Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SOPS AZKV getDefaultAzureCredential Logic Guards are Missing #842

Closed
apeschel opened this issue Apr 21, 2023 · 1 comment
Closed

SOPS AZKV getDefaultAzureCredential Logic Guards are Missing #842

apeschel opened this issue Apr 21, 2023 · 1 comment

Comments

@apeschel
Copy link
Contributor

https://github.com/fluxcd/kustomize-controller/blob/main/internal/sops/azkv/keysource.go#L216

Based on the comments to this function. It seems like the intention is to have three different options for auth within this function, and use logic guards to gate which option is actually used.

However, the envCred block has no guards, and instead will fall through to the subsequent methods on failure.

This is problematic, because it will hide any issues in the case where someone wants to use envCred based auth, but there is a legitimate failure in the envCred auth process. Rather than fail and print the reason for the failure, the logic will just fall through to the other methods and will result in a completely unrelated and misleading error being printed.

It seems like the logic in the comment is a bit confused as well, since this doesn't make sense as written:

azidentity.NewEnvironmentCredential if environment variables AZURE_CLIENT_ID, AZURE_CLIENT_ID is set

@kingdonb
Copy link
Member

kingdonb commented May 3, 2023

This should be fixed in #838 (which will be released with Flux 2.0.0-rc.2)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants