Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Report: Unmanaged VTTablet config verification does not check credentials server for passwords #17476

Open
taneja-tj opened this issue Jan 8, 2025 · 0 comments
Open

Bug Report: Unmanaged VTTablet config verification does not check credentials server for passwords #17476

taneja-tj opened this issue Jan 8, 2025 · 0 comments
Labels
Needs Triage This issue needs to be correctly labelled and triaged Type: Bug

Comments

@taneja-tj
Copy link

Overview of the Issue

When trying to run a tablet in unmanaged mode, there is a bug in the config verification code where it doesn't check the credentials server for passwords and erroneously returns the following error -
invalid config: database app user password not specified

I am trying to deploy an unmanaged tablet to connect to an external DB while putting the passwords in a file and facing this issue, which stops the tablet from starting

I have identified the cause for this issue and created a working patch for the same
In go/vt/vttablet/tabletserver/tabletenv/config.go in the verifyUnmanagedTabletConfig function, we have the following snippet

if c.DB.App.Password == "" {
    return errors.New("database app user password not specified")
}

This DB field is pulled from the global DBConfig, which has the following UserConfigs here

App          UserConfig `json:"app,omitempty"`
Dba          UserConfig `json:"dba,omitempty"`
Filtered     UserConfig `json:"filtered,omitempty"`
Repl         UserConfig `json:"repl,omitempty"`
Appdebug     UserConfig `json:"appdebug,omitempty"`
Allprivs     UserConfig `json:"allprivs,omitempty"`

These configs are only populated using flags, registered here

This flow completely ignores the Credentials server which is hooked into the connection process inside the connector class by calling the withCredentials function, causing this issue

Reproduction Steps

Start VTTablet with the following flags -

vttablet  
    --unmanaged
    --db_app_user example_user
    --db_repl_user example_user
    ... (other user flags, but no passwords)
    --db-credentials-server file
    --db-credentials-file /path/to/file/secrets.json 
    <other necessary flags...>

Format the /path/to/file/secrets.json as expected by the creds server -

{
  "example_user": ["password-string-here"],
}

With these conditions, the tablet should pull passwords from the file and start up, but instead returns the error
invalid config: database app user password not specified

Binary Version

(VTTablet) v21.0.0 using go1.22.5 linux/amd64

Operating System and Environment details

OS Version     - Debian GNU/Linux 11 (bullseye)
Kernel version - Linux 6.1.53-1
Architecture   - x86_64

Log Fragments

W0108 12:54:36.112216   62468 log.go:39] Failed to read in config : Config File "vtconfig" Not Found in "[<local-path>]". This is optional, and can be ignored if you are not using config files. For a detailed explanation, see https://github.com/vitessio/vitess/blob/main/doc/viper/viper.md#config-files.
Error: invalid config: database app user password not specified
@taneja-tj taneja-tj added Needs Triage This issue needs to be correctly labelled and triaged Type: Bug labels Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs Triage This issue needs to be correctly labelled and triaged Type: Bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@taneja-tj