment.yaml b/deploy/charts/external-secrets/templates/deployment.yaml index 4ee8eaaac..432958ae6 100644 --- a/deploy/charts/external-secrets/templates/deployment.yaml +++ b/deploy/charts/external-secrets/templates/deployment.yaml @@ -69,6 +69,9 @@ spec: {{- if .Values.concurrent }} - --concurrent={{ .Values.concurrent }} {{- end }} + {{- if .Values.enableAWSSession }} + - --experimental-enable-aws-session-cache={{ .Values.enableAWSSession }} + {{- end }} {{- range $key, $value := .Values.extraArgs }} {{- if $value }} - --{{ $key }}={{ $value }} diff --git a/deploy/charts/external-secrets/values.yaml b/deploy/charts/external-secrets/values.yaml index 455551b6e..1be5db1d3 100644 --- a/deploy/charts/external-secrets/values.yaml +++ b/deploy/charts/external-secrets/values.yaml @@ -48,6 +48,9 @@ createOperator: true # a time. concurrent: 1 +# -- If set External secret will reuse the AWS session without creating a new one on each request. +enableAWSSession: false + serviceAccount: # -- Specifies whether a service account should be created. create: true diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index f95422a56..be1bd4c19 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -1557,9 +1557,6 @@ spec: - SecretsManager - ParameterStore type: string - sessionCache: - description: SessionCache defines if the AWS session should be reused, if not set the operator will issues a fresh session for each request. - type: boolean required: - region - service @@ -4232,9 +4229,6 @@ spec: - SecretsManager - ParameterStore type: string - sessionCache: - description: SessionCache defines if the AWS session should be reused, if not set the operator will issues a fresh session for each request. - type: boolean required: - region - service diff --git a/pkg/provider/aws/auth/auth.go b/pkg/provider/aws/auth/auth.go index 7608c8f21..58d42d9ee 100644 --- a/pkg/provider/aws/auth/auth.go +++ b/pkg/provider/aws/auth/auth.go @@ -52,8 +52,9 @@ type SessionCache struct { } var ( - log = ctrl.Log.WithName("provider").WithName("aws") - sessions = make(map[SessionCache]*session.Session) + log = ctrl.Log.WithName("provider").WithName("aws") + sessions = make(map[SessionCache]*session.Session) + EnableCache bool ) const ( @@ -242,9 +243,7 @@ func DefaultSTSProvider(sess *session.Session) stsiface.STSAPI { // getAWSSession check if an AWS session should be reused // it returns the aws session or an error. func getAWSSession(config *aws.Config, prov *esv1beta1.AWSProvider, store esv1beta1.GenericStore, namespace string) (*session.Session, error) { - sessionCache := prov.SessionCache - - if sessionCache { + if EnableCache { tmpSession := SessionCache{ Name: store.GetObjectMeta().Name, Namespace: namespace,