-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Intermittent issue with format="GOOGLE_APPLICATION_CREDENTIALS{{ .data.private_key_data }}" #225
Comments
Hey @kawsark, thanks for reporting this. Any tips on how I might reproduce this without GCP access? I don't have it and am working to reproduce it using just the vault dev server. Thanks. |
@kawsark Comparing what you give above to the documented /gcp/key GET API (linked belos) do you see any differences from the examples there.. Based on everything I've read so far (docs and code) the only way I can see this happening is if GCP sometimes returns things mis-mapped. The format you list in the example has it using If you can save/log the contents of that .data structure during the good/bad modes to see if it changes that might help. Thanks. |
When I use
format=
in thesecret
stanza for Variable interpolation, sometimes EnvConsul sets the incorrect value. This problem is fairly easy to reproduce.In this case, I am reading a dynamic GCP service account key from Vault. Vault returns 3 fields in data (full key is truncated as ):
The application expects GOOGLE_APPLICATION_CREDENTIALS to contain the value of
private_key_data
. This can be achieved by specifying:format="GOOGLE_APPLICATION_CREDENTIALS{{ .data.private_key_data }}"
However, sometimes it gets set as
KEY_ALG_RSA_2048
orTYPE_GOOGLE_CREDENTIALS_FILE
.Envconsul version
Configuration
testgcp1.hcl file
Command
Debug output
Provide a link to a GitHub Gist containing the complete debug output by running
with
-log-level=debug
.Please see: https://gist.github.com/kawsark/f659cf6644cbac94527ae7f062dbdb63
Expected behavior
GOOGLE_APPLICATION_CREDENTIALS
environment variable should be populated with Base64 encoded Google service account. In the Gist below, when it works, GOOGLE_APPLICATION_CREDENTIALS is shown as below (full key is truncated as ):https://gist.github.com/kawsark/f659cf6644cbac94527ae7f062dbdb63
Actual behavior
Although it works most of the time, sometimes
GOOGLE_APPLICATION_CREDENTIALS
environment variable contain a value ofKEY_ALG_RSA_2048
orTYPE_GOOGLE_CREDENTIALS_FILE
. In the Gist below, when it does not work, GOOGLE_APPLICATION_CREDENTIALS is set to KEY_ALG_RSA_2048 on line 102https://gist.github.com/kawsark/f659cf6644cbac94527ae7f062dbdb63#file-envconsul-txt-L100
Steps to reproduce
Example application script provided here: https://gist.github.com/kawsark/74a87420dd9a3a1d9a0c7d4276d30aa9
References
Are there any other GitHub issues (open or closed) that should be linked here?
The text was updated successfully, but these errors were encountered: