Giters

acorn-io / runtime

A simple application deployment framework built on Kubernetes

Home Page:https://docs.acorn.io/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Secrets with type "credential.acorn.io" need to show which Acorns are referencing them.

sangee2004 opened this issue · comments

commented

acorn version - v0.10.0-rc1-7-g8b9acb47+8b9acb47

Steps to reproduce the problem:

  1. Deploy app with secrets with type "credential.acorn.io" using the following Acornfile - acorn run -n mytestsec
secrets:
{ 
config: {
	type: "credential.acorn.io/mytest"
	params: {
		promptOrder: ["proto", "address", "port", "adminUsername", "adminPassword", "username", "password"]
	}
	data: {
		address:       ""
		port:          ""
		username:      ""
		password:      ""
		adminUsername: ""
		adminPassword: ""
		proto:         ""
		dbName:        ""
	}
}
mytestsec: type: "token"
}
  1. Once the app is deployed, notice that the credential - config created does not indicate that app deployed in step1 is referencing this credential.
acorn secrets
NAME                  TYPE                          KEYS                                                                        CREATED
config-84pkz          credential.acorn.io/mytest    [address adminPassword adminUsername dbName password port proto username]   8s ago
mytestsec.mytestsec   token                         [token]                                                                     22s ago

Expected Behavior:
Credential needs to show which Acorns are referencing them.

commented

@sangee2004 I got confirmation from @ibuildthecloud that these credentials secrets are intentionally named that way, so we don't want to change them by adding app name prefixes. I think this issue can just be closed.

commented

@g-linville Is there any other way of letting the user know which credential is the associated with the app ? It feels odd for user to not know this when the secret definition is present in the Acornfile that is used for deployment of this secret .

commented

I'm gonna bring this up with the team and see what they think the UX should be.

commented

It would be helpful to know:

  1. What app created the credential. Then you could see if it exists or not.
  2. What apps are referencing the credential.

In the case of services, multiple "Credentials" can be created that connect to different database instances. They all end up with the same name. Which makes it difficult to figure out which credential is the one needed.

Also, when apps are deleted, the credentials are not, and they can build up over time and the user has no idea which is which, or if they can re-use one.