The secrets.yml check in the supply script uses different logic than the conjur-env binary to find the secrets.yml

[izgeri]

Summary

This was encountered by @whip113 when he had two secrets.yml files in the app in different directories AND specified SECRETS_YAML_PATH, but gave an invalid path.

Steps to Reproduce

Set up an app with at least one secrets.yml file and set SECRETS_YAML_PATH to an invalid path for the file.

Expected Results

The buildpack will fail fast and let me know at the supply stage that the secrets.yml isn't available at the path as expected.

Actual Results (including error logs, if applicable)

The supply stage completes successfully, since all it does is check if a secrets.yml file exists anywhere in the app (that is, it uses different logic than the conjur-env binary will use when it is run):

cloudfoundry-conjur-buildpack/bin/supply

Lines 35 to 43 in 26874de

	# Search for candidate `secrets.yml` paths and report them to the deploy output
	secrets_yaml="$(find $BUILD_DIR -name 'secrets.yml' -printf \"%P\\n\")"
	if [ -z "$secrets_yaml" ]; then
	echo " - Unable to find a secrets.yml...exiting"
	exit 1
	else
	echo " - secrets.yml file found at:"
	echo $secrets_yaml
	fi

But the buildpack errors when the conjur-env binary is run, because the file does not exist at the specified SECRETS_YAML_PATH:

cloudfoundry-conjur-buildpack/conjur-env/main.go

Line 107 in 26874de

secrets, err = secretsyml.ParseFromFile(secretsYamlPath, "", nil)

Reproducible

• Always
• Sometimes
• Non-Reproducible

Version/Tag number

The latest version is impacted.

Environment setup

This is reproducible in TAS 2.9.

Additional Information

n/a