intuit-spring-cloud-config-validator icon indicating copy to clipboard operation
intuit-spring-cloud-config-validator copied to clipboard

Published 20 hours ago verified publisher icon intuit

.yml files with {cipher} tokens, without quotes, breaks the config service

Open marcellodesales opened this issue 7 years ago • 0 comments

Problem

If a configuration property starts with {cipher}, but without single/double-quotes, the configuration service breaks. This is specific to .yml files.

Example at https://github.com/marcellodesales/config-repo/commit/3243ff4d7c853418bd73bfe349aef848599f5ca2

Config Server API Output

$ curl config-server:8888/app/default
Error: Failed to load property source from location 'file:/tmp/config-repo-2392906881014410043/application.yml'

Config Server Error Logs

config-server_1           | 	... 87 common frames omitted
config-server_1           |
config-server_1           | 2017-12-07 07:50:05.983 ERROR 1 --- [nio-8888-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet]    : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Failed to load property source from location 'file:/tmp/config-repo-2392906881014410043/application.yml'] with root cause
config-server_1           |
config-server_1           | org.yaml.snakeyaml.parser.ParserException: while parsing a block mapping
config-server_1           |  in 'reader', line 5, column 3:
config-server_1           |       password: {cipher}AQBdTe9vjgOqAN ...
config-server_1           |       ^
config-server_1           | expected <block end>, but found Scalar
config-server_1           |  in 'reader', line 5, column 21:
config-server_1           |       password: {cipher}AQBdTe9vjgOqANyfi+Ke5HYmhFJnuvsG ...
config-server_1           |                         ^
config-server_1           |
config-server_1           | 	at org.yaml.snakeyaml.parser.ParserImpl$ParseBlockMappingKey.produce(ParserImpl.java:569) ~[snakeyaml-1.17.jar!/:na]
config-server_1           | 	at org.yaml.snakeyaml.parser.ParserImpl.peekEvent(ParserImpl.java:157) ~[snakeyaml-1.17.jar!/:na]
config-server_1           | 	at org.yaml.snakeyaml.parser.ParserImpl.checkEvent(ParserImpl.java:147) ~[snakeyaml-1.17.jar!/:na]
config-server_1           | 	at org.yaml.snakeyaml.composer.Composer.composeMappingNode(Composer.java:224) ~[snakeyaml-1.17.jar!/:na]

Proposed Solution

  • Verify if the value of keys contains the valid tokens for secrets such as {cipher} and {secret} contains quotes (single or double) to make sure secrets are correctly set.

marcellodesales avatar Dec 07 '17 07:12 marcellodesales