summon
summon copied to clipboard
cyberark
Summon does not fetch all Variables (limit 103-109)
Summary
I'm testing summon-conjur provider to use as way to inject secrets and environment variables into sveltkit application build process. Application is developed by multiple teams and require a lot injected secrets and env VARs (around 160), runnning summon with conjur provider gets between 104 to 109 of them fetched.
Steps to Reproduce
- Create policy which will create 160 or more variables in conjur
- Prepare secrets.yml insert file which will map thos variables to keys with prefix "SUTEST_"
- Run summon to fetch values
summon --provider summon-conjur env | grep -E 'SUTEST' | wc -l
Expected Results
Fetching all variables and count should be equal to number of variables in insert file secrets.yml
Actual Results
You will get inconsistent numbers command results range between 103-109
Reproducible
- [x] Always
- [ ] Sometimes
- [ ] Non-Reproducible
Version/Tag number
Conjur CLI version 8.1.1-e0849b4 summon version 0.10.4-3d6bc8f summon-conjur version 0.8.0-4ea17d4
Environment setup
#ENV1 Localy over terminal OS: MacOS Sequoia 15.5
#ENV2 CI with Github Actions OS: Red Hat Enterprise Linux 9.6 (Plow) EC2 AWS as Enterprise Github runner
Additional Information
Add any other context about the problem here.
We've identified the source of the bug and are working on getting a fix out ASAP. Thank you again so much for the report!
Hi @szh, Unfortunately I see same symptoms with version summon version 0.10.5-3b41730. Not only we have a lot of values many of them are long strings 86 characters.
I suspect it may be some memory allocation issues as every time we are getting slightly different list of items, both in terms of count of returned values and listed values. Can you please arrange testing and use large strings imitating API keys, long passwords etc.?
@kb-med If they don't reveal sensitive information, would you mind sharing your secrets.yml file, or even just a partial list of the variable paths you're fetching?
@kb-med If they don't reveal sensitive information, would you mind sharing your secrets.yml file, or even just a partial list of the variable paths you're fetching?
I'm preparing list of dummy keys and values which should help you with testing
Hi @szh, here is dummy secrets.yml
QA:
PUBLIC_CAPTCHA_KEY: !var T0/svelte/QA/PUBLIC_CAPTCHA_KEY
PUBLIC_CHAT_CONFIG_SECRET: !var T0/svelte/QA/PUBLIC_CHAT_CONFIG_SECRET
PUBLIC_CYBER_ENTITLEMENT_B0DN_API_TOKEN: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_B0DN_API_TOKEN
PUBLIC_CYBER_ENTITLEMENT_B0DN_API_URI: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_B0DN_API_URI
PUBLIC_CYBER_ENTITLEMENT_B0DN_APP_TOKEN: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_B0DN_APP_TOKEN
PUBLIC_HMC_TOKEN: !var T0/svelte/QA/PUBLIC_HMC_TOKEN
PLUGIN_API_URL: !var T0/svelte/QA/PLUGIN_API_URL
CYBER_ENTITLEMENT_ALM_URI: !var T0/svelte/QA/CYBER_ENTITLEMENT_ALM_URI
PUBLIC_BUILDER_SPACE_KEY: !var T0/svelte/QA/PUBLIC_BUILDER_SPACE_KEY
PUBLIC_CYBER_ENTITLEMENT_CIAM_API_CLIENT_ID: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_CIAM_API_CLIENT_ID
PUBLIC_CYBER_ENTITLEMENT_CIAM_REDIRECT_URL: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_CIAM_REDIRECT_URL
PUBLIC_CYBER_ENTITLEMENT_CIAM_REDIRECT_URL_CLIENT_ID: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_CIAM_REDIRECT_URL_CLIENT_ID
PUBLIC_CYBER_ENTITLEMENT_IDP_API_CLIENT_ID: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_IDP_API_CLIENT_ID
PUBLIC_CYBER_ENTITLEMENT_CORP_BACORP_URL: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_CORP_BACORP_URL
PUBLIC_CYBER_ENTITLEMENT_URL_DISABLE: !var T0/svelte/QA/PUBLIC_CYBER_ENTITLEMENT_URL_DISABLE
PUBLIC_IMPORTS_ENV: !var T0/svelte/QA/PUBLIC_IMPORTS_ENV
PUBLIC_PTS_DOMAINS: !var T0/svelte/QA/PUBLIC_PTS_DOMAINS
PUBLIC_SDL_UIAAS_COMPONENTS_API: !var T0/svelte/QA/PUBLIC_SDL_UIAAS_COMPONENTS_API
PUBLIC_CORP_HEADER: !var T0/svelte/QA/PUBLIC_CORP_HEADER
PUBLIC_CORP_PRODUCTS_WIDGETS_ACCESS_TOKEN: !var T0/svelte/QA/PUBLIC_CORP_PRODUCTS_WIDGETS_ACCESS_TOKEN
PUBLIC_UC_ENV: !var T0/svelte/QA/PUBLIC_UC_ENV
SMI_API_URL: !var T0/svelte/QA/TMS_API_URL
BMERT_MEDIA_URL: !var T0/svelte/QA/BMERT_MEDIA_URL
VITE_CC_API_URL: !var T0/svelte/QA/CC_API_URL
BUILDER_PROXY_API_URL: !var T0/svelte/QA/BUILDER_PROXY_API_URL
VITE_TRANSLATION_CONFIG_KEY: !var T0/svelte/QA/VITE_TRANSLATION_CONFIG_KEY
BUCKET_S3_VERIT: !var T0/svelte/QA/BUCKET_S3_VERIT
VITE_NODE_ENV: !var T0/svelte/QA/VITE_NODE_ENV
VITE_ENV: !var T0/svelte/QA/VITE_ENV
VITE_MARKETS_PARAMS: !var T0/svelte/QA/VITE_MARKETS_PARAMS
VITE_MARKETS_PREPROD_FORMID: !var T0/svelte/QA/VITE_MARKETS_PREPROD_FORMID
VITE_MARKETS_PROD_FORMID: !var T0/svelte/QA/VITE_MARKETS_PROD_FORMID
VITE_MARKETS_QA_FORMID: !var T0/svelte/QA/VITE_MARKETS_QA_FORMID
VITE_CLOUD_USER_POOLS_WEB_CLIENT_ID: !var T0/svelte/QA/VITE_CLOUD_USER_POOLS_WEB_CLIENT_ID
VITE_CLOUD_USER_POOLS_WEB_CLIENT_ID_PPROD: !var T0/svelte/QA/VITE_CLOUD_USER_POOLS_WEB_CLIENT_ID_PPROD
VITE_CLOUD_USER_POOLS_WEB_CLIENT_ID_STAGING: !var T0/svelte/QA/VITE_CLOUD_USER_POOLS_WEB_CLIENT_ID_STAGING
VITE_CLOUD_USER_POOLS_WEB_CLIENT_ID_UAT: !var T0/svelte/QA/VITE_CLOUD_USER_POOLS_WEB_CLIENT_ID_UAT
CORP_CCC_COLLECTION_ID_DACH: !var T0/svelte/QA/CORP_CCC_COLLECTION_ID_DACH
CORP_CCC_COLLECTION_ID_NON_DACH: !var T0/svelte/QA/CORP_CCC_COLLECTION_ID_NON_DACH
CORP_CONTACT_SALES_COLLECTION_ID_DACH: !var T0/svelte/QA/CORP_CONTACT_SALES_COLLECTION_ID_DACH
CORP_CONTACT_SALES_COLLECTION_ID_NON_DACH: !var T0/svelte/QA/CORP_CONTACT_SALES_COLLECTION_ID_NON_DACH
CORP_EMAIL_POP_UP_COLLECTION_ID_DACH: !var T0/svelte/QA/CORP_EMAIL_POP_UP_COLLECTION_ID_DACH
CORP_EMAIL_POP_UP_COLLECTION_ID_NON_DACH: !var T0/svelte/QA/CORP_EMAIL_POP_UP_COLLECTION_ID_NON_DACH
CORP_FOOTER_COLLECTION_ID_DACH: !var T0/svelte/QA/CORP_FOOTER_COLLECTION_ID_DACH
CORP_FOOTER_COLLECTION_ID_NON_DACH: !var T0/svelte/QA/CORP_FOOTER_COLLECTION_ID_NON_DACH
CORP_MEDIUM_FORM_COLLECTION_ID_DACH: !var T0/svelte/QA/CORP_MEDIUM_FORM_COLLECTION_ID_DACH
CORP_MEDIUM_FORM_COLLECTION_ID_NON_DACH: !var T0/svelte/QA/CORP_MEDIUM_FORM_COLLECTION_ID_NON_DACH
CORP_NEWSLETTER_COLLECTION_ID_DACH: !var T0/svelte/QA/CORP_NEWSLETTER_COLLECTION_ID_DACH
CORP_NEWSLETTER_COLLECTION_ID_NON_DACH: !var T0/svelte/QA/CORP_NEWSLETTER_COLLECTION_ID_NON_DACH
PES_API_URL: !var T0/svelte/QA/PES_API_URL
PES_DATA_CONFIG_HOST: !var T0/svelte/QA/PES_DATA_CONFIG_HOST
PES_DATA_PROVIDER_EPDS_HOST: !var T0/svelte/QA/PES_DATA_PROVIDER_EPDS_HOST
PES_DATA_PROVIDER_HMC_HOST: !var T0/svelte/QA/PES_DATA_PROVIDER_HMC_HOST
PES_DATA_PROVIDER_PDF_HOST: !var T0/svelte/QA/PES_DATA_PROVIDER_PDF_HOST
PES_DATA_PROVIDER_SPRYKER_HOST: !var T0/svelte/QA/PES_DATA_PROVIDER_SPRYKER_HOST
PES_ENV_HOST: !var T0/svelte/QA/PES_ENV_HOST
ASSUME_ROLE_MYSCHNEIDER: !var T0/svelte/QA/ASSUME_ROLE_MYSCHNEIDER
ASSUME_ROLE: !var T0/svelte/QA/ASSUME_ROLE
ASSUME_ROLE_EXTERNAL_ID: !var T0/svelte/QA/ASSUME_ROLE_EXTERNAL_ID
CLIENT_ID: !var T0/svelte/QA/CLIENT_ID
VITE_PORTAL_COLLECTIONPOINT: !var T0/svelte/QA/VITE_PORTAL_COLLECTIONPOINT
CORP_SFMC_API_AUTH: !var T0/svelte/QA/CORP_SFMC_API_AUTH
VITE_CORP_API_URI: !var T0/svelte/QA/CORP_API_URI
VITE_CORP_API_URI_FOR_PIM: !var T0/svelte/QA/CORP_API_URI_FOR_PIM
VITE_CORP_API_O_AUTH_URI: !var T0/svelte/QA/CORP_API_O_AUTH_URI
VITE_SPRYKER_BACORP_URL: !var T0/svelte/QA/VITE_SPRYKER_BACORP_URL
CORP_WARRANTY_API_BACORP_URL: !var T0/svelte/QA/CORP_WARRANTY_API_BACORP_URL
PUBLIC_GATEWAY_API_HOST: !var T0/svelte/QA/PUBLIC_GATEWAY_API_HOST
CORP_SFMC_URI: !var T0/svelte/QA/CORP_SFMC_URI
CORP_WARRANTY_CLIENT_ID: !var T0/svelte/QA/CORP_WARRANTY_CLIENT_ID
CORP_WEFBCRM_COLLECTION_ID: !var T0/svelte/QA/CORP_WEFBCRM_COLLECTION_ID
CORP_WEFBCRM_PURPOCORP_ID: !var T0/svelte/QA/CORP_WEFBCRM_PURPOCORP_ID
VITE_VERIT_API_URL: !var T0/svelte/QA/VITE_VERIT_API_URL
VITE_ENVIRONMENT_MODE: !var T0/svelte/QA/VITE_ENVIRONMENT_MODE
GTM_ID: !var T0/svelte/QA/GTM_ID
VITE_CORP_API_O_AUTH_CLIENT_ID: !var T0/svelte/QA/CORP_API_O_AUTH_CLIENT_ID
VITE_CORP_API_O_AUTH_USER_NAME: !var T0/svelte/QA/CORP_API_O_AUTH_USER_NAME
CORP_APIGEE_CLIENT_ID_APPUSERS: !var T0/svelte/QA/CORP_APIGEE_CLIENT_ID_APPUSERS
VITE_PORTAL_SFMC_URI: !var T0/svelte/QA/VITE_PORTAL_SFMC_URI
VITE_CORP_API_O_AUTH_PASSWORD: !var T0/svelte/QA/CORP_API_O_AUTH_PASSWORD
PUBLIC_SEO_COUNTRIES: !var T0/svelte/QA/PUBLIC_SEO_COUNTRIES
PUBLIC_MARKITO_ENDPOINT: !var T0/svelte/QA/PUBLIC_MARKITO_ENDPOINT
CYBER_ENTITLEMENT_CIAM_UPASSWORD: !var T0/svelte/QA/CYBER_ENTITLEMENT_CIAM_UPASSWORD
MARKETS_FORMID: !var T0/svelte/QA/MARKETS_FORMID
VITE_PUBLIC_CHAT_CONFIG_SECRET: !var T0/svelte/QA/PUBLIC_CHAT_CONFIG_SECRET
VITE_CORP_API_CLIENT_ID_FBC: !var T0/svelte/QA/CORP_API_CLIENT_ID_FBC
APIGEE_PASSWORD: !var T0/svelte/QA/APIGEE_PASSWORD
APIGEE_USERNAME: !var T0/svelte/QA/APIGEE_USERNAME
CLIENT_SECRET: !var T0/svelte/QA/CLIENT_SECRET
CYBER_ENTITLEMENT_ALM_CLIENT_SECRET: !var T0/svelte/QA/CYBER_ENTITLEMENT_ALM_CLIENT_SECRET
CYBER_ENTITLEMENT_BYPASS_ALM_API_KEY: !var T0/svelte/QA/CYBER_ENTITLEMENT_BYPASS_ALM_API_KEY
CYBER_ENTITLEMENT_CIAM_API_CLIENT_SECRET: !var T0/svelte/QA/CYBER_ENTITLEMENT_CIAM_API_CLIENT_SECRET
CYBER_ENTITLEMENT_IDP_API_CLIENT_SECRET: !var T0/svelte/QA/CYBER_ENTITLEMENT_IDP_API_CLIENT_SECRET
CYBER_ENTITLEMENT_IDP_UPASSWORD: !var T0/svelte/QA/CYBER_ENTITLEMENT_IDP_UPASSWORD
CYBER_ENTITLEMENT_USER_LOGGEDIN_API_CLIENT_SECRET: !var T0/svelte/QA/CYBER_ENTITLEMENT_USER_LOGGEDIN_API_CLIENT_SECRET
GET_SITEMAP_BASIC_TOKEN: !var T0/svelte/QA/GET_SITEMAP_BASIC_TOKEN
GH_TOKEN: !var T0/svelte/QA/GH_PAT
MONGO_URL: !var T0/svelte/QA/MONGO_URL
OKTA_CLIENT_SECRET: !var T0/svelte/QA/OKTA_CLIENT_SECRET
OTI_AUTH_BASIC_TOKEN: !var T0/svelte/QA/OTI_AUTH_BASIC_TOKEN
RECAPTCHA_SECRET_KEY: !var T0/svelte/QA/RECAPTCHA_SECRET_KEY
CORP_API_CLIENT_ID: !var T0/svelte/QA/CORP_API_CLIENT_ID
CORP_API_CLIENT_SECRET: !var T0/svelte/QA/CORP_API_CLIENT_SECRET
CORP_API_CLIENT_SECRET_APIGEE: !var T0/svelte/QA/CORP_API_CLIENT_SECRET_APIGEE
VITE_CORP_API_CLIENT_SECRET_FBC: !var T0/svelte/QA/CORP_API_CLIENT_SECRET_FBC
CORP_API_CLIENT_SECRET_FOR_PIM: !var T0/svelte/QA/CORP_API_CLIENT_SECRET_FOR_PIM
CORP_API_O_AUTH_CLIENT_SECRET: !var T0/svelte/QA/CORP_API_O_AUTH_CLIENT_SECRET
CORP_APIGEE_CLIENT_SECRET_APPUSERS: !var T0/svelte/QA/CORP_APIGEE_CLIENT_SECRET_APPUSERS
VITE_ALM_SECRET_KEY: !var T0/svelte/QA/VITE_ALM_SECRET_KEY
VITE_APIGEE_BASIC_AUTH: !var T0/svelte/QA/VITE_APIGEE_BASIC_AUTH
VITE_APIGEE_PREPROD_SECRET: !var T0/svelte/QA/VITE_APIGEE_PREPROD_SECRET
VITE_APIGEE_QA_SECRET: !var T0/svelte/QA/VITE_APIGEE_QA_SECRET
VITE_FBC_QA_PASSWORD: !var T0/svelte/QA/VITE_FBC_QA_PASSWORD
VITE_FBC_QA_SECRET: !var T0/svelte/QA/VITE_FBC_QA_SECRET
VITE_BUILDER_PRIVATE_KEY: !var T0/svelte/QA/VITE_BUILDER_PRIVATE_KEY
VITE_PORTAL_SFMC_API_AUTH: !var T0/svelte/QA/VITE_PORTAL_SFMC_API_AUTH
VITE_RECAPTCHA_SECRET_KEY: !var T0/svelte/QA/VITE_RECAPTCHA_SECRET_KEY
CORP_WARRANTY_CLIENT_SECRET: !var T0/svelte/QA/CORP_WARRANTY_CLIENT_SECRET
SPMA_CLIENT_SECRET: !var T0/svelte/QA/SFMC_CLIENT_SECRET
CYBER_ENTITLEMENT_ALM_API_URL: !var T0/svelte/QA/CYBER_ENTITLEMENT_ALM_API_URL
CYBER_ENTITLEMENT_ALM_CLIENT_ID: !var T0/svelte/QA/CYBER_ENTITLEMENT_ALM_CLIENT_ID
CYBER_ENTITLEMENT_BYPASS_ALM_API_ENDPOINT: !var T0/svelte/QA/CYBER_ENTITLEMENT_BYPASS_ALM_API_ENDPOINT
CYBER_ENTITLEMENT_CIAM_API_ENDPOINT: !var T0/svelte/QA/CYBER_ENTITLEMENT_CIAM_API_ENDPOINT
CYBER_ENTITLEMENT_CIAM_UNAME: !var T0/svelte/QA/CYBER_ENTITLEMENT_CIAM_UNAME
CYBER_ENTITLEMENT_IDP_API_ENDPOINT: !var T0/svelte/QA/CYBER_ENTITLEMENT_IDP_API_ENDPOINT
CYBER_ENTITLEMENT_IDP_UNAME: !var T0/svelte/QA/CYBER_ENTITLEMENT_IDP_UNAME
CYBER_ENTITLEMENT_USER_LOGGEDIN_API_CLIENT_ID: !var T0/svelte/QA/CYBER_ENTITLEMENT_USER_LOGGEDIN_API_CLIENT_ID
MONGODB_API_KEY: !var T0/svelte/QA/MONGODB_API_KEY
OKTA_CLIENT_ID: !var T0/svelte/QA/OKTA_CLIENT_ID
ONETRUST_ID: !var T0/svelte/QA/ONETRUST_ID
CORP_API_CLIENT_ID_APIGEE: !var T0/svelte/QA/CORP_API_CLIENT_ID_APIGEE
CORP_API_CLIENT_ID_FOR_PIM: !var T0/svelte/QA/CORP_API_CLIENT_ID_FOR_PIM
CORP_ONETRUST_PURPOSE_ID: !var T0/svelte/QA/CORP_ONETRUST_PURPOSE_ID
VITE_APIGEE_API_KEY: !var T0/svelte/QA/VITE_APIGEE_API_KEY
VITE_APIGEE_API_KEY_MYSE: !var T0/svelte/QA/VITE_APIGEE_API_KEY_MYSE
VITE_APIGEE_API_KEY_SEARCH: !var T0/svelte/QA/VITE_APIGEE_API_KEY_SEARCH
VITE_APIGEE_PPROD_API_KEY: !var T0/svelte/QA/VITE_APIGEE_PPROD_API_KEY
VITE_APIGEE_PREPROD_CLIENTID: !var T0/svelte/QA/VITE_APIGEE_PREPROD_CLIENTID
VITE_APIGEE_PROD_ID: !var T0/svelte/QA/VITE_APIGEE_PROD_ID
VITE_APIGEE_PROD_SECRET: !var T0/svelte/QA/VITE_APIGEE_PROD_SECRET
VITE_APIGEE_QA_CLIENTID: !var T0/svelte/QA/VITE_APIGEE_QA_CLIENTID
VITE_AUTH_MIS_TOKEN: !var T0/svelte/QA/VITE_AUTH_HMC_TOKEN
VITE_CLOUD_APPSYNC_APIKEY: !var T0/svelte/QA/VITE_CLOUD_APPSYNC_APIKEY
VITE_CLOUD_APPSYNC_APIKEY_PPROD: !var T0/svelte/QA/VITE_CLOUD_APPSYNC_APIKEY_PPROD
VITE_CLOUD_APPSYNC_APIKEY_STAGING: !var T0/svelte/QA/VITE_CLOUD_APPSYNC_APIKEY_STAGING
VITE_CLOUD_APPSYNC_APIKEY_UAT: !var T0/svelte/QA/VITE_CLOUD_APPSYNC_APIKEY_UAT
VITE_CLOUD_APPSYNC_STAGING: !var T0/svelte/QA/VITE_CLOUD_APPSYNC_STAGING
VITE_CLOUD2_MAPS_KEY: !var T0/svelte/QA/VITE_CLOUD2_MAPS_KEY
VITE_FBC_PROD_ID: !var T0/svelte/QA/VITE_FBC_PROD_ID
VITE_FBC_PROD_USERNAME: !var T0/svelte/QA/VITE_FBC_PROD_USERNAME
VITE_FBC_QA_ID: !var T0/svelte/QA/VITE_FBC_QA_ID
VITE_FBC_QA_USERNAME: !var T0/svelte/QA/VITE_FBC_QA_USERNAME
VITE_BUILDER_API_KEY: !var T0/svelte/QA/VITE_BUILDER_API_KEY
VITE_CC_USERID: !var T0/svelte/QA/CC_USERID
VITE_MYCORP_ALTERNATIVE_APIM_KEY: !var T0/svelte/QA/VITE_MYCORP_ALTERNATIVE_APIM_KEY
VITE_MYCORP_CART_KEY: !var T0/svelte/QA/VITE_MYCORP_CART_KEY
VITE_MYSEUTILITIES_CONFIG_KEY: !var T0/svelte/QA/VITE_MYSEUTILITIES_CONFIG_KEY
VITE_MYSW_FS_GMAPS_KEY: !var T0/svelte/QA/VITE_MYSW_FS_GMAPS_KEY
VITE_PORTAL_PURPOSEID: !var T0/svelte/QA/VITE_PORTAL_PURPOSEID
VITE_VERIT_PROGRAM_ID: !var T0/svelte/QA/VITE_VERIT_PROGRAM_ID
VITE_VERIT_SUBSCRIPTION_KEY: !var T0/svelte/QA/VITE_VERIT_SUBSCRIPTION_KEY
VITE_SELECT_N_CONFIG_BEARER_TOKEN: !var T0/svelte/QA/VITE_SELECT_N_CONFIG_BEARER_TOKEN
VITE_SUPPORT_PROD_PORTAL_ID: !var T0/svelte/QA/VITE_SUPPORT_PROD_PORTAL_ID
VITE_SUPPORT_QA_PORTAL_ID: !var T0/svelte/QA/VITE_SUPPORT_QA_PORTAL_ID
VITE_CORP_API_O_AUTH_CLIENT_SECRET: !var T0/svelte/QA/CORP_API_O_AUTH_CLIENT_SECRET
VITE_CC_APIKEY: !var T0/svelte/QA/CC_APIKEY
APIGEE_FAQ_TOKEN_KEY: !var T0/svelte/QA/APIGEE_FAQ_TOKEN_KEY
MONGODB_API_KEY_PPROD: !var T0/svelte/QA/MONGODB_API_KEY_PPROD
MONGODB_API_KEY_STAGING: !var T0/svelte/QA/MONGODB_API_KEY_STAGING
MONGODB_API_KEY_UAT: !var T0/svelte/QA/MONGODB_API_KEY_UAT
Here are sample payload generated for debugging
ODChuvbJ719W8At8
DvAbLz6igtY4tJhLIfop2as0JNxm3puT
ABC4C08756A0E01383793063E3D2BF4B55353FBCD79A109B08F1456620FCBCCF
8m5uevaog2ijdsr9n4kgpdf1fnrtstk0ouo1n9e59en79h71h8o6
MacZjZTxS62QMICGk4XQl0HQFYGdWlZvKBL2IEbkE7ObBkSMqiMXLqMXtc6YhDA
wkFruyCcnZlFXnycErOwHldnVzEAhueihYwBpc
BioCareConsumercLKOTechnicalUser#2k24
OABFfWwyONbur1ev93yVpN2vkPKmJXjkjemhnmQn3lfpSpICnv7G16wqj8nAj1yZ
hnwsxcderfvbgtymjuiklZaqop!9
Rnhda6-iZdTBKSyA6DSKTk30eO2nbQZ0Sn4Gl8KTz8ks47ATJGC8MeunN_djbkoa
lcl91cGRhdGVfd2VCeGYiaUM4dUwG9vazpMZHNDWnhxdYnVpbOP
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
mongodb+srv://asoanfaffaskdoand:[email protected]/retool
PztgJEY-WWAx2ij6DThTva89ZSsXtCpWz8mbVAA_kbyij0JAcboYkoUfUR32G8Ly
b3JfdXNlcjo1X3RydXNSDlyM00X2ludGVncmFTzYyYTZiSGNhY25l0b
GJkQv10GtCGcVE71KIOPTay8SNeF0KZY
6776827be83d463f21e2b867070c97fbc4a!632e14ba4538b7991f6cb
api.applanga.com
7c4a0c97f672b80f6cb6706b
4Is699h1
ZtcgZiE6Lcya5vSdgDDAArN07b173uuvQAM1XcUp
4igtTUiBbCz1tVhF0JNxm4guEIfvv1as
J8At1XRbJ326Whuv
J8At1XRbJ326Whuv
q7AoLNCVtNlmRwX3
KrIAfHG1BwaBCLqA
UIqKwgbcKKvFQgnqoESqnzHdfBlBJVsMDHFnB
Sometechuser@adlib1213
Zs6KZ5DSID1B4oDS
cgsgdc95-cf42-8126-4bf2-6c61bf5b4ad7
cgsgdc95-cf42-8126-4bf2-6c98af5b4ad7
iopgdc95-cf42-8126-4bf2-6c61bf5b4ad7
cgsgdc95-cf42-1984-4bf2-6c61bf5b4ad7
cgsgdc95-cf42-1984-4bf2-6c61bf5b6lo7
cgsbmth5-cf42-1984-4bf2-6c61bf5b6lo7
cgsbmth5-cf42-1984-4bf2-6rdhpf5b6lo7
cgmrsmth5-cf42-1984-4bf2-6rdhpf5b6lo7
cgmrsmth5-cf42-1984-4bf2-6rkthul5b6lo7
cgmrsmth5-cf42-1984-l4d2-6rdhpf5b6lo7
migrsmth5-cf42-1984-l4d2-6rdhpf5b6lo7
migrsmth5-cf42-1984-l4d2-6rdhpf5bslop
5yTXXbeO+zxcrs+RNigdAk5n+0bab
d56264x08733tFbfc8d0873a8348dZ22Vndb1O5aPacdc401da8dP3c1d048e198
UVVhQkRwIQ995BTZYmtSoN3B2oGSQ6aljshekRmVh2wQUTYemhr5UEQRjBkdzxtU1g
OkQhdYAGZ8VuBji4
KRWuGmxgQW0svhSI
SC9ob$%!S0sSCj0c$%d10Fggsla$%!r05
2p1CBS075990Y9BCg5FY6S9EBIaP7j4pCV6fI2H1wFy94D2q4f69F6D3BALiBp7P
bpk-3Rabach4K0L640G2ytf43c79quef27dx
675Fbb74-fBfy-4e2Hb8MFfVe187eWXk1dc1
fbab7yTMabz29+RkygdAk5nuxcgM
6LdeZcwjAAAAdE40PY2kBKQME3ybMNh_2nsaXnWK
naRwLNOVtNX8q1Am
eMIrOrIPaisHgvooi9bszsea
arn:aws:iam::232402131876:role/ghe-runner-test
https://292K087y1bw6.execute-api.cloudtest.com/ADC'
arn:aws:iam::4125112656774:role/ghe-runner-sample'
N1DtioMLcTFaFs5nPY9R+HkJm6iD9K2YcrkPIdJqY7AMFOKt/VOABmKgz/c8iBh0q2p3MsT+oQ5za4T9ONSLOQ
https://qa.dmnVxd701xvld.host.com/_server'
DMVGhqDXNmIutu_uhKl.aMS4EBcAk9aEGqRA9QoX5Dc4Xw17hFzRqdEtSVYw1PZ46TET3soj00lrz8yoWLgm9
dev.corp.com/sit'
Y5em64a9PibBYmFWaWssl5CrGod
ahm.corp.com/sit/app-registry'
https://test.execute-api.cloud.com'
test--uat.sandbox.my.testCRM.com'
[email protected]'
idp-uat.corp.com'
[email protected]'
H7dZmJ0GzOt0GgY7nSuvDDZ1yUJS5zvP
m0M-Ngz7QPeC
wd9BsiQp8Ad77jiit6EZYpHMURiPYraN3YK3oRgtYh1jIhhaFTG2CVtXoNyDgy2v
U5KXDme0FsFHnRvsjwtifRo4BAVfQFexico3ID4xFTBsc96EeomVQEPrud98b1iI
57pxfnVfODrmUU3ieG1rTnu2LS0hqKcTIjYin2cFyk9BJt8QdGCnOokxiiDPQGo5
6ngIuK8uJqEbPkaNu5YFy6kba9GaXiSA1kXk2H5Izyb6XvlcxOMFgbzXt9Qwhysy
qctCGnfYlHa8cHRN3eN9b9tPZJ9PUjm7
2179Id79-r1rCt4B1q-846e-c7cef22pe7c2-t6st
https://corp.com'
https://13stKMvc8z3d5w.cloud.net/SQE'
https://g12nh78rfwb.execute-api.cloudtest.com/sqe'
https://ruehda6xnkk1.execute-api.cloudtest.com/qa'
https://4bdasdaez7i.execute-api.cloudtest.com/sqe/execution'
https://glue.pas-sqe.corp.com'
https://alb-ls-sqe.sem.corp.com'
fad19o4gFM2cI4Y78facada4GqI3bAe5
nfsySXuXmHNEdyfVBGJJwphDvni9yjUkKdPLJjzPCdHOBQFfFFsKYLRuY8UQQXXkirTRVONkwEA4AeUQQwlaJ
https://idd-uat.corp.com'
H7dZ8JubiOtgNDYTzSw5tDR1ZUJt5kgP
JMpbMkBwmMFtqfeHcJn8hhiYWvnBMUFN
https://qa-dfc.dmn1df431xrld.host.com'
'FALSE'
'uat'
{"default":"https://www-sqe.corp.com","china":"https://www-sqe.acme-company.cn/zh"}'
https://assets-ppr.corp.com/v2/uiaqtc/components/corp/[locale][component]'
https://www.corp.com'
7MPGUDYlzw1pCsT7ENZUys2cwJdMhhk3
'uat'
UiBb4Q4vKtYdtVhFIfov6as0JNxY2gsE
aPHD0bDF86VWVcpEY47E2w3qRzA2AadB
m49azXk91W9JvvGZhxYAIouOOxDcsGum
cDwSlDawlMEOUGYsjAVAVwyoKpipAdiYVRMj5SvakIIc2PXxNmRFOuPrUiFpdJOLEWZ2QBQ9okqBzcpHEqYzV
test.testcrm.com'
[email protected]'
api.qa.corp.com'
api.preprod.corp.com'
Rhm0OGIv9FXcvYGo0jK0dhmUAUEiA5uG
v47b7a88-ce85-48F4-Nebh7T37c07c29Fer
https://14fp2swxsff.execute-api.cloudtest.com/dev/captureLead_v2'
https://api.qa.corp.com'
pIKDVbDFTtgWVdux9O7E2DbqmDAB4SR2
JLY22fa0-82dDW4DX0-92a2-cKfcfb1c0tb8
3enugc23-Z2e1-7b63-8T6SE46W65sdKcdwe
https://5da1fda1vm1.execute-api.cloudtest.com/tms'
BdvdKjOtutkgcNIhQuJH3AuM7LG8iRoMKt2zVnTwap3hEyRw
yYGUk0KV6N1KrOVTaX8SBGtoGeFzxEv1
ECuGjnES3sV7GQ5gtjLaWB662YK6tvSP
6OOaTGMeloymNqwcUVATOG5E6iKgOU43
xvVIF8GoJpTGz12dPBiNFd6AzLEK0GiF
gvy0n8nqJqTmPC2RbBiNFQ6AzgnK0GYF
OkWhReSGt8tRBNN4
ZYGJ20cVOKJKIOPTaV85NmwCGeI6ePv5
va45f5765U
dan-79Wwt0qjLhed7kls4rt59zndhe
da2wLhqbD2lxsjeedo6j3acpnr9uFY
za2-5hz9on5rlCaxMN5EVdE4et7zlm
da2-iwhkn2dgeQuPbp72SJlu26s3oP
8s2-5bz4Hn5s5vRx7L5dpSqzDt7zlm
punc2e9e031aupniF4G2kf2mc
a82hwja6dfj4magB6r8bpnGQl
Kk5o9jegDe5Rb4ao4u7Nad5b9e
7ffy1jiWRtLqfZ76eP01kNupif
mgzJGesoXKFH3u3fCdkwPkFRoPuyJ8Xqphrl3VU7uM0
3hVGkxZ.WNe6k7hAXlISHROV4aR4j9xc6jtdjNaDfXQ4CPHrNYQH10pyxKpKnvvMwhAdmeRQ0vc7TvVPzfp8B
[email protected]'
Y3SVb9OM3imrgJAWwrDxPt.uz0amy.aInRcCrzW0qiJF0N1Ykzno1Dm1cvxCN9z6XGIo4QgcmgTEZSPDGTu9zU
[email protected]'
feId8185bqbk40dfb53696o5tNfT4d21
'sandbox'
'sandbox'
{#CORPInferredCountry#:#US#,#CORPInferredLanguage#:#en#,#SourceDetail__c#:#ProsumerMVP_Web_NotifyMe#,#unsubscribed#:1,#leadSource#:#Website#}'
1984
1984
11562
yfhAmrbtN8hP0kmqlfeMw8qMnlwPmc2kKW3lCMod
mawkfwiARj1TZUCnJ7EVC2QhNqiPOHYb3tm18YJ9
vVWTV2IzdN8j7bBo2ga6YILsESXHrv8E6AqWPgO7
AwzaZy5OgZiu9CEdCkrOQTy_uatKPNxrXLWrgbW
'development'
6I7b768WEcz85-4294-aAbbBE37v07c290n0
https://ywsd1f9w4.execute-api.cloudtest.com/dev/captureLead_v2'
https://api.ada1f.com/emp/ProjectRequest'
Sandbox-CORPHome'
85g8c373cbbn49adTbaTrb1Z29d6b2d8
cQDU43gbkBPNcGXWraQLm_sDqC5diMy3
https://glue.d2f-sqe.corp.com'
ART_CORP_HOME_SUPPORT_WEB'
CORP_Home_CDQ_L3'
2TOlxXoEEu1pFrrpRfHTQ2ok6dGFnWpswMxseNwy
test-asd2'
https://api.asar2.com/mkt/Media'
@kb-med, I'm unfortunately unable to reproduce the issue on my machine. Are you able to put together a Docker compose environment with scripts to reproduce the whole environment end to end? You can use the cyberark/conjur and cyberark/conjur-cli Docker images to set up a Conjur OSS instance and use an Ubuntu or other OS image to install summon and summon-conjur. https://github.com/cyberark/summon-conjur/blob/main/docker-compose.yml may be a good start.
We are running server in version 13.5, I see this behaviour on my machine MacOS 15.5 and on our github runner server RHEL 9.4. Conjur administrator ran it from other server and it works completely fine with summon version 0.10.1.
it works completely fine with summon version 0.10.1
That's interesting. Same versions of summon-conjur?
it works completely fine with summon version 0.10.1
That's interesting. Same versions of summon-conjur?
his setup is Conjur CLI version 8.0.18-4084447 summon version 0.10.1-29ebeaa summon-conjur version 0.8.0-4ea17d4
mine Conjur CLI version 8.1.2-556d4a2 summon version 0.10.5-3b41730 summon-conjur version 0.8.0-4ea17d4
Unfortunately I'm unable to reproduce this issue. I'm going to close the issue but if you're able to find any more details that might help explain what's going on, I'm happy to revisit. Also, you're more than welcome to clone this summon and summon-conjur repositories and try running them from source and attempt to debug it yourself. We're always excited to get community PRs :)
Hi @szh,
Found out that it has something to do with network issues, I did some testing by jumping over few VPN gates. Server instance I'm testing agains is in Europe.
Is there any way to extend timeout on request?
Conjur admins saw that some values from servers perspective were not called for at all
Hi @kb-med, Thank you for the additional info, that's really useful. We added support for custom timeout values in our underlying Go SDK (https://github.com/cyberark/conjur-api-go) but haven't yet updated summon-conjur to use that version. I'll work on getting a release out that will allow you to set a custom timeout value in your .conjurrc or via an environment variable.
Alright, try now with summon-conjur v0.8.1. You can either set the environment variable CONJUR_HTTP_TIMEOUT or update your .conjurrc file to add a line http_timeout: 600 or some other integer value of seconds. The max is 600.
Alright, try now with summon-conjur v0.8.1. You can either set the environment variable
CONJUR_HTTP_TIMEOUTor update your .conjurrc file to add a linehttp_timeout: 600or some other integer value of seconds. The max is 600.
Unfortunately I'm seeing same results, timeout configuration didn't help. Is there possibility to run some sort of debug mode?
Do you have the Conjur CLI installed? You can run conjur -d variable get -i <var_id> which will log the full HTTP requests (with auth tokens redacted). The Conjur CLI uses the same configuration as summon-conjur.
I ran command with all 160 values to get fetched and it is failing on Request-URI Too Large
HTTP/1.1 414 Request-URI Too Large Content-Length: 170 Connection: keep-alive Content-Type: text/html Date: Thu, 14 Aug 2025 14:32:21 GMT Server: nginx
OK, so that's because the Conjur CLI tries to fetch them all in one request. Summon actually fetches them one by one - can you use the same command but only do one at a time?
By running simple bash script to fetch each value one by one it works fine all responses are 200 and no errors
Very interesting. Are any of the queries taking longer than 60s?
No. Each shot is resolved around half of a second and summon request when requesting all values takes about 10 seconds to complete. Tho some people who have it working correctly they get response almost right away without delays as I do.
Seems that issue on Github runners is resolved by attaching them to much closer read replica for them. I still try to investigate my local machine problems
TCP Dump seems that client is sending RESET flag
Reset packet
```Transmission Control Protocol, Src Port: 58729, Dst Port: 443, Seq: 124265, Len: 0 Source Port: 58729 Destination Port: 443 [Stream index: 0] [Stream Packet Number: 353] [Conversation completeness: Complete, WITH_DATA (63)] ..1. .... = RST: Present ...1 .... = FIN: Present .... 1... = Data: Present .... .1.. = ACK: Present .... ..1. = SYN-ACK: Present .... ...1 = SYN: Present [Completeness Flags: RFDASS] [TCP Segment Len: 0] Sequence Number: 124265 (relative sequence number) Sequence Number (raw): 957481264 [Next Sequence Number: 124265 (relative sequence number)] Acknowledgment Number: 0 Acknowledgment number (raw): 0 0101 .... = Header Length: 20 bytes (5) Flags: 0x004 (RST) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .1.. = Reset: Set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·········R··] Window: 0 [Calculated window size: 0] [Window size scaling factor: 64] Checksum: 0x7363 [unverified] [Checksum Status: Unverified] Urgent Pointer: 0 [Timestamps] [Time since first frame in this TCP stream: 9.817384000 seconds] [Time since previous frame in this TCP stream: 0.000138000 seconds]Flags: 0x004 (RST) 000. .... .... = Reserved: Not set ...0 .... .... = Accurate ECN: Not set .... 0... .... = Congestion Window Reduced: Not set .... .0.. .... = ECN-Echo: Not set .... ..0. .... = Urgent: Not set .... ...0 .... = Acknowledgment: Not set .... .... 0... = Push: Not set .... .... .1.. = Reset: Set .... .... ..0. = Syn: Not set .... .... ...0 = Fin: Not set [TCP Flags: ·········R··]
</details>
Hi @kb-med, Unfortunately we aren't able to fix this since we can't reproduce it. It's possible that it's network related. I'm going to close the issue for now and you can reopen if you have more information that indicates it's an issue with summon itself.