Skip to content

[UII] Support integrations having secrets with multiple values#216918

Merged
jen-huang merged 9 commits intoelastic:mainfrom
jen-huang:fix/multi-secrets
Apr 3, 2025
Merged

[UII] Support integrations having secrets with multiple values#216918
jen-huang merged 9 commits intoelastic:mainfrom
jen-huang:fix/multi-secrets

Conversation

@jen-huang
Copy link
Contributor

@jen-huang jen-huang commented Apr 2, 2025
edited
Loading

Summary

Resolves #205102. This PR makes Fleet support having multiple values for secrets, i.e. integrations with variables such as:

  - name: connection_string
    title: Connection String
    type: password
    secret: true
    multi: true

When a package policy has a multi-value secret, the variable containing references to secrets will be saved with ids: string[]:

"connection_string": {
  "type": "password",
  "value": {
    "ids": [
      "c9A385UBLd_jDJtMILH5",
      "ddA385UBLd_jDJtMILH5"
    ],
    "isSecretRef": true
  }
}

There is no change for secrets with single values, the reference will still be saved with id: string. There is also no change to the secret_references block.

The policy editor will display the multi-value secrets like this when creating:
image

And when editing/replacing:
image

Testing

  1. Download and upload test package azure-1.20.5-next.zip, which modifies connection_string to be multi-value secret and updates associated agent handlebars templates
  • You may get an error about integration name not found, I'm not sure what that error is, but the package will still be uploaded
  1. Test adding the above version of Azure package policy with multiple connection strings
  2. Check that the agent yaml compiles correctly
  3. Test editing, deleting the policies etc

Checklist

  • Unit or functional tests were updated or added to match the most common scenarios
  • The PR description includes the appropriate Release Notes section, and the correct release_note:* label is applied per the guidelines
@jen-huang jen-huang added release_note:fix backport:skip This PR does not require backporting Team:Fleet Team label for Observability Data Collection Fleet team labels Apr 2, 2025
@jen-huang jen-huang self-assigned this Apr 2, 2025
@jen-huang jen-huang requested a review from a team as a code owner April 2, 2025 19:46
@elasticmachine
Copy link
Contributor

elasticmachine commented Apr 2, 2025

Pinging @elastic/fleet (Team:Fleet)
@elasticmachine
Copy link
Contributor

elasticmachine commented Apr 2, 2025

💚 Build Succeeded

Metrics [docs]

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
fleet 161.6KB 162.2KB +577.0B

cc @jen-huang
@nchaulet nchaulet self-requested a review April 3, 2025 15:25
nchaulet
nchaulet approved these changes Apr 3, 2025
View reviewed changes
Copy link
Member

@nchaulet nchaulet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested locally and it generated a correct fleet policy and associated secrets. LGTM 🚀
@jen-huang jen-huang merged commit 7158e02 into elastic:main Apr 3, 2025
18 checks passed
@jen-huang jen-huang deleted the fix/multi-secrets branch April 3, 2025 17:56
@bvader
Copy link

bvader commented Apr 7, 2025

Hi @jen-huang Do I read this right that this will not be backported to 8.19? We will have enterprise customers on 8.X for many many months, any chance it can get added to the backport?
@mykola-elastic mykola-elastic mentioned this pull request May 28, 2025
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport:skip This PR does not require backporting release_note:fix Team:Fleet Team label for Observability Data Collection Fleet team v9.1.0

4 participants

@jen-huang @elasticmachine @bvader @nchaulet