search

kestra-io / plugin-notifications

Apache License 2.0
3 stars 10 forks source link

Credential error when using secrets for MailSend. Running MailSend with hard coded credentials works. #170

Open dspang opened 1 month ago

dspang commented 1 month ago

Expected Behavior

The plugin io.kestra.plugin.notifications.mail.MailSend should properly decode my username and password which are stored as secrets via a .env_encoded file.

I have validated that my credentials are being ingested in two ways:

1 - Ran the same failing workflow with hard coded credentials instead of having it decode the secrets but added {{ secret('EMAIL_USERNAME') }} and {{ secret('EMAIL_PASSWORD') }} into the body of the email. This email sent successfully and had the properly decoded credentials in the email body as expected.

2 - Ran a separate flow to log the credentials after decoding. While the code listed below does appear to have properly decoded the values and logged them, I am unable to verify with certainty as the result is masked.

id: secret_test
namespace: test_namespace
tasks:
  - id: hello
    type: io.kestra.plugin.core.log.Log
    message:
      - Username = {{ secret('EMAIL_USERNAME') }}
      - Password = {{ secret('EMAIL_PASSWORD') }}`

Result: image

Actual Behaviour

For the send_email error handler listed in the example flow below, a "535 Authentication credentials invalid" error is thrown.

image

Steps To Reproduce

  1. Environment: Docker Desktop for Windows 11 with a Kestra instance on the latest build backed by a Postgres instance which are both spun up via Docker Compose.

  2. Config: .env_encoded file in the following format.

     SECRET_EMAIL_USERNAME=<redacted>
 SECRET_EMAIL_PASSWORD=<redacted>

  3. Run the flow listed in the example flow below.

  4. Receive error "535 Authentication credentials invalid."

Environment Information

Example flow

id: myflow
namespace: test_namespace

tasks:
  - id: fail
    type: io.kestra.plugin.scripts.shell.Commands
    runner: PROCESS
    commands:
      - exit 1

errors:
  - id: send_email
    type: io.kestra.plugin.notifications.mail.MailSend
    from: <redacted>
    to: <redacted>
    username: "{{ secret('EMAIL_USERNAME') }}"
    password: "{{ secret('EMAIL_PASSWORD') }}"
    host: <redacted>
    port: 465 # or 587
    subject: "Kestra workflow failed for the flow {{flow.id}} in the namespace {{flow.namespace}}"
    htmlTextContent: "Failure alert for flow {{ flow.namespace }}.{{ flow.id }} with ID {{ execution.id }}"
Ben8t commented 1 month ago

Hello @dspang , did you encode the secret in base64 like mentioned in the doc ?

dspang commented 1 month ago

Hello @dspang , did you encode the secret in base64 like mentioned in the doc ?

I did. This is the conversion script I used: image

I have also successfully decoded from base64 manually and within Kestra. Bloody strange.

Ben8t commented 1 month ago

Ok thanks for the update Could be the same issue as https://github.com/kestra-io/plugin-fs/issues/156