Template Variables %%env_<var>%% not working for postgres integration

[zabaat]

Describe what happened:

1. created env var in host OS of DATADOG_PGPASSWORD
2. Created /etc/datadog-agent/conf.d/postgres.d/conf.yaml with following:

## All options defined here are available to all instances.
      #
      init_config:
  
          ## @param service - string - optional
          ## Attach the tag `service:<SERVICE>` to every metric, event, and service check emitted by this integration.
          ##
          ## Additionally, this sets the default `service` for every log source.
          #
          # service: <SERVICE>
  
      ## Every instance is scheduled independent of the others.
      #
      instances:
  
          ## @param host - string - required
          ## The hostname to connect to.
          ## NOTE: Even if the server name is `localhost`, the Agent connects to PostgreSQL using TCP/IP unless you also
          ## provide a value for the sock key.
          #
        - host: psql-masterytrack-production.cyspzu9k3jsf.us-west-2.rds.amazonaws.com
  
          ## @param port - integer - optional - default: 5432
          ## The port to use when connecting to PostgreSQL.
          #
          # port: 5432
  
          ## @param username - string - required
          ## The Datadog username created to connect to PostgreSQL.
          #
          username: datadog
  
          ## @param password - string - optional
          ## The password associated with the Datadog user.
          #
          password: "%%env_DATADOG_PGPASSWORD%%"

outputs password for user datadog is invalid

Describe what you expected: Inject that password into this conf file and login correctly.

When I hardcode password this works. Much like this issue, we are automating deploying this and can't have the password in our configs https://github.com/DataDog/datadog-agent/issues/3167

Steps to reproduce the issue: The first thing I said?

Additional environment details (Operating System, Cloud provider, etc): AWS, Elastic beanstalk, ubuntu

[lucasmari]

Hey, @zabaat! Are you creating the env variable as env_DATADOG_PGPASSWORD? If yes, you just have to remove the prefix "env_".

[caleb15]

I had the same issue with Kubernetes. I had a secret "datadog-reqs" with key MY_DB_PASSWORD and I passed in the following values to the Datadog helm chart:

    - agents:
        containers:
          agent:
            envFrom:
            - secretRef:
                name: datadog-reqs
      clusterAgent:
        confd:
          postgres.yaml: |-
            cluster_check: true
            init_config:
            instances:
              - host: {{ env "FF_DB_HOST" | quote }}
                port: 5432
                username: CENSORED
                password: "%%env_MY_DB_PASSWORD%%"
                dbname: {{ env "FF_DB_NAME" | quote }}

I fixed it by adding in the following:

      datadog:
        envFrom:
        - secretRef:
            name: datadog-reqs

[bunnybilou]

It is working for me since more than 6 month now. But this morning, I tried to upgrade the datadog-agent version from 7.36.1 to 7.37.1 and it's not working anymore. The agent is returning the following error password authentication failed for user \\\"%%env_MY_DB_PASSWORD%%\\\"\\n. Rollbacking to the previous version 7.36.1 is fixing the issue.

Version 7.37.0 includes the following commit, you can find that the configresolver.go substituteTemplateVariables function has been modified in it, it must be related to this change.

[matsudamper]

Same Problem with JMX integration.

[btsuhako]

I believe that this is still a problem. I tried to use the following with 7.52.1 of the Datadog Agent:

# conf.d/postgres.d/conf.yaml
init_config:
instances:
  - dbm: true
    host: "%%env_POSTGRES_HOST%%"
    port: 5432
    username: "%%env_POSTGRES_USERNAME%%"
    password: "%%env_POSTGRES_PASSWORD%%"

and the agent won't template out the environment variables correctly

I tried the above with 7.36.1, and the integration config works as expected