search

kapicorp / kapitan

Generic templated configuration management for Kubernetes, Terraform and other things
https://kapitan.dev
Apache License 2.0
1.83k stars 199 forks source link

[bug] subvars reveal is not revealing #319

Closed Dauliac closed 5 years ago

Dauliac commented 5 years ago

Describe the bug/feature Hello, there is a problem with the new subvars system. Indeed when you try to reveal subvars files. There is no error and no revealing.

To Reproduce When you create a subvars file like that:

kapitan secrets --write  gpg:targets/staging/db-mariadb-db-staging-credentials -t staging \
        -f clear_secrets/db-mariadb-staging-credentials.yml

$ cat secrets/targets/staging/db-mariadb-db-staging-credentials
data: <truncated>
encoding: original
recipients:
- fingerprint: <truncated>
type: gpg

And when you compile:

$ kapitan compile
Compiled production (0.17s)
Compiled common (0.19s)
Compiled preprod (0.07s)
Compiled dev (0.37s)
Compiled staging (0.49s)

$ kapitan compile --reveal
Compiled production (0.17s)
Compiled preprod (0.08s)
Compiled dev (0.40s)
Compiled common (11.64s)
Compiled staging (12.44s)

Nothing happen:

$ cat init.sql
CREATE OR REPLACE USER "?{gpg:targets/staging/db-mariadb-db-staging-credentials@username}"@"10.8.0.0/255.252.0.0" IDENTIFIED BY "?{gpg:targets/staging/db-mariadb-db-staging-credentials@password}";
GRANT ALL PRIVILEGES ON ma.* to "?{gpg:targets/staging/db-mariadb-db-staging-credentials@username}"@"10.8.0.0/255.252.0.0";
GRANT ALL PRIVILEGES ON pg.* to "?{gpg:targets/staging/db-mariadb-db-staging-credentials@username}"@"10.8.0.0/255.252.0.0";

$ kapitan secrets --reveal -f init.sql
CREATE OR REPLACE USER "?{gpg:targets/staging/db-mariadb-db-staging-credentials@username}"@"10.8.0.0/255.252.0.0" IDENTIFIED BY "?{gpg:targets/staging/db-mariadb-db-staging-credentials@password}";
GRANT ALL PRIVILEGES ON ma.* to "?{gpg:targets/staging/db-mariadb-db-staging-credentials@username}"@"10.8.0.0/255.252.0.0";
GRANT ALL PRIVILEGES ON pg.* to "?{gpg:targets/staging/db-mariadb-db-staging-credentials@username}"@"10.8.0.0/255.252.0.0";
FLUSH PRIVILEGES;

Expected behavior The secret string ?{gpg:targets/staging/db-mariadb-db-staging-credentials@username} is not replaced by kapitan.

Additional context We can also observe that in the repository example/tests folders

Tests are successful because there is no error when compiling with/without --reveal option.

Thank's

ramaro commented 5 years ago

Are you using the v0.24.0-rc.0 realease version? This feature hasn't made it into an proper release yet.

Dauliac commented 5 years ago

Oh yeah. I'm on 0.23. I didn't see that 0.24 is a pre-release version and that it is not yet on pip repository. Thank's.

ramaro commented 5 years ago

You can install using pip: pip install --upgrade kapitan==0.24.0rc0

Dauliac commented 5 years ago

Thank you ! I think that I can close my newbie issue