Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

environment variables in curly brackets are interpreted as secrets #102

Open
ramonskie opened this issue Aug 19, 2022 · 0 comments
Open

environment variables in curly brackets are interpreted as secrets #102

ramonskie opened this issue Aug 19, 2022 · 0 comments
Labels
bug This issue describes a defect or unexpected behavior carvel-accepted This issue should be considered for future work and that the triage process has been completed hacktoberfest

Comments

@ramonskie
Copy link

environment variable within curly brackets are interpreted as a secret

we use a environment variable ${CREDHUB_POSTGRES_HOST} in our secret template +stringdata
see how we use it here.
https://github.com/cloudfoundry/bosh-community-stemcell-ci-infra/blob/main/config/credhub/secrets.yml#L77

a small example:

---
apiVersion: secretgen.carvel.dev/v1alpha1
kind: SecretTemplate
metadata:
  name: new-secret
spec:
  #! list of resources to read information off
  inputResources:
  - name: username-secret
    ref:
      apiVersion: v1
      kind: Secret
      name: username
  template:
    stringData:
      application.yml: |
        foo: bar
        address: "${CREDHUB_POSTGRES_HOST}"

secretgen controller is spitting out the following error

insertId: "mb8yqauemnbi5zgs"
jsonPayload: {
error: "templating stringData: unrecognized identifier CREDHUB_POSTGRES_HOST"
level: "error"
logger: "controller.sg-template"
msg: "Reconciler error"
name: "credhub-config"
namespace: "concourse"
stacktrace: "sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
	sigs.k8s.io/controller-runtime@v0.10.3/pkg/internal/controller/controller.go:227"
ts: 1660813208.7108898
}
labels: {5}
logName: "projects/cloud-foundry-310819/logs/stderr"
receiveTimestamp: "2022-08-18T09:00:15.000212012Z"
resource: {2}
severity: "ERROR"
timestamp: "2022-08-18T09:00:08.711057208Z"
}

see discussion at
https://kubernetes.slack.com/archives/CH8KCCKA5/p1660856228615859?thread_ts=1660813747.061909&cid=CH8KCCKA5

secretgen v0.10.3
@ramonskie ramonskie added bug This issue describes a defect or unexpected behavior carvel-triage This issue has not yet been reviewed for validity labels Aug 19, 2022
@carvel-bot carvel-bot moved this to To Triage in Carvel Aug 19, 2022
@joe-kimmel-vmw joe-kimmel-vmw added carvel-accepted This issue should be considered for future work and that the triage process has been completed and removed carvel-triage This issue has not yet been reviewed for validity labels Aug 19, 2022
@github-project-automation github-project-automation bot moved this to To Triage in Carvel Feb 14, 2023
@neil-hickey neil-hickey moved this from To Triage to Unprioritized in Carvel Feb 22, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug This issue describes a defect or unexpected behavior carvel-accepted This issue should be considered for future work and that the triage process has been completed hacktoberfest
Projects
Carvel
Status: Unprioritized
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ramonskie @joaopapereira @joe-kimmel-vmw