compose icon indicating copy to clipboard operation
compose copied to clipboard
verified publisher icon docker

docker-compose config inappropriately tries to expand environment variables

Open rfay opened this issue 4 years ago • 5 comments

Description

docker-compose config inappropriately tries to expand environment variables, meaning that it's impossible to pass a complex environment variable to the container.

Given this docker-compose.yaml:

services:
  web:
    environment:
      - ONE='o$ne'
      - TWO='t$wo'

do a docker-compose config

The output is

docker-compose config
WARN[0000] The "ne" variable is not set. Defaulting to a blank string.
WARN[0000] The "wo" variable is not set. Defaulting to a blank string.

because docker-compose is trying to expand $ne and $wo.

This means that when people embed a '$' (or perhaps other shell meta-characters) there's no way to actually deliver the expected environment variable to the container.

Output of docker compose version:

This happens with both docker-compose v1 and docker-compose v2

Additional environment details:

This happens on both macOS and Linux. I imagine it happens everywhere.

rfay avatar Nov 05 '21 20:11 rfay

on the other hand, being able to have variable expanse anywhere in the yaml tree is a major feature of compose ...

IIRC you can use doubled dollar for this purpose

services:
  web:
    environment:
      - ONE='o$$ne'
      - TWO='t$$wo'

ndeloof avatar Nov 05 '21 21:11 ndeloof

Right, but the expansion shouldn't even happen here should it?

Someone who is trying to deliver a random string (like encryption key?) to a variable in the container doesn't want to know that they can go in and manually edit the string following various rules.

This was reported in https://github.com/drud/ddev/issues/3355 and of course it wouldn't be reasonable to ask someone to edit the content of a variable there.

rfay avatar Nov 05 '21 21:11 rfay

Right, but the expansion shouldn't even happen here should it?

How could we distinguish a user mistake to not declare a required variable vs a plain dollar sign? Also, such char only appears without user control in secret keys as you mention, and those you won't hard-code in the compose file, would you? but pass as variables.

About drud/ddev#3355 , either 2FAKEY should be set as variable, or if user want this hard-coded in the compose file, it should be escaped with double dollar.

ndeloof avatar Nov 06 '21 08:11 ndeloof

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 12 '22 17:06 stale[bot]

This issue has been automatically closed because it had not recent activity during the stale period.

stale[bot] avatar Aug 01 '22 00:08 stale[bot]

This issue has been automatically closed because it had not recent activity during the stale period.

stale[bot] avatar Aug 13 '22 11:08 stale[bot]

It's still happening, i am using it in docker build command as follows: docker build --build-arg RP=${{vars.RP}} -t ***.dkr.ecr.ap-south-1.amazonaws.com/abcd:latest where the value of vars.RP is p@ss$12E45 but the value that reaches the container is p@ss2E45

kathpalrohan avatar May 08 '23 09:05 kathpalrohan

When I use p@ss$$12E45(as suggested) the value that reaches the container is p@ss171312E45

kathpalrohan avatar May 08 '23 10:05 kathpalrohan