High level design PR: Add SDS dynamic secret

[qiwzhang]

Signed-off-by: Wayne Zhang qiwzhang@google.com

This PR is not a real PR, it is a high level design proposal to support fetching dynamic secrets.

Main changes:

1. added SecretCallback interface to notify secret has been changed
2. added DynamicSecretProvider interface to fetch dynamic secret.
3. secretManager to hold static and dynamic secret separately.
4. use shared_ptr for Context objects so an new object can be created while old one is in-use.

Code Status:
Passed compiling for files under /source/....

[qiwzhang]

@lizan @PiotrSikora Could you help to review it?

[lizan]

I'm curious why we need this and createDynamicSecretProvider, but not make SecretManager to manage callbacks.

[qiwzhang]

Managing update callbacks by DynamicSecretProvider is more efficient since it only holds the callbacks that using that secret. If done in the secretManager, you need a map of hash + name to the vector of callbacks, you need map lookup. Beside, DynamicSecretProvider is implemented by SdsAPI. It has the onConfigUpate() call, so it is more nature to call its callbacks when onConfigUpdate() is called. It doesn't need to hold secretManager object either.

[lizan]

not needed.

[qiwzhang]

Will remove

[lizan]

from impl, this is not a pure create, but find one if there is existing, need a better name.

[qiwzhang]

how about "findOrCreateDynamicSecretProvider"?

[lizan]

Do we intended to make all *Context to SharedPtr? What is the usecase of unique_ptrs?

[qiwzhang]

unique_ptr can be removed.

[qiwzhang]

Actually, I am working on a separate PR of making ssl_socket not to hold context as its member, only use ctx at constructor. If this works, we will continue to use unique_ptr for ctx.

[lizan]

you should be able to have this as std::shared_ptr<ContextImpl> and cast it with std::dynamic_pointer_cast

[qiwzhang]

As I mentioned above, I try to remove this member variable ctx_ in a separate PR

[lizan]

This includes all changes in #3700 right?

While we can review this on high level, but please address review/test on that first.

[JimmyCYJ]

@lizan Yes, I am modifying #3700 to make it consistent with this high level design. That PR currently needs more tests to meet test coverage requirements. Once the PR is ready, I will ping you.

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[JimmyCYJ]

#3700 is under review, and we are updating this PR accordingly. Please keep this PR open.

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[stale]

This pull request has been automatically marked as stale because it has not had activity in the last 7 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

[stale]

This pull request has been automatically closed because it has not had activity in the last 14 days. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!