-
Notifications
You must be signed in to change notification settings - Fork 466
Add single quotes around the credentials_json var #2712
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add single quotes around the credentials_json var #2712
Conversation
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
This handlebar variable contains a string and is required to be passed as a string to the Beat. It must be properly quoted because it contains JSON which in YAML will be interpretted as an object. In general all handlebar variables that are strings should be single-quoted.
edit: I must have setup something wrong b/c I cannot reproduce this result. And I am getting the correct output for values containing newlines.
Given vars:
credentials_json: |
{
"type": "service_account",
"project_id": "foo",
"private_key_id": "x",
"private_key": "",
"client_email": "[email protected]",
"client_id": "0",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://foo.bar/path"
} and a template of I expect credentials_json: '{
"type": "service_account",
"project_id": "foo",
"private_key_id": "x",
"private_key": "",
"client_email": "[email protected]",
"client_id": "0",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://foo.bar/path"
}' but I observe a policy with credentials_json:
type: service_account
project_id: foo
private_key_id: x
private_key: ''
client_email: [email protected]
client_id: '0'
auth_uri: 'https://accounts.google.com/o/oauth2/auth'
token_uri: 'https://oauth2.googleapis.com/token'
auth_provider_x509_cert_url: 'https://www.googleapis.com/oauth2/v1/certs'
client_x509_cert_url: 'https://foo.bar/path' What happened to the single-quotes around the handlebar variable and why is the string now an object? |
I tested this: {{#if credentials_json}}
credentials_json: >
{{credentials_json}}
{{/if}} Which gives: credentials_json: |
{"type":"service_account",...} This is a valid string even if it is not enclosed in quotes (but should not matter). I think Fleet is parsing the input from handlebars as YAML and rendering it back, that would explain why |
I tried that with a value containing a newline and got an error.
{
"statusCode": 500,
"error": "Internal Server Error",
"message": "end of the stream or a document separator is expected at line 16, column 1:\n }\n ^"
} The policy looked like this
|
The CI error from Filebeat 7.17.0 is
It passes locally for me using both 7.16.3 and 7.17.0. |
What does this PR do?
This handlebar variable contains a string and is required to be
passed as a string to the Beat. It must be properly quoted because
it contains JSON which in YAML will be interpretted as an object.
In general all handlebar variables that are strings should be single-quoted.
Given the configuration input of
Fleet was producing a policy containing
and now will produce
Checklist
changelog.yml
file.