Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: When SOPS decryption fails, the error message should tell the user what the issue is #548

Closed
samip5 opened this issue Jul 28, 2024 · 5 comments
Closed

Bug: When SOPS decryption fails, the error message should tell the user what the issue is #548

samip5 opened this issue Jul 28, 2024 · 5 comments

Comments

@samip5
Copy link

samip5 commented Jul 28, 2024

Version: 3.0.4, Darwin arm64

2024/07/29 00:40:36 DEBUG start loading and validating config file
2024/07/29 00:40:36 DEBUG reading talconfig.yaml
2024/07/29 00:40:36 DEBUG substituting config file with environment variable
2024/07/29 00:40:36 DEBUG overriding global controlplane node config for m1
2024/07/29 00:40:36 DEBUG overriding global worker node config for w-amd-1
2024/07/29 00:40:36 DEBUG overriding global worker node config for w-amd-2
2024/07/29 00:40:36 DEBUG overriding global worker node config for w-amd-3
2024/07/29 00:40:36 DEBUG overriding global worker node config for w7
2024/07/29 00:40:36 DEBUG start validating talconfig file
2024/07/29 00:40:36 DEBUG validating config file for node m1
2024/07/29 00:40:36 DEBUG validating schematic with official Talos schematic for node m1
2024/07/29 00:40:36 DEBUG validating config file for node w-amd-1
2024/07/29 00:40:36 DEBUG validating schematic with official Talos schematic for node w-amd-1
2024/07/29 00:40:36 DEBUG validating config file for node w-amd-2
2024/07/29 00:40:36 DEBUG validating schematic with official Talos schematic for node w-amd-2
2024/07/29 00:40:36 DEBUG validating config file for node w-amd-3
2024/07/29 00:40:36 DEBUG validating schematic with official Talos schematic for node w-amd-3
2024/07/29 00:40:36 DEBUG validating config file for node w7
2024/07/29 00:40:36 DEBUG secret file is set to talsecret.sops.yaml
2024/07/29 00:40:36 DEBUG start generating config file
2024/07/29 00:40:36 DEBUG using secret file talsecret.sops.yaml
2024/07/29 00:40:36 DEBUG talsecret.sops.yaml is SOPS encrypted, decrypting
2024/07/29 00:40:36 failed to generate talos config: Error getting data key: 0 successful groups required, got 0
@budimanjojo
Copy link
Owner

Thank you for reporting!

The error message is reported from SOPS high level api:

talhelper/pkg/decrypt/decrypt.go

Line 41 in 060aeca

decrypted, err := decrypt.Data(data, "yaml")

And the error message is indeed not really useful without --debug flag. I think the best I can do is to clarify that the error came from SOPS like so: failed to generate talos config: SOPS decryption failed: Error getting .... Is this a reasonable fix?

@samip5
Copy link
Author

samip5 commented Jul 29, 2024

That would help yes.

@budimanjojo
Copy link
Owner

Should do exactly that when I release a new version, thank you for reporting!

@outbackdingo
Copy link

Im seeing it also in a VM with debian, how do we get around this

talhelper genconfig
2024/10/28 05:49:49 failed to generate talos config: SOPS decryption failed: Error getting data key: 0 successful groups required, got 0

@samip5
Copy link
Author

samip5 commented Oct 28, 2024

Im seeing it also in a VM with debian, how do we get around this

talhelper genconfig 2024/10/28 05:49:49 failed to generate talos config: SOPS decryption failed: Error getting data key: 0 successful groups required, got 0

By making sure your sops works first before trying tailhelper.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@samip5 @budimanjojo @outbackdingo