fix: remove trailing newline from connection detail output files#799
Conversation
|
@anjannath ^^ why did you added the newline? Also @jangel97 that was added in the last commit, so instead of new commit can you just revert? |
|
Ok, so I think even better do not revert but add sanitizers within the tekton tasks i.e. mapt/tkn/template/infra-aws-fedora.yaml Line 347 in 9fc64db trim the value before encoding so we will ensure it will work |
this was added to resolve issue #695 there it has reasoning around why new-line should be appended to end-of-file
|
jangel97
force-pushed
the
fix-trailing-newline-in-secrets
branch
from
5242090 to
9aa0801
Compare
| type: Opaque | ||
| data: | ||
| host: $(cat /opt/host-info/host | base64 -w0) | ||
| username: $(cat /opt/host-info/username | base64 -w0) |
There was a problem hiding this comment.
It does not affect host?, that file should have now a new line too
There was a problem hiding this comment.
Yes, host is also affected `output.go appends '\n' to all values written (host, username, id_rsa, etc.), so both need the trim. wdyt?
There was a problem hiding this comment.
yeah basically you wanna ensure any base64 encoding is trim..so basically any line that | base64 needs to be trimmed
jangel97
force-pushed
the
fix-trailing-newline-in-secrets
branch
from
9aa0801 to
3f64b3d
Compare
Strip trailing newlines from host, username, bastion_host, and bastion_username values before base64 encoding them into Kubernetes secrets. The output files may contain trailing newlines (added for POSIX text file compliance), which when base64-encoded into secrets cause SSH connection failures in downstream consumers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
jangel97
force-pushed
the
fix-trailing-newline-in-secrets
branch
from
3f64b3d to
f3aa666
Compare
3 participants
Summary
The
writeOutputfunction inpkg/provider/util/output/output.goappends"\n"to every value written to connection detail files (host,username, etc.). This trailing newline propagates through the Tekton task pipeline and causes SSH connection failures in downstream consumers.Root cause
The full chain:
fedora\nto/opt/host-info/username(the+"\n"on line 25)host-info-secretstep base64-encodes the file contents into a Kubernetes Secret — the newline is faithfully encoded (ZmVkb3JhCg==instead ofZmVkb3Jh)secretKeyRefand sets the env var with the newline preserved:USERNAME=fedora\nssh_cmd="ssh ... ${USERNAME}@${HOST}"With the newline, this becomes:
ssh ... fedora\n@ec2-host\n${ssh_cmd}is expanded unquoted, bash word-splits on the newline, producing:fedoraas the hostname →"Could not resolve hostname fedora: Name or service not known"Reproduction
Verified inside the
quay.io/redhat-developer/mapt:v1.0.0-devcontainer:Fix
Remove the
+"\n"fromwriteOutput. The output files are only consumed by the Tektonhost-info-secretstep which pipes them throughbase64 -w0— no consumer depends on a trailing newline.