fix: move applyEnvironmentVariables() before secret-ref loop in write()#31154
Open
ilancas wants to merge 3 commits intoKoenkk:devfrom
Open
fix: move applyEnvironmentVariables() before secret-ref loop in write()#31154ilancas wants to merge 3 commits intoKoenkk:devfrom
ilancas wants to merge 3 commits intoKoenkk:devfrom
Conversation
In write(), applyEnvironmentVariables(toWrite) was called after the secret-reference preservation loop. This meant env var values (e.g. ZIGBEE2MQTT_CONFIG_MQTT_PASSWORD injected by the HA addon docker-entrypoint.sh) would overwrite the !secret.yaml reference with plain text on every write cycle. Fix: move applyEnvironmentVariables(toWrite) to before the loop so that the resolved env var value gets routed to the secret file and the !secret reference is preserved in configuration.yaml. Fixes Koenkk#31140
Reverts the previous approach (moving applyEnvironmentVariables before the loop) which broke existing tests. The correct fix: keep applyEnvironmentVariables after the loop, but in the secret-reference preservation loop, check whether a plain env var is set for that key. If so, skip the !secret routing so the env var value goes directly into configuration.yaml instead of being silently diverted to the secret file. If the env var value is itself a !secret reference, the preservation logic still runs normally.
Collaborator
|
The title/description of the PR doesn't appear to match what the code change is doing? Regarding the issue, since env vars are meant to override the
The final value is always HA should allow preventing the setting of env vars if set via HA add-on config: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In write(), applyEnvironmentVariables(toWrite) was called after the secret-reference preservation loop. This meant env var values (e.g. ZIGBEE2MQTT_CONFIG_MQTT_PASSWORD injected by the HA addon docker-entrypoint.sh) would overwrite the !secret.yaml reference with plain text on every write cycle.
Fix: move applyEnvironmentVariables(toWrite) to before the loop so that the resolved env var value gets routed to the secret file and the !secret reference is preserved in configuration.yaml.
Fixes #31140