Skip to content

[9.0] (backport #17351) Improve the key validation in secret identifier. #17588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 24, 2025
Merged

[9.0] (backport #17351) Improve the key validation in secret identifier. #17588

merged 1 commit into from
Apr 24, 2025

Conversation

@mergify
Copy link
Contributor

@mergify mergify bot commented Apr 24, 2025

Release notes

  • The keystore has improved validation, and will no longer allow the creation of secrets that cannot be accessed with config replacement parameters (${ ... }).

What does this PR do?

Before this change, key-value can be added to keystore but it might impossible to reference the key because ConfigVariableExpander ignores if key name doesn't align with SUBSTITUTION_PLACEHOLDER_REGEX
Improves user experience with the secret store CLI that when providing key name, LS validates to accept a value which can be used in pipeline (aligns with ConfigVariableExpander#SUBSTITUTION_PLACEHOLDER_REGEX).
If already invalid key(s) were added, it warns to remove/replace the keys.

Why is it important/What is the impact to the user?

No user impact. Keystore CLI restricts adding meaningless keys to keystore.

Checklist

  • My code follows the style guidelines of this project
  • I have commented my code, particularly in hard-to-understand areas
  • [] I have made corresponding changes to the documentation
  • [] I have made corresponding change to the default configuration files (and/or docker env variables)
  • I have added tests that prove my fix is effective or that my feature works

Author's Checklist

  • [ ]

How to test this PR locally

Related issues

Use cases

Screenshots

Logs

This is an automatic backport of pull request #17351 done by [Mergify](https://mergify.com).

@mashhurs @yaauie @mergify
Improve the key validation in secret identifier. (#17351)
80d57c0 
* Improve the key validation in secret identifier.

* Restrict adding invalid (from ConfigVariableExpander point of view) key names to the keystore through keystore CLI. Keystore now warns on invalid keys if they were already added.

* Key pattern is moved to a central config expander class with its description.

Co-authored-by: Rye Biesemeyer <[email protected]>
(cherry picked from commit d24675a)
@mergify mergify bot added the backport label Apr 24, 2025
@mergify mergify bot mentioned this pull request Apr 24, 2025
Merged
3 tasks
@elastic-sonarqube
Copy link

elastic-sonarqube bot commented Apr 24, 2025

Quality Gate passed Quality Gate passed

Issues
0 New issues
0 Fixed issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarQube

mashhurs
mashhurs approved these changes Apr 24, 2025
View reviewed changes
Copy link
Contributor

@mashhurs mashhurs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!

@elasticmachine
Copy link
Collaborator

elasticmachine commented Apr 24, 2025

💚 Build Succeeded

cc @mashhurs

@mashhurs mashhurs merged commit 2045dc1 into 9.0 Apr 24, 2025
7 checks passed
@mashhurs mashhurs deleted the mergify/bp/9.0/pr-17351 branch April 24, 2025 04:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mashhurs mashhurs mashhurs approved these changes

Assignees

@mashhurs mashhurs

Labels

backport

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@elasticmachine @mashhurs