search

validatedpatterns / multicloud-gitops

Multi-cloud Gitops validated pattern
Apache License 2.0
37 stars 211 forks source link

explain secrets password format #261

Open ikke-t opened 1 year ago

ikke-t commented 1 year ago

It seems secrets format has changed since I last used it. I didn't see it explained anywhere. So looking around I ended up with this:

  - name: ldap
    vaultPrefixes:
      - global
    fields:
      - name: bindPassword
        value: foobar
        onMissingValue: generate
        vaultPolicy: validatedPatternDefaultPolicy

which compalains:

TASK [vault_utils : Loads secrets file into the vault of a cluster] ***************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "Secret has onMissingValue set to 'generate' but has a value set"}

Value is not missing, it should just ignore that generate field. Variable name "onMissingValue" would indicate it ignores this if value is set.

But alltogether, the format of secrets file should be described in the doc. As of current, it doesn't have "value:" in example.

mbaldessari commented 1 year ago

I added https://github.com/hybrid-cloud-patterns/multicloud-gitops/pull/262 with a link to the specs. Maybe we should open up a dedicated section in the docs to cover for this in a more visible way?