Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tenant is getting an empty string from env referencing a secret #2279

Open
EStork09 opened this issue Aug 17, 2024 · 4 comments
Open

Tenant is getting an empty string from env referencing a secret #2279

EStork09 opened this issue Aug 17, 2024 · 4 comments
Assignees
Labels
bug Something isn't working community future release When we have a new release

Comments

@EStork09
Copy link

After upgrading to 6.0.x, the tenant is no longer getting the environment value from the secret.
i.e.

spec:
  configuration:
    name: minio-configuration
  env:
    - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET_PRIMARY_IAM
      valueFrom:
        secretKeyRef:
          key: client-secret
          name: minio-oidc

shows up in the /tmp/minio/config.env as export MINIO_IDENTITY_OPENID_CLIENT_SECRET_PRIMARY_IAM=""

Expected Behavior

export MINIO_IDENTITY_OPENID_CLIENT_SECRET_PRIMARY_IAM="" should be a value and not an empty string.

Current Behavior

export MINIO_IDENTITY_OPENID_CLIENT_SECRET_PRIMARY_IAM="" is being set as an empty string.

Possible Solution

I suppose I could look at putting the secret in the config file with the admin credentials, but I would rather keep that clean and just what is needed.

Steps to Reproduce (for bugs)

  1. Update tenant with a environment variable referencing a secret

Context

My OIDC auth has failed because it is now passing an empty string as teh secret.

Regression

Yes? v6.0.x

Your Environment

  • Version used (minio-operator): 6.0.2
  • Environment name and version (e.g. kubernetes v1.17.2): 1.29.4
  • Server type and version: container, RELEASE.2024-08-03T04-33-23Z
  • Operating System and version (uname -a): Linux rke2-worker-1 6.1.0-23-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.99-1 (2024-07-15) x86_64 GNU/Linux
  • Link to your deployment file: values.yaml
@ramondeklein
Copy link
Contributor

Operator v6 saves the environment variable to a configuration file on disk, but it only seems to support environment variables that are mapped explicitly to a value (source):

func envVarsToFileContent(envVars []corev1.EnvVar) string {
	content := ""
	for _, env := range envVars {
		content += fmt.Sprintf("export %s=\"%s\"\n", env.Name, env.Value)
	}
	return content
}

It should also be able to resolve variables that are mapped using env.ValueFrom.

@ramondeklein ramondeklein added bug Something isn't working and removed triage labels Aug 20, 2024
@ramondeklein
Copy link
Contributor

I think this needs a fix, because it breaks existing behavior where the environment variables were directly mapped into the pod (like in v5). I can imagine you want to hide some values in a secret...

@EStork09
Copy link
Author

Yes, I would very much like to keep secrets a secret 😄

@ramondeklein
Copy link
Contributor

@EStork09 As a temporary workaround, you can also add export MINIO_IDENTITY_OPENID_CLIENT_SECRET_PRIMARY_IAM=... to the minio-configuration secret (add to the existing value of config.env).

ramondeklein added a commit to ramondeklein/minio-operator that referenced this issue Aug 26, 2024
ramondeklein added a commit to ramondeklein/minio-operator that referenced this issue Aug 26, 2024
ramondeklein added a commit to ramondeklein/minio-operator that referenced this issue Aug 29, 2024
@allanrogerr allanrogerr added future release When we have a new release and removed triage labels Dec 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working community future release When we have a new release
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants