Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't use secret in variable #1418

Closed
phemmer opened this issue Oct 28, 2020 · 6 comments · Fixed by #1535
Closed

Can't use secret in variable #1418

phemmer opened this issue Oct 28, 2020 · 6 comments · Fixed by #1535
Labels
bug hashicat-update-required Changes that need to be ported to hashicat vault Related to the Vault integration
Milestone
v0.28.0

Comments

@phemmer
Copy link
Contributor

phemmer commented Oct 28, 2020
edited
Loading

Consul Template version

consul-template v0.25.1 (b11fa80)

Configuration

vault {
address = "http://192.168.122.1:8200"
token = "abcd1234"
}
{{ $latest := secret "secret/data/mykey" }}
{{ $latest.Data }}
{
  "foo": "bar"
}

Command

consul-template -once -config /tmp/consul-template.hcl -template=/tmp/test.ctmpl:/dev/null -vault-renew-token=false -dry

Debug output

2020/10/28 18:32:38.968292 [INFO] consul-template v0.25.1 (b11fa800)
2020/10/28 18:32:38.968309 [INFO] (runner) creating new runner (dry: true, once: true)
2020/10/28 18:32:38.968614 [DEBUG] (runner) final config: {"Consul":{"Address":"192.168.122.1:8500","Namespace":"","Auth":{"Enabled":false,"Username":"","Password":""},"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":false,"Key":"","ServerName":"","Verify":true},"Token":"","Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":4,"TLSHandshakeTimeout":10000000000}},"Dedup":{"Enabled":false,"MaxStale":2000000000,"Prefix":"consul-template/dedup/","TTL":15000000000,"BlockQueryWaitTime":60000000000},"DefaultDelims":{"Left":null,"Right":null},"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":0},"KillSignal":2,"LogLevel":"trace","MaxStale":2000000000,"PidFile":"","ReloadSignal":1,"Syslog":{"Enabled":false,"Facility":"LOCAL0","Name":"consul-template"},"Templates":[{"Backup":false,"Command":"","CommandTimeout":30000000000,"Contents":"","CreateDestDirs":true,"Destination":"/dev/null","ErrMissingKey":false,"Exec":{"Command":"","Enabled":false,"Env":{"Denylist":[],"Custom":[],"Pristine":false,"Allowlist":[]},"KillSignal":2,"KillTimeout":30000000000,"ReloadSignal":null,"Splay":0,"Timeout":30000000000},"Perms":0,"Source":"/tmp/test.ctmpl","Wait":{"Enabled":false,"Min":0,"Max":0},"LeftDelim":"","RightDelim":"","FunctionDenylist":[],"SandboxPath":""}],"Vault":{"Address":"http://192.168.122.1:8200","Enabled":true,"Namespace":"","RenewToken":false,"Retry":{"Attempts":12,"Backoff":250000000,"MaxBackoff":60000000000,"Enabled":true},"SSL":{"CaCert":"","CaPath":"","Cert":"","Enabled":true,"Key":"","ServerName":"","Verify":true},"Transport":{"DialKeepAlive":30000000000,"DialTimeout":30000000000,"DisableKeepAlives":false,"IdleConnTimeout":90000000000,"MaxIdleConns":100,"MaxIdleConnsPerHost":4,"TLSHandshakeTimeout":10000000000},"UnwrapToken":false},"Wait":{"Enabled":false,"Min":null,"Max":null},"Once":true,"BlockQueryWaitTime":60000000000}
2020/10/28 18:32:38.968787 [INFO] (runner) creating watcher
2020/10/28 18:32:38.969032 [INFO] (runner) starting
2020/10/28 18:32:38.969046 [DEBUG] (runner) running initial templates
2020/10/28 18:32:38.969052 [DEBUG] (runner) initiating run
2020/10/28 18:32:38.969087 [DEBUG] (runner) checking template 8b18a7cd3e1012a706cdeddc92616a95
2020/10/28 18:32:38.970122 [ERR] (cli) /tmp/test.ctmpl: execute: template: :2:10: executing "" at <$latest.Data>: nil pointer evaluating *dependency.Secret.Data

Expected behavior

Dump content of .Data without error.

Actual behavior

What actually happened?

2020/10/28 18:32:38.970122 [ERR] (cli) /tmp/test.ctmpl: execute: template: :2:10: executing "" at <$latest.Data>: nil pointer evaluating *dependency.Secret.Data

Steps to reproduce

  1. Run above configuration.

References

Additional info

Example 1 ✔️

{{ $latest := secret "secret/data/mykey" }}
{{ with $latest }}
{{ $latest.Data }}
{{ end }}

map[data:map[foo:bar] metadata:map[created_time:2020-10-28T18:36:55.176439289Z deletion_time: destroyed:false version:1]]

Example 2 ✔️

{{ $latest := secret "secret/data/mykey" }}
{{ printf "%#v" $latest }}

&dependency.Secret{RequestID:"c7d82c56-6f5b-66fc-5eae-6a74e7eb3e51", LeaseID:"", LeaseDuration:0, Renewable:false, Data:map[string]interface {}{"data":map[string]interface {}{"foo":"bar"}, "metadata":map[string]interface {}{"created_time":"2020-10-28T18:36:55.176439289Z", "deletion_time":"", "destroyed":false, "version":"1"}}, Warnings:[]string(nil), Auth:(*dependency.SecretAuth)(nil), WrapInfo:(*dependency.SecretWrapInfo)(nil)}

Example 3 ✔️

{{ $latest := secret "secret/data/mykey" }}
{{ with $foo := $latest }}
{{ $foo.Data }}
{{ end }}

map[data:map[foo:bar] metadata:map[created_time:2020-10-28T18:36:55.176439289Z deletion_time: destroyed:false version:1]]

Example 4 ❌

{{ $latest := secret "secret/data/mykey" }}
{{ $latest.Data }}

2020/10/28 18:41:46.840197 [ERR] (cli) /tmp/test.ctmpl: execute: template: :2:10: executing "" at <$latest.Data>: nil pointer evaluating *dependency.Secret.Data
@eikenb eikenb added the bug label Oct 28, 2020
@eikenb
Copy link
Contributor

eikenb commented Nov 17, 2020

Thanks for filing this issue @phemmer and sorry for the delayed response. It looks like this should be easy to reproduce and we'll get to work on it as soon as we can get it in our queue. Thanks.

@timpur
Copy link

timpur commented Nov 16, 2021

Having the same issue
so far {{- $secret := secret $path | toJSON | parseJSON }} is a sad way to get it to work

@eikenb eikenb added this to the v0.28.0 milestone Nov 17, 2021
@eikenb
Copy link
Contributor

eikenb commented Nov 17, 2021

Thanks for the prompt @timpur, I'll try to get this fixed in the next release.

@eikenb eikenb added hashicat-update-required Changes that need to be ported to hashicat vault Related to the Vault integration labels Dec 2, 2021
@eikenb
Copy link
Contributor

eikenb commented Dec 3, 2021

Problem is the secret template function returns a pointer to a struct instead of a zero value. It works with with as {{with $v:=secret "foo"}} doesn't trigger the with block when secret "foo" returns a nil. On the other hand, when it is assigned to a variable and then that variable will contain nil and you see this error if you try to use it (there is no with block to skip).

Changing the returned value from a pointer to a zero value for that struct sort of fixes it. It doesn't give the error, but it changes the returned values in ways that would break compatibility.

I'm not sure of a solution yet, but that is the problem.

@eikenb
Copy link
Contributor

eikenb commented Dec 3, 2021

So it looks like nil wasn't the problem. It was due to the typing of the nil pointer. If the function signature is typed or the returned value is typed to the actual data type it gives that error. If the return signature is interface{} and you return nil (not a typed nil pointer) it works.

IE. I think this will end up being a pretty simple fix.

@eikenb eikenb mentioned this issue Dec 3, 2021
Merged
@eikenb
Copy link
Contributor

eikenb commented Dec 3, 2021

PR with fix pushed up for review. Fix will be in next release (v0.28.0).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug hashicat-update-required Changes that need to be ported to hashicat vault Related to the Vault integration
Projects
None yet
Milestone
v0.28.0
Development

Successfully merging a pull request may close this issue.

fix issue returning typed nil pointers hashicorp/consul-template
3 participants
@eikenb @phemmer @timpur