Deployment fails with "panic: interface conversion: interface {} is nil, not map[string]interface {}"

[johanneskastl]

I am currently trying to understand how to install OpenUnison using ouctl. But the deployment fails.

It might well be that I am missing information in my values.yaml file, but it would be nice to hint at the user, what that might be. I find no trace of interface anywhere...

$ ouctl install-auth-portal OpenUnison/values.yaml
Loading values from OpenUnison/values.yaml...
...loaded
Checking for the Dashboard namespace kubernetes-dashboard
Dashboard namespace kubernetes-dashboard already exists
Checking for the OpenUnison namespace openunison
OpenUnison namespace openunison already exists
panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 1 [running]:
github.com/tremolosecurity/openunison-control/openunison.(*OpenUnisonDeployment).setupSecret(0xc0005cc3c0, 0xc00035cde0?)
        /home/runner/work/openunison-control/openunison-control/openunison/deployer.go:1168 +0xa65
github.com/tremolosecurity/openunison-control/openunison.(*OpenUnisonDeployment).DeployAuthPortal(0xc0005cc3c0)
        /home/runner/work/openunison-control/openunison-control/openunison/deployer.go:1391 +0x33a
github.com/tremolosecurity/openunison-control/cmd.glob..func2(0x3c1e000?, {0xc00059a870?, 0x1?, 0x1?})
        /home/runner/work/openunison-control/openunison-control/cmd/installAuthPortal.go:49 +0x2ea
github.com/spf13/cobra.(*Command).execute(0x3c1e000, {0xc00059a840, 0x1, 0x1})
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:920 +0x847
github.com/spf13/cobra.(*Command).ExecuteC(0x3c1dd20)
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:1044 +0x3bd
github.com/spf13/cobra.(*Command).Execute(...)
        /home/runner/go/pkg/mod/github.com/spf13/[email protected]/command.go:968
github.com/tremolosecurity/openunison-control/cmd.Execute()
        /home/runner/work/openunison-control/openunison-control/cmd/root.go:51 +0x25
main.main()
        /home/runner/work/openunison-control/openunison-control/main.go:16 +0x8a

[mlbiam]

can you please share your values.yaml? It seems that ouctl is having issues loading up the secret.

[johanneskastl]

I tried several variants, but to no avail.

---                                                                                                                                                                                          
network:                                                                                                                                                                                     
  openunison_host: "openunison.deskmini.example.org"                                                                                                                                         
  dashboard_host: "dashboard.deskmini.example.org"                                                                                                                                           
  api_server_host: "api-server.deskmini.example.org"                                                                                                                                         
  k8s_url: https://XXX:6443                                                                                                                                                                  
  force_redirect_to_tls: true                                                                                                                                                                
  createIngressCertificate: false                                                                                                                                                            
  ingress_type: nginx                                                                                                                                                                        
  ingress_certificate: openunison.deskmini.example.org-tls                                                                                                                                   
                                                                                                                                                                                             
k8s_cluster_name: deskmini                                                                                                                                                                   
                                                                                                                                                                                             
dashboard:                                                                                                                                                                                   
  namespace: openunison                                                                                                                                                                      
  cert_name: dashboard.deskmini.example.org-tls                                                                                                                                              
  label: "k8s-app=kubernetes-dashboard"                                                                                                                                                      
  service_name: kubernetes-dashboard                                                                                                                                                         
  require_session: true                                                                                                                                                                      
                                                                                                                                                                                             
active_directory:                                                                                                                                                                            
  base: ou=users,dc=example,dc=org                                                                                                                                                           
  host: ldap.example.org                                                                                                                                                                     
  port: 636                                                                                                                                                                                  
  bind_dn: cn=admin,dc=example,dc=org                                                                                                                                                        
  con_type: ldaps                                                                                                                                                                            
  srv_dns: "false"

[johanneskastl]

OK, I copied lots of settings from the openunison-default.yaml file into my values.yaml and this solved the error.

I assumed the behaviour would be like with normal helm charts. Everything I do not set in my values.yaml will be taken from the default values.

I'll try to figure out which missing option actually was the problem...

[johanneskastl]

Seems like this was the problem:

openunison:                                                                                                                                                                                  
  replicas: 1                                                                                                                                                                                
  non_secret_data:                                                                                                                                                                           
    K8S_DB_SSO: oidc                                                                                                                                                                         
    PROMETHEUS_SERVICE_ACCOUNT: system:serviceaccount:monitoring:prometheus-k8s                                                                                                              
    SHOW_PORTAL_ORGS: "false"                                                                                                                                                                
  secrets: []                                                                                                                                                                                
  enable_provisioning: false                                                                                                                                                                 
  use_standard_jit_workflow: true                                                                                                                                                            
  #az_groups:                                                                                                                                                                                
  #- CN=k8s-users,CN=Users,DC=ent2k12,DC=domain,DC=com