Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow setting key vault secret name & Unify API versions #335

Merged
merged 3 commits into from
Oct 6, 2023

Conversation

maxilampert
Copy link
Contributor

@maxilampert maxilampert commented Aug 21, 2023

This PR deals with two things.

  1. Allow setting the key vault secret name by the 'build_key_vault_secret_name' parameter. The default value is still 'packerKeyVaultSecret' if the parameter is not specified.

  2. Unify the ARM API versions to use there latest counterparts for compute and network resources globally and remove a lot of individual settings. Should not be breaking as the APIs are available in all clouds. Minor structural cleanup of the ARM templates.

…e individual settings; Add key vault secret parameter to allow setting the secret name during deployment.
@maxilampert maxilampert requested a review from a team as a code owner August 21, 2023 00:53
@JenGoldstrich JenGoldstrich self-assigned this Aug 30, 2023
@JenGoldstrich
Copy link
Contributor

Hey @maxilampert, generally this PR looks good but I'm curious what your use-case is for renaming the secret, the key vault secret is meant to be temporary and be deleted by the end of a build, since the key vault itself is also deleted.

@maxilampert
Copy link
Contributor Author

Hey @maxilampert, generally this PR looks good but I'm curious what your use-case is for renaming the secret, the key vault secret is meant to be temporary and be deleted by the end of a build, since the key vault itself is also deleted.

Hey @JenGoldstrich, well in our case we use a fixed key vault that has been created beforehand and does not get deleted after the image build. We have some conventions in place for how secrets should be named.
Also for a case of concurrent builds it could be useful to create separate secrets to not run into any issues.

Copy link
Contributor

@JenGoldstrich JenGoldstrich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@maxilampert thanks for that context, although this makes me think that we should be deleting the key vault secret that we create when we don't delete the key vault, I believe that's an oversight more than intentional behavior.

I have created this issue to track that #343, if this would cause disruption to your workflow let me know, but I think it should be safe to do. In the mean time I don't wanna continue to delay this PR though, and its a reasonable change to me.

I ran acceptance tests on this PR and tested a few manual builds while setting my secret name in a template, LGTM!

@JenGoldstrich JenGoldstrich merged commit d91ce9d into hashicorp:main Oct 6, 2023
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants