Passing RPC secret file doesn't work for some commands #695

New Issue

Closed

opened 2024-01-26 08:50:52 +00:00 by CobaltCause · 2 comments

CobaltCause commented 2024-01-26 08:50:52 +00:00

Copy Link

I noticed that garage --rpc-secret-file /path/to/secret status exited immediately with the output Error: No RPC secret provided. It's interesting because garage --rpc-secret-file /path/to/secret server worked fine to start the server...

I took a look at the code and came up with this patch as a very bad no good fix. I think a more robust solution to this problem would unfortunately be to rearchitect the config/secrets loading entirely, as it seems like the logic for this stuff is scattered quite a bit and has different behavior based on the code path you take (as evidenced above).

I noticed that `garage --rpc-secret-file /path/to/secret status` exited immediately with the output `Error: No RPC secret provided`. It's interesting because `garage --rpc-secret-file /path/to/secret server` worked fine to start the server... I took a look at the code and came up with [this patch](https://or.computer.surgery/charles/servy-fleet/-/blob/8c85f272f90dd3196e41b0e71a0eea56c7c00d16/config/garage/cli-rpc-secret-file.patch) as a very bad no good fix. I think a more robust solution to this problem would unfortunately be to rearchitect the config/secrets loading entirely, as it seems like the logic for this stuff is scattered quite a bit and has different behavior based on the code path you take (as evidenced above).

lx added the

Bug

label 2024-01-26 09:26:05 +00:00

lx added this to the v1.0 milestone 2024-01-26 09:26:08 +00:00

flokli commented 2024-01-28 20:39:49 +00:00

Contributor

Copy Link

Same applies to the GARAGE_RPC_SECRET_FILE environment variable, it doesn't override values in the config file either.

IMHO, the order should be as follows (from less prio to more prio, following ones overriding previous ones):

• config file
• env var
• cli argument

Same applies to the `GARAGE_RPC_SECRET_FILE` environment variable, it doesn't override values in the config file either. IMHO, the order should be as follows (from less prio to more prio, following ones overriding previous ones): - config file - env var - cli argument

lx commented 2024-01-29 11:03:55 +00:00

Owner

Copy Link

@flokli can you confirm you are talking about CLI commands such as garage status, and not the garage server command?

I agree on how you are priorizing the different sources for the secret, in theory this is what we implemented, at least for the garage server command. We might have botched it for garage status, etc.

@flokli can you confirm you are talking about CLI commands such as `garage status`, and not the `garage server` command? I agree on how you are priorizing the different sources for the secret, in theory this is what we implemented, at least for the `garage server` command. We might have botched it for `garage status`, etc.

zdenek.crha referenced this issue 2024-01-30 17:56:02 +00:00

Proposal: decouple config structs used in garage and garage_model crates #699

lx referenced this issue from a commit 2024-02-12 10:36:20 +00:00

[fix-secrets-695] take into account rpc secret from file for cli commands (fix #695)

lx closed this issue 2024-02-13 10:04:51 +00:00

lx referenced this issue 2024-03-01 14:14:56 +00:00

Bump version to v0.9.2 #747

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

main-0.9.x

db-no-unsafe

main-0.8.x

k2v/shared_http_client

feat/website-redir

smithy2

test/compilation

poc/nomad-ci

test-ci-wait

pnet_datalink-0.33.0

optimal-layout

k2v-watch-range

db-debug-log

build-convert-db

demonstrate-cargo2nix-bug

dangerous/no-fsync

dev0.7.3

doc/benchmarks

bug/check_static

bucket-cors-more

storage-optimizations

old-main

v1.0.0

v0.9.4

v1.0.0-rc1

v0.8.7

v0.9.3

v0.9.2

v0.8.6

v0.9.2-rc1

v0.9.1

v0.8.5

v0.10.0-beta1

v0.9.0

v0.9.0-rc2

v0.9.0-rc1

v0.9.0-beta4

v0.9.0-beta3

v0.9.0-beta2

v0.8.4

v0.9.0-beta1

v0.8.3

v0.8.3-rc1

format_table-v0.1.1

format_table-v0.1.0

v0.8.2

v0.8.1

v0.8.0

v0.8.0-rc2

v0.8.0-rc1

v0.8.0-dangerous-no-fsync

v0.8.0-beta2-k2v

v0.8.0-beta2

v0.8.0-beta1-k2v

v0.8.0-beta1

v0.7.99.3-k2v

v0.7.3

v0.7.3-beta2

v0.7.3-beta1

v0.7.2.1

v0.7.2

v0.7.2_ci-test-2

v0.7.2+ci-test-version

v0.7.99.2-k2v

v0.7.99.1-k2v

v0.7.99-k2v

v0.7.2-k2v

v0.7.1-admin-k2v-2

v0.7.1-admin-k2v

v0.7.1-k2v

v0.7.1

v0.7.0

v0.7.0-rc1

v0.6.1

v0.6.0

v0.6.0-rc1

v0.5.1

v0.5.0.1

v0.5.0

v0.5-beta1

v0.4.0

v0.4-rc2

v0.4-rc1

0.4-beta

0.4-alpha

v0.3.0.2

v0.3.0.1

v0.3.0

v0.2.1.5

v0.2.1

v0.2.0

0.1.1b

0.1.1

0.1.0b

0.1.0

Labels

Clear labels   

AdminAPI

Issues concerning the administration API

  

Bug

  

Check AWS

The behaviour should be checked against AWS S3

  

CI

Issues with Nix, Drone, Rust Compiler, etc.

  

Correctness

Issues of theoretical correctness that may impact edge-case scenarios

  

Critical

  

Documentation

  

Ideas

For abstract ideas/proposal to make Garage better, to better communicate our not yet achieved aims

  

Improvement

  

Low priority

For issues that we don't want to spend time on until made absolutely necessary

  

Newcomer

A bug that should be newcomer friendly.

  

Performance

  

S3 Compatibility

  

Testing

  

Usability

Propositions to make Garage easier to operate, by improving error reporting, CLI, etc.

No Label

AdminAPI

Bug

Check AWS

CI

Correctness

Critical

Documentation

Ideas

Improvement

Low priority

Newcomer

Performance

S3 Compatibility

Testing

Usability

Milestone

Clear milestone

No items

No Milestone

v1.0

Assignees

Clear assignees

No Assignees

3 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/garage#695

No description provided.