Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

env cache needs to be scoped to the cluster #1260

Closed
adityathebe opened this issue Jan 9, 2025 · 2 comments · Fixed by #1267
Closed

env cache needs to be scoped to the cluster #1260

adityathebe opened this issue Jan 9, 2025 · 2 comments · Fixed by #1267
Assignees
@adityathebe
Labels
bug Something isn't working

Comments

@adityathebe
Copy link
Member

adityathebe commented Jan 9, 2025
edited
Loading

if two clusters have the same secretkeyRef in the same namespace, we run into the risk of returning a secret of another cluster.

duty/context/envvar.go

Lines 159 to 162 in fca8807

id := fmt.Sprintf("secret/%s/%s/%s", namespace, name, key)
if value, found := envCache.Get(id); found {
return value.(string), nil
}

@adityathebe adityathebe added the bug Something isn't working label Jan 9, 2025
@moshloop
Copy link
Member

I don't think we support lookup of secrets from external clusters / via kubeconfig - It is always local to the current agent?

@adityathebe
Copy link
Member Author

@moshloop As far as GetSecretFromCache is concerned, it uses the kubernetes client in the context which could possibly have any remote cluster's config.

@adityathebe adityathebe mentioned this issue Jan 14, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adityathebe adityathebe

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: scope the env cache to the rest config flanksource/duty
2 participants
@moshloop @adityathebe