Skip to content

Vault Issue caused by passing nil check #295

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 11, 2025
Merged

Vault Issue caused by passing nil check #295

merged 3 commits into from
Aug 11, 2025
+9 −13

Conversation

aberinnj
Copy link
Member

@aberinnj aberinnj commented Aug 6, 2025
edited
Loading

  • Added a minor patch correcting the if-check for retrieving the username and password
time=2025-08-06T17:23:07.779Z level=INFO source=main.go:75 msg="FREE_INTERVAL end var is not present, will not periodically attempt to release memory"
time=2025-08-06T17:23:07.779Z level=INFO source=main.go:82 msg="RESTART_INTERVAL env var is not present, so will not restart myself periodically"
time=2025-08-06T17:23:07.779Z level=WARN source=config.go:175 msg="Configuring default database from CLI parameters is deprecated. Use of the '--config.file' argument is preferred. See https://github.com/oracle/oracle-db-appdev-monitoring?tab=readme-ov-file#standalone-binary"
time=2025-08-06T17:23:07.779Z level=INFO source=collector.go:54 msg="Initializing database" database=default
2025/08/06 17:23:12 Error returned by Secrets Service. Http Status Code: 400. Error Code: InvalidParameter. Opc request id: 2d9890aa915e8e2db177b62feb747771/6BAFA3D27E147ACC438756428D483DB5/5B97EA4B1A433CEEE2B6E7BCD3964F20. Message: query param secretName size must be between 1 and 255
Operation Name: GetSecretBundleByName
Timestamp: 2025-08-06 17:23:13 +0000 GMT
Client Version: Oracle-GoSDK/65.93.2
Request Endpoint: POST https://secrets.vaults.us-phoenix-1.oci.oraclecloud.com/20190301/secretbundles/actions/getByName?secretName=&vaultId=ocid1.vault.oc1.phx.eftfoyniaaahc.abyhqljstqhm23hznw7uanvqdcxrs4k34fspg5jg7cw3zylez5t5uzizb3fq
Troubleshooting Tips: See https://docs.oracle.com/iaas/Content/API/References/apierrors.htm#apierrors_400__400_invalidparameter for more information about resolving this error.
Also see https://docs.oracle.com/iaas/api/#/en/secretretrieval/20190301/SecretBundle/GetSecretBundleByName for details on this operation's requirements.
To get more info on the failing request, you can set OCI_GO_SDK_DEBUG env var to info or higher level to log the request/response details.
If you are unable to resolve this Secrets issue, please contact Oracle support and provide them this full error message.

Expected Behavior

Only the password secret is provided, retrieve only the password.

Actual Behavior

Both username and password are being retrieved, when only the password details is provided.
The second check without the necessary secretName causes the error in the Vault Request.

The Issue

The check here will cause an issue, if OCIConfig is defined, even with just the VaultID and now username or password secrets -- causing the nil check here to pass and therefore request the username and password from the vault.

@oracle-contributor-agreement oracle-contributor-agreement bot added the OCA Verified All contributors have signed the Oracle Contributor Agreement. label Aug 6, 2025
@aberinnj
Copy link
Member Author

aberinnj commented Aug 6, 2025
edited
Loading

In the config.go

		dbconfig.Vault = &VaultConfig{
			OCI: &OCIVault{
				ID: ociVaultID,
				// For the CLI, only the password may be loaded from a secret. If you need to load
				// both the username and password from OCI Vault, use the exporter configuration file.
				PasswordSecret: os.Getenv("OCI_VAULT_SECRET_NAME"),
			},
		}

tells me the Username will always be an empty string, perhaps we need to replace the environment variables first and add one for username in order to support username retrieval from the vault.

@andytael
Copy link
Member

andytael commented Aug 6, 2025

@aberinnj If you need to load both the username and password from OCI Vault, use the exporter configuration file.

@aberinnj
Copy link
Member Author

aberinnj commented Aug 6, 2025

@andytael I don't, only the password, hence the issue. I think the problem will remain given the code referenced

@andytael
Copy link
Member

andytael commented Aug 6, 2025

Wonder if this is the same problem #286

@aberinnj
Copy link
Member Author

aberinnj commented Aug 6, 2025
edited
Loading

@andytael Yes, same issue, same problem caused by the same issue above, a vault request for the username is made when no username secret is supplied, leading to the an empty secretName in the POST

@andytael
Copy link
Member

andytael commented Aug 6, 2025

@aberinnj Have you tested this in your environment and it works as expected?

@aberinnj
Copy link
Member Author

aberinnj commented Aug 8, 2025

Yes, done

@anders-swanson anders-swanson merged commit e4cba9e into oracle:main Aug 11, 2025
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@anders-swanson anders-swanson anders-swanson approved these changes

Assignees
No one assigned
Labels
OCA Verified All contributors have signed the Oracle Contributor Agreement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aberinnj @andytael @anders-swanson