From e78034378759ee568737315666de7844918fd495 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Szymon=20Giba=C5=82a?= Date: Fri, 5 Feb 2021 10:34:57 +0100 Subject: [PATCH] Refactor implementation to cover template command MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Szymon GibaƂa --- cmd/helm/status.go | 30 +++++++++++++++-------- cmd/helm/template.go | 9 +++++++ pkg/cli/sanitize/hide_secrets.go | 22 +++++++++++++++-- pkg/cli/sanitize/hide_secrets_test.go | 34 +++++++++++++++++++++------ 4 files changed, 76 insertions(+), 19 deletions(-) diff --git a/cmd/helm/status.go b/cmd/helm/status.go index 45b660d72..0d225d597 100644 --- a/cmd/helm/status.go +++ b/cmd/helm/status.go @@ -104,10 +104,22 @@ type statusPrinter struct { } func (s statusPrinter) WriteJSON(out io.Writer) error { + if s.hideSecrets { + err := sanitize.HideManifestSecrets(s.release) + if err != nil { + return err + } + } return output.EncodeJSON(out, s.release) } func (s statusPrinter) WriteYAML(out io.Writer) error { + if s.hideSecrets { + err := sanitize.HideManifestSecrets(s.release) + if err != nil { + return err + } + } return output.EncodeYAML(out, s.release) } @@ -115,6 +127,13 @@ func (s statusPrinter) WriteTable(out io.Writer) error { if s.release == nil { return nil } + if s.hideSecrets { + err := sanitize.HideManifestSecrets(s.release) + if err != nil { + return err + } + } + fmt.Fprintf(out, "NAME: %s\n", s.release.Name) if !s.release.Info.LastDeployed.IsZero() { fmt.Fprintf(out, "LAST DEPLOYED: %s\n", s.release.Info.LastDeployed.Format(time.ANSIC)) @@ -172,16 +191,7 @@ func (s statusPrinter) WriteTable(out io.Writer) error { for _, h := range s.release.Hooks { fmt.Fprintf(out, "---\n# Source: %s\n%s\n", h.Path, h.Manifest) } - var err error - manifest := s.release.Manifest - if s.hideSecrets { - manifest, err = sanitize.HideSecrets(manifest) - if err != nil { - return err - } - } - - fmt.Fprintf(out, "MANIFEST:\n%s\n", manifest) + fmt.Fprintf(out, "MANIFEST:\n%s\n", s.release.Manifest) } if len(s.release.Info.Notes) > 0 { diff --git a/cmd/helm/template.go b/cmd/helm/template.go index d760fb87b..9ad160de9 100644 --- a/cmd/helm/template.go +++ b/cmd/helm/template.go @@ -27,6 +27,8 @@ import ( "sort" "strings" + "helm.sh/helm/v3/pkg/cli/sanitize" + "helm.sh/helm/v3/pkg/release" "github.com/spf13/cobra" @@ -79,6 +81,13 @@ func newTemplateCmd(cfg *action.Configuration, out io.Writer) *cobra.Command { return err } + if settings.HideSecrets { + err := sanitize.HideManifestSecrets(rel) + if err != nil { + return fmt.Errorf("failed to hide manifest secrets: %w", err) + } + } + // We ignore a potential error here because, when the --debug flag was specified, // we always want to print the YAML, even if it is not valid. The error is still returned afterwards. if rel != nil { diff --git a/pkg/cli/sanitize/hide_secrets.go b/pkg/cli/sanitize/hide_secrets.go index 5fe619dfe..3876c601a 100644 --- a/pkg/cli/sanitize/hide_secrets.go +++ b/pkg/cli/sanitize/hide_secrets.go @@ -20,6 +20,8 @@ import ( "fmt" "strings" + "helm.sh/helm/v3/pkg/release" + "gopkg.in/yaml.v2" ) @@ -27,9 +29,25 @@ const ( hiddenSecretValue = "[HIDDEN]" ) -// HideSecrets replaces values in Secrets in the chart manifest with +// HideManifestSecrets sanitizes release manifest and replaces it. +// Manifest cannot be applied after this operation. +func HideManifestSecrets(r *release.Release) error { + if r == nil { + return nil + } + manifest, err := hideSecrets(r.Manifest) + if err != nil { + return err + } + + r.Manifest = manifest + + return nil +} + +// hideSecrets replaces values in Secrets in the chart manifest with // `[HIDDEN]` value. -func HideSecrets(manifest string) (string, error) { +func hideSecrets(manifest string) (string, error) { resources := strings.Split(manifest, "\n---") outRes := make([]string, 0, len(resources)) diff --git a/pkg/cli/sanitize/hide_secrets_test.go b/pkg/cli/sanitize/hide_secrets_test.go index ec47f2cff..770233122 100644 --- a/pkg/cli/sanitize/hide_secrets_test.go +++ b/pkg/cli/sanitize/hide_secrets_test.go @@ -22,29 +22,49 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "helm.sh/helm/v3/pkg/release" ) -func TestHideSecrets(t *testing.T) { +func TestHideManifestSecrets(t *testing.T) { - t.Run("hide secret values", func(t *testing.T) { + t.Run("replace manifest with sanitized one", func(t *testing.T) { manifestRaw, err := ioutil.ReadFile("testdata/manifest-input.yaml") require.NoError(t, err) expectedManifestRaw, err := ioutil.ReadFile("testdata/manifest-sanitized.yaml") require.NoError(t, err) - sanitizedManifest, err := HideSecrets(string(manifestRaw)) + rel := &release.Release{ + Name: "test", + Manifest: string(manifestRaw), + } + + err = HideManifestSecrets(rel) require.NoError(t, err) - assert.Equal(t, string(expectedManifestRaw), sanitizedManifest) + assert.Equal(t, string(expectedManifestRaw), rel.Manifest) }) - t.Run("do not modify, when no secret values", func(t *testing.T) { + t.Run("do not modify manifest when no secret values", func(t *testing.T) { manifestRaw, err := ioutil.ReadFile("testdata/manifest-no-secret.yaml") require.NoError(t, err) - sanitizedManifest, err := HideSecrets(string(manifestRaw)) + rel := &release.Release{ + Name: "test", + Manifest: string(manifestRaw), + } + + err = HideManifestSecrets(rel) require.NoError(t, err) - assert.Equal(t, string(manifestRaw), sanitizedManifest) + assert.Equal(t, string(manifestRaw), rel.Manifest) + }) + + t.Run("ignore nil release", func(t *testing.T) { + var rel *release.Release + + err := HideManifestSecrets(rel) + require.NoError(t, err) + assert.Nil(t, rel) }) }