You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
OptionValues service doesn't renderingOptions from Key Storage as expected according to documentation here and here
Example below shows that path to Key Storage secret is passed as arg to script instead of secret value
My Rundeck detail
Rundeck version: [Rundeck 5.1.0 Elbrus olivedrab camera a1d8105fe44a41 ]
install type: [deb,docker]
OS Name/version: [ubuntu 22.04]
DB Type/version: [mysql]
To Reproduce
Steps to reproduce the behavior:
Example:
rundeck@d8105fe44a41:~/$ cat /tmp/debug.log
19:38:14,479 root INFO Running Debug
19:38:14,480 root INFO RD_PLUGIN_BASE: /home/rundeck/libext/cache/zabbix-hostgroup-plugin
19:38:14,480 root INFO RD_PLUGIN_FILE: /home/rundeck/libext/zabbix-hostgroup-plugin.zip
19:38:14,480 root INFO RD_CONFIG_ZABBIX_URL: zabbix-frontend:8080
19:38:14,480 root INFO RD_PLUGIN_SCRIPTFILE: /home/rundeck/libext/cache/zabbix-hostgroup-plugin/get_zabbix_hostgroups.py
19:38:14,480 root INFO RD_CONFIG_ZABBIX_API_TOKEN: keys/project/Zabbix_Inventory/zabbix_api_token
19:38:14,480 root INFO LC_CTYPE: C.UTF-8
19:38:14,480 root INFO zabbix_url value:
19:38:14,480 root INFO zabbix-frontend:8080
19:38:14,480 root INFO zabbix_api_token value:
19:38:14,480 root INFO keys/project/Zabbix_Inventory/zabbix_api_token
Expected behavior
According to documentation it suppose to work in a following way:
valueConversion: "STORAGE_PATH_AUTOMATIC_READ" tells Rundeck to interpret that string as a path in Key Storage and pass the value of that key to the script. This is how we can securely reference secrets without exposing them to the job users.
Additional context
It might be not implemented yet and is not in lineup with other types of plugins or types of Services. But documentation doesn't separate in such regards plugins and anyhow access to Key Storage from inside of plugin is a crucial security pilar and would be nice to get this fixed/implemented.
The text was updated successfully, but these errors were encountered:
Describe the bug
OptionValues service doesn't renderingOptions from Key Storage as expected according to documentation here and here
Example below shows that path to Key Storage secret is passed as arg to script instead of secret value
My Rundeck detail
To Reproduce
Steps to reproduce the behavior:
Example:
$ tree . ├── zabbix-hostgroup-plugin │ ├── contents │ │ └── get_zabbix_hostgroups.py │ └── plugin.yaml └── zabbix-hostgroup-plugin.zip
zabbix-hostgroup-plugin/plugin.yaml
zabbix-hostgroup-plugin/contents/get_zabbix_hostgroups.py:
Debug output
rundeck@d8105fe44a41:~/$ cat /tmp/debug.log 19:38:14,479 root INFO Running Debug 19:38:14,480 root INFO RD_PLUGIN_BASE: /home/rundeck/libext/cache/zabbix-hostgroup-plugin 19:38:14,480 root INFO RD_PLUGIN_FILE: /home/rundeck/libext/zabbix-hostgroup-plugin.zip 19:38:14,480 root INFO RD_CONFIG_ZABBIX_URL: zabbix-frontend:8080 19:38:14,480 root INFO RD_PLUGIN_SCRIPTFILE: /home/rundeck/libext/cache/zabbix-hostgroup-plugin/get_zabbix_hostgroups.py 19:38:14,480 root INFO RD_CONFIG_ZABBIX_API_TOKEN: keys/project/Zabbix_Inventory/zabbix_api_token 19:38:14,480 root INFO LC_CTYPE: C.UTF-8 19:38:14,480 root INFO zabbix_url value: 19:38:14,480 root INFO zabbix-frontend:8080 19:38:14,480 root INFO zabbix_api_token value: 19:38:14,480 root INFO keys/project/Zabbix_Inventory/zabbix_api_token
Expected behavior
According to documentation it suppose to work in a following way:
Additional context
It might be not implemented yet and is not in lineup with other types of plugins or types of Services. But documentation doesn't separate in such regards plugins and anyhow access to Key Storage from inside of plugin is a crucial security pilar and would be nice to get this fixed/implemented.
The text was updated successfully, but these errors were encountered: