Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Environment substitution replaces env vars in the topology file that are not set #2160

Open
lostdave opened this issue Aug 5, 2024 · 4 comments
Open

Environment substitution replaces env vars in the topology file that are not set #2160

lostdave opened this issue Aug 5, 2024 · 4 comments
Labels
bug Something isn't working help wanted Extra attention is needed

Comments

@lostdave
Copy link

lostdave commented Aug 5, 2024
edited
Loading

Steps to reproduce:
Created a topology that included some Junos vSwitch images -> Added a block config in the topology file -> the resultant encrypted password (if if contained . or / characters) would truncate.

startup-config: |
  system {
    login {
      user someuser {
        class super-user;
        authentication {
          encrypted-password "$6$8gNjhXy6$Vj69F.QdM.Nvz1fDDYhnwb27cMSXJmXxS23ti50z/liD3obqPRYs5UKHVbKFRtqZO.AoXJIVR6Um17RFfSwWm1"
        }
      }
    }
  }

What winds up happening is the encrypted password appears as ".QdM.Nvz1fDDYhnwb27cMSXJmXxS23ti50z/liD3obqPRYs5UKHVbKFRtqZO.AoXJIVR6Um17RFfSwWm1"

ContainerLab Version 0.56.0
@hellt
Copy link
Member

hellt commented Aug 28, 2024

Hi @lostdave
containerlab/vrnetlab do not modify the contents of the provided startup config.

The way it works with junos is an disk with the startup-config is mounted to the VM, and junos should read the config from it

https://github.com/hellt/vrnetlab/blob/master/vjunosswitch/docker/make-config.sh

I suppose you should check the contents of that disk to verify that the encrypted string is there as it was in the yaml file

@hellt
Copy link
Member

hellt commented Aug 28, 2024
edited
Loading

buuuut, I think what could have happened is that containerlab tried to expand variables :D $6, etc

Would you mind to try using the startup-config with a file, and not as embedded multiline string to confirm this theory?

@lostdave
Copy link
Author

Sorry ....slow to get back to this one..travel and training stuff....
i will have a look in the next couple of weeks and see what is going on

@hellt hellt added bug Something isn't working help wanted Extra attention is needed and removed awaiting feedback labels Dec 2, 2024
@hellt
Copy link
Member

hellt commented Dec 2, 2024

Yes, the issue stems from the fact that the https://github.com/a8m/envsubst package that we use to replace env vards in the topology file replaces the env vars that are not set or empty.

This leads to $foo to be replaced with "" if the $foo is not even set.

Unfortunately, the original package maintainer stopped maintaining the package and this particular feature request left dangling - a8m/envsubst#56

I made a fork of a fork by @dnitsch that added some parts of this functionality, but it doesn't work when the env var is set with the default in the template. To demonstrate this use case I added a test case that currently fails:

https://github.com/hellt/envsubst/blob/50934c197f4028463435a6aa0e8556ca60b442e5/parse/parse_test.go#L179

Looking for brave contributors to see if they can crack it

@hellt hellt changed the title When creating a user with an encrypted password with a startup-config, Truncation occurs Environment substitution replaces env vars in the topology file that are not set Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hellt @lostdave