Closed modulo11 closed 9 months ago
For my use case, ignoring nested is fine.
Even worse, translating VCAP_SERVICES into Bindings swallows any marshaling error.
Definitely a bug.
When a Binding is created from VCAP_SERVICES credentials are expected as map[string]string (flat) where in reality they can be nested (map[string]any). A Binding expects them to be map[string]string as well.
My understanding is that the K8s binding spec says that they should be mapped that way. Key/value. String as the key and string as the value. That said, I did some reading in the spec and didn't find it specifically saying that. I spent about five mins looking though.
What I do know is that the binding spec maps the bindings to files on the file system, so the key definitely needs to be a string, because it'll be a file name. In theory, the file could contain anything, but it can't be nested. You can't have subfolders within the binding.
Flatten incoming credentials, which would just cut of any nested structures. From the example, only the uri field would be inside the secret field of Binding. This would also prevent the whole process of translating to either fully succeed or just silently fail.
I'm fine with this. To clarify, you're saying that it would have properties like this:
Ex: username
-> foo
Ex: foo.bar
-> 42
I am a little concerned with how we'd implement this. We'd probably have to use map[string]any
then convert it to a map[string]string
as we go through and flatten things. I think it could work, but it's probably going to be very tedious.
Change type of thesecret property in Binding from map[string]string to map[string]any. That would be a breaking change with lots of impact on other projects I guess.
-1 I don't think this is an option. Too much change, too many things impacted that are never going to have this problem.
Treat credentials as raw data which is passed and "interpreted" by consuming parties. Would probably lead to even more work downstream
Not 100% sure I follow this one. I'd be OK with this if you're saying that it remains string/string and that the value, if containing nested data, would be just a JSON string.
Ex: username
-> foo
is still string/string.
Ex: foo
-> {"bar": 42}
still string/string. If the consuming entity needs bar
then it's their responsibility to parse that JSON and read out bar
.
What I don't know, and what might be an issue, is if Go's JSON parsing would do that. I suspect it would fail on the nested item since it's a string.
Other options?
I don't know what a use case would be where it has nested credentials though. Do you have a use case where there are nested values under the credentials? Can you expand on the need here?
The
credentials
field contained inVCAP_SERVICES
is specified as:When a
Binding
is created fromVCAP_SERVICES
credentials are expected asmap[string]string
(flat) where in reality they can be nested (map[string]any
). ABinding
expects them to bemap[string]string
as well. Even worse, translatingVCAP_SERVICES
intoBindings
swallows any marshaling error.Simple
VCAP_SERVICES
to reproduce the issue:There are a couple potential solutions that came to my mind:
uri
field would be inside thesecret
field ofBinding
. This would also prevent the whole process of translating to either fully succeed or just silently fail.secret
property inBinding
frommap[string]string
tomap[string]any
. That would be a breaking change with lots of impact on other projects I guess.credentials
as raw data which is passed and "interpreted" by consuming parties. Would probably lead to even more work downstream