Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix SOPS azkv envCred #838

Merged
merged 1 commit into from
May 2, 2023

Conversation

apeschel
Copy link
Contributor

At the moment, the envCred logic can't actually set the Azure credentials.

This commit fixes the logic so that the environment variables can actually be used to set the Azure credentials.

There are other issues that come up from this block of code, but those can be dealt with separately.

At the moment, the envCred logic can't actually set the Azure credentials.

This commit fixes the logic so that the environment variables can
actually be used to set the Azure credentials.

There are other issues that come up from this block of code, but those
can be dealt with separately.

Signed-off-by: Aaron Peschel <aaron.peschel@gmail.com>
@apeschel
Copy link
Contributor Author

I ran this locally and verified it fixes the issue. It does run into rate limiting with the Azure API, but that is a separate issue to solve.

Copy link
Contributor

@darkowlzz darkowlzz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did some investigation around the history of this code and found that it was added in #813 recently. The getDefaultAzureCredential() function is based on upstream implementation where instead of creating a ChainedTokenCredential, after iterating through all the possible auth methods, once auth material is found for any auth method, the creds are immediately returned.

The related issue #841 where you mention about the integration tests not working, it looks like that may be because of the MasterKey being from the upstream sops project and not the locally defined version of MasterKey, refer

. The upstream sops MasterKey reads the env var creds properly and the test passes.
That can be fixed as part of this change or separately.

Update: Upon further investigation of the tests code, it looks like the test mentioned above it is a compatibility test and intentionally uses upstream SOPS to check if the local implementation is compatible with the upstream one. Which means we can add new test that reads env vars in order to test the broken auth.

For now, as it is, it LGTM!
I'd like to have another review+approval before merging this.

@darkowlzz darkowlzz added bug Something isn't working area/sops SOPS related issues and pull requests labels Apr 26, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/sops SOPS related issues and pull requests bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants