Google Deployment Manager存储的运行时配置变量似乎已损坏

时间:2018-07-12 11:10:07

标签: google-cloud-platform google-deployment-manager google-cloud-kms

我无法通过runtimeconfig.v1beta1.config资源声明在Google部署管理器中使用的加密base64编码值。

执行部署后,使用Deployment Manager存储的值似乎与使用gcloud beta runtime-configs检索的值完全不同。结果,我无法解密该值。

首先,我加密并用base64编码了一些秘密文本:

$ echo "secret"|gcloud kms encrypt --key my-crypto-key \
  --keyring my-keyring --location australia-southeast1 \
  --plaintext-file - --ciphertext-file - | base64 -w0

CiQAsOSNmVXBs2ayUjRePnE5+Oi5dUPuVvjn6UKKUXgxMTA56koSMABDkVUGnXlocFgdUEsQ5qLCF3PVIz5zit+ZCSXjSvNzEAO5XRv6WBRkxBJMjVcheg==

然后我将其存储在Deployment Manager中的YAML文件中:

resources:
- name: my-config
  type: runtimeconfig.v1beta1.config
  properties:
    config: my-config
    description: "A demo configuration"

- name: dummy-secret
  type: runtimeconfig.v1beta1.variable
  properties:
    parent: $(ref.my-config.name)
    variable: 'dummy/secret'
    value: "CiQAsOSNmVXBs2ayUjRePnE5+Oi5dUPuVvjn6UKKUXgxMTA56koSMABDkVUGnXlocFgdUEsQ5qLCF3PVIz5zit+ZCSXjSvNzEAO5XRv6WBRkxBJMjVcheg=="

然后,我创建部署(该部署不会出现错误或警告):

$ gcloud deployment-manager deployments create my-config \
  --config my-config.yaml

但是当我尝试提取变量值时,它与我存储的值完全不同:

$ gcloud beta runtime-config configs variables \
  get-value 'dummy/secret' --config-name my-config|base64 -w0
CiQAPz8/P1U/P2Y/UjRePnE5Pz8/dUM/Vj8/P0I/UXgxMTA5P0oSMABDP1UGP3locFgdUEsQPz8/F3M/Iz5zPz8/CSU/Sj9zEAM/XRs/WBRkPxJMP1cheg==

这是可重复的/可复制的,我不知道我在做什么错。使用gcloud beta runtime-config variables set后面紧跟get-value,我没有这个问题。

1 个答案:

答案 0 :(得分:0)

查看内容的已解码base64二进制文件,我们注意到所有值> = 0x80的字节都已更改为0x3F,ASCII为'?'。我们怀疑您是通过外壳程序或其他不干净的管道传递二进制数据。

损坏的值:

dierks@dierks:~$ base64 -d | hexdump -C
CiQAPz8/P1U/P2Y/UjRePnE5Pz8/dUM/Vj8/P0I/UXgxMTA5P0oSMABDP1UGP3locFgdUEsQPz8/F3M/Iz5zPz8/CSU/Sj9zEAM/XRs/WBRkPxJMP1cheg==
00000000  0a 24 00 3f 3f 3f 3f 55  3f 3f 66 3f 52 34 5e 3e  |.$.????U??f?R4^>|
00000010  71 39 3f 3f 3f 75 43 3f  56 3f 3f 3f 42 3f 51 78  |q9???uC?V???B?Qx|
00000020  31 31 30 39 3f 4a 12 30  00 43 3f 55 06 3f 79 68  |1109?J.0.C?U.?yh|
00000030  70 58 1d 50 4b 10 3f 3f  3f 17 73 3f 23 3e 73 3f  |pX.PK.???.s?#>s?|
00000040  3f 3f 09 25 3f 4a 3f 73  10 03 3f 5d 1b 3f 58 14  |??.%?J?s..?].?X.|
00000050  64 3f 12 4c 3f 57 21 7a                           |d?.L?W!z|
00000058

原始值:

dierks@dierks:~$ base64 -d | hexdump -C
CiQAsOSNmVXBs2ayUjRePnE5+Oi5dUPuVvjn6UKKUXgxMTA56koSMABDkVUGnXlocFgdUEsQ5qLCF3PVIz5zit+ZCSXjSvNzEAO5XRv6WBRkxBJMjVcheg==
00000000  0a 24 00 b0 e4 8d 99 55  c1 b3 66 b2 52 34 5e 3e  |.$.....U..f.R4^>|
00000010  71 39 f8 e8 b9 75 43 ee  56 f8 e7 e9 42 8a 51 78  |q9...uC.V...B.Qx|
00000020  31 31 30 39 ea 4a 12 30  00 43 91 55 06 9d 79 68  |1109.J.0.C.U..yh|
00000030  70 58 1d 50 4b 10 e6 a2  c2 17 73 d5 23 3e 73 8a  |pX.PK.....s.#>s.|
00000040  df 99 09 25 e3 4a f3 73  10 03 b9 5d 1b fa 58 14  |...%.J.s...]..X.|
00000050  64 c4 12 4c 8d 57 21 7a                           |d..L.W!z|