Skip to content

Commit

Permalink
feat: refactor KsDecode to handle stringData and data nodes (#543)
Browse files Browse the repository at this point in the history
* feat: refactor KsDecode to handle stringData and data nodes

Signed-off-by: yxxhero <[email protected]>

* feat(secret): remove sensitive data from secret file

Signed-off-by: yxxhero <[email protected]>

---------

Signed-off-by: yxxhero <[email protected]>
  • Loading branch information
yxxhero authored Oct 14, 2024
1 parent 9f44c62 commit a9480c5
Show file tree
Hide file tree
Showing 5 changed files with 67 additions and 16 deletions.
71 changes: 59 additions & 12 deletions cmd/vals/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,7 @@ the vals-eval outputs onto the disk, for security reasons.`)
if *export {
l = "export " + l
}
fmt.Fprintln(os.Stdout, l)
_, _ = fmt.Fprintln(os.Stdout, l)
}
case CmdKsDecode:
evalCmd := flag.NewFlagSet(CmdKsDecode, flag.ExitOnError)
Expand Down Expand Up @@ -269,9 +269,15 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) {

var res yaml.Node = node

var kk yaml.Node
var vv yaml.Node
var ii int
// record the original data node
var datakk yaml.Node
var datavv yaml.Node
var dataii int

// record the original stringData node
var stringDatakk yaml.Node
var stringDatavv yaml.Node
var stringDataii int

isSecret := false
mappings := node.Content[0].Content
Expand All @@ -285,16 +291,32 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) {
}

if k.Value == "data" {
ii = i
kk = *k
vv = *v
dataii = i
datakk = *k
datavv = *v
}
if k.Value == "stringData" {
stringDataii = i
stringDatakk = *k
stringDatavv = *v
}
}

if isSecret && !kk.IsZero() {
kk.Value = "stringData"
// if not a secret, just return the node
if !isSecret {
return &res, nil
}

v := vv
// if data node not exists, just return the node
if datakk.IsZero() {
return &res, nil
}

// stringData node not exists
if stringDatakk.IsZero() {
datakk.Value = "stringData"

v := datavv
nestedMappings := v.Content
v.Content = make([]*yaml.Node, len(v.Content))
for i := 0; i < len(nestedMappings); i += 2 {
Expand All @@ -309,10 +331,35 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) {
v.Content[i+1] = nestedMappings[i+1]
}

res.Content[0].Content[ii] = &kk
res.Content[0].Content[ii+1] = &v
res.Content[0].Content[dataii] = &datakk
res.Content[0].Content[dataii+1] = &v
return &res, nil
}

// stringData and data node exist in the mean time
dv := datavv
sv := stringDatavv
dNestedMappings := dv.Content
for i := 0; i < len(dNestedMappings); i += 2 {
b64 := dNestedMappings[i+1].Value
decoded, err := base64.StdEncoding.DecodeString(b64)
if err != nil {
return nil, err
}
// replace the value of the nested mapping
dNestedMappings[i+1].Value = string(decoded)

sv.Content = append(sv.Content, dNestedMappings[i])
sv.Content = append(sv.Content, dNestedMappings[i+1])
}

// replace the stringData node
res.Content[0].Content[stringDataii] = &stringDatakk
res.Content[0].Content[stringDataii+1] = &sv

// remove the data node
res.Content[0].Content = append(res.Content[0].Content[:dataii], res.Content[0].Content[dataii+2:]...)

return &res, nil
}

Expand Down
3 changes: 3 additions & 0 deletions cmd/vals/main_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,12 @@ import (
func TestKsDecode(t *testing.T) {
in := `data:
foo: Rk9P
stringData:
bar: BAR
kind: Secret
`
outExpected := `stringData:
bar: BAR
foo: FOO
kind: Secret
`
Expand Down
4 changes: 2 additions & 2 deletions io.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ func Output(output io.Writer, format string, nodes []yaml.Node) error {
if err != nil {
return err
}
fmt.Fprintln(output, string(bs))
_, _ = fmt.Fprintln(output, string(bs))
} else {
encoder := yaml.NewEncoder(output)
encoder.SetIndent(2)
Expand All @@ -97,7 +97,7 @@ func Output(output io.Writer, format string, nodes []yaml.Node) error {
}
}
if i != len(nodes)-1 {
fmt.Fprintln(output, "---")
_, _ = fmt.Fprintln(output, "---")
}
}
return nil
Expand Down
2 changes: 1 addition & 1 deletion pkg/log/log.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,5 @@ func New(c Config) *Logger {
}

func (l *Logger) Debugf(msg string, args ...interface{}) {
fmt.Fprintf(l.output, msg+"\n", args...)
_, _ = fmt.Fprintf(l.output, msg+"\n", args...)
}
3 changes: 2 additions & 1 deletion pkg/providers/vault/kv_helper.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package vault

import (
"errors"
"net/http"
"path"
"strings"

Expand Down Expand Up @@ -30,7 +31,7 @@ func kvPreflightVersionRequest(client *api.Client, path string) (string, int, er
if err != nil {
// If we get a 404 we are using an older version of vault, default to
// version 1
if resp != nil && resp.StatusCode == 404 {
if resp != nil && resp.StatusCode == http.StatusNotFound {
return "", 1, nil
}

Expand Down

0 comments on commit a9480c5

Please sign in to comment.