search

bitnami-labs / sealed-secrets

A Kubernetes controller and tool for one-way encrypted Secrets
Apache License 2.0
7.52k stars 675 forks source link

kubeseal fails to parse a yaml file - panic to parse event #857

Open fcosanabria opened 2 years ago

fcosanabria commented 2 years ago

The issue I'm facing is when running the following command: kubeseal --scope cluster-wide --format=yaml < secret.yaml

jsanabri@Franciscos-MacBook-Pro /tmp % kubeseal --scope cluster-wide --format=yaml < secret.yaml
panic: attempted to parse unknown event: none [recovered]
    panic: attempted to parse unknown event: none

goroutine 1 [running]:
gopkg.in/yaml%2ev2.handleErr(0xc000019998)
    /Users/brew/Library/Caches/Homebrew/go_mod_cache/pkg/mod/gopkg.in/yaml.v2@v2.4.0/yaml.go:249 +0x6d
panic({0x1e3eea0, 0xc000720650})
    /usr/local/Cellar/go/1.18.3/libexec/src/runtime/panic.go:838 +0x207
gopkg.in/yaml%2ev2.(*parser).parse(0xc00013e000)
    /Users/brew/Library/Caches/Homebrew/go_mod_cache/pkg/mod/gopkg.in/yaml.v2@v2.4.0/decode.go:158 +0x154
gopkg.in/yaml%2ev2.(*Decoder).Decode(0xc000019a08, {0x1e012e0?, 0x2b8a588})
    /Users/brew/Library/Caches/Homebrew/go_mod_cache/pkg/mod/gopkg.in/yaml.v2@v2.4.0/yaml.go:122 +0x107
github.com/bitnami-labs/sealed-secrets/pkg/multidocyaml.isMultiDocumentYAML({0xc000134200, 0xfa, 0x200})
    /private/tmp/kubeseal-20220602-72017-lkgeub/pkg/multidocyaml/multidocyaml.go:14 +0x205
github.com/bitnami-labs/sealed-secrets/pkg/multidocyaml.EnsureNotMultiDoc({0xc000134200?, 0xc0001a8000?, 0xc0004826e0?})
    /private/tmp/kubeseal-20220602-72017-lkgeub/pkg/multidocyaml/multidocyaml.go:19 +0x1e
main.readSecret({0xb08aa18, 0xc0004826e0}, {0x21fd1a0?, 0xc0001a8000?})
    /private/tmp/kubeseal-20220602-72017-lkgeub/cmd/kubeseal/main.go:146 +0x5d
main.seal({0x21fd1a0, 0xc0001a8000}, {0x21fd1c0, 0xc0001a8008}, {0xc000268150, {0x21fcb00, 0xc00019e9c0}, {0xc0001a2e00, 0x3, 0x4}, ...}, ...)
    /private/tmp/kubeseal-20220602-72017-lkgeub/cmd/kubeseal/main.go:262 +0x109
main.run({0x220ebe8, 0xc0001a6000}, {0x21fd1c0?, 0xc0001a8008}, {0x0, 0x0}, {0x0, 0x0}, {0x0, 0x0}, ...)
    /private/tmp/kubeseal-20220602-72017-lkgeub/cmd/kubeseal/main.go:766 +0xc4e
main.main()
    /private/tmp/kubeseal-20220602-72017-lkgeub/cmd/kubeseal/main.go:773 +0x33b

Here basically I'm logged into my Openshift cluster, and running the command to encrypt a Instana agent license key.

Expected behavior

Getting an output from the yaml file, with the encrypted elements. For example:

---
apiVersion: bitnami.com/v1alpha1
kind: SealedSecret
metadata:
  annotations:
    sealedsecrets.bitnami.com/cluster-wide: "true"
  creationTimestamp: null
  name: instana-agent
  namespace: observe
spec:
  encryptedData:
    key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
  template:
    data: null
    metadata:
      annotations:
        sealedsecrets.bitnami.com/cluster-wide: "true"
      creationTimestamp: null
      labels:
        app.kubernetes.io/name: instana-agent
        app.kubernetes.io/version: 1.2.29
      name: instana-agent
      namespace: observe
    type: Opaque
---

Additional context

Using MacOS Monterey 12.4, I have been using the same command over and over again in the past, with no issues. It just suddenly stop working. I also gave installed go1.18.3 darwin/amd64

alvneiayu commented 2 years ago

hi @piktonus97m

what is the Sealed Secrets version that you are using? I am trying to reproduce your error but I can not. Could you share with me the format of the secret (yaml without sensible information, of course) that you are using?

Thanks a lot

Álvaro