direct: Add support for secret scopes #3886

shreyas-goenka · 2025-11-05T21:43:45Z

Changes

Adds direct deployment support for secret scopes.

Mock Server Fix

Fixed libs/testserver/secret_scopes.go to automatically grant MANAGE permission to the creator when a scope is created, matching real Databricks behavior.

Tests

New local and cloud acceptance tests.

eng-dev-ecosystem-bot · 2025-11-07T12:36:57Z

Commit: 7e1c917

Run: 20085396634

	Env	🔄flaky	💚RECOVERED	🙈SKIP	✅pass	🙈skip	Time
💚	aws linux		7	2	380	637	15:51
💚	aws windows		7	2	382	635	15:59
💚	aws-ucws linux		7	2	523	522	21:19
🔄	aws-ucws windows	3	4	2	525	520	20:17
🔄	azure linux	3		4	379	635	16:39
💚	azure windows		1	4	383	633	14:43
🔄	azure-ucws linux	6	1	4	514	520	27:30
💚	azure-ucws windows		1	4	522	518	20:31
💚	gcp linux		1	4	370	641	14:28
💚	gcp windows		1	4	372	639	14:21

17 interesting tests: 11 flaky, 4 RECOVERED, 2 SKIP

	Test Name	aws linux	aws windows	aws-ucws linux	aws-ucws windows	azure linux	azure windows	azure-ucws linux	azure-ucws windows	gcp linux	gcp windows
🔄	TestAccept	💚R	💚R	💚R	🔄f	🔄f	💚R	💚R	💚R	💚R	💚R
🔄	TestAccept/bundle/deployment/bind/volume	🙈s	🙈s	✅p	✅p	🙈s	🙈s	🔄f	✅p	🙈s	🙈s
🔄	TestAccept/bundle/deployment/unbind/grants	🙈s	🙈s	✅p	✅p	🙈s	🙈s	🔄f	✅p	🙈s	🙈s
🔄	TestAccept/bundle/deployment/unbind/permissions	✅p	✅p	✅p	✅p	✅p	✅p	🔄f	✅p	✅p	✅p
🙈	TestAccept/bundle/resources/permissions	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🔄	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions	💚R	💚R	💚R	🔄f	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct	💚R	💚R	💚R	💚R
🔄	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	💚R	💚R	💚R	🔄f
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions	💚R	💚R	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct	💚R	💚R	💚R	💚R
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	💚R	💚R	💚R	💚R
🔄	TestAccept/bundle/resources/secret_scopes/permissions	✅p	✅p	✅p	✅p	🔄f	✅p	✅p	✅p	🙈s	🙈s
🔄	TestAccept/bundle/resources/secret_scopes/permissions/DATABRICKS_BUNDLE_ENGINE=terraform	✅p	✅p	✅p	✅p	🔄f	✅p	✅p	✅p
🔄	TestAccept/bundle/resources/synced_database_tables/basic	🙈s	🙈s	✅p	✅p	🙈s	🙈s	🔄f	✅p	🙈s	🙈s
🙈	TestAccept/bundle/run/app-with-job	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
🔄	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_14.3_LTS	✅p	✅p	✅p	✅p	✅p	✅p	🔄f	✅p	✅p	✅p
🔄	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS	✅p	✅p	✅p	✅p	✅p	✅p	🔄f	✅p	✅p	✅p

Top 22 slowest tests (at least 2 minutes):

duration	env	testname
6:30	aws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
6:25	aws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
6:16	aws-ucws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
5:55	gcp linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
5:48	aws-ucws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
5:46	aws-ucws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
5:38	aws-ucws windows	TestAccept/bundle/resources/synced_database_tables/basic
5:36	gcp windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
5:21	aws-ucws linux	TestAccept/bundle/resources/synced_database_tables/basic
5:17	gcp linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
5:10	aws-ucws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
5:09	gcp windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
4:13	azure linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
4:10	azure-ucws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
4:02	azure linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
4:01	azure-ucws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
3:59	azure-ucws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
3:41	azure-ucws windows	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform
3:27	azure-ucws windows	TestAccept/bundle/resources/synced_database_tables/basic
3:11	azure-ucws linux	TestAccept/bundle/resources/synced_database_tables/basic
2:49	aws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=direct
2:40	aws linux	TestAccept/bundle/resources/clusters/deploy/update-after-create/DATABRICKS_BUNDLE_ENGINE=terraform

shreyas-goenka · 2025-11-10T21:46:12Z

acceptance/bundle/resources/secret_scopes/out.test.toml

Newly added tests give more than enough coverage for this. (see basic test)

shreyas-goenka · 2025-11-10T21:47:44Z

acceptance/bundle/resources/secret_scopes/permissions/test.toml

-Local = true
-Cloud = false
-RecordRequests = true
+Local = false


We only run it on cloud because there's ordering issues in the permissions returned by GET that are not worth dealing with (because of the different user names, there is no stable sort).

Ordering issues can be addressed by recording requests in env-specific file:

> out.requests.$DATABRICKS_BUNDLE_ENGINE.json

We would need to split them into local vs. cloud. The ordering issue here is the permissions being in a different order even after sorting.

It's doable but I'd rather skip it since the cloud coverage is the more important bit to ensure.

bundle/direct/dresources/secret_scope.go

bundle/direct/dresources/secret_scope_acls.go

denik · 2025-12-02T14:02:13Z

bundle/direct/dresources/secret_scope_acls.go

+	}
+
+	// Sort ACLs by principal for deterministic ordering
+	slices.SortFunc(acls, func(a, b workspace.AclItem) int {


New feature since we last discussed this: you can treat slices as unordered map.

Here's an example: #4029 #4014

bundle/direct/dresources/secret_scope_acls.go

denik · 2025-12-02T14:11:30Z

bundle/direct/dresources/secret_scope_acls.go

+// setACLs reconciles the desired ACLs with the current state
+func (r *ResourceSecretScopeAcls) setACLs(ctx context.Context, scopeName string, desiredAcls []workspace.AclItem) (string, error) {
+	// Get current ACLs
+	currentAcls, err := r.client.Secrets.ListAclsAll(ctx, workspace.ListAclsRequest{


We should not need to read ACLs from the backend, we've already done it. This is encoded in PlanEntry which we now pass to DoUpdate()

I don't see planentry in DoUpdate. Please clarify.

bundle/direct/dresources/adapter.go: DoUpdate(ctx context.Context, id string, newState any, changes *deployplan.Changes) (remoteState any, e error)

we pass entry.Changes here, but we can also pass entry:

bundle/direct/bundle_apply.go: err = d.Deploy(ctx, &b.StateDB, entry.NewState.Value, at, entry.Changes)

Good point. This can be a followup. Let's not block this PR on this.

Agree, could be a follow up. a comment TODO would be nice to have here.

bundle/direct/dresources/secret_scope_acls.go

acceptance/bundle/resources/secret_scopes/basic/test.toml

bundle/config/mutator/resourcemutator/secret_scope_fixups.go

denik · 2025-12-04T13:26:52Z

bundle/direct/dresources/secret_scope_acls.go

+// setACLs reconciles the desired ACLs with the current state
+func (r *ResourceSecretScopeAcls) setACLs(ctx context.Context, scopeName string, desiredAcls []workspace.AclItem) (string, error) {
+	// Get current ACLs
+	currentAcls, err := r.client.Secrets.ListAclsAll(ctx, workspace.ListAclsRequest{


Agree, could be a follow up. a comment TODO would be nice to have here.

eng-dev-ecosystem-bot · 2025-12-10T04:11:14Z

Commit: a4ab082

Run: 20085809746

	Env	🔄flaky	💚RECOVERED	🙈SKIP	✅pass	🙈skip	Time
🔄	aws linux	4	10	1	409	624	52:06
💚	aws windows		10	1	415	622	54:43
💚	aws-ucws linux		10	1	574	503	65:21
💚	aws-ucws windows		10	1	576	501	65:05
💚	azure linux		4	3	414	622	46:30
🔄	azure windows	2	3	3	415	620	54:24
🔄	azure-ucws linux	3	1	3	571	501	60:44
💚	azure-ucws windows		4	3	573	499	59:43
💚	gcp linux		4	3	394	631	48:15
💚	gcp windows		4	3	396	629	42:51

16 interesting tests: 8 flaky, 7 RECOVERED, 1 SKIP

	Test Name	aws linux	aws windows	aws-ucws linux	aws-ucws windows	azure linux	azure windows	azure-ucws linux	azure-ucws windows	gcp linux	gcp windows
🔄	TestAccept	💚R	💚R	💚R	💚R	💚R	🔄f	🔄f	💚R	💚R	💚R
🔄	TestAccept/bundle/generate/auto-bind	✅p	✅p	✅p	✅p	✅p	🔄f	✅p	✅p	✅p	✅p
🔄	TestAccept/bundle/integration_whl/base	🔄f	✅p	✅p	✅p	✅p	✅p	✅p	✅p	✅p	✅p
🔄	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform	🔄f	✅p	✅p	✅p	✅p	✅p	✅p	✅p	✅p	✅p
🙈	TestAccept/bundle/resources/permissions	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions	💚R	💚R	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=direct	💚R	💚R	💚R	💚R
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/with_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	💚R	💚R	💚R	💚R
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions	💚R	💚R	💚R	💚R	🙈S	🙈S	🙈S	🙈S	🙈S	🙈S
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=direct	💚R	💚R	💚R	💚R
💚	TestAccept/bundle/resources/permissions/jobs/destroy_without_mgmtperms/without_permissions/DATABRICKS_BUNDLE_ENGINE=terraform	💚R	💚R	💚R	💚R
🔄	TestAccept/bundle/resources/secret_scopes/permissions	🔄f	✅p	✅p	✅p	✅p	✅p	✅p	✅p	🙈s	🙈s
🔄	TestAccept/bundle/resources/secret_scopes/permissions/DATABRICKS_BUNDLE_ENGINE=terraform	🔄f	✅p	✅p	✅p	✅p	✅p	✅p	✅p
🔄	TestAccept/bundle/run/app-with-job	💚R	💚R	💚R	💚R	💚R	💚R	🔄f	💚R	💚R	💚R
💚	TestAccept/bundle/run/app-with-job/DATABRICKS_BUNDLE_ENGINE=direct	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R	💚R
🔄	TestAccept/bundle/run/app-with-job/DATABRICKS_BUNDLE_ENGINE=terraform	💚R	💚R	💚R	💚R	💚R	💚R	🔄f	💚R	💚R	💚R

Top 50 slowest tests (at least 2 minutes):

duration	env	testname
16:50	azure windows	TestAccept/bundle/resources/permissions/factcheck/DATABRICKS_BUNDLE_ENGINE=terraform
13:51	gcp linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
13:38	azure windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
13:26	gcp linux	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
12:46	azure-ucws windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
12:43	gcp windows	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
12:06	aws windows	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
11:34	aws windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
11:22	aws-ucws linux	TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=terraform
11:07	aws-ucws linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
10:56	aws linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
10:51	aws-ucws windows	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
10:37	aws windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
10:37	aws windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=SINGLE_USER
10:36	azure-ucws linux	TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=terraform
10:31	gcp windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
10:21	aws-ucws linux	TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=direct
10:19	aws windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=USER_ISOLATION
9:33	azure linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
9:08	aws-ucws windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=USER_ISOLATION
9:01	azure-ucws windows	TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_15.4_LTS
8:58	azure-ucws windows	TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_13.3_LTS
8:53	azure-ucws linux	TestAccept/bundle/resources/model_serving_endpoints/running-endpoint/DATABRICKS_BUNDLE_ENGINE=direct
8:51	aws windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=USER_ISOLATION
8:49	azure-ucws windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
8:41	gcp linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
8:35	azure-ucws windows	TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_14.3_LTS
8:33	gcp linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=USER_ISOLATION
8:33	aws-ucws linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
8:31	gcp windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=direct/DATA_SECURITY_MODE=USER_ISOLATION
8:30	aws linux	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
8:25	azure-ucws linux	TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_15.4_LTS
8:24	aws linux	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=SINGLE_USER
8:23	azure windows	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
8:22	azure-ucws windows	TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=terraform
8:18	azure-ucws windows	TestAccept/bundle/integration_whl/custom_params/DATABRICKS_BUNDLE_ENGINE=direct
8:16	aws-ucws windows	TestAccept/bundle/integration_whl/interactive_cluster_dynamic_version/DATABRICKS_BUNDLE_ENGINE=terraform/DATA_SECURITY_MODE=USER_ISOLATION
8:15	gcp windows	TestAccept/bundle/integration_whl/interactive_cluster/DATABRICKS_BUNDLE_ENGINE=terraform
8:14	aws-ucws linux	TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_15.4_LTS
8:14	azure-ucws windows	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
8:11	azure-ucws linux	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=terraform
8:10	aws windows	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
8:07	azure linux	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_15.4_LTS
8:05	aws-ucws linux	TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_14.3_LTS
8:01	azure windows	TestSparkJarTaskDeployAndRunOnWorkspace/Databricks_Runtime_14.3_LTS
7:58	aws linux	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
7:58	azure windows	TestAccept/bundle/integration_whl/base/DATABRICKS_BUNDLE_ENGINE=direct
7:56	aws-ucws linux	TestAccept/bundle/integration_whl/interactive_single_user/DATABRICKS_BUNDLE_ENGINE=terraform
7:55	azure-ucws linux	TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_14.3_LTS
7:54	azure-ucws linux	TestSparkJarTaskDeployAndRunOnVolumes/Databricks_Runtime_13.3_LTS

shreyas-goenka added 5 commits November 5, 2025 22:43

[WIP] direct: secret scopes

bbd0a4b

wip fix for the permissions issue. still needs some more work

bf86538

test stableized

df29329

merge

b16328a

Merge remote-tracking branch 'origin' into direct-secret-scope

0da6f68

shreyas-goenka temporarily deployed to test-trigger-is November 7, 2025 12:33 — with GitHub Actions Inactive

shreyas-goenka added 2 commits November 7, 2025 19:05

update tests

a4ac665

update tests

b1e7a45

shreyas-goenka changed the title ~~[WIP] direct: secret scopes~~ direct: Add support for secret scopes Nov 7, 2025

shreyas-goenka added 2 commits November 10, 2025 13:03

update-scope

ba52db8

merge

559ca0a

shreyas-goenka temporarily deployed to test-trigger-is November 10, 2025 19:47 — with GitHub Actions Inactive

better acl implementation

df9c9f5

shreyas-goenka temporarily deployed to test-trigger-is November 10, 2025 20:00 — with GitHub Actions Inactive

best tests

37e7e22

shreyas-goenka temporarily deployed to test-trigger-is November 10, 2025 21:40 — with GitHub Actions Inactive

-

7ad9d05

shreyas-goenka temporarily deployed to test-trigger-is November 10, 2025 21:41 — with GitHub Actions Inactive

undo key sort';

0b8aca6

shreyas-goenka temporarily deployed to test-trigger-is November 10, 2025 21:44 — with GitHub Actions Inactive

-

cdec26a

shreyas-goenka temporarily deployed to test-trigger-is November 10, 2025 21:45 — with GitHub Actions Inactive

shreyas-goenka commented Nov 10, 2025

View reviewed changes

more robust check

50af43a

shreyas-goenka temporarily deployed to test-trigger-is November 10, 2025 21:49 — with GitHub Actions Inactive

cleanup todos

1cc1283

shreyas-goenka temporarily deployed to test-trigger-is November 10, 2025 21:53 — with GitHub Actions Inactive

cleanup

ae2be0f

fix permissions test

c307c2a

shreyas-goenka temporarily deployed to test-trigger-is November 27, 2025 15:37 — with GitHub Actions Inactive

merge

aa8e185

shreyas-goenka temporarily deployed to test-trigger-is November 27, 2025 16:19 — with GitHub Actions Inactive

denik mentioned this pull request Dec 1, 2025

Added secrets resource support to DABs #4034

Closed

denik reviewed Dec 2, 2025

View reviewed changes

shreyas-goenka added 3 commits December 3, 2025 14:40

remove unused arg

af7277b

Merge remote-tracking branch 'origin' into direct-secret-scope

4d2fbd3

do not return scopeName in setAcls

17bd12c

shreyas-goenka temporarily deployed to test-trigger-is December 3, 2025 13:51 — with GitHub Actions Inactive

shreyas-goenka requested a review from denik December 3, 2025 13:53

denik reviewed Dec 3, 2025

View reviewed changes

bundle/config/mutator/resourcemutator/secret_scope_fixups.go Show resolved Hide resolved

merge

39e0c66

andrewnester approved these changes Dec 4, 2025

View reviewed changes

run tests locally as well

d7a207b

shreyas-goenka temporarily deployed to test-trigger-is December 4, 2025 13:21 — with GitHub Actions Inactive

shreyas-goenka requested a review from denik December 4, 2025 13:23

denik approved these changes Dec 4, 2025

View reviewed changes

denik mentioned this pull request Dec 4, 2025

Support secret scopes with direct engine #4098

Closed

verify and fix persistent drift

db9236b

shreyas-goenka temporarily deployed to test-trigger-is December 9, 2025 19:21 — with GitHub Actions Inactive

shreyas-goenka added 3 commits December 10, 2025 01:05

update basic test

836eb82

Merge remote-tracking branch 'origin' into direct-secret-scope

83a5689

run cloud tests again

a789294

shreyas-goenka temporarily deployed to test-trigger-is December 10, 2025 01:21 — with GitHub Actions Inactive

stop parallelism

7e1c917

shreyas-goenka temporarily deployed to test-trigger-is December 10, 2025 02:36 — with GitHub Actions Inactive

shreyas-goenka merged commit a4ab082 into main Dec 10, 2025
18 of 19 checks passed

shreyas-goenka deleted the direct-secret-scope branch December 10, 2025 02:59

direct: Add support for secret scopes #3886

direct: Add support for secret scopes #3886

Uh oh!

Conversation

shreyas-goenka commented Nov 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Changes

Mock Server Fix

Tests

Uh oh!

eng-dev-ecosystem-bot commented Nov 7, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

shreyas-goenka Nov 10, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

eng-dev-ecosystem-bot commented Dec 10, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

6 participants

shreyas-goenka commented Nov 5, 2025 •

edited

Loading

eng-dev-ecosystem-bot commented Nov 7, 2025 •

edited

Loading

shreyas-goenka Nov 10, 2025 •

edited

Loading