Skip to content
This repository has been archived by the owner on Aug 28, 2021. It is now read-only.

Commit

Permalink
Allow setting values as string (#78)
Browse files Browse the repository at this point in the history 
* reactoring in override_values processing

* add support for `type: string` in `override_values`

This parameter makes the resource use the `--set-string` option of Helm
(instead of the `--set` option) for the given value override. It can be
used to ensure that Helm always treats the value as a string, useful if
the value varies and may look like a number, eg. if it's a Git commit
hash. See helm/helm#1707
  • Loading branch information
@norbertbuchmueller @msiegenthaler
norbertbuchmueller authored and msiegenthaler committed Jul 19, 2018
1 parent 1726918 commit cfa5047
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 37 deletions.
7 changes: 6 additions & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,9 @@ on the cluster.
* `values`: *Optional.* File containing the values.yaml for the deployment. Supports setting multiple value files using an array.
* `override_values`: *Optional.* Array of values that can override those defined in values.yaml. Each entry in
the array is a map containing a key and a value or path. Value is set directly while path reads the contents of
the file in that path. A `hide: true` parameter ensures that the value is not logged and instead replaced with `***HIDDEN***`
the file in that path. A `hide: true` parameter ensures that the value is not logged and instead replaced with `***HIDDEN***`.
A `type: string` parameter makes sure Helm always treats the value as a string (uses the `--set-string` option to Helm; useful if the value varies
and may look like a number, eg. if it's a Git commit hash).
* `version`: *Optional* Chart version to deploy, can be a file or a value. Only applies if `chart` is not a file.
* `delete`: *Optional.* Deletes the release instead of installing it. Requires the `name`. (Default: false)
* `replace`: *Optional.* Replace deleted release with same name. (Default: false)
Expand Down Expand Up @@ -109,4 +111,7 @@ jobs:
- key: secret
value: ((my-top-secret-value)) # Pulled from a credentials backend like Vault
hide: true # Hides value in output
- key: image.tag
path: version/image_tag # Read value from version/number
type: string # Make sure it's interpreted as a string by Helm (not a number)
```
54 changes: 18 additions & 36 deletions assets/out
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,10 +33,6 @@ devel=$(jq -r '.params.devel // "false"' < $payload)
recreate_pods=$(jq -r '.params.recreate_pods // "false"' < $payload)
force=$(jq -r '.params.force // "false"' < $payload)
show_diff=$(jq -r '.params.show_diff // "false"' < $payload)
override_values=$(jq -r ".params.override_values[]? | if .key and .value and (.hide // false) == false then (.key + \"=\" + .value) else empty end | @base64" < $payload)
override_values_file=$(jq -r ".params.override_values[]? | if .key and .path and (.hide // false) == false then (.key + \"=\" + .path) else empty end" < $payload)
override_secrets=$(jq -r ".params.override_values[]? | if .key and .value and .hide then (.key + \"=\" + .value) else empty end | @base64" < $payload)
override_secrets_file=$(jq -r ".params.override_values[]? | if .key and .path and .hide then (.key + \"=\" + .path) else empty end" < $payload)
recreate_pods=$(jq -r '.params.recreate_pods // "false"' < $payload)
tls_enabled=$(jq -r '.source.tls_enabled // "false"' < $payload)
exit_after_diff=$(jq -r '.params.exit_after_diff // "false"' < $payload)
Expand Down Expand Up @@ -76,38 +72,24 @@ if [ "$tls_enabled" = true ]; then
fi

set_overridden_values() {
# Get value from given path
for overridden_value_file in $override_values_file; do
# Get key and value for each overridden file value
key=${overridden_value_file%%=*}
value=${overridden_value_file#*=}
overridden_args+=("--set" "$key=$(cat $source/$value)")
scrubbed_overridden_args+=("--set" "$key=$(cat $source/$value)")
done

# Set value directly
for overridden_value in $override_values; do
overridden_args+=("--set" "$(echo $overridden_value | base64 -d)")
scrubbed_overridden_args+=("--set" "$(echo $overridden_value | base64 -d)")
done

# Get value from given path, but hide the value in the echo
for overridden_secret_file in $override_secrets_file; do
# Get key and value for each overridden file value
key=${overridden_secret_file%%=*}
value=${overridden_secret_file#*=}
overridden_args+=("--set" "$key=$(cat $source/$value)")
scrubbed_overridden_args+=("--set" "$key=***HIDDEN***")
done

# Set value directly, but hide the value in the echo
for overridden_secret in $override_secrets; do
kv=$(echo $overridden_secret | base64 -d)
key=${kv%%=*}
value=${kv#*=}
overridden_args+=("--set" "$kv")
scrubbed_overridden_args+=("--set" "$key=***HIDDEN***")
done
while read -r -d '' key && read -r -d '' value && read -r -d '' path && read -r -d '' hidden && read -r -d '' type; do
if [ -n "$path" ]; then
value="$(< "$source/$path")"
fi

scrubbed_value="$value"
if [ "$hidden" != 'false' ]; then
scrubbed_value='***HIDDEN***'
fi

helm_set_opt='--set'
if [ "$type" == 'string' ]; then
helm_set_opt='--set-string'
fi

overridden_args+=("$helm_set_opt" "$key=$value")
scrubbed_overridden_args+=("$helm_set_opt" "$key=$scrubbed_value")
done < <(jq -j '.params.override_values[]? | if .key and (.value or .path) then (.key, .value // "", .path // "", .hidden // false, .type) else empty end | tostring + "\u0000"' < $payload)
}

# Find the current revision of a helm release
Expand Down

0 comments on commit cfa5047

Please sign in to comment.