Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

It's fail to decrypt user scope data store value in Jinja expression #4633

Closed
userlocalhost opened this issue Apr 12, 2019 · 1 comment · Fixed by #4634
Closed

It's fail to decrypt user scope data store value in Jinja expression #4633

userlocalhost opened this issue Apr 12, 2019 · 1 comment · Fixed by #4634

Comments

@userlocalhost
Copy link
Member

userlocalhost commented Apr 12, 2019
edited
Loading

SUMMARY

When I get user scope value from datastore in Jinja expression then decrypt it using decrypt_kv filter like below, st2api returns HTTP 400 responce as below.

ISSUE TYPE

Bug Report

STACKSTORM VERSION

st2 3.0dev, on Python 2.7.12

OS / ENVIRONMENT / INSTALL METHOD

custom install in line with Run From Sources

STEPS TO REPRODUCE

Runs an action that gets and decrypts value in Jinja expression as below.

(virtualenv) ubuntu@ubuntu0:~/st2$ st2 key get -s user -d value
+------------------+------------+
| Property         | Value      |
+------------------+------------+
| name             | value      |
| value            | aabb       |
| secret           | True       |
| encrypted        | False      |
| scope            | st2kv.user |
| expire_timestamp |            |
+------------------+------------+
(virtualenv) ubuntu@ubuntu0:~/st2$ st2 action get default.test_kv
+---------------+--------------------------------------------------------------+
| Property      | Value                                                        |
+---------------+--------------------------------------------------------------+
| id            | 5caf026a987b613c65c31229                                     |
| uid           | action:default:test_kv                                       |
| ref           | default.test_kv                                              |
| pack          | default                                                      |
| name          | test_kv                                                      |
| description   | Action that executes an arbitrary Linux command on the       |
|               | localhost.                                                   |
| enabled       | True                                                         |
| entry_point   |                                                              |
| runner_type   | local-shell-cmd                                              |
| parameters    | {                                                            |
|               |     "cmd": {                                                 |
|               |         "default": "echo {{ st2kv.user.value | decrypt_kv    |
|               | }}",                                                         |
|               |         "required": true,                                    |
|               |         "type": "string",                                    |
|               |         "description": "Arbitrary Linux command to be        |
|               | executed on the local host."                                 |
|               |     },                                                       |
|               |     "sudo": {                                                |
|               |         "immutable": true                                    |
|               |     }                                                        |
|               | }                                                            |
| metadata_file |                                                              |
| notify        |                                                              |
| output_schema |                                                              |
| tags          |                                                              |
+---------------+--------------------------------------------------------------+
(virtualenv) ubuntu@ubuntu0:~/st2$ st2 run default.test_kv
ERROR: 400 Client Error: Bad Request
MESSAGE: Failed to render parameter "cmd": ciphertext needs to either be a string/unicode or bytes for url: http://127.0.0.1:9101/v1/executions

(virtualenv) ubuntu@ubuntu0:~/st2$
EXPECTED RESULTS

It works fine to get and decrypt system scope value in the same way as above. I expect it also can do it in the case of user scope value.

--- a/test_kv_user.yaml
+++ b/test_kv_system.yaml
@@ -8,7 +8,7 @@ parameters:
     description: Arbitrary Linux command to be executed on the local host.
     required: true
     type: string
-    default: "echo {{ st2kv.user.value | decrypt_kv }}"
+    default: "echo {{ st2kv.system.value | decrypt_kv }}"
   sudo:
     immutable: true
 runner_type: "local-shell-cmd"

スクリーンショット 2019-04-12 11 45 56

ACTUAL RESULTS
  • This is an output of same command with --debug option).
  • This is an extract of st2api.log when that action run.
@Kami
Copy link
Member

Kami commented Apr 12, 2019

Thanks for reporting this.

We will have a look.

@userlocalhost userlocalhost mentioned this issue Apr 12, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fixed a problem not to decrypt user scope data store value in Jinja expression userlocalhost/st2
2 participants
@Kami @userlocalhost