Skip to content

Implement OTEL secrets replacement in parsed policy#6419

Merged
michel-laterman merged 1 commit intoelastic:mainfrom
michel-laterman:bug/otel-secret-refereces
Mar 2, 2026
Merged

Implement OTEL secrets replacement in parsed policy#6419
michel-laterman merged 1 commit intoelastic:mainfrom
michel-laterman:bug/otel-secret-refereces

Conversation

@michel-laterman
Copy link
Contributor

@michel-laterman michel-laterman commented Feb 24, 2026

What is the problem this PR solves?

Added functionality to replace secrets in OTEL sections (receivers, exporters, processors, extensions, connectors) of a policy. Updated the NewParsedPolicy function to process these sections and append identified secret keys. Included a new test case to validate the correct replacement of secrets in the OTEL sections.

How does this PR solve the problem?

Add a call to the existing ProcessMapSecrets method for OTEL keys in the policy.

Design Checklist

  • I have ensured my design is stateless and will work when multiple fleet-server instances are behind a load balancer.
  • I have or intend to scale test my changes, ensuring it will work reliably with 100K+ agents connected.
  • I have included fail safe mechanisms to limit the load on fleet-server: rate limiting, circuit breakers, caching, load shedding, etc.

Checklist

  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have made corresponding change to the default configuration files
  • I have added tests that prove my fix is effective or that my feature works
  • I have added an entry in ./changelog/fragments using the changelog tool

Related issues

@michel-laterman
Implement OTEL secrets replacement in parsed policy
2a768d1 
Added functionality to replace secrets in OTEL sections (receivers, exporters,
processors, extensions, connectors) of a policy. Updated the `NewParsedPolicy`
function to process these sections and append identified secret keys. Included a
new test case to validate the correct replacement of secrets in the OTEL
sections.
@michel-laterman michel-laterman requested a review from a team as a code owner February 24, 2026 22:50
@michel-laterman michel-laterman added the bug Something isn't working label Feb 24, 2026
@michel-laterman michel-laterman added Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team backport-active-9 Automated backport with mergify to all the active 9.[0-9]+ branches labels Feb 24, 2026
@michel-laterman michel-laterman merged commit 9df10d4 into elastic:main Mar 2, 2026
14 checks passed
@michel-laterman michel-laterman deleted the bug/otel-secret-refereces branch March 2, 2026 18:58
@github-actions
Copy link
Contributor

github-actions bot commented Mar 2, 2026

@Mergifyio backport 9.2 9.3

@mergify
Copy link
Contributor

mergify bot commented Mar 2, 2026
edited
Loading

backport 9.2 9.3

✅ Backports have been created

Details

Cherry-pick of 9df10d4 has failed:

On branch mergify/bp/9.2/pr-6419
Your branch is up to date with 'origin/9.2'.

You are currently cherry-picking commit 9df10d4.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	new file:   changelog/fragments/1771972977-Add-support-for-OTEL-secrets-handling.yaml
	new file:   internal/pkg/policy/testdata/policy_with_otel_secrets.json
	new file:   internal/pkg/server/otel_policy_secrets_integration_test.go

Unmerged paths:
  (use "git add <file>..." to mark resolution)
	both modified:   internal/pkg/policy/parsed_policy.go
	both modified:   internal/pkg/policy/parsed_policy_test.go

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally

mergify bot pushed a commit that referenced this pull request Mar 2, 2026
@michel-laterman @mergify
Implement OTEL secrets replacement in parsed policy (#6419)
c34cff6 
Added functionality to replace secrets in OTEL sections (receivers, exporters,
processors, extensions, connectors) of a policy. Updated the `NewParsedPolicy`
function to process these sections and append identified secret keys. Included a
new test case to validate the correct replacement of secrets in the OTEL
sections.

(cherry picked from commit 9df10d4)

# Conflicts:
#	internal/pkg/policy/parsed_policy.go
#	internal/pkg/policy/parsed_policy_test.go
@mergify mergify bot mentioned this pull request Mar 2, 2026
Merged
4 tasks
mergify bot pushed a commit that referenced this pull request Mar 2, 2026
@michel-laterman @mergify
Implement OTEL secrets replacement in parsed policy (#6419)
8f7ce70 
Added functionality to replace secrets in OTEL sections (receivers, exporters,
processors, extensions, connectors) of a policy. Updated the `NewParsedPolicy`
function to process these sections and append identified secret keys. Included a
new test case to validate the correct replacement of secrets in the OTEL
sections.

(cherry picked from commit 9df10d4)
@mergify mergify bot mentioned this pull request Mar 2, 2026
Merged
4 tasks
michel-laterman added a commit that referenced this pull request Mar 2, 2026
@mergify @michel-laterman
Implement OTEL secrets replacement in parsed policy (#6419) (#6470)
9aef45d 
Added functionality to replace secrets in OTEL sections (receivers, exporters,
processors, extensions, connectors) of a policy. Updated the `NewParsedPolicy`
function to process these sections and append identified secret keys. Included a
new test case to validate the correct replacement of secrets in the OTEL
sections.

(cherry picked from commit 9df10d4)

Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com>
michel-laterman added a commit that referenced this pull request Mar 5, 2026
@michel-laterman
Implement OTEL secrets replacement in parsed policy (#6419)
493590e 
Added functionality to replace secrets in OTEL sections (receivers, exporters,
processors, extensions, connectors) of a policy. Updated the `NewParsedPolicy`
function to process these sections and append identified secret keys. Included a
new test case to validate the correct replacement of secrets in the OTEL
sections.

(cherry picked from commit 9df10d4)
michel-laterman added a commit that referenced this pull request Mar 5, 2026
@mergify @michel-laterman
[9.2](backport #6419) Implement OTEL secrets replacement in parsed po…
52603d0 
…licy (#6469)

* Implement OTEL secrets replacement in parsed policy (#6419)

Added functionality to replace secrets in OTEL sections (receivers, exporters,
processors, extensions, connectors) of a policy. Updated the `NewParsedPolicy`
function to process these sections and append identified secret keys. Included a
new test case to validate the correct replacement of secrets in the OTEL
sections.

(cherry picked from commit 9df10d4)

* Fix rebase

---------

Co-authored-by: Michel Laterman <82832767+michel-laterman@users.noreply.github.com>
Co-authored-by: michel-laterman <michel.laterman@elastic.co>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ycombinator ycombinator ycombinator approved these changes

@blakerouse blakerouse Awaiting requested review from blakerouse blakerouse is a code owner automatically assigned from elastic/elastic-agent-control-plane

Assignees

No one assigned

Labels

backport-active-9 Automated backport with mergify to all the active 9.[0-9]+ branches bug Something isn't working Team:Elastic-Agent-Control-Plane Label for the Agent Control Plane team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Secrets in Fleet-managed OTel configuration are not rendered

2 participants

@michel-laterman @ycombinator