docstore/mongodocstore: Update Mongo dialer when MONGO_SERVER_URL rotates#3429
Merged
vangent merged 1 commit intogoogle:masterfrom May 1, 2024
Merged
Conversation
vangent
requested changes
Apr 30, 2024
docstore/mongodocstore/urls.go
Outdated
| func (o *defaultDialer) OpenCollectionURL(ctx context.Context, u *url.URL) (*docstore.Collection, error) { | ||
| o.init.Do(func() { | ||
| serverURL := os.Getenv("MONGO_SERVER_URL") | ||
| serverURL := os.Getenv("MONGO_SERVER_URL") |
Contributor
There was a problem hiding this comment.
This is not thread-safe (OpenCollectionURL can be called concurrently on the same o).
You can protect it with a sync.Mutex.
Contributor
Author
There was a problem hiding this comment.
makes sense, updated 👍🏼
docstore/mongodocstore/urls.go
Outdated
| o.init.Do(func() { | ||
| serverURL := os.Getenv("MONGO_SERVER_URL") | ||
| serverURL := os.Getenv("MONGO_SERVER_URL") | ||
| if serverURL != o.mongoServerURL { |
Contributor
There was a problem hiding this comment.
This doesn't work. If MONGO_SERVER_URL isn't set, then both of these will be the empty string and we'll fall through without returning an error.
How about something like if o.opener == nil || serverURL != o.openerServerURL ... ?
Contributor
Author
There was a problem hiding this comment.
good catch 👍🏼
i've updated this to check for an empty MONGO_SERVER_URL outside the if condition, so it should fail each time the env var is empty
if currentEnv == "" {
o.err = errors.New("MONGO_SERVER_URL environment variable is not set")
return nil, fmt.Errorf("open collection %s: %v", u, o.err)
}
// If MONGO_SERVER_URL has been updated, then update o.opener as well
if currentEnv != o.mongoServerURL {
client, err := Dial(ctx, currentEnv)
...
...wdyt?
concaf
force-pushed
the
concaf/fix/mongo-server-url-rotation
branch
2 times, most recently
from
18ee57d to
cd0e696
Compare
Contributor
Author
|
@vangent thanks for the quick review 🚀 🙂 - i've updated the PR and also added some tests. |
Prior to this commit, the dialer for MongoDB was generated once from MONGO_SERVER_URL environment variable but was never updated even when the environment variable was updated in subsequent calls. While this works fine when MONGO_SERVER_URL is not expected to update, but as MONGO_SERVER_URL also contains the credentials to connect to MongoDB, it's a fairly common use case to rotate these credentials (and hence the environment variable) at regular intervals. This commit fixes that and updates the dialer when MONGO_SERVER_URL is updated.
concaf
force-pushed
the
concaf/fix/mongo-server-url-rotation
branch
from
cd0e696 to
024ea8c
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #3429 +/- ##
==========================================
+ Coverage 73.17% 73.20% +0.03%
==========================================
Files 113 113
Lines 14872 14873 +1
==========================================
+ Hits 10882 10888 +6
+ Misses 3216 3213 -3
+ Partials 774 772 -2 ☔ View full report in Codecov by Sentry. |
vangent
approved these changes
May 1, 2024
concaf
added a commit
to concaf/chains
that referenced
this pull request
May 6, 2024
This commit bumps gocloud.dev/docstore/mongodocstore to the commit at google/go-cloud#3429 that allows MONGO_SERVER_URL rotation.
concaf
added a commit
to concaf/chains
that referenced
this pull request
May 8, 2024
This commit bumps gocloud.dev/docstore/mongodocstore to the commit at google/go-cloud#3429 that allows MONGO_SERVER_URL rotation.
concaf
added a commit
to concaf/chains
that referenced
this pull request
May 14, 2024
This commit bumps gocloud.dev/docstore/mongodocstore to the commit at google/go-cloud#3429 that allows MONGO_SERVER_URL rotation.
concaf
added a commit
to concaf/chains
that referenced
this pull request
May 15, 2024
This commit bumps gocloud.dev/docstore/mongodocstore to the commit at google/go-cloud#3429 that allows MONGO_SERVER_URL rotation.
PuneetPunamiya
pushed a commit
to concaf/chains
that referenced
this pull request
Jun 18, 2024
This commit bumps gocloud.dev/docstore/mongodocstore to the commit at google/go-cloud#3429 that allows MONGO_SERVER_URL rotation.
PuneetPunamiya
pushed a commit
to concaf/chains
that referenced
this pull request
Jun 25, 2024
This commit bumps gocloud.dev/docstore/mongodocstore to the commit at google/go-cloud#3429 that allows MONGO_SERVER_URL rotation.
tekton-robot
pushed a commit
to tektoncd/chains
that referenced
this pull request
Jul 13, 2024
* Allow supplying MONGO_SERVER_URL via chains-config Currently, when using the Mongo docstore for docdb storage backend, the only way to supply MONGO_SERVER_URL environment variable (which contains the credentials to connect to MongoDB) is by adding an environment variable to the Chains controller pod. It's a farily common practice to update the MONGO_SERVER_URL at regular intervals when the credentials are rotated. To facilitate this, this commit adds 2 fields to Chains' configuration: 1. storage.docdb.mongo-server-url 2. storage.docdb.mongo-server-url-dir `storage.docdb.mongo-server-url` simply allows supplying the value of MONGO_SERVER_URL as a field. When this field is updated, the chains controller pod does not restart, unlike when the MONGO_SERVER_URL environment variable is updated. `storage.docdb.mongo-server-url-dir` allows reading MONGO_SERVER_URL from a file in the specified directory. This allows mounting the value of MONGO_SERVER_URL from a secret or other mechanisms. When the value of MONGO_SERVER_URL is updated in the path, the new value is automatically picked up and applied. * Bump gocloud.dev/docstore/mongodocstore This commit bumps gocloud.dev/docstore/mongodocstore to the commit at google/go-cloud#3429 that allows MONGO_SERVER_URL rotation.
renovate bot
referenced
this pull request
in open-feature/flagd
Sep 11, 2024
This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [gocloud.dev](https://redirect.github.com/google/go-cloud) | `v0.37.0` -> `v0.39.0` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- ### Release Notes <details> <summary>google/go-cloud (gocloud.dev)</summary> ### [`v0.39.0`](https://redirect.github.com/google/go-cloud/releases/tag/v0.39.0) [Compare Source](https://redirect.github.com/google/go-cloud/compare/v0.38.0...v0.39.0) #### BREAKING CHANGE (AWS only, V1 vs V2 SDK) Context: AWS has [announced maintenance mode](https://aws.amazon.com/blogs/developer/announcing-end-of-support-for-aws-sdk-for-go-v1-on-july-31-2025/) for the Go V1 SDK. Go CDK has changed the default SDK for URLs across all modules except `docstore/awsdynamodb` to be V2 (previously you needed to add `awssdk=v2` to the URL to get V2). Most URLs should continue to work, but in some cases you may need to add `awssdk=v1` to force V1 explicitly. Also, concrete type constructors (e.g., `OpenBucket`) for V1 (again, except `docstore/awsdynamodb`) have been marked deprecated; please migrate to using the V2 versions (e.g., `OpenBucketV2`). Our tentative plan is to remove support for V1 in early 2025; please [file a bug](https://redirect.github.com/google/go-cloud/issues/new/choose) if you have concerns about that. #### What's Changed - pubsub: Make batch request results independent by [@​mitsos1os](https://redirect.github.com/mitsos1os) in [https://github.com/google/go-cloud/pull/3457](https://redirect.github.com/google/go-cloud/pull/3457) - docstore/all: Add support for boolean filter by [@​ybourgery](https://redirect.github.com/ybourgery) in [https://github.com/google/go-cloud/pull/3464](https://redirect.github.com/google/go-cloud/pull/3464) - aws/all: Mark V1 constructors deprecated. by [@​vangent](https://redirect.github.com/vangent) in [https://github.com/google/go-cloud/pull/3466](https://redirect.github.com/google/go-cloud/pull/3466) - aws/all: Change the default for AWS URLs from V1 to V2. by [@​vangent](https://redirect.github.com/vangent) in [https://github.com/google/go-cloud/pull/3465](https://redirect.github.com/google/go-cloud/pull/3465) - all: update to go version 1.23 by [@​vangent](https://redirect.github.com/vangent) in [https://github.com/google/go-cloud/pull/3467](https://redirect.github.com/google/go-cloud/pull/3467) #### New Contributors - [@​mitsos1os](https://redirect.github.com/mitsos1os) made their first contribution in [https://github.com/google/go-cloud/pull/3457](https://redirect.github.com/google/go-cloud/pull/3457) - [@​dependabot](https://redirect.github.com/dependabot) made their first contribution in [https://github.com/google/go-cloud/pull/3448](https://redirect.github.com/google/go-cloud/pull/3448) **Full Changelog**: google/go-cloud@v0.38.0...v0.39.0 ### [`v0.38.0`](https://redirect.github.com/google/go-cloud/releases/tag/v0.38.0) [Compare Source](https://redirect.github.com/google/go-cloud/compare/v0.37.0...v0.38.0) **blob** - **all**: Fix panics if reader recreation fails after Seek by [@​vangent](https://redirect.github.com/vangent) in [https://github.com/google/go-cloud/pull/3425](https://redirect.github.com/google/go-cloud/pull/3425) - **all**: Convert errors in `Open()` into appropriate fs errors by [@​milescrabill](https://redirect.github.com/milescrabill) in [https://github.com/google/go-cloud/pull/3443](https://redirect.github.com/google/go-cloud/pull/3443) - **s3blob**: Fix Copy to work with keys that need escaping by [@​vangent](https://redirect.github.com/vangent) in [https://github.com/google/go-cloud/pull/3403](https://redirect.github.com/google/go-cloud/pull/3403) - **azureblob**: Do not panic if Content-Length and Content-Range are missing by [@​chancez](https://redirect.github.com/chancez) in [https://github.com/google/go-cloud/pull/3445](https://redirect.github.com/google/go-cloud/pull/3445) - **fileblob**: Allow customization of the FileMode by [@​vangent](https://redirect.github.com/vangent) in [https://github.com/google/go-cloud/pull/3426](https://redirect.github.com/google/go-cloud/pull/3426) **pubsub** - **awssnssqs**: Add support for setting FIFO message metadata by [@​bartventer](https://redirect.github.com/bartventer) in [https://github.com/google/go-cloud/pull/3435](https://redirect.github.com/google/go-cloud/pull/3435) - **kafkapubsub**: Configuring key_name when OpenTopicURL by [@​ssetin](https://redirect.github.com/ssetin) in [https://github.com/google/go-cloud/pull/3404](https://redirect.github.com/google/go-cloud/pull/3404) - **rabbitpubsub**: Add query string set the qos prefetch count by [@​peczenyj](https://redirect.github.com/peczenyj) in [https://github.com/google/go-cloud/pull/3431](https://redirect.github.com/google/go-cloud/pull/3431) - **rabbitpubsub**: Add query string to set the routing key from metadata by [@​peczenyj](https://redirect.github.com/peczenyj) in [https://github.com/google/go-cloud/pull/3433](https://redirect.github.com/google/go-cloud/pull/3433) - **rabbitpubsub**: Wrap pubsub rabbitmq errors by [@​peczenyj](https://redirect.github.com/peczenyj) in [https://github.com/google/go-cloud/pull/3437](https://redirect.github.com/google/go-cloud/pull/3437) **docstore** - **all**: Fix offset handling and extend test coverage by [@​bartventer](https://redirect.github.com/bartventer) in [https://github.com/google/go-cloud/pull/3409](https://redirect.github.com/google/go-cloud/pull/3409) - **awsdynamodb**: Ensure Next returns EOF when no more items by [@​bartventer](https://redirect.github.com/bartventer) in [https://github.com/google/go-cloud/pull/3406](https://redirect.github.com/google/go-cloud/pull/3406) - **mongodocstore**: Update Mongo dialer when MONGO_SERVER_URL rotates by [@​concaf](https://redirect.github.com/concaf) in [https://github.com/google/go-cloud/pull/3429](https://redirect.github.com/google/go-cloud/pull/3429) #### New Contributors - [@​ssetin](https://redirect.github.com/ssetin) made their first contribution in [https://github.com/google/go-cloud/pull/3404](https://redirect.github.com/google/go-cloud/pull/3404) - [@​concaf](https://redirect.github.com/concaf) made their first contribution in [https://github.com/google/go-cloud/pull/3429](https://redirect.github.com/google/go-cloud/pull/3429) - [@​peczenyj](https://redirect.github.com/peczenyj) made their first contribution in [https://github.com/google/go-cloud/pull/3431](https://redirect.github.com/google/go-cloud/pull/3431) - [@​chancez](https://redirect.github.com/chancez) made their first contribution in [https://github.com/google/go-cloud/pull/3445](https://redirect.github.com/google/go-cloud/pull/3445) - [@​milescrabill](https://redirect.github.com/milescrabill) made their first contribution in [https://github.com/google/go-cloud/pull/3443](https://redirect.github.com/google/go-cloud/pull/3443) - [@​samlaf](https://redirect.github.com/samlaf) made their first contribution in [https://github.com/google/go-cloud/pull/3450](https://redirect.github.com/google/go-cloud/pull/3450) **Full Changelog**: google/go-cloud@v0.37.0...v0.38.0 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/open-feature/flagd). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC43NC4xIiwidXBkYXRlZEluVmVyIjoiMzguNzQuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Prior to this commit, the dialer for MongoDB was generated once from MONGO_SERVER_URL environment variable but was never updated even when the environment variable was updated in subsequent calls. While this works fine when MONGO_SERVER_URL is not expected to update, but as MONGO_SERVER_URL also contains the credentials to connect to MongoDB, it's a fairly common use case to rotate these credentials (and hence the environment variable) at regular intervals.
This commit fixes that and updates the dialer when MONGO_SERVER_URL is updated.
This PR blocks tektoncd/chains#1089