Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the password display problem when passing the chart link #1281

Merged
merged 6 commits into from
Jan 24, 2024
Merged

Fix the password display problem when passing the chart link #1281

merged 6 commits into from
Jan 24, 2024

Conversation

NavesEdu
Copy link
Contributor

I had a problem passing a chart's credentials through a helmfile.yaml.
When I ran the following commands:

$ go build
$ ./helmfile sync <name>

I could see in the output table, the credentials passed within the helmfile.yaml. So, I did a treatment under the DisplayAffectedReleases function to make sure the credentials woudn't be exposed.

@yxxhero
Copy link
Member

yxxhero commented Jan 11, 2024

@NavesEdu please move the logic into a single func and add some unit tests. Thanks So much.

@NavesEdu
Copy link
Contributor Author

@yxxhero I made the changes that you asked me!

yxxhero
yxxhero reviewed Jan 11, 2024
View reviewed changes
pkg/state/state.go Outdated
@@ -3192,6 +3192,15 @@ func renderValsSecrets(e vals.Evaluator, input ...string) ([]string, error) {
return output, nil
}

func hideChartCredentials(chartCredentials string) string {
httpIndex := strings.Index(chartCredentials, "http")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why did only have http? thanks. @NavesEdu

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only the charts that were passed the links through the helmfile presented this credentials exposure problem. So I throught it would be better to hide everything from "http" to "@".

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The result looks a bit strange. http://*@example.com or https://@example will be better. @NavesEdu

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed @yxxhero, thank you!

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The result looks a bit strange. sorry for the error display.

http://***@example.com or https://***@example will be better.

@NavesEdu

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left the output at the default you asked for above, is there still anything I need to change @yxxhero?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No more. Please add more test cases. @NavesEdu

yxxhero
yxxhero reviewed Jan 11, 2024
View reviewed changes
pkg/state/state_test.go Outdated
input string
expected string
}{
{"http://example.com@user", "http*****@user"},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Normal url style should like this: http://username:password@example.com/. right? thanks so much. @NavesEdu

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I already change this in the test.

@NavesEdu NavesEdu force-pushed the fix_chart_display branch 3 times, most recently from 5b2ae8e to f3422ec Compare January 15, 2024 13:58
yxxhero
yxxhero reviewed Jan 16, 2024
View reviewed changes
pkg/state/state_test.go Outdated
expected string
}{
{"http://username:password@example.com/", "http@example.com/"},
{"http://example.com@", "http@"},
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

more cases:

  1. https://username:password@example.com/
  2. https://username:@password@example.com/
  3. https://username::password@example.com/
  4. https://username:httpd@example.com/
  5. https://username:httpsd@example.com/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done! Also made a improvement to the function I created, thanks @yxxhero!

@NavesEdu
Fix the password display problem when passing the
272e981 
chart link

Signed-off-by: Eduardo Naves <eduardonaves41@gmail.com>
yxxhero
yxxhero reviewed Jan 17, 2024
View reviewed changes
pkg/state/state_test.go
{"https://username::password@example.com/", "http@example.com/"},
{"https://username:httpd@example.com/", "http@example.com/"},
{"https://username:httpsd@example.com/", "http@example.com/"},
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

expected result:

http://***@example.com or https://***@example.com

thanks so much. @NavesEdu

xiaomudk
xiaomudk reviewed Jan 18, 2024
View reviewed changes
pkg/state/state.go Outdated
@@ -3192,6 +3192,15 @@ func renderValsSecrets(e vals.Evaluator, input ...string) ([]string, error) {
return output, nil
}

func hideChartCredentials(chartCredentials string) string {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

url.Parse is better?
doc: https://gobyexample.com/url-parsing

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@NavesEdu I think so.

@yxxhero
Copy link
Member

yxxhero commented Jan 19, 2024

@NavesEdu any updates? I wish this can be contained in v0.161.0. I will release v0.161.0 in ths weekend.

NavesEdu and others added 2 commits January 23, 2024 15:47
@NavesEdu
Fix the password display problem when passing the
23607d0 
chart link

Signed-off-by: Eduardo Naves <eduardonaves41@gmail.com>
Merge branch 'fix_chart_display' of https://github.com/NavesEdu/helmfile
95d29f8 
 into fix_chart_display
@NavesEdu
Copy link
Contributor Author

@NavesEdu any updates? I wish this can be contained in v0.161.0. I will release v0.161.0 in ths weekend.

Sorry for the delay, I had some problems making changes to the function and the test but everything is ok now @yxxhero, thank you!

yxxhero
yxxhero reviewed Jan 23, 2024
View reviewed changes
pkg/state/state.go Outdated Show resolved Hide resolved
yxxhero and others added 2 commits January 24, 2024 07:12
@yxxhero
Apply suggestions from code review
d949365
@yxxhero
fix issues
cae7057 
Signed-off-by: yxxhero <aiopsclub@163.com>
@yxxhero
Copy link
Member

yxxhero commented Jan 24, 2024

@NavesEdu WDYT of the new code?

@yxxhero yxxhero merged commit 430677d into helmfile:main Jan 24, 2024
14 checks passed
@BrewTestBot BrewTestBot mentioned this pull request Jan 24, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xiaomudk xiaomudk xiaomudk left review comments

@yxxhero yxxhero yxxhero approved these changes

@mumoshu mumoshu Awaiting requested review from mumoshu mumoshu is a code owner

@itscaro itscaro Awaiting requested review from itscaro itscaro is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@NavesEdu @yxxhero @xiaomudk