chore: remove prefix from CAS (#130)

Signed-off-by: Miguel Martinez Trivino <[email protected]>

Author: migmartri

app/artifact-cas/cmd/main.go

@@ -191,7 +191,6 @@ func newGCPCredentialsManager(conf *conf.Credentials_GCPSecretManager, l log.Log
 	opts := &gcp.NewManagerOpts{
 		ProjectID:         conf.ProjectId,
 		ServiceAccountKey: conf.ServiceAccountKey,
-		SecretPrefix:      conf.SecretPrefix,
 		Logger:            l,
 	}
 

app/artifact-cas/configs/samples/config.yaml

@@ -18,12 +18,17 @@ credentials_service:
     address: ${VAULT_ADDRESS:http://0.0.0.0:8200}
     token: ${VAULT_TOKEN:notasecret}
 
+  # aws_secret_manager:
+  #   creds:
+  #     access_key: not-a-key
+  #     secret_key: not-a-secret
+  #   region: us-east-1
+
+  # gcp_secret_manager:
+  #   project_id: 522312304548
+  #   auth_key: "./configs/gcp_auth_key.json"
+
 observability:
   sentry:
     dsn: "http://sentryDomain"
-    environment: development # production
-
-## gcp_secret_manager:
-##   project_id: 522312304548
-##   auth_key: "./configs/gcp_auth_key.json"
-##   secret_prefix: "pre-"
+    environment: development # production

app/artifact-cas/internal/conf/conf.pb.go

@@ -63,38 +63,37 @@ message Auth {
 
 // Where the credentials to access the backends are stored
 message Credentials {
-    oneof backend {
-        AWSSecretManager aws_secret_manager = 1;
-        Vault vault = 2;
-        GCPSecretManager gcp_secret_manager = 3;
-    }
+  oneof backend {
+    AWSSecretManager aws_secret_manager = 1;
+    Vault vault = 2;
+    GCPSecretManager gcp_secret_manager = 3;
+  }
 
-    // Top level is deprecated now
-    message AWSSecretManager {
-      Creds creds = 1;
-      string region = 2;
+  // Top level is deprecated now
+  message AWSSecretManager {
+    Creds creds = 1;
+    string region = 2;
 
-      message Creds {
-        string access_key = 1;
-        string secret_key = 2;
-      }
+    message Creds {
+      string access_key = 1;
+      string secret_key = 2;
     }
+  }
 
-    message Vault {
-      // TODO: Use application role auth instead
-      string token = 1;
-      // Instance address, including port
-      // i.e "http://127.0.0.1:8200"
-      string address = 2;
-      // mount path of the kv engine, default /secret
-      string mount_path = 3;
-    }
+  message Vault {
+    // TODO: Use application role auth instead
+    string token = 1;
+    // Instance address, including port
+    // i.e "http://127.0.0.1:8200"
+    string address = 2;
+    // mount path of the kv engine, default /secret
+    string mount_path = 3;
+  }
 
-    message GCPSecretManager {
-        // project number
-        string project_id = 1;
-        // service account key
-        string service_account_key   = 2;
-        string secret_prefix = 3; 
-    }
+  message GCPSecretManager {
+    // project number
+    string project_id = 1;
+    // service account key
+    string service_account_key   = 2;
+  }
 }

app/artifact-cas/internal/conf/conf.proto

@@ -29,3 +29,8 @@ credentials_service:
   #     secret_key: not-a-secret
   #   region: us-east-1
   #   secret_prefix: i-e chainloop-devel
+
+  # gcp_secret_manager:
+  #   project_id: 522312304548
+  #   auth_key: "./configs/gcp_auth_key.json"
+  #   secret_prefix: "pre-"

app/controlplane/configs/samples/config.yaml

@@ -92,40 +92,43 @@ message Auth {
 }
 
 message Credentials {
-    oneof backend {
-        AWSSecretManager aws_secret_manager = 1;
-        Vault vault = 2;
-        GCPSecretManager gcp_secret_manager = 3;
-    }
+  oneof backend {
+    AWSSecretManager aws_secret_manager = 1;
+    Vault vault = 2;
+    GCPSecretManager gcp_secret_manager = 3;
+  }
 
-    // Top level is deprecated now
-    message AWSSecretManager {
-      Creds creds = 1;
-      string region = 2;
-      string secret_prefix = 3;
+  // Top level is deprecated now
+  message AWSSecretManager {
+    Creds creds = 1;
+    string region = 2;
+    // Secret prefix to be prepended during secret write
+    string secret_prefix = 3;
 
-      message Creds {
-        string access_key = 1;
-        string secret_key = 2;
-      }
+    message Creds {
+      string access_key = 1;
+      string secret_key = 2;
     }
+  }
 
-    message Vault {
-      // TODO: Use application role auth instead
-      string token = 1;
-      // Instance address, including port
-      // i.e "http://127.0.0.1:8200"
-      string address = 2;
-      // mount path of the kv engine, default /secret
-      string mount_path = 3;
-      string secret_prefix = 4;
-    }
+  message Vault {
+    // TODO: Use application role auth instead
+    string token = 1;
+    // Instance address, including port
+    // i.e "http://127.0.0.1:8200"
+    string address = 2;
+    // mount path of the kv engine, default /secret
+    string mount_path = 3;
+    // Secret prefix to be prepended during secret write
+    string secret_prefix = 4;
+  }
 
-    message GCPSecretManager {
-        // project number
-        string project_id = 1;
-        // service account key
-        string service_account_key   = 2;
-        string secret_prefix = 3; 
-    }
+  message GCPSecretManager {
+    // project number
+    string project_id = 1;
+    // service account key
+    string service_account_key   = 2;
+    // Secret prefix to be prepended during secret write
+    string secret_prefix = 3; 
+  }
 }