Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: proxy scanner config.yml converts bool to string #4

Open
credibleforce opened this issue Oct 31, 2022 · 0 comments
Open

bug: proxy scanner config.yml converts bool to string #4

credibleforce opened this issue Oct 31, 2022 · 0 comments
Labels
bug Something isn't working

Comments

@credibleforce
Copy link

Describe the bug
When using the kubernetes admission controller module a config.yml secret is created based on inputs. The inputs include bool values get converted to strings during deployment. As a result the proxy-scanner deployment fails to start complaining about casting string value as bool.

Module setup:

module "lacework_admission_controller" {
  source  = "lacework/admission-controller/kubernetes"
  version = "~> 0.1"

  lacework_account_name = "${var.lacework_account_name}"
  proxy_scanner_token   = "${var.proxy_token}"
  default_registry      = "index.docker.io"
  static_cache_location = "/opt/lacework"
  scan_public_registries = true

  registries = [
    {
      name      = "docker_public"
      domain    = "index.docker.io"
      ssl       = true
      auto_poll = false
      is_public = true
      disable_non_os_package_scanning = false
    },
    {
      name      = "github_public"
      domain    = "ghcr.io"
      ssl       = true
      auto_poll = false
      is_public = true
      disable_non_os_package_scanning = false
      notification_type = "ghcr"
    }
  ]
}

Error message from the failing pod:

[ERROR]:   2022-10-31 18:55:43 - Error while parsing config file: yaml: unmarshal errors:
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 5: cannot unmarshal !!str `false` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 6: cannot unmarshal !!str `false` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 8: cannot unmarshal !!str `true` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 10: cannot unmarshal !!str `true` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 11: cannot unmarshal !!str `false` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 12: cannot unmarshal !!str `false` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 14: cannot unmarshal !!str `true` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 17: cannot unmarshal !!str `true` into bool 
[ERROR]:   2022-10-31 18:55:43 - Error while parsing config file: yaml: unmarshal errors:
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 5: cannot unmarshal !!str `false` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 6: cannot unmarshal !!str `false` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 8: cannot unmarshal !!str `true` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 10: cannot unmarshal !!str `true` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 11: cannot unmarshal !!str `false` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 12: cannot unmarshal !!str `false` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 14: cannot unmarshal !!str `true` into bool
[ERROR]:   2022-10-31 18:55:43 - {CONT}   line 17: cannot unmarshal !!str `true` into bool 
[ERROR]:   2022-10-31 18:55:43 - Error while starting scanner: Error while parsing config file 
[FATAL]:   2022-10-31 18:55:43 - Error while starting proxy-scanner: Error while parsing config file

Checking the values set in the lacework-proxy-scanner secret config.yml looks like this:

"lacework":
  "account_name": "xxxxxxxx"
  "integration_access_token": "xxxxxxxxx"
"registries":
- "auto_poll": "false"
  "disable_non_os_package_scanning": "false"
  "domain": "index.docker.io"
  "is_public": "true"
  "name": "docker_public"
  "ssl": "true"
- "auto_poll": "false"
  "disable_non_os_package_scanning": "false"
  "domain": "ghcr.io"
  "is_public": "true"
  "name": "github_public"
  "notification_type": "ghcr"
  "ssl": "true"
"scan_public_registries": true
"static_cache_location": "/opt/lacework"

Pod starts if I update the config to the following:

"lacework":
  "account_name": "snifftest"
  "integration_access_token": "_cb55f1031e5a700427b2536651d42142"
"registries":
- "auto_poll": false
  "disable_non_os_package_scanning": false
  "domain": "index.docker.io"
  "is_public": true
  "name": "docker_public"
  "ssl": true
- "auto_poll": false
  "disable_non_os_package_scanning": false
  "domain": "ghcr.io"
  "is_public": true
  "name": "github_public"
  "notification_type": "ghcr"
  "ssl": true
"scan_public_registries": true
"static_cache_location": "/opt/lacework"

Expected behavior
Bool values for registries in module input should continue to be bool and not converted to string when set in the config.yml secret.

Versions:

  • Terraform Version: [e.g. v1.3.3 ]
  • Module Version [e.g. v0.1.0]
@credibleforce credibleforce added the bug Something isn't working label Oct 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@credibleforce