Merge pull request #201 from magicmemories/fix/helm-secrets-view

fix: use helm secrets view rather than helm secrets dec to decrypt
2022-07-16 21:04:48 +09:00 · 2022-07-16 21:04:48 +09:00 · cc13492623
parent 1d61d7d3e7 a93661d382
commit cc13492623
2 changed files with 19 additions and 34 deletions
--- a/pkg/helmexec/exec.go
+++ b/pkg/helmexec/exec.go
@ -281,38 +281,14 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
 		helm.logger.Infof("Decrypting secret %v", absPath)
 		preArgs := context.GetTillerlessArgs(helm)
 		env := context.getTillerlessEnv()
-		out, err := helm.exec(append(append(preArgs, "secrets", "dec", absPath), flags...), env)
-		helm.info(out)
+		secretBytes, err := helm.exec(append(append(preArgs, "secrets", "view", absPath), flags...), env)
 		if err != nil {
 			secret.err = err
 			return "", err
 		}

-		// HELM_SECRETS_DEC_SUFFIX is used by the helm-secrets plugin to define the output file
-		decSuffix := os.Getenv("HELM_SECRETS_DEC_SUFFIX")
-		if len(decSuffix) == 0 {
-			decSuffix = ".yaml.dec"
-		}
-
-		// helm secrets replaces the extension with its suffix ONLY when the extension is ".yaml"
-		var decFilename string
-		if strings.HasSuffix(absPath, ".yaml") {
-			decFilename = strings.Replace(absPath, ".yaml", decSuffix, 1)
-		} else {
-			decFilename = absPath + decSuffix
-		}
-
-		secretBytes, err := os.ReadFile(decFilename)
-		if err != nil {
-			secret.err = err
-			return "", err
-		}
 		secret.bytes = secretBytes

-		if err := os.Remove(decFilename); err != nil {
-			return "", err
-		}
-
 	} else {
 		// Cache hit
 		helm.logger.Debugf("Found secret in cache %v", absPath)
--- a/pkg/helmexec/exec_test.go
+++ b/pkg/helmexec/exec_test.go
@ -362,10 +362,7 @@ func Test_DecryptSecret(t *testing.T) {

 	_, err := helm.DecryptSecret(HelmContext{}, "secretName")
 	if err != nil {
-		if _, ok := err.(*os.PathError); ok {
-		} else {
-			t.Errorf("Error: %v", err)
-		}
+		t.Errorf("Error: %v", err)
 	}
 	cwd, err := filepath.Abs(".")
 	if err != nil {
@ -376,10 +373,12 @@ func Test_DecryptSecret(t *testing.T) {

 	expected := fmt.Sprintf(`Preparing to decrypt secret %v/secretName
 Decrypting secret %s/secretName
-exec: helm --kube-context dev secrets dec %s/secretName
+exec: helm --kube-context dev secrets view %s/secretName
+Decrypted %s/secretName into %s
 Preparing to decrypt secret %s/secretName
 Found secret in cache %s/secretName
-`, cwd, cwd, cwd, cwd, cwd)
+Decrypted %s/secretName into %s
+`, cwd, cwd, cwd, cwd, tmpFilePath, cwd, cwd, cwd, tmpFilePath)
 	if err != nil {
 		if _, ok := err.(*os.PathError); ok {
 		} else {
@ -402,14 +401,24 @@ func Test_DecryptSecretWithGotmpl(t *testing.T) {
 	}

 	secretName := "secretName.yaml.gotmpl"
-	_, decryptErr := helm.DecryptSecret(HelmContext{}, secretName)
+	_, err := helm.DecryptSecret(HelmContext{}, secretName)
+	if err != nil {
+		t.Errorf("Error: %v", err)
+	}
 	cwd, err := filepath.Abs(".")
 	if err != nil {
 		t.Errorf("Error: %v", err)
 	}

-	expected := fmt.Sprintf(`%s/%s.yaml.dec`, cwd, secretName)
-	if d := cmp.Diff(expected, decryptErr.(*os.PathError).Path); d != "" {
+	expected := fmt.Sprintf(`Preparing to decrypt secret %v/secretName.yaml.gotmpl
+Decrypting secret %s/secretName.yaml.gotmpl
+exec: helm --kube-context dev secrets view %s/secretName.yaml.gotmpl
+Decrypted %s/secretName.yaml.gotmpl into %s
+`, cwd, cwd, cwd, cwd, tmpFilePath)
+	if err != nil {
+		t.Errorf("Error: %v", err)
+	}
+	if d := cmp.Diff(expected, buffer.String()); d != "" {
 		t.Errorf("helmexec.DecryptSecret(): want (-), got (+):\n%s", d)
 	}
 }