Uploaded image for project: 'Marathon'
  1. Marathon
  2. MARATHON-8226

Marathon API includes "secrets" key on apps even when this feature is not enabled

    Details

      Description

      Hello all,

      I just realized that Marathon 1.5.8 returns all apps containing the secrets key even when this feature is not enabled.

      This makes it hard to write generic transparent reverse proxies in front of Marathon API, that's because Marathon refuses to accept a JSON that it returned. One simple example is:

      • Create an app using the UI (just to simplify, could be created via API call);
      • GET this app, via /v2/apps/<app-id>;
      • Change some values in this resulting JSON, for example cmd;
      • do a PUT on /v2/apps/<app-id>.

      Marathon refuses this PUT with this error:

      {"message":"Object is not valid","details":[{"path":"/secrets","errors":["must be empty","Feature secrets is not enabled. Enable with --enable_features secrets)"]}]}
      

      If you edit this same JSON and just rename the secrets key to _secrets, Marathon accepts the request and correctly updates the desired app.

      I didn't test other versions of Marathon but I believe that this problem exist since the first version with the secrets feature.

      Thanks,

        Attachments

          Activity

            People

            • Assignee:
              tharper Tim Harper
              Reporter:
              daltonmatos daltonmatos
              Team:
              Orchestration Team
              Watchers:
              Alena Varkockova, daltonmatos, Matthias Eichstedt, Tim Harper
            • Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: