toolshed/organising
toolshed/organising
8
1
Fork 0
Code Issues 120 Pull Requests Releases Activity

Removing and re-creating app uses old secrets #448

New Issue
Closed
opened 2023-04-21 17:25:35 +00:00 by iexos · 2 comments
iexos commented 2023-04-21 17:25:35 +00:00
Copy Link

Steps to reproduce

  • abra app new nextcloud -s <server> -D <domain>
  • abra app secret generate <domain> -a
  • take note of secrets
  • abra app deploy <domain>
  • login using admin_password -> works
  • abra app undeploy <domain>
  • abra app remove <domain>
  • abra app new nextcloud -s <server> -D <domain>
  • abra app secret generate <domain> -a
  • take also note of these secrets
  • abra app deploy <domain>
  • login using new admin_password -> doesn't work
  • login using old admin_password -> works

fun fact: /run/secrets/ in the running containers shows the new passwords, but it was configured with the old passwords (as you can see with db_password in nextcloud's config.php). Something weird with docker secrets going on i guess

Is this what is meant with "docker secrets are immutable"? The thing is, if I didn't commit the first deployment, I have no way of knowing which secret versions have been used yet.

### Steps to reproduce - `abra app new nextcloud -s <server> -D <domain>` - `abra app secret generate <domain> -a` - take note of secrets - `abra app deploy <domain>` - login using admin_password -> works - `abra app undeploy <domain>` - `abra app remove <domain>` - `abra app new nextcloud -s <server> -D <domain>` - `abra app secret generate <domain> -a` - take also note of these secrets - `abra app deploy <domain>` - login using new admin_password -> doesn't work - login using old admin_password -> works fun fact: /run/secrets/ in the running containers shows the new passwords, but it was configured with the old passwords (as you can see with db_password in nextcloud's config.php). Something weird with docker secrets going on i guess Is this what is meant with "docker secrets are immutable"? The thing is, if I didn't commit the first deployment, I have no way of knowing which secret versions have been used yet.
iexos added the
bug
 label 2023-04-21 17:25:36 +00:00
iexos changed title from Removing an re-creating app uses old secrets to Removing and re-creating app uses old secrets 2023-04-21 17:26:30 +00:00
iexos commented 2023-04-23 13:38:03 +00:00
Author
Copy Link

After some more testing I realize, this has nothing to do with secrets per se, but with abra remove not removing volumes. And then they are reused with the old configuration. This is a bug, no?

After some more testing I realize, this has nothing to do with secrets per se, but with `abra remove` not removing volumes. And then they are reused with the old configuration. This is a bug, no?
iexos commented 2023-04-23 13:48:17 +00:00
Author
Copy Link

Ok, and now i see this has been fixed in ee4315adb3

Ok, and now i see this has been fixed in https://git.coopcloud.tech/coop-cloud/abra/commit/ee4315adb3be29e1872eb0e1d328763b49649aa9
iexos closed this issue 2023-04-23 13:48:18 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
abra
Everything to do with abra
abra-gandi
Abra Gandi plugin
awaiting-feedback
Ping/pong on comms
backups
bug
Something is not working
build
Go build related issues
ci/cd
Getting the robots into the mix
community organising
Opening this thing up
contributing
Contributors stuff
coopcloud.tech
Our main website
democracy
Democratic decision making
design
Design thinking required
documentation
Let's write things together
duplicate
This issue or pull request already exists
enhancement
New feature
finance
Money things
funding
Anything related to grant funding
good first issue
Easy start with development
help wanted
Need some help
installer
Installation related issues
kadabra
performance
Performance related
proposal
Large change which requires feedback & decisin making
question
More information is needed
recipes.coopcloud.tech
Our recipes catalogue
security
Securing our shit
test
Unit or integration test suite
wontfix
This won't be fixed
No Label
bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant abra-bot ammaratef45 Apfelwurm carla cas decentral1se fauno kawaiipunk knoflook lambdabundesverband moritz p4u1 simon trav val yksflip
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: toolshed/organising#448
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?