public_git
/
helmfile
mirror of https://github.com/helmfile/helmfile.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Redact sensitive informations like password in chart url 

Signed-off-by: Lüchinger Dominic <dev@snowgarden.ch>
This commit is contained in:
Lüchinger Dominic 2022-04-12 09:49:42 +02:00
parent c7b23a67cb
commit f89234e5dc
No known key found for this signature in database
GPG Key ID: 5768DD51B4D71C70
2 changed files with 96 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
pkg/helmexec/exec.go
View File

@ -4,6 +4,7 @@ import (
"bytes" "bytes"
"fmt" "fmt"
"io" "io"
"net/url"
"os" "os"
"path/filepath" "path/filepath"
"strconv" "strconv"
@ -82,6 +83,14 @@ func getHelmVersion(helmBinary string, runner Runner) (semver.Version, error) {
return parseHelmVersion(string(outBytes)) return parseHelmVersion(string(outBytes))
} }
func redactedUrl(chart string) string {
chartUrl, err := url.ParseRequestURI(chart)
if err != nil {
return chart
}
return chartUrl.Redacted()
}
// New for running helm commands // New for running helm commands
func New(helmBinary string, logger *zap.SugaredLogger, kubeContext string, runner Runner) *execer { func New(helmBinary string, logger *zap.SugaredLogger, kubeContext string, runner Runner) *execer {
// TODO: proper error handling // TODO: proper error handling
@ -196,7 +205,7 @@ func (helm *execer) UpdateDeps(chart string) error {
} }
func (helm *execer) SyncRelease(context HelmContext, name, chart string, flags ...string) error { func (helm *execer) SyncRelease(context HelmContext, name, chart string, flags ...string) error {
helm.logger.Infof("Upgrading release=%v, chart=%v", name, chart) helm.logger.Infof("Upgrading release=%v, chart=%v", name, redactedUrl(chart))
preArgs := context.GetTillerlessArgs(helm) preArgs := context.GetTillerlessArgs(helm)
env := context.getTillerlessEnv() env := context.getTillerlessEnv()
@ -348,7 +357,7 @@ func (helm *execer) DecryptSecret(context HelmContext, name string, flags ...str
} }
func (helm *execer) TemplateRelease(name string, chart string, flags ...string) error { func (helm *execer) TemplateRelease(name string, chart string, flags ...string) error {
helm.logger.Infof("Templating release=%v, chart=%v", name, chart) helm.logger.Infof("Templating release=%v, chart=%v", name, redactedUrl(chart))
var args []string var args []string
if helm.IsHelm3() { if helm.IsHelm3() {
args = []string{"template", name, chart} args = []string{"template", name, chart}
@ -387,9 +396,9 @@ func (helm *execer) TemplateRelease(name string, chart string, flags ...string)
func (helm *execer) DiffRelease(context HelmContext, name, chart string, suppressDiff bool, flags ...string) error { func (helm *execer) DiffRelease(context HelmContext, name, chart string, suppressDiff bool, flags ...string) error {
if context.Writer != nil { if context.Writer != nil {
fmt.Fprintf(context.Writer, "Comparing release=%v, chart=%v\n", name, chart) fmt.Fprintf(context.Writer, "Comparing release=%v, chart=%v\n", name, redactedUrl(chart))
} else { } else {
helm.logger.Infof("Comparing release=%v, chart=%v", name, chart) helm.logger.Infof("Comparing release=%v, chart=%v", name, redactedUrl(chart))
} }
preArgs := context.GetTillerlessArgs(helm) preArgs := context.GetTillerlessArgs(helm)
env := context.getTillerlessEnv() env := context.getTillerlessEnv()
@ -427,7 +436,7 @@ func (helm *execer) Lint(name, chart string, flags ...string) error {
} }
func (helm *execer) Fetch(chart string, flags ...string) error { func (helm *execer) Fetch(chart string, flags ...string) error {
helm.logger.Infof("Fetching %v", chart) helm.logger.Infof("Fetching %v", redactedUrl(chart))
out, err := helm.exec(append([]string{"fetch", chart}, flags...), map[string]string{}) out, err := helm.exec(append([]string{"fetch", chart}, flags...), map[string]string{})
helm.info(out) helm.info(out)
return err return err

83
pkg/helmexec/exec_test.go
View File

@ -253,6 +253,18 @@ exec: helm --kube-context dev upgrade --install --reset-values release chart --t
err = helm.SyncRelease(HelmContext{}, "release", "chart") err = helm.SyncRelease(HelmContext{}, "release", "chart")
expected = `Upgrading release=release, chart=chart expected = `Upgrading release=release, chart=chart
exec: helm --kube-context dev upgrade --install --reset-values release chart exec: helm --kube-context dev upgrade --install --reset-values release chart
`
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if buffer.String() != expected {
t.Errorf("helmexec.SyncRelease()\nactual = %v\nexpect = %v", buffer.String(), expected)
}
buffer.Reset()
err = helm.SyncRelease(HelmContext{}, "release", "https://example_user:example_password@repo.example.com/chart.tgz")
expected = `Upgrading release=release, chart=https://example_user:xxxxx@repo.example.com/chart.tgz
exec: helm --kube-context dev upgrade --install --reset-values release https://example_user:example_password@repo.example.com/chart.tgz
` `
if err != nil { if err != nil {
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)
@ -420,6 +432,18 @@ exec: helm --kube-context dev diff upgrade --reset-values --allow-unreleased rel
err = helm.DiffRelease(HelmContext{}, "release", "chart", false) err = helm.DiffRelease(HelmContext{}, "release", "chart", false)
expected = `Comparing release=release, chart=chart expected = `Comparing release=release, chart=chart
exec: helm --kube-context dev diff upgrade --reset-values --allow-unreleased release chart exec: helm --kube-context dev diff upgrade --reset-values --allow-unreleased release chart
`
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if buffer.String() != expected {
t.Errorf("helmexec.DiffRelease()\nactual = %v\nexpect = %v", buffer.String(), expected)
}
buffer.Reset()
err = helm.DiffRelease(HelmContext{}, "release", "https://example_user:example_password@repo.example.com/chart.tgz", false)
expected = `Comparing release=release, chart=https://example_user:xxxxx@repo.example.com/chart.tgz
exec: helm --kube-context dev diff upgrade --reset-values --allow-unreleased release https://example_user:example_password@repo.example.com/chart.tgz
` `
if err != nil { if err != nil {
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)
@ -621,7 +645,52 @@ exec: helm --kube-context dev fetch chart --version 1.2.3 --untar --untardir /tm
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)
} }
if buffer.String() != expected { if buffer.String() != expected {
t.Errorf("helmexec.Lint()\nactual = %v\nexpect = %v", buffer.String(), expected) t.Errorf("helmexec.Fetch()\nactual = %v\nexpect = %v", buffer.String(), expected)
}
buffer.Reset()
err = helm.Fetch("https://example_user:example_password@repo.example.com/chart.tgz", "--version", "1.2.3", "--untar", "--untardir", "/tmp/dir")
expected = `Fetching https://example_user:xxxxx@repo.example.com/chart.tgz
exec: helm --kube-context dev fetch https://example_user:example_password@repo.example.com/chart.tgz --version 1.2.3 --untar --untardir /tmp/dir
`
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if buffer.String() != expected {
t.Errorf("helmexec.Fetch()\nactual = %v\nexpect = %v", buffer.String(), expected)
}
}
func Test_ChartPull(t *testing.T) {
var buffer bytes.Buffer
logger := NewLogger(&buffer, "debug")
helm := MockExecer(logger, "dev")
err := helm.ChartPull("chart", "--version", "1.2.3", "--untar", "--untardir", "/tmp/dir")
expected := `Pulling chart
Exporting chart
exec: helm --kube-context dev chart pull chart --version 1.2.3 --untar --untardir /tmp/dir
`
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if buffer.String() != expected {
t.Errorf("helmexec.ChartPull()\nactual = %v\nexpect = %v", buffer.String(), expected)
}
}
func Test_ChartExport(t *testing.T) {
var buffer bytes.Buffer
logger := NewLogger(&buffer, "debug")
helm := MockExecer(logger, "dev")
err := helm.ChartExport("chart", "--version", "1.2.3", "--untar", "--untardir", "/tmp/dir")
expected := `Exporting chart
exec: helm --kube-context dev chart export chart --destination --version 1.2.3 --untar --untardir /tmp/dir
`
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if buffer.String() != expected {
t.Errorf("helmexec.ChartExport()\nactual = %v\nexpect = %v", buffer.String(), expected)
} }
} }
@ -691,6 +760,18 @@ func Test_Template(t *testing.T) {
err := helm.TemplateRelease("release", "path/to/chart", "--values", "file.yml") err := helm.TemplateRelease("release", "path/to/chart", "--values", "file.yml")
expected := `Templating release=release, chart=path/to/chart expected := `Templating release=release, chart=path/to/chart
exec: helm --kube-context dev template path/to/chart --name release --values file.yml exec: helm --kube-context dev template path/to/chart --name release --values file.yml
`
if err != nil {
t.Errorf("unexpected error: %v", err)
}
if buffer.String() != expected {
t.Errorf("helmexec.Template()\nactual = %v\nexpect = %v", buffer.String(), expected)
}
buffer.Reset()
err = helm.TemplateRelease("release", "https://example_user:example_password@repo.example.com/chart.tgz", "--values", "file.yml")
expected = `Templating release=release, chart=https://example_user:xxxxx@repo.example.com/chart.tgz
exec: helm --kube-context dev template https://example_user:example_password@repo.example.com/chart.tgz --name release --values file.yml
` `
if err != nil { if err != nil {
t.Errorf("unexpected error: %v", err) t.Errorf("unexpected error: %v", err)