Code Monkey home page Code Monkey logo

Comments (8)

kanika1894 avatar kanika1894 commented on July 4, 2024 1

Fixed by the PR : #51

from aci-deploy.

prein avatar prein commented on July 4, 2024

Just realized I created dup to #42
Feel free to merge.

from aci-deploy.

dbrooks5 avatar dbrooks5 commented on July 4, 2024

The az cli supports two forms of environment variables for azure container instances.
--secure-environment-variables - all variables specified in this block have their values obfuscated in the azure portal so they are not visible and cannot be retrieved via the cli. This functionality is useful for things like passwords.
--environment-variables - all variables specified here have their values visible in the azure portal and cli.

It appears that the github action is grouping both flags together and just treating them all as environment variables.

In the taskparameters.ts file it appears that the two flags are being processed independently, but the processes for both is the same.

private _getEnvironmentVariables(environmentVariables: string, secureEnvironmentVariables: string) {
	if(environmentVariables) {
		// split on whitespace, but ignore the ones that are enclosed in quotes
		let keyValuePairs = environmentVariables.match(/(?:[^\s"]+|"[^"]*")+/g) || [];
		keyValuePairs.forEach((pair: string) => {
			// value is either wrapped in quotes or not
			let pairList = pair.split(/=(?:"(.+)"|(.+))/);
			let obj: ContainerInstanceManagementModels.EnvironmentVariable = { 
				"name": pairList[0], 
				"value": pairList[1] || pairList[2]
			};
			this._environmentVariables.push(obj);
		})
	}
	if(secureEnvironmentVariables) {
		// split on whitespace, but ignore the ones that are enclosed in quotes
		let keyValuePairs = secureEnvironmentVariables.match(/(?:[^\s"]+|"[^"]*")+/g) || [];
		keyValuePairs.forEach((pair: string) => {
			// value is either wrapped in quotes or not
			let pairList = pair.split(/=(?:"(.+)"|(.+))/);
			let obj: ContainerInstanceManagementModels.EnvironmentVariable = { 
				"name": pairList[0], 
				"value": pairList[1] || pairList[2]
			};
			this._environmentVariables.push(obj);
		})
	}
}

from aci-deploy.

github-actions avatar github-actions commented on July 4, 2024

This issue is marked need-to-triage for generating issues report.

from aci-deploy.

kanika1894 avatar kanika1894 commented on July 4, 2024

@prein @dbrooks5 Is there anything that we can help you with?
(Seems like you have figured out something on your own :) )

from aci-deploy.

el-pato avatar el-pato commented on July 4, 2024

@kanika1894 @prein @dbrooks5 fix should be to usesecureValue instead of value when adding secure environment variables to _environmentVariables, per the snippet below. I tested this on one of my projects and confirm that secure environment variables are no longer visible in the properties of the the container instance. Also created a PR: #51

Problem code:

aci-deploy/src/taskparameters.ts

Lines 154 to 166 in abb2c5f

if(secureEnvironmentVariables) {
// split on whitespace, but ignore the ones that are enclosed in quotes
let keyValuePairs = secureEnvironmentVariables.match(/(?:[^\s"]+|"[^"]*")+/g) || [];
keyValuePairs.forEach((pair: string) => {
// value is either wrapped in quotes or not
let pairList = pair.split(/=(?:"(.+)"|(.+))/);
let obj: ContainerInstanceManagementModels.EnvironmentVariable = {
"name": pairList[0],
"value": pairList[1] || pairList[2]
};
this._environmentVariables.push(obj);
})
}

Potential fix:

if(secureEnvironmentVariables) {
            // split on whitespace, but ignore the ones that are enclosed in quotes
            let keyValuePairs = secureEnvironmentVariables.match(/(?:[^\s"]+|"[^"]*")+/g) || [];
            keyValuePairs.forEach((pair: string) => {
                // value is either wrapped in quotes or not
                let pairList = pair.split(/=(?:"(.+)"|(.+))/);
                let obj: ContainerInstanceManagementModels.EnvironmentVariable = { 
                    "name": pairList[0], 
                    "secureValue": pairList[1] || pairList[2]
                };
                this._environmentVariables.push(obj);
            })

from aci-deploy.

sroebert avatar sroebert commented on July 4, 2024

It is fixed in the source ts file, but not in the lib js file, so when using it in Github actions secure environment variables are still passed on as normal environment variables.

from aci-deploy.

el-pato avatar el-pato commented on July 4, 2024

@sroebert yeah, this project needs to be built again (and preferably a new release). More info in #57

from aci-deploy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.