From 74c1f9e9a0248dfba75a1a74f32c592343d6f882 Mon Sep 17 00:00:00 2001 From: Adam Gardner Date: Wed, 29 Jun 2022 15:31:07 -1000 Subject: [PATCH 1/4] fix: use helm secrets view rather than helm secrets dec to decrypt Signed-off-by: Adam Gardner chore: fix test case broken by change of helm subcommand Signed-off-by: Adam Gardner --- pkg/helmexec/exec.go | 26 +------------------------- pkg/helmexec/exec_test.go | 2 +- 2 files changed, 2 insertions(+), 26 deletions(-) diff --git a/pkg/helmexec/exec.go b/pkg/helmexec/exec.go index dc1668c6..ca52d054 100644 --- a/pkg/helmexec/exec.go +++ b/pkg/helmexec/exec.go @@ -281,38 +281,14 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str helm.logger.Infof("Decrypting secret %v", absPath) preArgs := context.GetTillerlessArgs(helm) env := context.getTillerlessEnv() - out, err := helm.exec(append(append(preArgs, "secrets", "dec", absPath), flags...), env) - helm.info(out) + secretBytes, err := helm.exec(append(append(preArgs, "secrets", "view", absPath), flags...), env) if err != nil { secret.err = err return "", err } - // HELM_SECRETS_DEC_SUFFIX is used by the helm-secrets plugin to define the output file - decSuffix := os.Getenv("HELM_SECRETS_DEC_SUFFIX") - if len(decSuffix) == 0 { - decSuffix = ".yaml.dec" - } - - // helm secrets replaces the extension with its suffix ONLY when the extension is ".yaml" - var decFilename string - if strings.HasSuffix(absPath, ".yaml") { - decFilename = strings.Replace(absPath, ".yaml", decSuffix, 1) - } else { - decFilename = absPath + decSuffix - } - - secretBytes, err := os.ReadFile(decFilename) - if err != nil { - secret.err = err - return "", err - } secret.bytes = secretBytes - if err := os.Remove(decFilename); err != nil { - return "", err - } - } else { // Cache hit helm.logger.Debugf("Found secret in cache %v", absPath) diff --git a/pkg/helmexec/exec_test.go b/pkg/helmexec/exec_test.go index a00950c6..52b9bcc6 100644 --- a/pkg/helmexec/exec_test.go +++ b/pkg/helmexec/exec_test.go @@ -376,7 +376,7 @@ func Test_DecryptSecret(t *testing.T) { expected := fmt.Sprintf(`Preparing to decrypt secret %v/secretName Decrypting secret %s/secretName -exec: helm --kube-context dev secrets dec %s/secretName +exec: helm --kube-context dev secrets view %s/secretName Preparing to decrypt secret %s/secretName Found secret in cache %s/secretName `, cwd, cwd, cwd, cwd, cwd) From c1eb7f0623ee9544cc93ce4546c02f0b36fae8cf Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Thu, 30 Jun 2022 06:22:58 -0700 Subject: [PATCH 2/4] Fix Test_DecryptSecret Signed-off-by: Radon Rosborough --- pkg/helmexec/exec_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/helmexec/exec_test.go b/pkg/helmexec/exec_test.go index 52b9bcc6..ff4912f1 100644 --- a/pkg/helmexec/exec_test.go +++ b/pkg/helmexec/exec_test.go @@ -377,9 +377,11 @@ func Test_DecryptSecret(t *testing.T) { expected := fmt.Sprintf(`Preparing to decrypt secret %v/secretName Decrypting secret %s/secretName exec: helm --kube-context dev secrets view %s/secretName +Decrypted %s/secretName into %s Preparing to decrypt secret %s/secretName Found secret in cache %s/secretName -`, cwd, cwd, cwd, cwd, cwd) +Decrypted %s/secretName into %s +`, cwd, cwd, cwd, cwd, tmpFilePath, cwd, cwd, cwd, tmpFilePath) if err != nil { if _, ok := err.(*os.PathError); ok { } else { From de6a9aeebf450fb77a3c9e7980702f347888420b Mon Sep 17 00:00:00 2001 From: Radon Rosborough Date: Thu, 30 Jun 2022 06:44:21 -0700 Subject: [PATCH 3/4] Fix Test_DecryptSecretWithGotmpl Signed-off-by: Radon Rosborough --- pkg/helmexec/exec_test.go | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/pkg/helmexec/exec_test.go b/pkg/helmexec/exec_test.go index ff4912f1..e740f059 100644 --- a/pkg/helmexec/exec_test.go +++ b/pkg/helmexec/exec_test.go @@ -362,10 +362,7 @@ func Test_DecryptSecret(t *testing.T) { _, err := helm.DecryptSecret(HelmContext{}, "secretName") if err != nil { - if _, ok := err.(*os.PathError); ok { - } else { - t.Errorf("Error: %v", err) - } + t.Errorf("Error: %v", err) } cwd, err := filepath.Abs(".") if err != nil { @@ -404,14 +401,27 @@ func Test_DecryptSecretWithGotmpl(t *testing.T) { } secretName := "secretName.yaml.gotmpl" - _, decryptErr := helm.DecryptSecret(HelmContext{}, secretName) + _, err := helm.DecryptSecret(HelmContext{}, secretName) + if err != nil { + t.Errorf("Error: %v", err) + } cwd, err := filepath.Abs(".") if err != nil { t.Errorf("Error: %v", err) } - expected := fmt.Sprintf(`%s/%s.yaml.dec`, cwd, secretName) - if d := cmp.Diff(expected, decryptErr.(*os.PathError).Path); d != "" { + expected := fmt.Sprintf(`Preparing to decrypt secret %v/secretName.yaml.gotmpl +Decrypting secret %s/secretName.yaml.gotmpl +exec: helm --kube-context dev secrets view %s/secretName.yaml.gotmpl +Decrypted %s/secretName.yaml.gotmpl into %s +`, cwd, cwd, cwd, cwd, tmpFilePath) + if err != nil { + if _, ok := err.(*os.PathError); ok { + } else { + t.Errorf("Error: %v", err) + } + } + if d := cmp.Diff(expected, buffer.String()); d != "" { t.Errorf("helmexec.DecryptSecret(): want (-), got (+):\n%s", d) } } From a93661d382cf1bdf5daa3c615e71ef1f1e53f5a4 Mon Sep 17 00:00:00 2001 From: Adam Gardner Date: Sun, 10 Jul 2022 09:15:18 -1000 Subject: [PATCH 4/4] chore: remove obsolete exemption of os.PathError in test case Signed-off-by: Adam Gardner --- pkg/helmexec/exec_test.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkg/helmexec/exec_test.go b/pkg/helmexec/exec_test.go index e740f059..94967190 100644 --- a/pkg/helmexec/exec_test.go +++ b/pkg/helmexec/exec_test.go @@ -416,10 +416,7 @@ exec: helm --kube-context dev secrets view %s/secretName.yaml.gotmpl Decrypted %s/secretName.yaml.gotmpl into %s `, cwd, cwd, cwd, cwd, tmpFilePath) if err != nil { - if _, ok := err.(*os.PathError); ok { - } else { - t.Errorf("Error: %v", err) - } + t.Errorf("Error: %v", err) } if d := cmp.Diff(expected, buffer.String()); d != "" { t.Errorf("helmexec.DecryptSecret(): want (-), got (+):\n%s", d)