Fix forwarding of env vars when using --preserve-env

Previously, we incorrectly ignored all non-preserved environment variables. We should only ignore non-preserved environment variables that are also Doppler secrets.

pkg/controllers/secrets.go

@@ -398,11 +398,13 @@ func PrepareSecrets(dopplerSecrets map[string]string, originalEnv []string, pres
 			}
 			// then use existing env vars
 			for name, value := range existingEnvKeys {
-				if preserveEnv != "true" && !utils.Contains(secretsToPreserve, name) {
+				_, isDopplerSecret := secrets[name]
+				preserveEnvVar := preserveEnv == "true" || utils.Contains(secretsToPreserve, name)
+				if isDopplerSecret && !preserveEnvVar {
 					continue
 				}
 
-				if _, found := secrets[name]; found {
+				if isDopplerSecret {
 					utils.LogDebug(fmt.Sprintf("Ignoring Doppler secret %s", name))
 				}
 				secrets[name] = value

tests/e2e/run.sh

@@ -140,4 +140,16 @@ beforeEach
 value="$(TEST="foo" "$DOPPLER_BINARY" run --preserve-env="INVALID" -- printenv TEST)"
 [[ "$value" == "abc" ]] || error "ERROR: existing env var not ignored when preserve-env flag passed list of nonexistent secret names"
 
+beforeEach
+
+# verify preserve-env flag preserves env vars that aren't Doppler secrets
+value="$(NOT_DOPPLER_SECRET="foo" "$DOPPLER_BINARY" run --preserve-env="TEST" -- printenv NOT_DOPPLER_SECRET || true)"
+[[ "$value" == "foo" ]] || error "ERROR: existing env var not preserved when preserve-env flag passed unrelated secret name"
+
+beforeEach
+
+# verify preserve-env flag preserves env vars that aren't Doppler secrets when passing false
+value="$(NOT_DOPPLER_SECRET="foo" "$DOPPLER_BINARY" run --preserve-env=false -- printenv NOT_DOPPLER_SECRET || true)"
+[[ "$value" == "foo" ]] || error "ERROR: existing env var not preserved when preserve-env flag passed false"
+
 afterAll