aws-sm-buildkite-plugin icon indicating copy to clipboard operation
aws-sm-buildkite-plugin copied to clipboard

Published 20 hours ago verified publisher icon seek-oss

Case change for variable names

Open rafaelmagu opened this issue 4 years ago • 5 comments

Problem

While implementing this plugin to work with a Terraform pipeline, we found that the key names used in the pipeline YAML do not have their case respected when the variables are exported.

For example:

steps:
  - label: ":building_construction: build"
    command: 'echo \$MY_env_var'
    plugins:
      - seek-oss/aws-sm#v2.2.0:
          env:
            MY_env_var: "my/secret/value"

Yields:

🔑 Reading secrets from AWS SM
Reading <long_arn> from AWS SM into environment variable MY_ENV_VAR

This problem does not occur for the json-to-env method, presumably because the keys are not being passed through Buildkite's plugin framework (which I believe is the real culprit).

Resources

Terraform respects the case sensitivity of variables when the OS allows: https://www.terraform.io/docs/configuration/variables.html#environment-variables

rafaelmagu avatar Oct 28 '20 23:10 rafaelmagu

I have confirmed with Buildkite support that the key names passed down to plugins are kept in their correct case, so the problem lies with how this plugin interprets them.

You can see the correct values from Buildkite on a test pipeline by going to the step where the plugin is used and clicking on the Environment tab, then scrolling to the BUILDKITE_PLUGINS value.

rafaelmagu avatar Oct 29 '20 02:10 rafaelmagu

Heya @rafaelmagu, is Buildkite now recommending to parse BUILDKITE_PLUGINS? We currently pull values out of BUILDKITE_PLUGIN_<PLUGIN_NAME>_<CONFIGURATION_PROPERTY> as documented in their tutorial, which does not preserve property case sensitivity: https://buildkite.com/docs/plugins/writing#plugin-tutorial-add-a-plugin-dot-yml

72636c avatar Nov 02 '20 02:11 72636c

@72636c I've asked Buildkite to pitch in on that answer.

rafaelmagu avatar Nov 02 '20 03:11 rafaelmagu

Taking the view that we probably can't rely on property case sensitivity when using BUILDKITE_PLUGIN_* (and we don't really want to rebuild or overcomplicate the whole parsing business) I have suggested a feature that would allow a workaround in #23

It still wouldn't allow the simple case to work:

plugins:
  - vital-software/aws-sm#v2.4.0:
      env:
        MY_env_var: my/secret/value # <- produces MY_ENV_VAR
        MY_FOO: other/secret/value

But it does build upon the existing secret-id support to move the specification of the environment variable name to a value instead of a property name, which is case-preserving:

plugins:
  - vital-software/aws-sm#v2.4.0:
      env:
        my_env_var: # <- not used
          export-name: MY_env_var # <- produces MY_env_var
          secret-id: my/secret/value
        MY_FOO: other/secret/value

dominics avatar Apr 15 '21 05:04 dominics

Any plans to retackle this?

tarciosaraiva avatar Sep 28 '23 01:09 tarciosaraiva