fix: support more than 10 secrets versions on gcp_secret_manager #634

kuisathaverat · 2024-05-23T10:55:54Z

SUMMARY

The gcp_secret_manager module and gcp_secret_manager lookup do not support more than 10 secrets versions when you try to get the latest version. The problem is that it sorts the paths before getting the version, so somepath/12 is smaller than somepath/9, so it always returns 9 as the latest version.

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME

gcp_secret_manager

ADDITIONAL INFORMATION

The following steps expose the issue:

Create a secret
Add 10 or more versions
get the latest versions with the module or the lookup

The following script create a test case with both issues.

#!/usr/bin/env bash

gcloud secrets create test-10-versions --replication-policy="automatic"
for i in {1..10}
do
    echo "Secret version $i" > ./file.txt
    gcloud secrets versions add test-10-versions --data-file="${PWD}/file.txt"
done
rm ./file.txt

cat > playbook.yml <<EOF
---
- name: Custom Destroy
  hosts: localhost
  connection: local
  gather_facts: true
  tasks:
    - name: Get Secret version 10
      debug:
        msg: |
          version 10: {{ lookup('google.cloud.gcp_secret_manager', key='test-10-versions', version=10) }}
    - name: Get Secret version 9
      debug:
        msg: |
          version 9: {{ lookup('google.cloud.gcp_secret_manager', key='test-10-versions', version=9) }}
    - name: Get Secret version latest
      debug:
        msg: |
          version latest: {{ lookup('google.cloud.gcp_secret_manager', key='test-10-versions') }}
EOF

export GCP_PROJECT=$(gcloud config get-value project)
export GCP_AUTH_KIND=accesstoken
export GCP_ACCESS_TOKEN=$(gcloud auth print-access-token)

ansible-playbook playbook.yml 


cat > playbook2.yml <<EOF
---
- name: Custom Destroy
  hosts: localhost
  connection: local
  gather_facts: true
  tasks:
    - name: Get Secret version latest
      google.cloud.gcp_secret_manager:
        name: test-10-versions
        state: present
        return_value: true
EOF

ansible-playbook -vv playbook2.yml

fix: support more than 10 secrets versions on gcp_secret_manager

f714022

SirGitsalot approved these changes Aug 1, 2024

View reviewed changes

SirGitsalot merged commit d2aaad7 into ansible-collections:master Aug 1, 2024

mariolenz mentioned this pull request Aug 10, 2024

New release? #642

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: support more than 10 secrets versions on gcp_secret_manager #634

fix: support more than 10 secrets versions on gcp_secret_manager #634

kuisathaverat commented May 23, 2024 •

edited

Loading

fix: support more than 10 secrets versions on gcp_secret_manager #634

fix: support more than 10 secrets versions on gcp_secret_manager #634

Conversation

kuisathaverat commented May 23, 2024 • edited Loading

SUMMARY

ISSUE TYPE

COMPONENT NAME

ADDITIONAL INFORMATION

kuisathaverat commented May 23, 2024 •

edited

Loading