Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-5754

Secret retrieval fails when content contains newlines or quotation marks

XMLWordPrintable

    • False
    • None
    • False
    • NEW
    • OBSDA-550 - Updated APIs for Logging 6.0
    • VERIFIED
    • Release Note Not Required

      Description of problem:

      The new "secret reader script" does not produce a correct JSON document when the content of the secrets contain characters which are not valid in a JSON string like newlines or quotation marks.

      Example configuration:

      tls:
        ca:
          key: service-ca.crt
          secret:
            name: collector-manual-token 

      (The "service-ca.crt" field of the secret contains a PEM-encoded TLS certificate which contains newlines)

      Output of vector container:

      2024-07-03T13:43:11.406275Z ERROR vector::cli: Configuration error. error=Error while retrieving secret from backend "from_secret": control character (\u0000-\u001F) found while parsing a string at line 3 column 0. 

      Currently the script simply concatenates a JSON template string with the contents of the secret(s), which in this case produces invalid JSON. Ideally we have something that properly marshals a JSON document from the content, so that it is valid no matter what the content of the secrets is.

      Version-Release number of selected component (if applicable):

      6.0 (master)

      How reproducible:

      Create a ClusterLogForwarder referencing a secret that contains characters which are invalid inside a JSON string.

      Actual results:

      Vector fails to start up, because it can not parse the output from the secrets script.

      Expected results:

      Vector can read the secrets no matter what they contain and successfully start up.

              jcantril@redhat.com Jeffrey Cantrill
              rojacob@redhat.com Robert Jacob
              Qiaoling Tang Qiaoling Tang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: