I am setting up a .Net Standard app to get secrets from an Azure secret vault. This is running on my local machine, so any Environment reference is to the local environment on my machine.
public string GetSecret()
{
var credential = new DefaultAzureCredential(new DefaultAzureCredentialOptions { ExcludeAzureCliCredential = true, ExcludeAzurePowerShellCredential = true, ExcludeInteractiveBrowserCredential = true, ExcludeManagedIdentityCredential = true, ExcludeSharedTokenCacheCredential = true, ExcludeVisualStudioCodeCredential = true, ExcludeVisualStudioCredential = true });
secretClient = new SecretClient(new Uri(BASESECRETURI),credential);
KeyVaultSecret secret = secretClient.GetSecret(_secretRequest.SecretName);
return secret.Value;
}
I have set up my environment variables, both user and system:
Yet when I run it, it pulls the environment values from...I don't know where.
If I programmatically set the values on run (Environment.SetEnvironmentVariable("AZURE_TENANT_ID","89aa..."), etc.), before it get the DefaultAzureCredential, it is set correctly!
Does anyone know where it is getting the values, or how I can set the environment variables correctly so they are fetched by DefaultAzureCredential()?
Related
I'm new to AWS CDK and what I need is to deploy around 10 function that are currently stored as zip file inside a S3 Bucket
Here's the portion of the code I use
public class CdkWorkshopStack : Stack
{
public CdkWorkshopStack(Construct scope, string id, IStackProps props = null) : base(scope, id, props)
{
var deployBucket = new Bucket(this, "deploy-stack1");
var bucketKey = "xxx-3496f166-0f1d-40b4-8766-c5d29e4950ff.zip";
var xxx= new Function(this, "CdkWorkshopLambda", new FunctionProps
{
Runtime = Runtime.DOTNET_6,
Code = Code.FromBucket(bucket: deployBucket, key: bucketKey),
Handler = "app.handler",
Environment = new Dictionary<string, string>
{
["DELETE_S3_FILE_AFTER_PROCESSING"] = "true",
["TMP_DOWNLOAD_BUCKET"] = "content-temporary-files"
},
FunctionName = "xxx",
Architecture = Architecture.X86_64,
Description = "Calculates the xxx for a given filename"
});
Now my problem is the following, I need to read from a bucket that's now present in the enviorment I'm creating (since the bucket can be considered as a repo)
how can I specify a bucket that's external to the account/region?
Thanks in advance
By using Bucket.fromBucketArn and providing the ARN.
You'll have to make sure you have the required rights to access this bucket cross-account.
An environment variable like DISABLE_APPLICATION_NAME is optional. The APPLICATION_NAME is the name of the application. Inside our Jenkinsfile we have a loop where the "application name" is stored inside a variable "application_name". I left the loop and other code away, in the example below, but it should be sufficient to give an idea of what I try to accomplish.
I would like to check if the environment variable DISABLE_<application_name> exists and is set to TRUE or FALSE.
pipeline {
stages {
DISABLE_APPLICATION_TEST = True
}
steps {
deploy()
}
}
void deploy() {
application_name = "APPLICATION_TEST"
disable_variable = "DISABLE_${application_name}"
if(env."${disable_variable}"){
disable = env."${disable_variable}"
}else{
disable = False
}
}
This doesn't work, but is there any way to check if an environment variable exists, based on the contents of another variable? So like env["${env_name_stored_in_variable}"] ?
I am using Packer to generate an image on Google Compute Engine, and Terraform to create the instance. I have set this metadata:
key: env_vars
value: export test=10
Packer is using a script with something like this inside:
curl "http://metadata.google.internal/computeMetadata/v1/project/attributes/env_vars?recursive=tru&alt=text" -H "Metadata-Flavor: Google" -o /tmp/env_vars.sh
source /tmp/env_vars.sh # or . /tmp/env_vars.sh
The problem is that when I create an instance using this image through Terraform the env variables are not available. That means, If I run printenv or echo $test, it is empty.
Even if I write a startup-script for the instance, it doesn't work.
But, if I run the same exact script inside the instance via SSH, it does work.
In all scenarios described above, the file env_vars.sh is created.
I just want to set the env vars from my metadata for any instance.
Any suggestion on how can I achieve this?
EDIT:
Here's the terraform code:
# create instance
resource "google_compute_instance" "default" {
count = 1
name = var.machine_name
machine_type = var.machine_type
zone = var.region_zone
tags = ["allow-http-ssh-rule"]
boot_disk {
initialize_params {
image = var.source_image
}
}
network_interface {
network = "default"
access_config {
// Ephemeral IP
}
}
}
I have reproduced your issue in my own project, and you are right it seems that exportdoes not work on the strat-up script.
I also tried creating a start-up script in a bucket but it does not work.
On the other hand I was able to set the env var in my project:
I’m using a debian-9 image, so, I edited the /etc/profile to add the env vars.
I use the following code to create my VM with env variables:
provider "google" {
project = "<<PROJECT-ID>>"
region = "us-central1"
zone = "us-central1-c"
}
resource "google_compute_instance" "vm_instance" {
name = "terraform-instance"
machine_type = "f1-micro"
boot_disk {
initialize_params {
image = "debian-cloud/debian-9"
}
}
network_interface {
# A default network is created for all GCP projects
network = "default"
access_config {
}
}
# defining metadata
metadata = {
foo = "bar"
}
metadata_startup_script = "echo ENVVAR=DEVELOPMENT2 >> /etc/profile"
}
After the creation of my instance I was able to see the correct values:
$ echo $ENVVAR
DEVELOPMENT2
I am using Postman v6.1.4. I am using environment variables heavily. But it appears that pm.environment.get() is not evaluating embedded variables.
I have the following env vars defined in the environment:
addFavDest1:{"ownerId":"{{addFavDest1_ownerId}}","url":"{{addFavDest1_url}}",...}
...
addFavDestArray1:[{{addFavDest1}},{{addFavDest2}},{{addFavDest3}}]
The request body of my API contains:
{{addFavDestArray1}}
The request is sent successfully, with the data I expect, evaluating all of the embedded variables in my environment.
However, when I try to access that env var in my test script, the embedded variables are not being evaluated. For instance, the following:
var addFavDestArray1 = pm.environment.get('addFavDestArray1')
Returns [{{addFavDest1}},{{addFavDest2}},{{addFavDest3}}], with the variables not evaluated.
Is there some way to have the embedded variables evaluated in the environment?
So, in order to handle this situation, I created the following common function that I call from all my tests instead of pm.environment.get('var1') or environment['var1] or environment.var1.
/* funcGetAndEvalEnvVar */
var funcGetAndEvalEnvVar = (varName) => {
const EMBEDDED_VAR_REGEX = new RegExp(`{{\\w+}}`, 'g');
var varValue = environment[varName];
var evalVarValue = varValue;
var reMatch;
while (reMatch = EMBEDDED_VAR_REGEX.exec(varValue)) {
var embeddedVar = reMatch[0];
var embeddedVarName = embeddedVar.slice(2, -2);
if (environment.hasOwnProperty(embeddedVarName)) {
var embeddedVarValue = funcGetAndEvalEnvVar(embeddedVarName);
evalVarValue = evalVarValue.replace(new RegExp(embeddedVar, 'g'), embeddedVarValue);
}
}
return evalVarValue;
};
So have set up a couple of values in the groovy.config file which I want for my application.
Set them as follows:
environments {
development {
grails.logging.jul.usebridge = true
reslist = ['1400x1200','1200x1024','1024x800','800x600']
resdef = '1024x800'
mapregs = ['World', 'Europe', 'Asia', 'South America','Central America', 'Pacific','Africa']
mapdef = 'World'
Then I try to access them in a controller
if ( params.mapreq == null) {
mapreq = grailsApplication.config.grails.mapdef
} else {
mapreq = params.mapreq
}
It seems to work (kind a) I get something back, but looks like an object pointer in the format
groovy.util.ConfigObject#3764a904
Tried changing it to getFlatConfig
if ( params.mapreq == null) {
mapreq = grailsApplication.getFlatConfig.grails.mapdef
} else {
mapreq = params.mapreq
}
At which point I get a "No such property: getFlatConfig when trying to access configuration" instead
So any suggestions?
Also, would the same solution work for getting the lists (like the mapregs one)?
grailsApplication.config.grails.mapdef should be grailsApplication.config.mapdef since mapdef is at the top level of the config (within that environment block). Since there's nothing stored under grails.mapdef, the value will be a new ConfigObject. That's why config.a.b.c.d=1 works - each time you access a new level that doesn't exist, Groovy automatically creates a new ConfigObject to hold the value being set, but if you're getting and not setting, you end up with just the empty instance.
The 2nd one doesn't work because getFlatConfig should be getFlatConfig() or flatConfig. But you can't use the ConfigObject-style dots with the flat config because it's flattened. If mapdef was actually under grails you'd access it as grailsApplication.flatConfig.'grails.mapdef' or grailsApplication.flatConfig['grails.mapdef']. But like the other one it's not, so you'd use grailsApplication.flatConfig.mapdef.