Fix: rotate_secrets exits prematurely during deployment#523
Open
itsouvalas wants to merge 1 commit intov3.1.x-devfrom
Open
Fix: rotate_secrets exits prematurely during deployment#523itsouvalas wants to merge 1 commit intov3.1.x-devfrom
itsouvalas wants to merge 1 commit intov3.1.x-devfrom
Conversation
When rotate_secrets() is called during deployment via _fix_secrets(), it would exit the entire Genesis process if no secrets were defined, causing deployments to fail silently. This bug was introduced in commit 8ae11b0 (May 2025) when _fix_secrets() was added as part of the deployment preflight checks enhancement. The rotate_secrets() method was originally designed as a command handler that could safely exit, but is now also used as an internal method that must return values to its caller. Changed exit 0 to return ({empty => 1}) to match the pattern used by other secret-related methods (add_secrets, remove_secrets) and allow _fix_secrets() to properly handle the empty secrets case. Fixes deployment failures for kits with no secrets defined (e.g., jumpbox-genesis-kit without openvpn feature enabled).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes a bug where
genesis deployexits prematurely when no secrets are defined in the kit.Problem
When
rotate_secrets()is called internally during deployment (via_fix_secrets()), it callsexit 0if no secrets are found, terminating the entire Genesis process before BOSH deployment can occur.Root Cause
The bug was introduced in commit 8ae11b0 (May 2025) when deployment preflight checks were enhanced. The
rotate_secrets()method was originally designed as a command handler that could safely exit, but is now also used as an internal method during deployment that must return values to its caller.Solution
Changed
exit 0toreturn ({empty => 1})to match the pattern used by other secret-related methods (add_secrets,remove_secrets), allowing_fix_secrets()to properly handle the empty secrets case as a success condition.Testing
Impact