Add support for environment variable injection in kibana.yml #16988
Conversation
|
Since this is a community submitted pull request, a Jenkins build has not been kicked off automatically. Can an Elastic organization member please verify the contents of this patch and then kick off a build manually? |
src/server/config/config.js
Outdated
| } | ||
|
|
||
| // attempt to validate the config value | ||
| this._commit(config); | ||
| } | ||
|
|
||
| _replaceEnvVars(value) { |
There was a problem hiding this comment.
Can we add tests for all of these cases in addition to the env variable not being specified?
There was a problem hiding this comment.
- OK, I will add a test when env variable is not specified.
- Then, for additional cases, currently,
_.isString(value)and_.isArray(value)are covered. Only_.isPlainObject(value)is not covered. I will change the test to cover it.
src/server/config/config.js
Outdated
| @@ -61,13 +61,25 @@ export class Config { | |||
| if (_.isPlainObject(key)) { | |||
| config = override(config, key); | |||
There was a problem hiding this comment.
- Question : should I replace
override(config, key)byoverride(config, _replaceEnvVars(key))?
There was a problem hiding this comment.
I'm not entirely sure what it's used for, maybe testing. @spalger do you know?
There was a problem hiding this comment.
Not sure it is used. Gut feeling is it was just an "expected" behavior of a method like this.
There was a problem hiding this comment.
@spalger
So, should I replace override(config, key) by override(config, _replaceEnvVars(key)) ?
There was a problem hiding this comment.
My recommendation from #16988 (comment) is to move all of this into https://github.com/elastic/kibana/blob/master/src/cli/serve/read_yaml_config.js and do it once when reading kibana.yml from the file system
There was a problem hiding this comment.
@spalger
OK, I will do so.
Thanks for this first review.
|
@tylersmalley |
|
Hi @tylersmalley,
Is it OK for you ? |
|
Hi @tylersmalley, |
|
@fbaligand, thanks for the updates. Hope to get to reviewing this soon. |
|
Thanks, I hope so too ! :) |
|
Just took a cursory look, but think I'd prefer that this was implemented in https://github.com/elastic/kibana/blob/master/src/cli/serve/read_yaml_config.js so that replacement like this only occured when reading the config file. I would be quite surprised by this behavior if I was calling |
fbaligand
force-pushed
the
env-var-injection
branch
from
892b934 to
6c61584
Compare
|
I just rebased my code to merge conflicts with master branch. |
fbaligand
force-pushed
the
env-var-injection
branch
from
6c61584 to
68e1da5
Compare
|
@spalger |
|
Great @spalger ! => @tylersmalley @jbudz could you review/approve the code ? |
|
Jenkins, test this |
💚 Build Succeeded |
src/cli/serve/read_yaml_config.js
Outdated
| function _replaceEnvVarRefs(val) { | ||
| return val.replace(/\$\{(\w+)\}/g, (match, envVarName) => { | ||
| if (process.env[envVarName] !== undefined) { | ||
| return process.env[envVarName]; |
There was a problem hiding this comment.
I would prefer if we _.escaped this by default, and any configuration that needs it unescaped can do so. Thoughts?
There was a problem hiding this comment.
@jbudz
So you want to replace return process.env[envVarName];
by return _.escape(process.env[envVarName]); ?
No problem for me, but can you explain me why ? I mean : at this point, the yaml file is already parsed.
Maybe it could be an issue for server.basePath option if user wants to use & character ?
There was a problem hiding this comment.
Yeah, I don't think we want to escape HTML entities in the config values. People using this feature need to take care that they inject the correct value and Joi will take care of ensuring that it's a valid value.
I was initially concerned about non-string values, but realized Joi also parses JSON values in an attempt to coerce the value to the desired type, so to set a boolean value you can do:
some.boolean: "${MY_ENV_VAR}"and
MY_ENV_VAR=true bin/kibanaAnd Joi will correctly convert the valid JSON so that
config.get('some.boolean') === trueThere was a problem hiding this comment.
in practice I can't think of anything realistic, it's mostly how I operate. I'l defer on this.
There was a problem hiding this comment.
I agree with @spalger
In an option like elasticsearch.customHeaders, people want that the final value is exactly what they type. And value can contain some special characters like &.
src/cli/serve/read_yaml_config.js
Outdated
| @@ -19,6 +28,10 @@ export function merge(sources) { | |||
| return; | |||
| } | |||
|
|
|||
| if (isString(val)) { | |||
| val = _replaceEnvVarRefs(val); | |||
There was a problem hiding this comment.
Looks like this line is mixing tabs and spaces. Also, would you mind just inlining the _replaceEnvVarRefs() function here or removing the leading _ from it's name?
|
@spalger |
fbaligand
force-pushed
the
env-var-injection
branch
from
086539b to
ce122fb
Compare
|
test it please |
💚 Build Succeeded |
|
Jenkins build is OK => nice ! => @tylersmalley, could you approve the PR ? |
|
6.x/6.3: 6d70217 |
|
Thanks @fbaligand! |
|
Thanks @tylersmalley for the merge ! |
This PR lets support for environment variable injection in kibana.yml, using syntax
${MY_ENV_VAR}.Fixes #6688