From 6418ded8a47dfdf0b02cdefb854313cdb1413860 Mon Sep 17 00:00:00 2001 From: Sasha Date: Thu, 9 Feb 2023 16:12:05 +1000 Subject: [PATCH] Add --hide-values flag Signed-off-by: Sasha --- cmd/helm/get_all.go | 2 +- cmd/helm/install.go | 2 +- cmd/helm/install_test.go | 6 ++ cmd/helm/release_testing.go | 2 +- cmd/helm/root.go | 1 + cmd/helm/status.go | 7 +- cmd/helm/testdata/output/env-comp.txt | 1 + .../testdata/output/install-hide-values.txt | 6 ++ .../testcharts/chart-with-values/Chart.yaml | 7 ++ .../chart-with-values/templates/secrets.yaml | 71 +++++++++++++++++++ cmd/helm/upgrade.go | 4 +- pkg/cli/environment.go | 5 ++ pkg/cli/environment_test.go | 4 +- 13 files changed, 108 insertions(+), 10 deletions(-) create mode 100644 cmd/helm/testdata/output/install-hide-values.txt create mode 100644 cmd/helm/testdata/testcharts/chart-with-values/Chart.yaml create mode 100644 cmd/helm/testdata/testcharts/chart-with-values/templates/secrets.yaml diff --git a/cmd/helm/get_all.go b/cmd/helm/get_all.go index 2dbef97cf..e33631a59 100644 --- a/cmd/helm/get_all.go +++ b/cmd/helm/get_all.go @@ -59,7 +59,7 @@ func newGetAllCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return tpl(template, data, out) } - return output.Table.Write(out, &statusPrinter{res, true, false, false}) + return output.Table.Write(out, &statusPrinter{res, true, !settings.HideValues, false, false}) }, } diff --git a/cmd/helm/install.go b/cmd/helm/install.go index 976ce0a29..dadd34a41 100644 --- a/cmd/helm/install.go +++ b/cmd/helm/install.go @@ -141,7 +141,7 @@ func newInstallCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return errors.Wrap(err, "INSTALLATION FAILED") } - return outfmt.Write(out, &statusPrinter{rel, settings.Debug, false, false}) + return outfmt.Write(out, &statusPrinter{rel, settings.Debug, !settings.HideValues, false, false}) }, } diff --git a/cmd/helm/install_test.go b/cmd/helm/install_test.go index b34d1455c..deb013368 100644 --- a/cmd/helm/install_test.go +++ b/cmd/helm/install_test.go @@ -252,6 +252,12 @@ func TestInstall(t *testing.T) { cmd: fmt.Sprintf("install aeneas test/reqtest --username username --password password --repository-config %s --repository-cache %s", repoFile, srv.Root()), golden: "output/install.txt", }, + // Verify hiding values works + { + name: "install chart but hide values", + cmd: "install with-values testdata/testcharts/chart-with-values --namespace default --debug --hide-values", + golden: "output/install-hide-values.txt", + }, } runTestCmd(t, tests) diff --git a/cmd/helm/release_testing.go b/cmd/helm/release_testing.go index d9b8fa8c9..337b71ba8 100644 --- a/cmd/helm/release_testing.go +++ b/cmd/helm/release_testing.go @@ -72,7 +72,7 @@ func newReleaseTestCmd(cfg *action.Configuration, out io.Writer) *cobra.Command return runErr } - if err := outfmt.Write(out, &statusPrinter{rel, settings.Debug, false, false}); err != nil { + if err := outfmt.Write(out, &statusPrinter{rel, settings.Debug, !settings.HideValues, false, false}); err != nil { return err } diff --git a/cmd/helm/root.go b/cmd/helm/root.go index 7da57c6aa..67ed7439d 100644 --- a/cmd/helm/root.go +++ b/cmd/helm/root.go @@ -51,6 +51,7 @@ Environment variables: | $HELM_CONFIG_HOME | set an alternative location for storing Helm configuration. | | $HELM_DATA_HOME | set an alternative location for storing Helm data. | | $HELM_DEBUG | indicate whether or not Helm is running in Debug mode | +| $HELM_SHOW_VALUES | indicate whether or not Helm will print values and manifest content in Debug mode | | $HELM_DRIVER | set the backend storage driver. Values are: configmap, secret, memory, sql. | | $HELM_DRIVER_SQL_CONNECTION_STRING | set the connection string the SQL storage driver should use. | | $HELM_MAX_HISTORY | set the maximum number of helm release history. | diff --git a/cmd/helm/status.go b/cmd/helm/status.go index aa22aa02a..2ab409d03 100644 --- a/cmd/helm/status.go +++ b/cmd/helm/status.go @@ -80,7 +80,7 @@ func newStatusCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { // strip chart metadata from the output rel.Chart = nil - return outfmt.Write(out, &statusPrinter{rel, false, client.ShowDescription, client.ShowResources}) + return outfmt.Write(out, &statusPrinter{rel, false, !settings.HideValues, client.ShowDescription, client.ShowResources}) }, } @@ -110,6 +110,7 @@ func newStatusCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { type statusPrinter struct { release *release.Release debug bool + showValues bool showDescription bool showResources bool } @@ -182,7 +183,7 @@ func (s statusPrinter) WriteTable(out io.Writer) error { } } - if s.debug { + if s.debug && s.showValues { fmt.Fprintln(out, "USER-SUPPLIED VALUES:") err := output.EncodeYAML(out, s.release.Config) if err != nil { @@ -205,7 +206,7 @@ func (s statusPrinter) WriteTable(out io.Writer) error { fmt.Fprintln(out) } - if strings.EqualFold(s.release.Info.Description, "Dry run complete") || s.debug { + if strings.EqualFold(s.release.Info.Description, "Dry run complete") || (s.debug && s.showValues) { fmt.Fprintln(out, "HOOKS:") for _, h := range s.release.Hooks { fmt.Fprintf(out, "---\n# Source: %s\n%s\n", h.Path, h.Manifest) diff --git a/cmd/helm/testdata/output/env-comp.txt b/cmd/helm/testdata/output/env-comp.txt index b7d93c12e..2b3dbd9bb 100644 --- a/cmd/helm/testdata/output/env-comp.txt +++ b/cmd/helm/testdata/output/env-comp.txt @@ -4,6 +4,7 @@ HELM_CACHE_HOME HELM_CONFIG_HOME HELM_DATA_HOME HELM_DEBUG +HELM_HIDE_VALUES HELM_KUBEAPISERVER HELM_KUBEASGROUPS HELM_KUBEASUSER diff --git a/cmd/helm/testdata/output/install-hide-values.txt b/cmd/helm/testdata/output/install-hide-values.txt new file mode 100644 index 000000000..0cff80968 --- /dev/null +++ b/cmd/helm/testdata/output/install-hide-values.txt @@ -0,0 +1,6 @@ +NAME: with-values +LAST DEPLOYED: Fri Sep 2 22:04:05 1977 +NAMESPACE: default +STATUS: deployed +REVISION: 1 +TEST SUITE: None diff --git a/cmd/helm/testdata/testcharts/chart-with-values/Chart.yaml b/cmd/helm/testdata/testcharts/chart-with-values/Chart.yaml new file mode 100644 index 000000000..7cd0d6474 --- /dev/null +++ b/cmd/helm/testdata/testcharts/chart-with-values/Chart.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +description: Chart with values +home: https://helm.sh/helm +name: with-values +sources: + - https://github.com/helm/helm +version: 0.1.0 diff --git a/cmd/helm/testdata/testcharts/chart-with-values/templates/secrets.yaml b/cmd/helm/testdata/testcharts/chart-with-values/templates/secrets.yaml new file mode 100644 index 000000000..fc8e6fa5a --- /dev/null +++ b/cmd/helm/testdata/testcharts/chart-with-values/templates/secrets.yaml @@ -0,0 +1,71 @@ +apiVersion: v1 +kind: Secret +metadata: + name: secret-sample +data: + test: YmFyCg== + password: bXktcGFzc3dvcmQ= + complex.key: Y29tcGxleAo= + fromFile.json: | + ewogICJteS1jb25maWcta2V5IjogIm15IHZhbHVlIiwgCiAgImFnZSI6IDI0LAogICJhcnJheSI6IFsidmFsdWUiLCAidmFsdWUyIl0sCiAgIm9iamVjdCI6IHsKICAgICJrZXkiOiAidmFsdWUiCiAgfQp9Cg== +stringData: + string: super-secret + string.complex: complex + stringFile.json: | + { + "my-config-key": "my value", + "age": 24, + "array": ["value", "value2"], + "object": { + "key": "value" + } + } +--- +apiVersion: v1 +kind: Secret +metadata: + name: empty-secret + +--- +apiVersion: v1 +kind: Secret +metadata: + name: empty-data-secret +data: + +--- +apiVersion: v1 +kind: Secret +metadata: + name: different-indent-secret +data: + password: cGFzc3dvcmQK +stringData: + stringPassword: password + +--- +apiVersion: v1 +kind: Secret +metadata: + # This is name + name: secret-with-comments +data: + # Comment + password: cGFzc3dvcmQK + # Multi + # Line + # Comment + anotherPassword: cGFzc3dvcmQK # Inline comment + # End comment +stringData: # Contains string data + stringPassword: password + +--- +apiVersion: v1 +kind: Secret +stringData: + stringPassword: password +data: + password: cGFzc3dvcmQK +metadata: + name: different-order-secret \ No newline at end of file diff --git a/cmd/helm/upgrade.go b/cmd/helm/upgrade.go index 3302da12c..cd81ce1cc 100644 --- a/cmd/helm/upgrade.go +++ b/cmd/helm/upgrade.go @@ -125,7 +125,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { if err != nil { return err } - return outfmt.Write(out, &statusPrinter{rel, settings.Debug, false, false}) + return outfmt.Write(out, &statusPrinter{rel, settings.Debug, !settings.HideValues, false, false}) } else if err != nil { return err } @@ -207,7 +207,7 @@ func newUpgradeCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { fmt.Fprintf(out, "Release %q has been upgraded. Happy Helming!\n", args[0]) } - return outfmt.Write(out, &statusPrinter{rel, settings.Debug, false, false}) + return outfmt.Write(out, &statusPrinter{rel, settings.Debug, !settings.HideValues, false, false}) }, } diff --git a/pkg/cli/environment.go b/pkg/cli/environment.go index dac2a4bc1..41616b888 100644 --- a/pkg/cli/environment.go +++ b/pkg/cli/environment.go @@ -71,6 +71,8 @@ type EnvSettings struct { KubeTLSServerName string // Debug indicates whether or not Helm is running in Debug mode. Debug bool + // HideValues indicates whether Helm should not print config values (e.g. secrets). + HideValues bool // RegistryConfig is the path to the registry config file. RegistryConfig string // RepositoryConfig is the path to the repositories file. @@ -104,6 +106,7 @@ func New() *EnvSettings { BurstLimit: envIntOr("HELM_BURST_LIMIT", defaultBurstLimit), } env.Debug, _ = strconv.ParseBool(os.Getenv("HELM_DEBUG")) + env.HideValues, _ = strconv.ParseBool(os.Getenv("HELM_HIDE_VALUES")) // bind to kubernetes config flags env.config = &genericclioptions.ConfigFlags{ @@ -142,6 +145,7 @@ func (s *EnvSettings) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&s.KubeTLSServerName, "kube-tls-server-name", s.KubeTLSServerName, "server name to use for Kubernetes API server certificate validation. If it is not provided, the hostname used to contact the server is used") fs.BoolVar(&s.KubeInsecureSkipTLSVerify, "kube-insecure-skip-tls-verify", s.KubeInsecureSkipTLSVerify, "if true, the Kubernetes API server's certificate will not be checked for validity. This will make your HTTPS connections insecure") fs.BoolVar(&s.Debug, "debug", s.Debug, "enable verbose output") + fs.BoolVar(&s.HideValues, "hide-values", s.HideValues, "hide values (debug mode only)") fs.StringVar(&s.RegistryConfig, "registry-config", s.RegistryConfig, "path to the registry config file") fs.StringVar(&s.RepositoryConfig, "repository-config", s.RepositoryConfig, "path to the file containing repository names and URLs") fs.StringVar(&s.RepositoryCache, "repository-cache", s.RepositoryCache, "path to the file containing cached repository indexes") @@ -194,6 +198,7 @@ func (s *EnvSettings) EnvVars() map[string]string { "HELM_CONFIG_HOME": helmpath.ConfigPath(""), "HELM_DATA_HOME": helmpath.DataPath(""), "HELM_DEBUG": fmt.Sprint(s.Debug), + "HELM_HIDE_VALUES": fmt.Sprint(s.HideValues), "HELM_PLUGINS": s.PluginsDirectory, "HELM_REGISTRY_CONFIG": s.RegistryConfig, "HELM_REPOSITORY_CACHE": s.RepositoryCache, diff --git a/pkg/cli/environment_test.go b/pkg/cli/environment_test.go index 3de6fab4c..958c9e9dc 100644 --- a/pkg/cli/environment_test.go +++ b/pkg/cli/environment_test.go @@ -81,7 +81,7 @@ func TestEnvSettings(t *testing.T) { }, { name: "with envvars set", - envvars: map[string]string{"HELM_DEBUG": "1", "HELM_NAMESPACE": "yourns", "HELM_KUBEASUSER": "pikachu", "HELM_KUBEASGROUPS": ",,,operators,snackeaters,partyanimals", "HELM_MAX_HISTORY": "5", "HELM_KUBECAFILE": "/tmp/ca.crt", "HELM_BURST_LIMIT": "150", "HELM_KUBEINSECURE_SKIP_TLS_VERIFY": "true", "HELM_KUBETLS_SERVER_NAME": "example.org"}, + envvars: map[string]string{"HELM_DEBUG": "1", "HELM_SHOW_VALUES": "1", "HELM_NAMESPACE": "yourns", "HELM_KUBEASUSER": "pikachu", "HELM_KUBEASGROUPS": ",,,operators,snackeaters,partyanimals", "HELM_MAX_HISTORY": "5", "HELM_KUBECAFILE": "/tmp/ca.crt", "HELM_BURST_LIMIT": "150", "HELM_KUBEINSECURE_SKIP_TLS_VERIFY": "true", "HELM_KUBETLS_SERVER_NAME": "example.org"}, ns: "yourns", maxhistory: 5, burstLimit: 150, @@ -95,7 +95,7 @@ func TestEnvSettings(t *testing.T) { { name: "with flags and envvars set", args: "--debug --namespace=myns --kube-as-user=poro --kube-as-group=admins --kube-as-group=teatime --kube-as-group=snackeaters --kube-ca-file=/my/ca.crt --burst-limit 175 --kube-insecure-skip-tls-verify=true --kube-tls-server-name=example.org", - envvars: map[string]string{"HELM_DEBUG": "1", "HELM_NAMESPACE": "yourns", "HELM_KUBEASUSER": "pikachu", "HELM_KUBEASGROUPS": ",,,operators,snackeaters,partyanimals", "HELM_MAX_HISTORY": "5", "HELM_KUBECAFILE": "/tmp/ca.crt", "HELM_BURST_LIMIT": "200", "HELM_KUBEINSECURE_SKIP_TLS_VERIFY": "true", "HELM_KUBETLS_SERVER_NAME": "example.org"}, + envvars: map[string]string{"HELM_DEBUG": "1", "HELM_SHOW_VALUES": "1", "HELM_NAMESPACE": "yourns", "HELM_KUBEASUSER": "pikachu", "HELM_KUBEASGROUPS": ",,,operators,snackeaters,partyanimals", "HELM_MAX_HISTORY": "5", "HELM_KUBECAFILE": "/tmp/ca.crt", "HELM_BURST_LIMIT": "200", "HELM_KUBEINSECURE_SKIP_TLS_VERIFY": "true", "HELM_KUBETLS_SERVER_NAME": "example.org"}, ns: "myns", debug: true, maxhistory: 5,