diff --git a/cmd/werf/bundle/export/export.go b/cmd/werf/bundle/export/export.go index 5dad240d8b..ff8b2d7c8f 100644 --- a/cmd/werf/bundle/export/export.go +++ b/cmd/werf/bundle/export/export.go @@ -19,6 +19,7 @@ import ( "github.com/werf/werf/pkg/deploy/helm/chart_extender" "github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers" "github.com/werf/werf/pkg/deploy/helm/command_helpers" + "github.com/werf/werf/pkg/deploy/secrets_manager" "github.com/werf/werf/pkg/git_repo" "github.com/werf/werf/pkg/git_repo/gitdata" "github.com/werf/werf/pkg/image" @@ -123,7 +124,9 @@ func NewCmd(ctx context.Context) *cobra.Command { common.SetupValues(&commonCmdData, cmd) commonCmdData.SetupDisableDefaultValues(cmd) + commonCmdData.SetupDisableDefaultSecretValues(cmd) commonCmdData.SetupSkipDependenciesRepoRefresh(cmd) + common.SetupIgnoreSecretKey(&commonCmdData, cmd) common.SetupSaveBuildReport(&commonCmdData, cmd) common.SetupBuildReportPath(&commonCmdData, cmd) @@ -361,9 +364,15 @@ func runExport(ctx context.Context, imagesToProcess build.ImagesToProcess) error helm_v3.Settings.Debug = *commonCmdData.LogDebug + secretsManager := secrets_manager.NewSecretsManager(secrets_manager.SecretsManagerOptions{DisableSecretsDecryption: *commonCmdData.IgnoreSecretKey}) + loader.GlobalLoadOptions = &loader.LoadOptions{ - ChartExtender: wc, - SubchartExtenderFactoryFunc: func() chart.ChartExtender { return chart_extender.NewWerfSubchart() }, + ChartExtender: wc, + SubchartExtenderFactoryFunc: func() chart.ChartExtender { + return chart_extender.NewWerfSubchart(ctx, secretsManager, chart_extender.WerfSubchartOptions{ + DisableDefaultSecretValues: *commonCmdData.DisableDefaultSecretValues, + }) + }, } chartVersion := fmt.Sprintf("0.0.0-%d", time.Now().Unix()) diff --git a/cmd/werf/bundle/publish/publish.go b/cmd/werf/bundle/publish/publish.go index f9fc1c1368..44f18a1f45 100644 --- a/cmd/werf/bundle/publish/publish.go +++ b/cmd/werf/bundle/publish/publish.go @@ -386,8 +386,12 @@ func runPublish(ctx context.Context, imagesToProcess build.ImagesToProcess) erro helm_v3.Settings.Debug = *commonCmdData.LogDebug loader.GlobalLoadOptions = &loader.LoadOptions{ - ChartExtender: wc, - SubchartExtenderFactoryFunc: func() chart.ChartExtender { return chart_extender.NewWerfSubchart() }, + ChartExtender: wc, + SubchartExtenderFactoryFunc: func() chart.ChartExtender { + return chart_extender.NewWerfSubchart(ctx, secretsManager, chart_extender.WerfSubchartOptions{ + DisableDefaultSecretValues: *commonCmdData.DisableDefaultSecretValues, + }) + }, } sv, err := bundles.BundleTagToChartVersion(ctx, cmdData.Tag, time.Now()) diff --git a/cmd/werf/bundle/render/render.go b/cmd/werf/bundle/render/render.go index 2e8a076bb9..d2b4e2d2f1 100644 --- a/cmd/werf/bundle/render/render.go +++ b/cmd/werf/bundle/render/render.go @@ -88,6 +88,7 @@ func NewCmd(ctx context.Context) *cobra.Command { common.SetupValues(&commonCmdData, cmd) common.SetupSecretValues(&commonCmdData, cmd) common.SetupIgnoreSecretKey(&commonCmdData, cmd) + commonCmdData.SetupDisableDefaultSecretValues(cmd) common.SetupRelease(&commonCmdData, cmd) common.SetupNamespace(&commonCmdData, cmd) @@ -212,8 +213,12 @@ func runRender(ctx context.Context) error { } loader.GlobalLoadOptions = &loader.LoadOptions{ - ChartExtender: bundle, - SubchartExtenderFactoryFunc: func() chart.ChartExtender { return chart_extender.NewWerfSubchart() }, + ChartExtender: bundle, + SubchartExtenderFactoryFunc: func() chart.ChartExtender { + return chart_extender.NewWerfSubchart(ctx, secretsManager, chart_extender.WerfSubchartOptions{ + DisableDefaultSecretValues: *commonCmdData.DisableDefaultSecretValues, + }) + }, } var output io.Writer diff --git a/cmd/werf/converge/converge.go b/cmd/werf/converge/converge.go index 1093194df9..28c12dba97 100644 --- a/cmd/werf/converge/converge.go +++ b/cmd/werf/converge/converge.go @@ -450,8 +450,12 @@ func run(ctx context.Context, containerBackend container_backend.ContainerBacken } loader.GlobalLoadOptions = &loader.LoadOptions{ - ChartExtender: wc, - SubchartExtenderFactoryFunc: func() chart.ChartExtender { return chart_extender.NewWerfSubchart() }, + ChartExtender: wc, + SubchartExtenderFactoryFunc: func() chart.ChartExtender { + return chart_extender.NewWerfSubchart(ctx, secretsManager, chart_extender.WerfSubchartOptions{ + DisableDefaultSecretValues: *commonCmdData.DisableDefaultSecretValues, + }) + }, } valueOpts := &values.Options{ diff --git a/cmd/werf/render/render.go b/cmd/werf/render/render.go index 9d02c17436..1c073cf432 100644 --- a/cmd/werf/render/render.go +++ b/cmd/werf/render/render.go @@ -439,8 +439,12 @@ func runRender(ctx context.Context, imagesToProcess build.ImagesToProcess) error helm_v3.Settings.Debug = *commonCmdData.LogDebug loader.GlobalLoadOptions = &loader.LoadOptions{ - ChartExtender: wc, - SubchartExtenderFactoryFunc: func() chart.ChartExtender { return chart_extender.NewWerfSubchart() }, + ChartExtender: wc, + SubchartExtenderFactoryFunc: func() chart.ChartExtender { + return chart_extender.NewWerfSubchart(ctx, secretsManager, chart_extender.WerfSubchartOptions{ + DisableDefaultSecretValues: *commonCmdData.DisableDefaultSecretValues, + }) + }, } templateOpts := helm_v3.TemplateCmdOptions{ diff --git a/pkg/deploy/helm/chart_extender/bundle.go b/pkg/deploy/helm/chart_extender/bundle.go index 7a1be47802..a0dda7b473 100644 --- a/pkg/deploy/helm/chart_extender/bundle.go +++ b/pkg/deploy/helm/chart_extender/bundle.go @@ -11,11 +11,9 @@ import ( "helm.sh/helm/v3/pkg/chart" "helm.sh/helm/v3/pkg/chart/loader" - "helm.sh/helm/v3/pkg/chartutil" "helm.sh/helm/v3/pkg/cli" "helm.sh/helm/v3/pkg/postrender" "helm.sh/helm/v3/pkg/registry" - "sigs.k8s.io/yaml" "github.com/werf/logboek" "github.com/werf/werf/pkg/deploy/helm" @@ -87,6 +85,7 @@ type Bundle struct { *secrets.SecretsRuntimeData *helpers.ChartExtenderServiceValuesData *helpers.ChartExtenderContextData + *helpers.ChartExtenderValuesMerger } func (bundle *Bundle) ChainPostRenderer(postRenderer postrender.PostRenderer) postrender.PostRenderer { @@ -140,28 +139,7 @@ func (bundle *Bundle) ChartDependenciesLoaded() error { // MakeValues method for the chart.Extender interface func (bundle *Bundle) MakeValues(inputVals map[string]interface{}) (map[string]interface{}, error) { - vals := make(map[string]interface{}) - - debugPrintValues(bundle.ChartExtenderContext, "service", bundle.ServiceValues) - chartutil.CoalesceTables(vals, bundle.ServiceValues) - - if debugSecretValues() { - debugPrintValues(bundle.ChartExtenderContext, "secret", bundle.SecretsRuntimeData.DecryptedSecretValues) - } - chartutil.CoalesceTables(vals, bundle.SecretsRuntimeData.DecryptedSecretValues) - - debugPrintValues(bundle.ChartExtenderContext, "input", inputVals) - chartutil.CoalesceTables(vals, inputVals) - - if debugSecretValues() { - // Only print all values with secrets when secret values debug enabled - debugPrintValues(bundle.ChartExtenderContext, "all", vals) - } - - data, err := yaml.Marshal(vals) - logboek.Context(bundle.ChartExtenderContext).Debug().LogF("-- Bundle.MakeValues result (err=%v):\n%s\n---\n", err, data) - - return vals, nil + return bundle.MergeValues(bundle.ChartExtenderContext, inputVals, bundle.ServiceValues, bundle.SecretsRuntimeData) } // SetupTemplateFuncs method for the chart.Extender interface diff --git a/pkg/deploy/helm/chart_extender/helpers/chart_extender_values_merger.go b/pkg/deploy/helm/chart_extender/helpers/chart_extender_values_merger.go new file mode 100644 index 0000000000..809c5fe0b5 --- /dev/null +++ b/pkg/deploy/helm/chart_extender/helpers/chart_extender_values_merger.go @@ -0,0 +1,35 @@ +package helpers + +import ( + "context" + + "helm.sh/helm/v3/pkg/chartutil" + + "github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers/secrets" +) + +type ChartExtenderValuesMerger struct{} + +func (m *ChartExtenderValuesMerger) MergeValues(ctx context.Context, inputVals, serviceVals map[string]interface{}, secretsRuntimeData *secrets.SecretsRuntimeData) (map[string]interface{}, error) { + vals := make(map[string]interface{}) + + DebugPrintValues(ctx, "service", serviceVals) + chartutil.CoalesceTables(vals, serviceVals) // NOTE: service values will not be saved into the marshalled release + + if secretsRuntimeData != nil { + if DebugSecretValues() { + DebugPrintValues(ctx, "secret", secretsRuntimeData.DecryptedSecretValues) + } + chartutil.CoalesceTables(vals, secretsRuntimeData.DecryptedSecretValues) + } + + DebugPrintValues(ctx, "input", inputVals) + chartutil.CoalesceTables(vals, inputVals) + + if DebugSecretValues() { + // Only print all values with secrets when secret values debug enabled + DebugPrintValues(ctx, "all", vals) + } + + return vals, nil +} diff --git a/pkg/deploy/helm/chart_extender/helpers/secrets/chart_secrets_loader.go b/pkg/deploy/helm/chart_extender/helpers/secrets/chart_secrets_loader.go index 674e7da0e2..471e982b81 100644 --- a/pkg/deploy/helm/chart_extender/helpers/secrets/chart_secrets_loader.go +++ b/pkg/deploy/helm/chart_extender/helpers/secrets/chart_secrets_loader.go @@ -19,7 +19,7 @@ const ( SecretDirName = "secret" ) -func GetDefaultSecretValuesFile(chartDir string, loadedChartFiles []*chart.ChartExtenderBufferedFile) *chart.ChartExtenderBufferedFile { +func GetDefaultSecretValuesFile(loadedChartFiles []*chart.ChartExtenderBufferedFile) *chart.ChartExtenderBufferedFile { for _, file := range loadedChartFiles { if file.Name == DefaultSecretValuesFileName { return file diff --git a/pkg/deploy/helm/chart_extender/helpers/secrets/secrets_runtime_data.go b/pkg/deploy/helm/chart_extender/helpers/secrets/secrets_runtime_data.go index cf85f0a8ac..93c8a8c698 100644 --- a/pkg/deploy/helm/chart_extender/helpers/secrets/secrets_runtime_data.go +++ b/pkg/deploy/helm/chart_extender/helpers/secrets/secrets_runtime_data.go @@ -39,7 +39,7 @@ func (secretsRuntimeData *SecretsRuntimeData) DecodeAndLoadSecrets(ctx context.C var loadedSecretValuesFiles []*chart.ChartExtenderBufferedFile if !opts.WithoutDefaultSecretValues { - if defaultSecretValues := GetDefaultSecretValuesFile(chartDir, loadedChartFiles); defaultSecretValues != nil { + if defaultSecretValues := GetDefaultSecretValuesFile(loadedChartFiles); defaultSecretValues != nil { loadedSecretValuesFiles = append(loadedSecretValuesFiles, defaultSecretValues) } } diff --git a/pkg/deploy/helm/chart_extender/helpers/util.go b/pkg/deploy/helm/chart_extender/helpers/util.go new file mode 100644 index 0000000000..bda842b950 --- /dev/null +++ b/pkg/deploy/helm/chart_extender/helpers/util.go @@ -0,0 +1,23 @@ +package helpers + +import ( + "context" + "os" + + "sigs.k8s.io/yaml" + + "github.com/werf/logboek" +) + +func DebugPrintValues(ctx context.Context, name string, vals map[string]interface{}) { + data, err := yaml.Marshal(vals) + if err != nil { + logboek.Context(ctx).Debug().LogF("Unable to marshal %q values: %s\n", err) + } else { + logboek.Context(ctx).Debug().LogF("%q values:\n%s---\n", name, data) + } +} + +func DebugSecretValues() bool { + return os.Getenv("WERF_DEBUG_SECRET_VALUES") == "1" +} diff --git a/pkg/deploy/helm/chart_extender/werf_chart.go b/pkg/deploy/helm/chart_extender/werf_chart.go index 7eaa84d643..501d8958b7 100644 --- a/pkg/deploy/helm/chart_extender/werf_chart.go +++ b/pkg/deploy/helm/chart_extender/werf_chart.go @@ -94,6 +94,7 @@ type WerfChart struct { *secrets.SecretsRuntimeData *helpers.ChartExtenderServiceValuesData *helpers.ChartExtenderContextData + *helpers.ChartExtenderValuesMerger } // ChartCreated method for the chart.Extender interface @@ -144,52 +145,15 @@ func (wc *WerfChart) ChartDependenciesLoaded() error { return nil } -func debugSecretValues() bool { - return os.Getenv("WERF_DEBUG_SECRET_VALUES") == "1" -} - -func debugPrintValues(ctx context.Context, name string, vals map[string]interface{}) { - data, err := yaml.Marshal(vals) - if err != nil { - logboek.Context(ctx).Debug().LogF("Unable to marshal %q values: %s\n", err) - } else { - logboek.Context(ctx).Debug().LogF("%q values:\n%s---\n", name, data) - } -} - -func (wc *WerfChart) makeValues(inputVals map[string]interface{}, withSecrets bool) (map[string]interface{}, error) { - vals := make(map[string]interface{}) - - debugPrintValues(wc.ChartExtenderContext, "service", wc.ServiceValues) - chartutil.CoalesceTables(vals, wc.ServiceValues) // NOTE: service values will not be saved into the marshalled release - - if withSecrets { - if debugSecretValues() { - debugPrintValues(wc.ChartExtenderContext, "secret", wc.SecretsRuntimeData.DecryptedSecretValues) - } - chartutil.CoalesceTables(vals, wc.SecretsRuntimeData.DecryptedSecretValues) - } - - debugPrintValues(wc.ChartExtenderContext, "input", inputVals) - chartutil.CoalesceTables(vals, inputVals) - - if debugSecretValues() { - // Only print all values with secrets when secret values debug enabled - debugPrintValues(wc.ChartExtenderContext, "all", vals) - } - - return vals, nil -} - // MakeValues method for the chart.Extender interface func (wc *WerfChart) MakeValues(inputVals map[string]interface{}) (map[string]interface{}, error) { - return wc.makeValues(inputVals, true) + return wc.MergeValues(wc.ChartExtenderContext, inputVals, wc.ServiceValues, wc.SecretsRuntimeData) } func (wc *WerfChart) MakeBundleValues(chrt *chart.Chart, inputVals map[string]interface{}) (map[string]interface{}, error) { - debugPrintValues(wc.ChartExtenderContext, "input", inputVals) + helpers.DebugPrintValues(wc.ChartExtenderContext, "input", inputVals) - vals, err := wc.makeValues(inputVals, false) + vals, err := wc.MergeValues(wc.ChartExtenderContext, inputVals, wc.ServiceValues, nil) if err != nil { return nil, fmt.Errorf("failed to coalesce werf chart values: %w", err) } @@ -207,14 +171,14 @@ func (wc *WerfChart) MakeBundleValues(chrt *chart.Chart, inputVals map[string]in chartutil.CoalesceChartValues(chrt, valsCopy) - debugPrintValues(wc.ChartExtenderContext, "all", valsCopy) + helpers.DebugPrintValues(wc.ChartExtenderContext, "all", valsCopy) return valsCopy, nil } func (wc *WerfChart) MakeBundleSecretValues(ctx context.Context, secretsRuntimeData *secrets.SecretsRuntimeData) (map[string]interface{}, error) { - if debugSecretValues() { - debugPrintValues(wc.ChartExtenderContext, "secret", wc.SecretsRuntimeData.DecryptedSecretValues) + if helpers.DebugSecretValues() { + helpers.DebugPrintValues(wc.ChartExtenderContext, "secret", wc.SecretsRuntimeData.DecryptedSecretValues) } return secretsRuntimeData.GetEncodedSecretValues(ctx, wc.SecretsManager, wc.GiterminismManager.ProjectDir()) } diff --git a/pkg/deploy/helm/chart_extender/werf_subchart.go b/pkg/deploy/helm/chart_extender/werf_subchart.go index 4d6f7a4d3f..48a8e07a68 100644 --- a/pkg/deploy/helm/chart_extender/werf_subchart.go +++ b/pkg/deploy/helm/chart_extender/werf_subchart.go @@ -1,32 +1,66 @@ package chart_extender import ( + "context" + "fmt" "text/template" "helm.sh/helm/v3/pkg/chart" - "helm.sh/helm/v3/pkg/chartutil" "helm.sh/helm/v3/pkg/cli" + + "github.com/werf/logboek" + "github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers" + "github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers/secrets" + "github.com/werf/werf/pkg/deploy/secrets_manager" ) // NOTE: maybe in the future we will need a support for the werf project to be used as a chart. // NOTE: This extender allows to define this behaviour. -func NewWerfSubchart() *WerfSubchart { - return &WerfSubchart{} +type WerfSubchartOptions struct { + DisableDefaultSecretValues bool +} + +func NewWerfSubchart(ctx context.Context, secretsManager *secrets_manager.SecretsManager, opts WerfSubchartOptions) *WerfSubchart { + return &WerfSubchart{ + SecretsManager: secretsManager, + ChartExtenderContextData: helpers.NewChartExtenderContextData(ctx), + DisableDefaultSecretValues: opts.DisableDefaultSecretValues, + } } type WerfSubchart struct { - HelmChart *chart.Chart + HelmChart *chart.Chart + SecretsManager *secrets_manager.SecretsManager + + DisableDefaultSecretValues bool + + *secrets.SecretsRuntimeData + *helpers.ChartExtenderContextData + *helpers.ChartExtenderValuesMerger } // ChartCreated method for the chart.Extender interface func (wc *WerfSubchart) ChartCreated(c *chart.Chart) error { wc.HelmChart = c + wc.SecretsRuntimeData = secrets.NewSecretsRuntimeData() return nil } // ChartLoaded method for the chart.Extender interface func (wc *WerfSubchart) ChartLoaded(files []*chart.ChartExtenderBufferedFile) error { + if wc.SecretsManager != nil { + if wc.DisableDefaultSecretValues { + logboek.Context(wc.ChartExtenderContext).Info().LogF("Disabled subchart secret values\n") + } + + if err := wc.SecretsRuntimeData.DecodeAndLoadSecrets(wc.ChartExtenderContext, files, "", "", wc.SecretsManager, secrets.DecodeAndLoadSecretsOptions{ + WithoutDefaultSecretValues: wc.DisableDefaultSecretValues, + }); err != nil { + return fmt.Errorf("error decoding secrets: %w", err) + } + } + return nil } @@ -37,9 +71,7 @@ func (wc *WerfSubchart) ChartDependenciesLoaded() error { // MakeValues method for the chart.Extender interface func (wc *WerfSubchart) MakeValues(inputVals map[string]interface{}) (map[string]interface{}, error) { - vals := make(map[string]interface{}) - chartutil.CoalesceTables(vals, inputVals) - return vals, nil + return wc.MergeValues(wc.ChartExtenderContext, inputVals, nil, wc.SecretsRuntimeData) } // SetupTemplateFuncs method for the chart.Extender interface