Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

k8s deployment fails if service principal password includes a semicolon or % char #1208

Closed
jackfrancis opened this issue Aug 8, 2017 · 2 comments · Fixed by #2255
Closed

k8s deployment fails if service principal password includes a semicolon or % char #1208

jackfrancis opened this issue Aug 8, 2017 · 2 comments · Fixed by #2255
Assignees
@jackfrancis @CecileRobertMichon @acs-bot
Labels
kind/bug orchestrator/k8s priority/P2

Comments

@jackfrancis
Copy link
Member

jackfrancis commented Aug 8, 2017
edited
Loading

Is this an ISSUE or FEATURE REQUEST? (choose one): ISSUE

What version of acs-engine?: at least 0.4.0

Orchestrator and version (e.g. Kubernetes, DC/OS, Swarm) Kubernetes

What happened:

The variable injection logic that outputs a custom provision script treats semicolons literally, and bash interprets it as the end of command character.

Similar behavior for %.

See this line:

acs-engine/parts/kubernetesagentresourcesvmas.t

Line 259 in 096c771

"commandToExecute": "[concat('/usr/bin/nohup /bin/bash -c \"/bin/bash /opt/azure/containers/provision.sh ',variables('tenantID'),' ',variables('subscriptionId'),' ',variables('resourceGroup'),' ',variables('location'),' ',variables('subnetName'),' ',variables('nsgName'),' ',variables('virtualNetworkName'),' ',variables('routeTableName'),' ',variables('primaryAvailablitySetName'),' ',variables('servicePrincipalClientId'),' ',variables('servicePrincipalClientSecret'),' ',variables('clientPrivateKey'),' ',variables('targetEnvironment'),' ',variables('networkPolicy'),' ',variables('cloudProviderBackoff'),' ',variables('cloudProviderBackoffRetries'),' ',variables('cloudProviderBackoffExponent'),' ',variables('cloudProviderBackoffDuration'),' ',variables('cloudProviderBackoffJitter'),' ',variables('cloudProviderRatelimit'),' ',variables('cloudProviderRatelimitQPS'),' ',variables('cloudProviderRatelimitBucket'),' ', variables('useManagedIdentityExtension'),' ',variables('useInstanceMetadata'),' >> /var/log/azure/cluster-provision.log 2>&1 &\" &')]"

What you expected to happen:

successful cluster deployment

How to reproduce it (as minimally and precisely as possible):

Include a service principal password that includes a ; character, generate new templates, and deploy a cluster.
@jackfrancis jackfrancis self-assigned this Aug 8, 2017
@seanknox seanknox added the ready label Aug 8, 2017
@jackfrancis jackfrancis mentioned this issue Aug 16, 2017
Closed
@ghost ghost added in progress and removed ready labels Aug 16, 2017
@ghost ghost assigned acs-bot Aug 16, 2017
@jackfrancis jackfrancis mentioned this issue Feb 9, 2018
Closed
@jackfrancis
Copy link
Member Author

Template files have been refactored. The service principal env var is now under the provisionScriptParametersCommon variable in parts/k8s/kubernetesmastervars.t.

@jackfrancis jackfrancis changed the title k8s deployment fails if service principal password includes a semicolon char k8s deployment fails if service principal password includes a semicolon or % char Feb 12, 2018
@jackfrancis
Copy link
Member Author

A prior attempt is #1268

@CecileRobertMichon CecileRobertMichon mentioned this issue Feb 12, 2018
Merged
@ghost ghost added the in progress label Feb 12, 2018
@ghost ghost removed the in progress label Feb 12, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jackfrancis jackfrancis

@CecileRobertMichon CecileRobertMichon

@acs-bot acs-bot

Labels
kind/bug orchestrator/k8s priority/P2
Projects
None yet
Milestone
No milestone
4 participants
@seanknox @jackfrancis @CecileRobertMichon @acs-bot