使用Ansible Playbook Bundles时指定使用https://github.com/openshift/ansible-service-broker/blob/master/docs/secrets.md机密
但是,多行机密似乎无法正常工作。
如果通过create_broker_secret.py添加了机密,则多行机密在解析为Playbook包参数时会将其换行符更改为空格。
如果机密是按照以下方式手动添加的:
---
apiVersion: v1
kind: Secret
metadata:
name: test
namespace: openshift-automation-service-broker
stringData:
"test1": "test1"
"test2": "test2"
"test_multiline": |-
-----BEGIN RSA PRIVATE KEY-----
<FIRST LINE OF THE SSH KEY>
<SECOND LINE OF THE SSH KEY>
Ansible Playbook捆绑包在加载机密YAML文件时会看到错误,就像它使用换行符来分隔机密一样:
ERROR! Syntax Error while loading YAML.
could not find expected ':'
The error appears to have been in '/tmp/secrets': line 6, column 1, but may
be elsewhere in the file depending on the exact syntax problem.
The offending line appears to be:
<FIRST LINE OF THE SSH KEY>
<SECOND LINE OF THE SSH KEY>
^ here
使用SSH密钥时,此问题非常令人沮丧。
您知道如何与Ansible Broker一起使用多行机密吗?
我注意到Ansible Playbook Bundle代码似乎存在错误。
for key in ${mounted_secrets} ; do
for file in $(ls ${SECRETS_DIR}/${key}/..data); do
echo "$file: $(cat ${SECRETS_DIR}/${key}/..data/${file})" >> /tmp/secrets
done
done
从这段代码中可以看出,仅使用cat
复制已安装的机密,而忽略了其中某些可能是多行字符串块的事实。
欢迎任何错误解决方法。