Merge pull request #201 from magicmemories/fix/helm-secrets-view

fix: use helm secrets view rather than helm secrets dec to decrypt
2022-07-16 21:04:48 +09:00 · 2022-07-16 21:04:48 +09:00 · cc13492623
parent 1d61d7d3e7 a93661d382
commit cc13492623
2 changed files with 19 additions and 34 deletions
--- a/pkg/helmexec/exec.go
+++ b/pkg/helmexec/exec.go
@ -281,38 +281,14 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
 		helm.logger.Infof("Decrypting secret %v", absPath)
 		preArgs := context.GetTillerlessArgs(helm)
 		env := context.getTillerlessEnv()
-		out, err := helm.exec(append(append(preArgs, "secrets", "dec", absPath), flags...), env)
+		secretBytes, err := helm.exec(append(append(preArgs, "secrets", "view", absPath), flags...), env)
 		helm.info(out)
 		if err != nil {
 			secret.err = err
 			return "", err
 		}
 		// HELM_SECRETS_DEC_SUFFIX is used by the helm-secrets plugin to define the output file
 		decSuffix := os.Getenv("HELM_SECRETS_DEC_SUFFIX")
 		if len(decSuffix) == 0 {
 			decSuffix = ".yaml.dec"
 		}
 		// helm secrets replaces the extension with its suffix ONLY when the extension is ".yaml"
 		var decFilename string
 		if strings.HasSuffix(absPath, ".yaml") {
 			decFilename = strings.Replace(absPath, ".yaml", decSuffix, 1)
 		} else {
 			decFilename = absPath + decSuffix
 		}
 		secretBytes, err := os.ReadFile(decFilename)
 		if err != nil {
 			secret.err = err
 			return "", err
 		}
 		secret.bytes = secretBytes
 		if err := os.Remove(decFilename); err != nil {
 			return "", err
 		}
 	} else {
 		// Cache hit
 		helm.logger.Debugf("Found secret in cache %v", absPath)
--- a/pkg/helmexec/exec_test.go
+++ b/pkg/helmexec/exec_test.go
@ -362,10 +362,7 @@ func Test_DecryptSecret(t *testing.T) {
 	_, err := helm.DecryptSecret(HelmContext{}, "secretName")
 	if err != nil {
-		if _, ok := err.(*os.PathError); ok {
+		t.Errorf("Error: %v", err)
 		} else {
 			t.Errorf("Error: %v", err)
 		}
 	}
 	cwd, err := filepath.Abs(".")
 	if err != nil {
@ -376,10 +373,12 @@ func Test_DecryptSecret(t *testing.T) {
 	expected := fmt.Sprintf(`Preparing to decrypt secret %v/secretName
 Decrypting secret %s/secretName
-exec: helm --kube-context dev secrets dec %s/secretName
+exec: helm --kube-context dev secrets view %s/secretName
 Decrypted %s/secretName into %s
 Preparing to decrypt secret %s/secretName
 Found secret in cache %s/secretName
-`, cwd, cwd, cwd, cwd, cwd)
+Decrypted %s/secretName into %s
 `, cwd, cwd, cwd, cwd, tmpFilePath, cwd, cwd, cwd, tmpFilePath)
 	if err != nil {
 		if _, ok := err.(*os.PathError); ok {
 		} else {
@ -402,14 +401,24 @@ func Test_DecryptSecretWithGotmpl(t *testing.T) {
 	}
 	secretName := "secretName.yaml.gotmpl"
-	_, decryptErr := helm.DecryptSecret(HelmContext{}, secretName)
+	_, err := helm.DecryptSecret(HelmContext{}, secretName)
 	if err != nil {
 		t.Errorf("Error: %v", err)
 	}
 	cwd, err := filepath.Abs(".")
 	if err != nil {
 		t.Errorf("Error: %v", err)
 	}
-	expected := fmt.Sprintf(`%s/%s.yaml.dec`, cwd, secretName)
+	expected := fmt.Sprintf(`Preparing to decrypt secret %v/secretName.yaml.gotmpl
-	if d := cmp.Diff(expected, decryptErr.(*os.PathError).Path); d != "" {
+Decrypting secret %s/secretName.yaml.gotmpl
 exec: helm --kube-context dev secrets view %s/secretName.yaml.gotmpl
 Decrypted %s/secretName.yaml.gotmpl into %s
 `, cwd, cwd, cwd, cwd, tmpFilePath)
 	if err != nil {
 		t.Errorf("Error: %v", err)
 	}
 	if d := cmp.Diff(expected, buffer.String()); d != "" {
 		t.Errorf("helmexec.DecryptSecret(): want (-), got (+):\n%s", d)
 	}
 }