-
Bug
-
Resolution: Done
-
Normal
-
Logging 6.0.0
-
False
-
None
-
False
-
NEW
-
OBSDA-550 - Updated APIs for Logging 6.0
-
VERIFIED
-
Release Note Not Required
-
-
Description of problem:
The new "secret reader script" does not produce a correct JSON document when the content of the secrets contain characters which are not valid in a JSON string like newlines or quotation marks.
Example configuration:
tls: ca: key: service-ca.crt secret: name: collector-manual-token
(The "service-ca.crt" field of the secret contains a PEM-encoded TLS certificate which contains newlines)
Output of vector container:
2024-07-03T13:43:11.406275Z ERROR vector::cli: Configuration error. error=Error while retrieving secret from backend "from_secret": control character (\u0000-\u001F) found while parsing a string at line 3 column 0.
Currently the script simply concatenates a JSON template string with the contents of the secret(s), which in this case produces invalid JSON. Ideally we have something that properly marshals a JSON document from the content, so that it is valid no matter what the content of the secrets is.
Version-Release number of selected component (if applicable):
6.0 (master)
How reproducible:
Create a ClusterLogForwarder referencing a secret that contains characters which are invalid inside a JSON string.
Actual results:
Vector fails to start up, because it can not parse the output from the secrets script.
Expected results:
Vector can read the secrets no matter what they contain and successfully start up.
- links to
- mentioned on