fix: fixed secrets decryption failed issue
This commit is contained in:
Andrey Tuzhilin
Yusuke Kuoka
parent
d04cd1b1a7
commit
59f4043fc5
|
|
@ -19,6 +19,7 @@ import (
|
|||
type decryptedSecret struct {
|
||||
mutex sync.RWMutex
|
||||
bytes []byte
|
||||
err error
|
||||
}
|
||||
|
||||
type execer struct {
|
||||
|
|
@ -268,6 +269,7 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
|
|||
out, err := helm.exec(append(append(preArgs, "secrets", "dec", absPath), flags...), env)
|
||||
helm.info(out)
|
||||
if err != nil {
|
||||
secret.err = err
|
||||
return "", err
|
||||
}
|
||||
|
||||
|
|
@ -280,6 +282,7 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
|
|||
|
||||
secretBytes, err := ioutil.ReadFile(decFilename)
|
||||
if err != nil {
|
||||
secret.err = err
|
||||
return "", err
|
||||
}
|
||||
secret.bytes = secretBytes
|
||||
|
|
@ -295,6 +298,10 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
|
|||
secret.mutex.RLock()
|
||||
helm.decryptedSecretMutex.Unlock()
|
||||
defer secret.mutex.RUnlock()
|
||||
|
||||
if secret.err != nil {
|
||||
return "", secret.err
|
||||
}
|
||||
}
|
||||
|
||||
tempFile := helm.writeTempFile
|
||||
|
|
|
|||
|
|
@ -138,17 +138,24 @@ if [[ helm_major_version -eq 3 ]]; then
|
|||
sops="sops --hc-vault-transit $VAULT_ADDR/v1/sops/keys/key"
|
||||
mkdir -p ${dir}/tmp
|
||||
|
||||
test_start "secretssops"
|
||||
|
||||
info "Encrypt secrets"
|
||||
${sops} -e ${dir}/env-1.secrets.yaml > ${dir}/tmp/env-1.secrets.sops.yaml || fail "${sops} failed at ${dir}/env-1.secrets.yaml"
|
||||
${sops} -e ${dir}/env-2.secrets.yaml > ${dir}/tmp/env-2.secrets.sops.yaml || fail "${sops} failed at ${dir}/env-2.secrets.yaml"
|
||||
|
||||
test_start "secretssops.1 - should fail without secrets plugin"
|
||||
|
||||
info "Ensure helm-secrets is not installed"
|
||||
${helm} plugin rm secrets || true
|
||||
|
||||
info "Ensure helmfile fails when no helm-secrets is installed"
|
||||
${helmfile} -f ${dir}/secretssops.yaml -e direct build; code="$?"; echo Code: "$code"; [ "${code}" -ne 0 ] || fail "\"helmfile build\" should fail without secrets plugin"
|
||||
unset code
|
||||
${helmfile} -f ${dir}/secretssops.yaml -e direct build || code="$?"; code="${code:-0}"
|
||||
echo Code: "${code}"
|
||||
[ "${code}" -ne 0 ] || fail "\"helmfile build\" should fail without secrets plugin"
|
||||
|
||||
test_pass "secretssops.1"
|
||||
|
||||
test_start "secretssops.2 - should succeed with secrets plugin"
|
||||
|
||||
info "Ensure helm-secrets is installed"
|
||||
${helm} plugin install https://github.com/jkroepke/helm-secrets --version v3.5.0
|
||||
|
|
@ -156,7 +163,7 @@ if [[ helm_major_version -eq 3 ]]; then
|
|||
info "Ensure helmfile succeed when helm-secrets is installed"
|
||||
${helmfile} -f ${dir}/secretssops.yaml -e direct build || fail "\"helmfile build\" shouldn't fail"
|
||||
|
||||
test_pass "secretssops"
|
||||
test_pass "secretssops.2"
|
||||
fi
|
||||
|
||||
# ALL DONE -----------------------------------------------------------------------------------------------------------
|
||||
|
|
|
|||
Loading…
Reference in New Issue