fix: fixed secrets decryption failed issue

2021-03-16 11:09:58 +03:00 · 2021-03-16 11:09:58 +03:00 · 59f4043fc5
parent d04cd1b1a7
commit 59f4043fc5
2 changed files with 18 additions and 4 deletions
--- a/pkg/helmexec/exec.go
+++ b/pkg/helmexec/exec.go
@ -19,6 +19,7 @@ import (
 type decryptedSecret struct {
 	mutex sync.RWMutex
 	bytes []byte
 	err   error
 }
 type execer struct {
@ -268,6 +269,7 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
 		out, err := helm.exec(append(append(preArgs, "secrets", "dec", absPath), flags...), env)
 		helm.info(out)
 		if err != nil {
 			secret.err = err
 			return "", err
 		}
@ -280,6 +282,7 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
 		secretBytes, err := ioutil.ReadFile(decFilename)
 		if err != nil {
 			secret.err = err
 			return "", err
 		}
 		secret.bytes = secretBytes
@ -295,6 +298,10 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
 		secret.mutex.RLock()
 		helm.decryptedSecretMutex.Unlock()
 		defer secret.mutex.RUnlock()
 		if secret.err != nil {
 			return "", secret.err
 		}
 	}
 	tempFile := helm.writeTempFile
--- a/test/integration/run.sh
+++ b/test/integration/run.sh
@ -138,17 +138,24 @@ if [[ helm_major_version -eq 3 ]]; then
  sops="sops --hc-vault-transit $VAULT_ADDR/v1/sops/keys/key"
  mkdir -p ${dir}/tmp
  test_start "secretssops"
  info "Encrypt secrets"
  ${sops} -e ${dir}/env-1.secrets.yaml > ${dir}/tmp/env-1.secrets.sops.yaml || fail "${sops} failed at ${dir}/env-1.secrets.yaml"
  ${sops} -e ${dir}/env-2.secrets.yaml > ${dir}/tmp/env-2.secrets.sops.yaml || fail "${sops} failed at ${dir}/env-2.secrets.yaml"
  test_start "secretssops.1 - should fail without secrets plugin"
  info "Ensure helm-secrets is not installed"
  ${helm} plugin rm secrets || true
  info "Ensure helmfile fails when no helm-secrets is installed"
-  ${helmfile} -f ${dir}/secretssops.yaml -e direct build; code="$?"; echo Code: "$code"; [ "${code}" -ne 0 ] || fail "\"helmfile build\" should fail without secrets plugin"
+  unset code
  ${helmfile} -f ${dir}/secretssops.yaml -e direct build || code="$?"; code="${code:-0}"
  echo Code: "${code}"
  [ "${code}" -ne 0 ] || fail "\"helmfile build\" should fail without secrets plugin"
  test_pass "secretssops.1"
  test_start "secretssops.2 - should succeed with secrets plugin"
  info "Ensure helm-secrets is installed"
  ${helm} plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0
@ -156,7 +163,7 @@ if [[ helm_major_version -eq 3 ]]; then
  info "Ensure helmfile succeed when helm-secrets is installed"
  ${helmfile} -f ${dir}/secretssops.yaml -e direct build || fail "\"helmfile build\" shouldn't fail"
-  test_pass "secretssops"
+  test_pass "secretssops.2"
 fi
 # ALL DONE -----------------------------------------------------------------------------------------------------------