-
Notifications
You must be signed in to change notification settings - Fork 184
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lambda Environment Variables are not actually used #67
Comments
@mattsb42-aws that is not true, the env vars are loaded here ...
func initConfig() {
// allow to read in from environment
viper.SetEnvPrefix("ssosync")
viper.AutomaticEnv()
appEnvVars := []string{
"google_admin",
"google_credentials",
"scim_access_token",
"scim_endpoint",
"log_level",
"log_format",
"ignore_users",
"ignore_groups",
"include_groups",
"user_match",
"group_match",
"sync_method",
}
for _, e := range appEnvVars {
if err := viper.BindEnv(e); err != nil {
log.Fatalf(errors.Wrap(err, "cannot bind environment variable").Error())
}
}
... https://github.com/spf13/viper is who make the magic possible. |
Yes I corrected the issue description to only reference the secret manager env variables. And for them it still seems to be true. 'Cause even though they are given to viper, the secret manager is called with static strings not referencing these env variables
|
Those four variables are stored in AWS Secrets Manager, to ensure security of the data. They are configurable without redeployment as they can be updated directly in AWS Secrets Manager, and SSOSync will use them on its next execution. |
Unfortunately, this is not resolved, the fact of the matter is that based on the latest version at this time (2.0.2) you are unable to deploy the release artifacts without the use of AWS Secrets Manager. This presents a problem in that you must use Secrets Manager as opposed to any other Secret Store. This is a simple CLI that should be deployable anywhere via any methodology such as AWS Lambda, Kubernetes, or a simple bash script. |
The desire to be able to fetch sensative parameters from sources other than AWS Secrets Manager has been merged with related one under a single feature request [Expand the Options for storing the sensitive parameters to include binaray secrets and SSM Parameter Store #180](https://github.com/awslabs/ssosync/issues/180]. Please review and add any specific requirements you feel it doesn't address. |
Describe the bug
The template.yaml files contains the following environment variables:
These variables, however, are not actually used in the source code. Instead secrets.go contains hard coded values.
Expected behavior
Environment Variables should be used to allow configuration of the ssosync app.
The text was updated successfully, but these errors were encountered: