Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenCTI: EnvFromSecret variable not taking precedence over normal env in chart #50

Merged
merged 1 commit into from
Apr 11, 2024

Conversation

estemendoza
Copy link
Contributor

@estemendoza estemendoza commented Apr 8, 2024

Current Behaviour

I am using the OpenCTI chart to install a connector and I am having some issues when setting env vars from secrets.

I am customising the deployment of the chart with the following values.yaml:

connectors:
  - name: connector-import-file-stix
    enabled: true
    image:
      repository: opencti/connector-import-file-stix
    env:
      CONNECTOR_ID: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
      CONNECTOR_TYPE: INTERNAL_IMPORT_FILE
      CONNECTOR_NAME: ImportFileStix
      CONNECTOR_VALIDATE_BEFORE_IMPORT: "true"
      CONNECTOR_SCOPE: application/json,text/xml
      CONNECTOR_AUTO: "true"
      CONNECTOR_CONFIDENCE_LEVEL: 15
      CONNECTOR_LOG_LEVEL: info
    envFromSecrets:
      OPENCTI_TOKEN:
        name: admin-credentials
        key: api-token

But when I generate the configuration using the chart, I get the following results

containers:
        - name: connector-import-file-stix-connector
          securityContext:
            null
          image: "opencti/connector-import-file-stix:6.0.5"
          imagePullPolicy: IfNotPresent
          env:
          # Variables in plain text
          - name: OPENCTI_URL
            value: "http://cti-opencti-server:80"
          - name: OPENCTI_TOKEN
            value: "ChangeMe"
          - name: CONNECTOR_AUTO
            value: "true"
          - name: CONNECTOR_CONFIDENCE_LEVEL
            value: "15"
          - name: CONNECTOR_ID
            value: "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
          - name: CONNECTOR_LOG_LEVEL
            value: "info"
          - name: CONNECTOR_NAME
            value: "ImportFileStix"
          - name: CONNECTOR_SCOPE
            value: "application/json,text/xml"
          - name: CONNECTOR_TYPE
            value: "INTERNAL_IMPORT_FILE"
          - name: CONNECTOR_VALIDATE_BEFORE_IMPORT
            value: "true"

          # Variables from secrets
          - name: OPENCTI_TOKEN
            valueFrom:
              secretKeyRef:
                name: admin-credentials
                key: api-token
          resources:
            null

Notice how OPENCTI_TOKEN is duplicated in the env variables and once it is deployed, it ignores the variable configured from the secret. It is configuring the default value and also the custom value.

Note: This also happens for the server and worker deployments.

Expected Behaviour

Environmental variables shouldn't be duplicated and if they are duplicated, the ones from the secrets should take precedence.

@ialejandro ialejandro self-requested a review April 10, 2024 11:39
@ialejandro ialejandro self-assigned this Apr 10, 2024
@ialejandro ialejandro added bug Something isn't working enhancement New feature or request labels Apr 10, 2024
@ialejandro ialejandro merged commit c9dfd01 into devops-ia:main Apr 11, 2024
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants