Closed joshuatcasey closed 4 years ago
We have created an issue in Pivotal Tracker to manage this:
https://www.pivotaltracker.com/story/show/172482424
The labels on this github issue will be updated when the story is started.
CC: @cloudfoundry/cf-uaa
Hi @joshuatcasey,
What does credhub find -j -n cf_admin_password
return? If it returns multiple credentials, then the xargs command is going to include all of them in the credhub get
command, which will result in the error you are seeing. It almost sounds like you have a second deployment of cf-deployment on the same BOSH director.
We have added some sanity checks to the get_password_from_credhub
helper function here. Please feel free to try them out to see if it helps you to understand why this is failing.
Regards, Dave and @Birdrock
We do have multiple passwords returned! There's another deployment that no longer exists but the password is still in Credhub. I'll clean that up and hopefully we don't see this in the future.
Sounds good @joshuatcasey. I am going to go ahead and close this out.
update-integration-configs
should fail fast whenadmin_password
is not found. It's required for CATs, and I suspect WATS and RATS.We've had a few experiences in the UAA pipelines where
update-integration-configs
does not find anadmin_password
for CATs and then updatescats_integration_config.json
withadmin_password: ''
.update-integration-configs
shows as "passed" in Concourse status, which indicates no problems. That being said, we do see some output from the Credhub CLI inupdate-integration-configs
that may indicate a problem.CATs then fails with error
Invalid configuration: 'admin_password' must be provided
.Note that we're still able to retrieve this password via Credhub CLI on our local machine, and it appears from the timestamp that it hasn't updated in a while (
version_created_at: "2019-08-16T22:14:20Z"
). I'm not sure whyupdate-integration-configs
does not retrieve this password.