fix(vault): allow arrays in conf loader to be referenced #12672

bungle · 2024-02-29T23:18:58Z

Summary

Some properties, like KONG_SSL_CERT and KONG_SSL_CERT_KEY are arrays and users can specify many. Vaults didn't work in this scenario:

For example below didn't work before:

CERT_1=$(<cert1.crt) \
KEY_1=$(<key1.key) \
CERT_2=$(<cert2.crt) \
KEY_2=$(<key2.key) \
KONG_SSL_CERT_KEY="{vault://env/key-1},{vault://env/key-2}" \
KONG_SSL_CERT="{vault://env/cert-1},{vault://env/cert-2}" \
kong prepare --vv

There were also erroneous warning in logs like because of bad array handling:

[warn] 680#0: [kong] vault.lua:1475 error caching secret reference {vault://env/cert-1}: bad value type

This fixes those.

The other commit is just a small refactor on schema:

move some repetitive vault resolving code to local functions

Checklist

The Pull Request has tests
A changelog file has been created under changelog/unreleased/kong or skip-changelog label added on PR if changelog is unnecessary. README.md
There is a user-facing docs PR against https://github.com/Kong/docs.konghq.com - PUT DOCS PR HERE

Issues Resolved

KAG-3869
FTI-6163

### Summary Some properties, like `KONG_SSL_CERT` and `KONG_SSL_CERT_KEY` are arrays and users can specify many. Vaults didn't work in this scenario: For example below didn't work before: ``` CERT_1=$(<cert1.crt) \ KEY_1=$(<key1.key) \ CERT_2=$(<cert2.crt) \ KEY_2=$(<key2.key) \ KONG_SSL_CERT_KEY="{vault://env/key-1},{vault://env/key-2}" \ KONG_SSL_CERT="{vault://env/cert-1},{vault://env/cert-2}" \ kong prepare --vv ``` There were also erroneous warning in logs like because of bad array handling: ``` [warn] 680#0: [kong] vault.lua:1475 error caching secret reference {vault://env/cert-1}: bad value type ``` This fixes those. Signed-off-by: Aapo Talvensaari <[email protected]>

pull-request-size bot added the size/L label Feb 29, 2024

github-actions bot assigned bungle Feb 29, 2024

github-actions bot added core/pdk core/db core/configuration schema-change-noteworthy labels Feb 29, 2024

bungle force-pushed the fix/ssl-cert-vault branch from 2db7703 to 78faecc Compare March 1, 2024 00:27

github-actions bot added the core/cli label Mar 1, 2024

bungle force-pushed the fix/ssl-cert-vault branch from 78faecc to 004f175 Compare March 1, 2024 02:05

bungle force-pushed the fix/ssl-cert-vault branch from fff37df to b1ab67e Compare April 22, 2024 16:07

github-actions bot added the cherry-pick kong-ee schedule this PR for cherry-picking to kong/kong-ee label Apr 22, 2024

bungle force-pushed the fix/ssl-cert-vault branch 5 times, most recently from 21a9e28 to 5bfd1e7 Compare April 29, 2024 19:01

bungle force-pushed the fix/ssl-cert-vault branch from 5bfd1e7 to ae30a71 Compare July 5, 2024 09:40

bungle force-pushed the fix/ssl-cert-vault branch from ae30a71 to bb3190b Compare July 5, 2024 10:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(vault): allow arrays in conf loader to be referenced #12672

fix(vault): allow arrays in conf loader to be referenced #12672

bungle commented Feb 29, 2024 •

edited by windmgc

Loading

fix(vault): allow arrays in conf loader to be referenced #12672

Are you sure you want to change the base?

fix(vault): allow arrays in conf loader to be referenced #12672

Conversation

bungle commented Feb 29, 2024 • edited by windmgc Loading

Summary

Checklist

Issues Resolved

bungle commented Feb 29, 2024 •

edited by windmgc

Loading