Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add plaintext-mode where file doesn't have to be kubernetes manifest #507

Open
jpruciak opened this issue May 10, 2023 · 4 comments
Open

Add plaintext-mode where file doesn't have to be kubernetes manifest #507

jpruciak opened this issue May 10, 2023 · 4 comments
Labels
feature request

Comments

@jpruciak
Copy link

jpruciak commented May 10, 2023
edited

Is your feature request related to a problem? Please describe.
I'm looking for some way to template files with placeholders which would be replaced with secret values from hashicorp vault. This tool seems to be the closest to my needs, but it crashes when loading plaintext file not being kubernetes manifest.

bash-4.4$ cat test.yaml
test: yaml
testplaceholder: <path:secret/data/test#TEST>
bash-4.4$ argocd-vault-plugin generate test.yaml
Error: could not read YAML/JSON files:
could not read file: test.yaml from disk: error unmarshaling JSON: while decoding JSON: Object 'Kind' is missing in '{"test":"yaml","testplaceholder":"\u003cpath:secret/data/test#TEST\u003e"}'
Usage:

Describe the solution you'd like
eg. get an additional argument to generate subcommand which makes it just replace placeholders without parsing file as k8s manifest

This would allow a lot of other usages of this tool, like creating helm downloader plugin for preprocessing values.yaml files.

Describe alternatives you've considered
Other tools, but those lack avp features.
@werne2j
Copy link
Member

werne2j commented May 14, 2023

@jpruciak we will take this into consideration. We may not be able to get to it as soon as possible but we we would be open to a PR if you want to give it a shot

@jacksgt
Copy link

jacksgt commented Jun 5, 2023
edited

Hello,
I'm also running into this "limitation".
For now my workaround is adding kind: dummy to the YAML document, feeding it through argocd-vault-plugin and then removing the kind: dummy again.

cat document.yaml | yq '. += {"kind":"dummy"}' | argocd-vault-plugin generate - | yq 'del(.kind)' --yaml-output

Though I'd love to see something more "official".

@jpruciak
Copy link
Author

jpruciak commented Jun 5, 2023

This is VERY NICE workaround!
Thank you for the idea.

@Yocker95k
Copy link

Thank you for the workaround. However, this should urgently be implemented as a feature so that secret resolution can be done before Helm templating. The current necessity of this and its consistent recommendation throughout the documentation is very problematic, as it leads to issues when using Helm functions for string manipulation or cryptographic operations.
One example is: #571
Another example where it comes to issues with restrictive helm schemas can be found here: #332
Another one is this issue although its description leaves some room for improvement #600

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@werne2j @jacksgt @Yocker95k @jpruciak