Go Binaries in Distroless/Debian Don't Get Env Vars Injected

[rejoshed]

Describe the bug:
When running a Go program directly from either a Distroless or Debian container the env vars are not injected.

Expected behaviour:
I expected the environment variables to be injected.

Steps to reproduce the bug:
Sample Go Program

package main

import (
    "fmt"
    "log"
    "os"
)

func main() {
    //Set env a to b
    err := os.Setenv("a", "b")
    if err != nil {
        log.Fatal(err)
    }

    err = os.Setenv("c", "d")
    if err != nil {
        log.Fatal(err)
    }

    //Get all env variables
    fmt.Println(os.Environ())
    fmt.Println("*************************")
    fmt.Println("*************************")
    fmt.Println("*************************")
    fmt.Println("*************************")
    fmt.Println("*************************")

    fmt.Println(os.Getenv("AWS_INFRA_PLATFORM_NEXUS_ADMIN"))
}

A Dockerfile like this one will do. I was trying to get Crossplane to work with bank-vaults.

FROM debian:latest

# Add upbound binary
COPY --from=xpkg.upbound.io/crossplane-contrib/provider-aws:v0.33.0 /usr/local/bin/crossplane-aws-provider /usr/local/bin/crossplane-aws-provider

RUN apt update -qqq
RUN apt install -yqqq ca-certificates
RUN update-ca-certificates

# Works when binary is not called directly.
ENTRYPOINT ["/bin/bash", "-c", "/usr/local/bin/crossplane-aws-provider --debug"]

Additional context:
If the binary is called directly vault-env will not replace the var.

If called through a shell as above in the entrypoint it will work.

Basically something's up with vault-env, debian, and directly calling Go binaries.

/kind bug

[rejoshed]

So, after much back and forth, I've found that enabling daemon mode works as a workaround.

The issue must in general be to do with needed to be exec-ed or not.

When the vault-env process calls an intermediary or launches the go program without replacing itself with the go program the env vars work properly.

I do still see this as a bug, but at least I have a less ugly workaround for now.

[github-actions]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

[ramizpolic]

Is this behaviour still present @rejoshed?

[github-actions]

Thank you for your contribution! This issue has been automatically marked as stale because it has no recent activity in the last 60 days. It will be closed in 20 days, if no further activity occurs. If this issue is still relevant, please leave a comment to let us know, and the stale label will be automatically removed.

[github-actions]

This issue has been marked stale for 20 days, and is now closed due to inactivity. If the issue is still relevant, please re-open this issue or file a new one. Thank you!