New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
UI showing warning about admin secret being unset while it is set #9171
Comments
Hi @smparekh , would you be able to share the list of environment variables (redacted values) set in your container. |
here is an excerpt from our task definition "environment": [
{
"name": "HASURA_GRAPHQL_ENABLE_REMOTE_SCHEMA_PERMISSIONS",
"value": "true"
},
{
"name": "HASURA_GRAPHQL_ENABLED_APIS",
"value": "metadata,graphql,pgdump,developer"
}
],
"secrets": [
{
"valueFrom": "arn:aws-us-gov:ssm:$AWS_REGION:$AWS_ACCOUNT_ID:parameter/REDACTED",
"name": "HASURA_GRAPHQL_DATABASE_URL"
},
{
"valueFrom": "arn:aws-us-gov:ssm:$AWS_REGION:$AWS_ACCOUNT_ID:parameter/REDACTED",
"name": "HASURA_GRAPHQL_JWT_SECRET"
},
{
"valueFrom": "arn:aws-us-gov:ssm:$AWS_REGION:$AWS_ACCOUNT_ID:parameter/REDACTED",
"name": "HASURA_GRAPHQL_ADMIN_SECRET"
}
], |
This is not expected if admin secret is set. Based on the logs it seems that secret is set fine. Is it something that started happening recently (was it was working fine earlier?). |
yes, i noticed it happening when i upgraded from v2.11.1 to v2.14.0 |
We have the same issue in v2.15 |
We have identified root cause of the issue. Please wait for an update for the fix. |
Version Information
Server Version:
CLI Version (for CLI related issue): v2.14.0
Environment
OSS
What is the current behaviour?
UI shows a little icon on the header indicating a warning with this text:
This graphql endpoint is public and you should add an admin-secretThis graphql endpoint is public and you should add an admin-secret
What is the expected behaviour?
No warning as the admin secret is set (see logs).
Screenshots or Screencast
Please provide any traces or logs that could help here.
Any possible solutions/workarounds you're aware of?
Possible reason is how detection is done, the container is running in ECS and the access key is set via a secret.
Keywords
admin secret
The text was updated successfully, but these errors were encountered: