From 44be01a3461d471b16757954ce9617d7cd3f317f Mon Sep 17 00:00:00 2001
From: Timofey Kirillov <timofey.kirillov@flant.com>
Date: Tue, 19 Apr 2022 20:00:40 +0300
Subject: [PATCH] fix(deploy): do not print secret values in debug mode by
 default

Only print secret values in debug mode if additional WERF_DEBUG_SECRET_VALUES=1 environment variable is set

Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
---
 pkg/deploy/helm/chart_extender/werf_chart.go | 29 +++++++++++++++++---
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/pkg/deploy/helm/chart_extender/werf_chart.go b/pkg/deploy/helm/chart_extender/werf_chart.go
index 218e59366e..c55761630b 100644
--- a/pkg/deploy/helm/chart_extender/werf_chart.go
+++ b/pkg/deploy/helm/chart_extender/werf_chart.go
@@ -125,19 +125,39 @@ func (wc *WerfChart) ChartDependenciesLoaded() error {
 	return nil
 }
 
+func debugSecretValues() bool {
+	return os.Getenv("WERF_DEBUG_SECRET_VALUES") == "1"
+}
+
+func debugPrintValues(ctx context.Context, name string, vals map[string]interface{}) {
+	data, err := yaml.Marshal(vals)
+	if err != nil {
+		logboek.Context(ctx).Debug().LogF("Unable to marshal %q values: %s\n", err)
+	} else {
+		logboek.Context(ctx).Debug().LogF("%q values:\n%s---\n", name, data)
+	}
+}
+
 func (wc *WerfChart) makeValues(inputVals map[string]interface{}, withSecrets bool) (map[string]interface{}, error) {
 	vals := make(map[string]interface{})
 
+	debugPrintValues(wc.ChartExtenderContext, "service", wc.ServiceValues)
 	chartutil.CoalesceTables(vals, wc.ServiceValues) // NOTE: service values will not be saved into the marshalled release
 
 	if withSecrets {
+		if debugSecretValues() {
+			debugPrintValues(wc.ChartExtenderContext, "secret", wc.SecretsRuntimeData.DecodedSecretValues)
+		}
 		chartutil.CoalesceTables(vals, wc.SecretsRuntimeData.DecodedSecretValues)
 	}
 
+	debugPrintValues(wc.ChartExtenderContext, "input", inputVals)
 	chartutil.CoalesceTables(vals, inputVals)
 
-	data, err := yaml.Marshal(vals)
-	logboek.Context(wc.ChartExtenderContext).Debug().LogF("-- WerfChart.makeValues result (err=%v):\n%s\n---\n", err, data)
+	if debugSecretValues() {
+		// Only print all values with secrets when secret values debug enabled
+		debugPrintValues(wc.ChartExtenderContext, "all", vals)
+	}
 
 	return vals, nil
 }
@@ -148,6 +168,8 @@ func (wc *WerfChart) MakeValues(inputVals map[string]interface{}) (map[string]in
 }
 
 func (wc *WerfChart) MakeBundleValues(chrt *chart.Chart, inputVals map[string]interface{}) (map[string]interface{}, error) {
+	debugPrintValues(wc.ChartExtenderContext, "input", inputVals)
+
 	vals, err := wc.makeValues(inputVals, false)
 	if err != nil {
 		return nil, fmt.Errorf("failed to coalesce werf chart values: %w", err)
@@ -166,8 +188,7 @@ func (wc *WerfChart) MakeBundleValues(chrt *chart.Chart, inputVals map[string]in
 
 	chartutil.CoalesceChartValues(chrt, valsCopy)
 
-	data, err := yaml.Marshal(vals)
-	logboek.Context(wc.ChartExtenderContext).Debug().LogF("-- WerfChart.MakeBundleValues result (err=%v):\n%s\n---\n", err, data)
+	debugPrintValues(wc.ChartExtenderContext, "all", valsCopy)
 
 	return valsCopy, nil
 }