terraform-aws-observability-accelerator icon indicating copy to clipboard operation
terraform-aws-observability-accelerator copied to clipboard

Published 20 hours ago verified publisher icon aws-observability

API Key rotation for Grafana Workspace

Open veerapratapg opened this issue 1 year ago • 6 comments

What does this PR do?

  • Added a module to enable Grafana API Key rotation --> grafana-key-rotation
  • Made appropriate changes to the eks-monitoring module to retrieve the details of the resources created in the in this module to be used for the above key rotation module.
  • Modified the existing-cluster-with-base-and-infra example to create create the grafana-key-rotation module.

Motivation

  • The current existing-cluster-with-base-and-infra example does not rotate the expired Grafana Workspace API keys automatically.
  • Modifying the example to enable key rotation for External Secrets deployed to the EKS Cluster as part of this solution.
  • Steps provided in https://docs.aws.amazon.com/prometheus/latest/userguide/obs_accelerator.html

More

  • [X] Yes, I have tested the PR using my local account setup (Provide any test evidence report under Additional Notes)
  • [X] Yes, I ran pre-commit run -a with this PR
  • [ ] Yes, I have added a new example under examples to support my PR (when applicable)
  • [ ] Yes, I have updated the Pages for this feature

Note: Not all the PRs required examples and docs.

For Moderators

  • [ ] E2E Test successfully complete before merge?

Additional Notes

veerapratapg avatar Jan 17 '24 21:01 veerapratapg

Tagging reviewers --> @bonclay7 @lewinkedrs

veerapratapg avatar Jan 17 '24 21:01 veerapratapg

Made the following changes to incorporate the suggestions from @lewinkedrs :

  1. Added a README.md doc to grafana-key-rotation module with information regarding :
    • What the module does and the resources it creates
    • How to enable/disable it.
    • Some of the configuration options.
  2. Performed testing with the latest version of python runtime for Lambda, "3.12", and the solution is working as expected.
  3. Removed test from the names of policy attachment resources.
  4. Also removed white spaces from the mentioned files.
  5. Added variables for python runtime, event bridge scheduler expressions to provide additional flexibility for users.

veerapratapg avatar Jan 31 '24 04:01 veerapratapg

Made the changes suggested by @bonclay7 and removed managed_grafana_workspace_id from the SSM parameter name created through external-secrets to reduce the number of changes made.

veerapratapg avatar Feb 06 '24 05:02 veerapratapg

This PR has been automatically marked as stale because it has been open 60 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

github-actions[bot] avatar Apr 23 '24 00:04 github-actions[bot]

Working on the incorporating unit tests for the Lambda function per my conversation with bonclay7@

veerapratapg avatar May 06 '24 05:05 veerapratapg

Added Unit Tests for Lambda function in the grafana-key-rotation module in the directory ./modules/grafana-key-rotation/tests/unit/src. Also added a ReadMe file in the same location with a quick overview of steps to run the Tests.

veerapratapg avatar Jun 18 '24 05:06 veerapratapg

This PR has been automatically marked as stale because it has been open 60 days with no activity. Remove stale label or comment or this PR will be closed in 10 days

github-actions[bot] avatar Aug 18 '24 00:08 github-actions[bot]

Closing this PR as Managed Grafana v9 and 10 introduced Service account and service account token (SAT) APIs, instead of API Keys.

veerapratapg avatar Aug 26 '24 21:08 veerapratapg