From 2daea2b52c9f10806b093ed770b3cd6f1b28b296 Mon Sep 17 00:00:00 2001 From: Timofey Kirillov Date: Tue, 24 May 2022 19:06:56 +0300 Subject: [PATCH] feat(bundles): --secret-values option for werf-bundle-apply command Signed-off-by: Timofey Kirillov --- cmd/werf/bundle/apply/apply.go | 8 +++- cmd/werf/bundle/render/render.go | 2 +- pkg/deploy/helm/chart_extender/bundle.go | 39 ++++++++++++++++++- .../helpers/secrets/secrets_runtime_data.go | 14 ++++--- pkg/deploy/helm/chart_extender/werf_chart.go | 5 +-- 5 files changed, 57 insertions(+), 11 deletions(-) diff --git a/cmd/werf/bundle/apply/apply.go b/cmd/werf/bundle/apply/apply.go index 63393b1953..e4b7e6d732 100644 --- a/cmd/werf/bundle/apply/apply.go +++ b/cmd/werf/bundle/apply/apply.go @@ -22,6 +22,7 @@ import ( "github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers" "github.com/werf/werf/pkg/deploy/helm/command_helpers" "github.com/werf/werf/pkg/deploy/lock_manager" + "github.com/werf/werf/pkg/deploy/secrets_manager" "github.com/werf/werf/pkg/werf" "github.com/werf/werf/pkg/werf/global_warnings" ) @@ -80,6 +81,8 @@ func NewCmd() *cobra.Command { common.SetupSetString(&commonCmdData, cmd) common.SetupSetFile(&commonCmdData, cmd) common.SetupValues(&commonCmdData, cmd) + common.SetupSecretValues(&commonCmdData, cmd) + common.SetupIgnoreSecretKey(&commonCmdData, cmd) common.SetupKubeConfig(&commonCmdData, cmd) common.SetupKubeConfigBase64(&commonCmdData, cmd) @@ -184,7 +187,10 @@ func runApply() error { userExtraAnnotations["project.werf.io/env"] = *commonCmdData.Environment } - bundle, err := chart_extender.NewBundle(ctx, bundleTmpDir, helm_v3.Settings, helmRegistryClientHandle, chart_extender.BundleOptions{ + secretsManager := secrets_manager.NewSecretsManager(secrets_manager.SecretsManagerOptions{DisableSecretsDecryption: *commonCmdData.IgnoreSecretKey}) + + bundle, err := chart_extender.NewBundle(ctx, bundleTmpDir, helm_v3.Settings, helmRegistryClientHandle, secretsManager, chart_extender.BundleOptions{ + SecretValueFiles: common.GetSecretValues(&commonCmdData), BuildChartDependenciesOpts: command_helpers.BuildChartDependenciesOptions{IgnoreInvalidAnnotationsAndLabels: true}, IgnoreInvalidAnnotationsAndLabels: true, ExtraAnnotations: userExtraAnnotations, diff --git a/cmd/werf/bundle/render/render.go b/cmd/werf/bundle/render/render.go index ef254c3b3a..ecf7cb2a20 100644 --- a/cmd/werf/bundle/render/render.go +++ b/cmd/werf/bundle/render/render.go @@ -186,7 +186,7 @@ func runRender(ctx context.Context) error { userExtraAnnotations["project.werf.io/env"] = *commonCmdData.Environment } - bundle, err := chart_extender.NewBundle(ctx, bundleDir, helm_v3.Settings, helmRegistryClientHandle, chart_extender.BundleOptions{ + bundle, err := chart_extender.NewBundle(ctx, bundleDir, helm_v3.Settings, helmRegistryClientHandle, nil, chart_extender.BundleOptions{ BuildChartDependenciesOpts: command_helpers.BuildChartDependenciesOptions{IgnoreInvalidAnnotationsAndLabels: false}, IgnoreInvalidAnnotationsAndLabels: false, ExtraAnnotations: userExtraAnnotations, diff --git a/pkg/deploy/helm/chart_extender/bundle.go b/pkg/deploy/helm/chart_extender/bundle.go index 78db0cc492..04adca310a 100644 --- a/pkg/deploy/helm/chart_extender/bundle.go +++ b/pkg/deploy/helm/chart_extender/bundle.go @@ -20,24 +20,29 @@ import ( "github.com/werf/logboek" "github.com/werf/werf/pkg/deploy/helm" "github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers" + "github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers/secrets" "github.com/werf/werf/pkg/deploy/helm/command_helpers" + "github.com/werf/werf/pkg/deploy/secrets_manager" ) type BundleOptions struct { + SecretValueFiles []string BuildChartDependenciesOpts command_helpers.BuildChartDependenciesOptions ExtraAnnotations map[string]string ExtraLabels map[string]string IgnoreInvalidAnnotationsAndLabels bool } -func NewBundle(ctx context.Context, dir string, helmEnvSettings *cli.EnvSettings, registryClient *registry.Client, opts BundleOptions) (*Bundle, error) { +func NewBundle(ctx context.Context, dir string, helmEnvSettings *cli.EnvSettings, registryClient *registry.Client, secretsManager *secrets_manager.SecretsManager, opts BundleOptions) (*Bundle, error) { bundle := &Bundle{ Dir: dir, + SecretValueFiles: opts.SecretValueFiles, HelmEnvSettings: helmEnvSettings, RegistryClient: registryClient, BuildChartDependenciesOpts: opts.BuildChartDependenciesOpts, ChartExtenderServiceValuesData: helpers.NewChartExtenderServiceValuesData(), ChartExtenderContextData: helpers.NewChartExtenderContextData(ctx), + secretsManager: secretsManager, } extraAnnotationsAndLabelsPostRenderer := helm.NewExtraAnnotationsAndLabelsPostRenderer(nil, nil, opts.IgnoreInvalidAnnotationsAndLabels) @@ -67,13 +72,16 @@ func NewBundle(ctx context.Context, dir string, helmEnvSettings *cli.EnvSettings */ type Bundle struct { Dir string + SecretValueFiles []string HelmChart *chart.Chart HelmEnvSettings *cli.EnvSettings RegistryClient *registry.Client BuildChartDependenciesOpts command_helpers.BuildChartDependenciesOptions extraAnnotationsAndLabelsPostRenderer *helm.ExtraAnnotationsAndLabelsPostRenderer + secretsManager *secrets_manager.SecretsManager + *secrets.SecretsRuntimeData *helpers.ChartExtenderServiceValuesData *helpers.ChartExtenderContextData } @@ -93,11 +101,27 @@ func (bundle *Bundle) ChainPostRenderer(postRenderer postrender.PostRenderer) po // ChartCreated method for the chart.Extender interface func (bundle *Bundle) ChartCreated(c *chart.Chart) error { bundle.HelmChart = c + bundle.SecretsRuntimeData = secrets.NewSecretsRuntimeData() return nil } // ChartLoaded method for the chart.Extender interface func (bundle *Bundle) ChartLoaded(files []*chart.ChartExtenderBufferedFile) error { + if bundle.secretsManager != nil { + wd, err := os.Getwd() + if err != nil { + return fmt.Errorf("unable to get current working dir: %w", err) + } + + if err := bundle.SecretsRuntimeData.DecodeAndLoadSecrets(bundle.ChartExtenderContext, files, bundle.Dir, wd, bundle.secretsManager, secrets.DecodeAndLoadSecretsOptions{ + LoadFromLocalFilesystem: true, + CustomSecretValueFiles: bundle.SecretValueFiles, + WithoutDefaultSecretValues: true, + }); err != nil { + return fmt.Errorf("error decoding secrets: %w", err) + } + } + return nil } @@ -110,9 +134,22 @@ func (bundle *Bundle) ChartDependenciesLoaded() error { func (bundle *Bundle) MakeValues(inputVals map[string]interface{}) (map[string]interface{}, error) { vals := make(map[string]interface{}) + debugPrintValues(bundle.ChartExtenderContext, "service", bundle.ServiceValues) chartutil.CoalesceTables(vals, bundle.ServiceValues) + + if debugSecretValues() { + debugPrintValues(bundle.ChartExtenderContext, "secret", bundle.SecretsRuntimeData.DecodedSecretValues) + } + chartutil.CoalesceTables(vals, bundle.SecretsRuntimeData.DecodedSecretValues) + + debugPrintValues(bundle.ChartExtenderContext, "input", inputVals) chartutil.CoalesceTables(vals, inputVals) + if debugSecretValues() { + // Only print all values with secrets when secret values debug enabled + debugPrintValues(bundle.ChartExtenderContext, "all", vals) + } + data, err := yaml.Marshal(vals) logboek.Context(bundle.ChartExtenderContext).Debug().LogF("-- Bundle.MakeValues result (err=%v):\n%s\n---\n", err, data) diff --git a/pkg/deploy/helm/chart_extender/helpers/secrets/secrets_runtime_data.go b/pkg/deploy/helm/chart_extender/helpers/secrets/secrets_runtime_data.go index 2e3e73ffdf..27fb133585 100644 --- a/pkg/deploy/helm/chart_extender/helpers/secrets/secrets_runtime_data.go +++ b/pkg/deploy/helm/chart_extender/helpers/secrets/secrets_runtime_data.go @@ -26,17 +26,21 @@ func NewSecretsRuntimeData() *SecretsRuntimeData { } type DecodeAndLoadSecretsOptions struct { - GiterminismManager giterminism_manager.Interface - CustomSecretValueFiles []string - LoadFromLocalFilesystem bool + GiterminismManager giterminism_manager.Interface + CustomSecretValueFiles []string + LoadFromLocalFilesystem bool + WithoutDefaultSecretValues bool } func (secretsRuntimeData *SecretsRuntimeData) DecodeAndLoadSecrets(ctx context.Context, loadedChartFiles []*chart.ChartExtenderBufferedFile, chartDir, secretsWorkingDir string, secretsManager *secrets_manager.SecretsManager, opts DecodeAndLoadSecretsOptions) error { secretDirFiles := GetSecretDirFiles(loadedChartFiles) var loadedSecretValuesFiles []*chart.ChartExtenderBufferedFile - if defaultSecretValues := GetDefaultSecretValuesFile(chartDir, loadedChartFiles); defaultSecretValues != nil { - loadedSecretValuesFiles = append(loadedSecretValuesFiles, defaultSecretValues) + + if !opts.WithoutDefaultSecretValues { + if defaultSecretValues := GetDefaultSecretValuesFile(chartDir, loadedChartFiles); defaultSecretValues != nil { + loadedSecretValuesFiles = append(loadedSecretValuesFiles, defaultSecretValues) + } } for _, customSecretValuesFileName := range opts.CustomSecretValueFiles { diff --git a/pkg/deploy/helm/chart_extender/werf_chart.go b/pkg/deploy/helm/chart_extender/werf_chart.go index 590c97eaa0..b8431e3e85 100644 --- a/pkg/deploy/helm/chart_extender/werf_chart.go +++ b/pkg/deploy/helm/chart_extender/werf_chart.go @@ -395,9 +395,8 @@ func (wc *WerfChart) CreateNewBundle(ctx context.Context, destDir, chartVersion } } - return NewBundle(ctx, destDir, wc.HelmEnvSettings, wc.RegistryClient, BundleOptions{ + return NewBundle(ctx, destDir, wc.HelmEnvSettings, wc.RegistryClient, wc.SecretsManager, BundleOptions{ BuildChartDependenciesOpts: wc.BuildChartDependenciesOpts, IgnoreInvalidAnnotationsAndLabels: wc.extraAnnotationsAndLabelsPostRenderer.IgnoreInvalidAnnotationsAndLabels, - }, - ) + }) }