-
Notifications
You must be signed in to change notification settings - Fork 245
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remote.vault adds "data" to the url at the wrong position #1599
Comments
having exactly the same error here -> it might be better to split the parameters into This split is the problem |
@fnerdwq // Arguments configures remote.vault.
type Arguments struct {
Server string `alloy:"server,attr"`
Namespace string `alloy:"namespace,attr,optional"`
Path string `alloy:"path,attr"`
Secret string `alloy:"secret,attr"`
RereadFrequency time.Duration `alloy:"reread_frequency,attr,optional"`
ClientOptions ClientOptions `alloy:"client_options,block,optional"`
// The user *must* provide exactly one Auth blocks. This must be a slice
// because the enum flag requires a slice and being tagged as optional.
//
// TODO(rfratto): allow the enum flag to be used with a non-slice type.
Auth []AuthArguments `alloy:"auth,enum,optional"`
} Then in the file func (ks *kvStore) Read(ctx context.Context, args *Arguments) (*vault.Secret, error) {
kv := ks.c.KVv2(args.Path)
kvSecret, err := kv.Get(ctx, args.Secret)
if err != nil {
return nil, err
}
// kvSecret.Data contains unwrapped data. Let's assign that to the raw secret
// and return it. This is a bit of a hack, but should work just fine.
kvSecret.Raw.Data = kvSecret.Data
return kvSecret.Raw, nil
} What do you think? |
I built it locally and it seems to work. Can simply fork an create a PR for that? |
@PatMis16 yes thanks, this look perfectly right. Just wondering about the naming. Probably instead of A "secret" is read under a "path" with given "key". What do you think? |
@fnerdwq You might be right. I change that accordingly. |
While you are not wrong @fnerdwq I think this can be very misleading, since a secret consist of a But not just that I'd argue that introducing this flexibility changes the scope of Before: which translates to something like: Now with path = the path to my secret is suddenly defined in key. and the mount is suddenly in path. Comparing this to vault kv get you usually have something like this: ~ vault kv get namespace/mount/path/to/your/secret
============================================ Secret Path ============================================
namespace/mount/data/path/to/your/secret I'm not sure if this helps but I think you should review your wording and configuration again |
What's wrong?
When using
remote.vault
in the alloy configuration, w have the issue, that "data" is added to toe URL twice:solution/grafana-it/kv/alloy/it10
becomes to
solution/data/grafana-it/kv/alloy/it10
However, it should be
solution/grafana-it/kv/data/alloy/it10
Because the url is wrong, we get
Steps to reproduce
We use the following configuration:
System information
Ubuntu 22.04.4 LTS running on WSL2
Software version
Grafana Alloy version v1.3.1 (branch: HEAD, revision: e4979b2)
Configuration
Logs
The text was updated successfully, but these errors were encountered: