Using multi line environment variable in stack.yml results in an error

[amitlevy21]

My actions before raising this issue

• Followed the troubleshooting guide
• Read/searched the docs
• Searched past issues saw Build returns "docker build" requires exactly 1 argument with particular build-arg values #392 but it doesn't use the build arg in the yaml file.

I want to stress out that I cannot use k8s secrets as this is a build argument required for the container build.

I have a multi line environment variable $RSA containing RSA key that I need to pass as a build argument to Docker.
The command faas-cli build / up --build-arg RSA=${RSA} works. However if I tried to the following it doesn't:

# stack.yml
version: 1.0
provider:
  name: openfaas
  gateway: http://127.0.0.1:8080
functions:
  myfn:
    lang: dockerfile
    handler: .
    image: localhost:5000/myfn:latest
    build_args:
      RSA: ${RSA}

Expected Behaviour

RSA build argument should contain the environment variable value from my shell.

Current Behaviour

The following error occurs:

❯ faas-cli up
Error with YAML file
Yaml: line 15: could not find expected ':'

Possible Solution

I can use the same environment variable without issues in docker-compose.yml:

myservice:
    build:
      context: .
      args:
        RSA: ${RSA}

Steps to Reproduce (for bugs)

1. faas-cli new --lang python3 myfn
2. Rename myfn.yml to stack.yml
3. Edit stack.yml and replace with the given configuration above.
4. export RSA=$(cat $HOME/.ssh/my_rsa)
5. faas-cli up
6. Error should be shown.

Context

Your Environment

• FaaS-CLI version ( Full output from: faas-cli version ):

❯ faas-cli version

CLI:
 commit:  598336a0cad38a79d5466e6a3a9aebab4fc61ba9
 version: 0.12.21

Gateway
 uri:     http://127.0.0.1:8080
 version: 0.20.2
 sha:     9bbb25e3c7c4cc5cd355edb3a122f8c7812e32db
 commit:  Fix a bug that caused the services list to keep growing


Provider
 name:          faas-netes
 orchestration: kubernetes
 version:       0.12.9
 sha:           c402b912ce21f0bf01bc3aa45ebc330decc41ac5

• Docker version docker version (e.g. Docker 17.0.05 ):

❯ docker --version
Docker version 19.03.11, build 42e35e6

• Are you using Kubernetes or faasd? K8s

• Operating System and version (e.g. Linux, Windows, MacOS): Linux (Fedora 32)

• Code example or link to GitHub repo or gist to reproduce problem: Everything provide in the issue

• Other diagnostic information / logs from troubleshooting guide: The logs are from the cli so not providing for now unless request.

[alexellis]

It looks like you may benefit from using a pipe here with | and proper indentation.

Have you tried a simple multi-line variable without the interpolation?

For example, how we do it here? https://github.com/openfaas/templates/blob/master/template/go/template.yml#L19

[amitlevy21]

@alexellis Hey, thanks for the tip. I remember trying that, just tried that now. it still gives me the error

# stack.yml
version: 1.0
provider:
  name: openfaas
  gateway: http://127.0.0.1:8080
functions:
  myfn:
    lang: dockerfile
    handler: .
    image: localhost:5000/myfn:latest
    build_args:
      RSA: |
        ${RSA}

My guess would be that only the first line of the multiline env var is being indented, but the other lines wont.

I tried also using >, >-, |- as suggested here

but still got the same error

[alexellis]

I don't think you are quoting the string correctly.

Try adding the literal value and tabbing correctly, then see if it works as expected.

[amitlevy21]

OK, it works when I put the literal value and tabbing correctly, how can i make it work as an environment variable?

tried:

build_args:
      RSA: |
        "
        -----BEGIN RSA PRIVATE KEY-----
        rsa_key
        -----END RSA PRIVATE KEY-----
        "

it doesn't work if I have the quotes in the same line of ---BEGIN and ---END, but thats another error relating to ssh value.
also tried:

build_args:
      RSA: |
        "
        ${RSA}
        "

but got the original error again

[alexellis]

Perhaps you can save your file with the indentation in place?

        -----BEGIN RSA PRIVATE KEY-----
        rsa_key
        -----END RSA PRIVATE KEY-----

[amitlevy21]

I don't get the YAML parsing error, but when building the container, ssh connections fail since the RSA value is now indented and has quotes.

root@1a2a03d37fef:/# cat ~/.ssh/id_rsa 
"
        -----BEGIN RSA PRIVATE KEY-----
rsa_key is not indented here
 -----END RSA PRIVATE KEY-----
"

It only indents the first line, and keeps the quotes. gives back the YAML parsing error if I removed the quotes from stack.yml tried again combimations with | |- > >- but failed to find one, maybe I missed the right one. also should state that ~/.ssh/id_rsa is created like so RUN printf -- "${BEAMUP_RSA}" > /root/.ssh/id_rsa . so maybe that's the issue? either way I can't change that and indenting the original rsa file is also not an option. Can use cli build arg flag as a workaround though.

Thanks for your fast responses, really appreciate the help

[alexellis]

My suggestion would be for you to base64 encode the string, and then run base64 --decode within the container. A base64 string can be represented on a single line preserving any whitespace and newlines required.

In stack.yml:

    build_args:
      RSA: ${RSA}

At build time:

# Linux
export RSA=$(cat key.id_rsa.pub|base64 --wrap=0)

# Mac
export RSA=$(cat key.id_rsa.pub|base64)

faas-cli deploy -f stack.yml

Within your Dockerfile:

RUN printf -- "${BEAMUP_RSA}" | base64 --decode > /root/.ssh/id_rsa

I'm going to close out the issue now as we've given a working solution. If you have issues with getting the solution to work, create a quick repo with everything and I'll give it a shot myself.

[alexellis]

/msg: enduser

[derek]

Thank you for your interest in OpenFaaS. This project is maintained and made available for hobbyists and commercial users alike, so we need to balance our time across everyone's needs. Whilst we are excited in your interest in using OpenFaaS, we would also ask you to take a look at our contribution guide on Setting expectations, support and SLAs.

Commercial users can purchase support in order to get dedicated help from OpenFaaS Ltd, or they can book ad-hoc consulting hours to get an engineer to dedicate time to helping them.

If that is not a good fit for you at this time, please check out the OpenFaaS GitHub Sponsors options which are priced for practitioners like yourself. Organisations can also sponsor through their GitHub billing relationship.

When you become a sponsor as an indvidual, it will show this on your issues and PRs, so that the community can see that you are supporting our work, and can prioritise your needs.

If you are receiving this message after having received hands-on support from the OpenFaaS community, please join GitHub Sponsors to say thank you for our time.

Thank you for supporting OpenFaaS.

[amitlevy21]

Encoding in base64 solves my issue, thanks!

[alexellis]

You're welcome. Please consider the message Derek sent over.