Feat: Add Log Sanitization for Secret Kind in 'Helm Upgrade' Command #12183
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
fix #12176 #11727
Special notes for your reviewer:
If applicable:
I have thoroughly tested it locally and have written corresponding unit tests. Please take a review at this pr.
How to Test This Modification Locally
secret.yaml
values.yaml
Execute
helm install test-release .
Update
values.yaml
helm upgrade test-release .
before changing the code$ helm upgrade test-release . Error: UPGRADE FAILED: cannot patch "test-release-secret" with kind Secret: "" is invalid: patch: Invalid value: "{\"apiVersion\":\"v1\",\"data\":{\"secretKey\":\"hello\"},\"kind\":\"Secret\",\"metadata\":{\"annotations\":{\"meta.helm.sh/release-name\":\"test-release\",\"meta.helm.sh/release-namespace\":\"default\"},\"creationTimestamp\":\"2023-07-04T06:51:10Z\",\"labels\":{\"app.kubernetes.io/managed-by\":\"Helm\"},\"managedFields\":[{\"manager\":\"helm\",\"operation\":\"Update\",\"apiVersion\":\"v1\",\"time\":\"2023-07-04T06:51:10Z\",\"fieldsType\":\"FieldsV1\",\"fieldsV1\":{\"f:data\":{\".\":{},\"f:secretKey\":{}},\"f:metadata\":{\"f:annotations\":{\".\":{},\"f:meta.helm.sh/release-name\":{},\"f:meta.helm.sh/release-namespace\":{}},\"f:labels\":{\".\":{},\"f:app.kubernetes.io/managed-by\":{}}},\"f:type\":{}}}],\"name\":\"test-release-secret\",\"namespace\":\"default\",\"resourceVersion\":\"4030333\",\"uid\":\"b2faa643-1711-4bc3-9219-c1f8a32306be\"},\"type\":\"Opaque\"}": illegal base64 data at input byte 4
Pay attention to
{\"secretKey\":\"hello\"}
helm upgrade test-release .
after changing the CodePay attention to
{\"secretKey\":\"***\"}