Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

decrypt_kv jinja filter fails if the key isn't in the kv store #178

Open
jschoewe opened this issue Aug 30, 2019 · 3 comments
Open

decrypt_kv jinja filter fails if the key isn't in the kv store #178

jschoewe opened this issue Aug 30, 2019 · 3 comments

Comments

@jschoewe
Copy link

jschoewe commented Aug 30, 2019
edited
Loading

An action file that has a secret parameter with a default value as follows:

action_param:
  type: string
  description: "This will fail the action"
  default: "{{ st2kv.system.test_param | decrypt_kv }}"
  secret: true

will fail with the following message if 'test_param' is not in the kv store:

ERROR: 400 Client Error: Bad Request
MESSAGE: Failed to render parameter "test_param": Referenced datastore item "st2kv.system.test_param" doesn't exist or it contains an empty string

Alternatively, if I pass a value that doesn't exist in the kv store but I don't try to decrypt it, then a blank string gets passed into the action parameter. I would expect an encrypted value to pass a blank string as well instead of failing.
@jinpingh
Copy link
Contributor

jinpingh commented Aug 30, 2019
edited
Loading

Which ST2 version are you installed? Could you please share a simple example that can duplicate issue? Thanks!

@jschoewe
Copy link
Author

jschoewe commented Sep 5, 2019

St2 version 3.1.0

action/test_workflow.yaml:

---
name: test_workflow
pack: test
description: Test workflow
runner_type: orquesta
entry_point: workflows/test_workflow.yaml
enabled: true
parameters:
  test_param1:
    type: string
    description: "This does not fail if test_param1 does not exist in the kv store"
    default: "{{ st2kv.system.test_param1 }}"
  test_param2:
    type: string
    description: "This fails if test_param2 does not exist in the kv store"
    default: "{{ st2kv.system.test_param2 | decrypt_kv }}"
    secret: true

action/workflows/test_workflow.yaml:

version: 1.0

description: Return the contents of test_param1

input:
  - test_param1
  - test_param2

output:
  - test_output: "{{ ctx().test_output }}"

tasks:
  test_task:
    action: core.noop
    next:
      - when: "{{ succeeded() }}"
        publish:
          - test_output: "{{ ctx().test_param1 }}"

@userlocalhost
Copy link
Member

userlocalhost commented Sep 15, 2019
edited
Loading

The processing of raising an exception when non-existing datastore item is passed to decrypt_kv seems to be intentional.
(c.f. StackStorm/st2#4634 (comment))

If you want to handle it as an empty string transparetly when a specified item is not registered in datastore, you can do it as below.

--- test1.yaml	2019-09-15 11:02:10.000000000 +0900
+++ test2.yaml	2019-09-15 11:02:54.000000000 +0900
@@ -1,5 +1,5 @@
 action_param:
   type: string
-  description: "This will fail the action"
-  default: "{{ st2kv.system.test_param | decrypt_kv }}"
+  description: "This will not fail the action"
+  default: "{% if st2kv.system.test_param|string %}{{ st2kv.system.test_param | decrypt_kv }}{% endif %}"
   secret: true

And here is an execution result.
スクリーンショット 2019-09-15 11 11 41

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@userlocalhost @jschoewe @jinpingh