Open Bibz87 opened 2 weeks ago
I definitely don't feel comfortable downloading and installing random patches from untrusted sources.
Looks like spam. Will report to GitHub.
@Bibz87 Thanks for your report!
Let me know if you need anything from me to help with debugging. 😀
Looks like spam. Will report to GitHub.
Very sorry about that (one of the comments came from my account). Account got compromised and posted this malicious stuff. Should not happen again
Similar to #33995 cc @crw
When the secret_suffix
is "test-44"
, the backend attempts to retrieve a secret named "<secret>-test-44"
. It then uses the Atoi function to parse the last segment of the name, assuming it's an integer index. This is what leads to errors if the suffix isn't actually an index, resulting in the out of bound error.
This assumption seems to be related to how the backend manages Terraform state files. Since state files can be too large to fit into a single Kubernetes secret, the backend chunks the state into multiple secrets, see this part of the secret creation implementation. This chunking mechanism leads to the use of numeric suffixes to differentiate between chunks. However, relying on the assumption that the last part of the secret name is potentially an index can cause issues if the suffix is not intended to be an index when set by the user.
Given the complexity introduced by the existing chunking mechanism, supporting secret suffixes with a trailing -<int>
becomes extremely challenging. To avoid potential issues, I recommend not allowing trailing -<int>
values in the secret_suffix
moving forward.
I’ve opened a PR (#35666) to add extra validation for the secret_suffix
, preventing it from ending with a trailing -<number>
. This helps avoid conflicts with the backend’s chunking mechanism, which appends numeric indices to secret names.
Terraform Version
Terraform Configuration Files
Debug Output
https://gist.github.com/Bibz87/2c68fea5383e932e99451051d1bc10d9
Expected Behavior
Terraform doesn't crash during initialisation
Actual Behavior
Attempting to initialise Terraform configuration results in crash
Steps to Reproduce
terraform init
Additional Context
After some testing, it looks like ending the secret suffix with a number causes the crash. Changing
secret_suffix
fromtest-01
totest
makes the initialisation work properly without crashing.Note: Terraform does create the Kubernetes secret before crashing.
References
No response