uaa icon indicating copy to clipboard operation
uaa copied to clipboard
verified publisher icon cloudfoundry

Unable to use environment variables in uaa.yml

Open chrisjtraver opened this issue 7 years ago • 4 comments

What version of UAA are you running?

4.10.0

How are you deploying the UAA?

I am deploying the UAA locally using ./gradlew run

What did you do?

I am trying to use environment variables to define user_ids, passwords, client_ids, client_secrets, etc. externally instead of hard-coding them in plaintext in the uaa.yml file.

What did you expect to see? What goal are you trying to achieve with the UAA?

I expected the environment variables to be resolved in the uaa.yml file correctly instead of being interpreted literally as a string representation of the variable name.

What did you see instead?

The environment variables were not resolved and instead were interpreted literally as a string of the variable name instead. For example, here I am trying to set user_id and password using environment variables...

scim:
  users:
    - ${UAA_USER_ID}|${UAA_USER_PASSWORD}

Above creates a user with credentials as strings ${UAA_USER_ID} and ${UAA_USER_PASSWORD}

However, environment variables work correctly when configuring the Postgres database in uaa.yml

spring_profiles: postgresql,default

database:
  driverClassName: org.postgresql.Driver
  url: jdbc:postgresql://postgres:5432/uaa
  username: ${POSTGRES_USER}
  password: ${POSTGRES_PASSWORD}

In the above, both ${POSTGRES_USER} and ${POSTGRES_PASSWORD} are resolved correctly

Additional Comments

I have noticed two other issues related to a similar problem (#337 & #483). However, it seems that there is still no straightforward way to define variables externally that you don't want to be hard-coded in plaintext in uaa.yml. If there is an easy way to accomplish this, please let me know!

chrisjtraver avatar Oct 01 '18 16:10 chrisjtraver

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/160897760

The labels on this github issue will be updated when the story is started.

cf-gitbot avatar Oct 01 '18 16:10 cf-gitbot

Hi , I m having similar issue. Not able to use use environment variables inside uaa.yml as i need to pass client secret values via environment variables.

Tataraovoleti avatar Aug 27 '19 06:08 Tataraovoleti

Workaround for those who try to run UAA with use of Docker Compose:

  1. Declare a placeholder in uaa.yml file:
oauth:
  clients:
    admin:
      redirect-uri: #{REDIRECT_URI}
  1. Create a Dockerfile. Before starting Tomcat execute sed command that will replace the placeholder in YAML file with the environment variable:
FROM tomcat:8.5

ARG REDIRECT_URI

ENV UAA_CONFIG_PATH=/usr/local/tomcat/webapps

WORKDIR /usr/local/tomcat/webapps
RUN wget -O uaa.war "https://repo1.maven.org/maven2/org/cloudfoundry/identity/cloudfoundry-identity-uaa/4.30.0/\
cloudfoundry-identity-uaa-4.30.0.war"

COPY config/uaa.yml ${UAA_CONFIG_PATH}/uaa.yml

CMD sed -i "s|#{REDIRECT_URI}|${REDIRECT_URI}|g" ${UAA_CONFIG_PATH}/uaa.yml && \
/usr/local/tomcat/bin/catalina.sh run

EXPOSE 8080
  1. Add variable in environment section:
version: '3'

services:
  authorization-server:
    build:
      context: ./
    environment:
      REDIRECT_URI: http://my-url.com
    ports:
      - 8080:8080

elijah-pl avatar Sep 21 '19 17:09 elijah-pl

Hi @elijah-pl , Thanks for sharing. Since we are using docker we fallowed same.

- docker build -t uaa --build-arg TEST_SEC_MASK=${TEST_SEC_MASK}

We set TEST_SEC_MASK value in gitlab ci cd pipeline variables.

Tataraovoleti avatar Sep 24 '19 05:09 Tataraovoleti