Skip to content
Permalink
Browse files
feat(bundles): --secret-values option for werf-bundle-apply command
Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
  • Loading branch information
distorhead committed May 25, 2022
1 parent 1f6dec9 commit 2daea2b52c9f10806b093ed770b3cd6f1b28b296
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 11 deletions.
@@ -22,6 +22,7 @@ import (
"github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers"
"github.com/werf/werf/pkg/deploy/helm/command_helpers"
"github.com/werf/werf/pkg/deploy/lock_manager"
"github.com/werf/werf/pkg/deploy/secrets_manager"
"github.com/werf/werf/pkg/werf"
"github.com/werf/werf/pkg/werf/global_warnings"
)
@@ -80,6 +81,8 @@ func NewCmd() *cobra.Command {
common.SetupSetString(&commonCmdData, cmd)
common.SetupSetFile(&commonCmdData, cmd)
common.SetupValues(&commonCmdData, cmd)
common.SetupSecretValues(&commonCmdData, cmd)
common.SetupIgnoreSecretKey(&commonCmdData, cmd)

common.SetupKubeConfig(&commonCmdData, cmd)
common.SetupKubeConfigBase64(&commonCmdData, cmd)
@@ -184,7 +187,10 @@ func runApply() error {
userExtraAnnotations["project.werf.io/env"] = *commonCmdData.Environment
}

bundle, err := chart_extender.NewBundle(ctx, bundleTmpDir, helm_v3.Settings, helmRegistryClientHandle, chart_extender.BundleOptions{
secretsManager := secrets_manager.NewSecretsManager(secrets_manager.SecretsManagerOptions{DisableSecretsDecryption: *commonCmdData.IgnoreSecretKey})

bundle, err := chart_extender.NewBundle(ctx, bundleTmpDir, helm_v3.Settings, helmRegistryClientHandle, secretsManager, chart_extender.BundleOptions{
SecretValueFiles: common.GetSecretValues(&commonCmdData),
BuildChartDependenciesOpts: command_helpers.BuildChartDependenciesOptions{IgnoreInvalidAnnotationsAndLabels: true},
IgnoreInvalidAnnotationsAndLabels: true,
ExtraAnnotations: userExtraAnnotations,
@@ -186,7 +186,7 @@ func runRender(ctx context.Context) error {
userExtraAnnotations["project.werf.io/env"] = *commonCmdData.Environment
}

bundle, err := chart_extender.NewBundle(ctx, bundleDir, helm_v3.Settings, helmRegistryClientHandle, chart_extender.BundleOptions{
bundle, err := chart_extender.NewBundle(ctx, bundleDir, helm_v3.Settings, helmRegistryClientHandle, nil, chart_extender.BundleOptions{
BuildChartDependenciesOpts: command_helpers.BuildChartDependenciesOptions{IgnoreInvalidAnnotationsAndLabels: false},
IgnoreInvalidAnnotationsAndLabels: false,
ExtraAnnotations: userExtraAnnotations,
@@ -20,24 +20,29 @@ import (
"github.com/werf/logboek"
"github.com/werf/werf/pkg/deploy/helm"
"github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers"
"github.com/werf/werf/pkg/deploy/helm/chart_extender/helpers/secrets"
"github.com/werf/werf/pkg/deploy/helm/command_helpers"
"github.com/werf/werf/pkg/deploy/secrets_manager"
)

type BundleOptions struct {
SecretValueFiles []string
BuildChartDependenciesOpts command_helpers.BuildChartDependenciesOptions
ExtraAnnotations map[string]string
ExtraLabels map[string]string
IgnoreInvalidAnnotationsAndLabels bool
}

func NewBundle(ctx context.Context, dir string, helmEnvSettings *cli.EnvSettings, registryClient *registry.Client, opts BundleOptions) (*Bundle, error) {
func NewBundle(ctx context.Context, dir string, helmEnvSettings *cli.EnvSettings, registryClient *registry.Client, secretsManager *secrets_manager.SecretsManager, opts BundleOptions) (*Bundle, error) {
bundle := &Bundle{
Dir: dir,
SecretValueFiles: opts.SecretValueFiles,
HelmEnvSettings: helmEnvSettings,
RegistryClient: registryClient,
BuildChartDependenciesOpts: opts.BuildChartDependenciesOpts,
ChartExtenderServiceValuesData: helpers.NewChartExtenderServiceValuesData(),
ChartExtenderContextData: helpers.NewChartExtenderContextData(ctx),
secretsManager: secretsManager,
}

extraAnnotationsAndLabelsPostRenderer := helm.NewExtraAnnotationsAndLabelsPostRenderer(nil, nil, opts.IgnoreInvalidAnnotationsAndLabels)
@@ -67,13 +72,16 @@ func NewBundle(ctx context.Context, dir string, helmEnvSettings *cli.EnvSettings
*/
type Bundle struct {
Dir string
SecretValueFiles []string
HelmChart *chart.Chart
HelmEnvSettings *cli.EnvSettings
RegistryClient *registry.Client
BuildChartDependenciesOpts command_helpers.BuildChartDependenciesOptions

extraAnnotationsAndLabelsPostRenderer *helm.ExtraAnnotationsAndLabelsPostRenderer
secretsManager *secrets_manager.SecretsManager

*secrets.SecretsRuntimeData
*helpers.ChartExtenderServiceValuesData
*helpers.ChartExtenderContextData
}
@@ -93,11 +101,27 @@ func (bundle *Bundle) ChainPostRenderer(postRenderer postrender.PostRenderer) po
// ChartCreated method for the chart.Extender interface
func (bundle *Bundle) ChartCreated(c *chart.Chart) error {
bundle.HelmChart = c
bundle.SecretsRuntimeData = secrets.NewSecretsRuntimeData()
return nil
}

// ChartLoaded method for the chart.Extender interface
func (bundle *Bundle) ChartLoaded(files []*chart.ChartExtenderBufferedFile) error {
if bundle.secretsManager != nil {
wd, err := os.Getwd()
if err != nil {
return fmt.Errorf("unable to get current working dir: %w", err)
}

if err := bundle.SecretsRuntimeData.DecodeAndLoadSecrets(bundle.ChartExtenderContext, files, bundle.Dir, wd, bundle.secretsManager, secrets.DecodeAndLoadSecretsOptions{
LoadFromLocalFilesystem: true,
CustomSecretValueFiles: bundle.SecretValueFiles,
WithoutDefaultSecretValues: true,
}); err != nil {
return fmt.Errorf("error decoding secrets: %w", err)
}
}

return nil
}

@@ -110,9 +134,22 @@ func (bundle *Bundle) ChartDependenciesLoaded() error {
func (bundle *Bundle) MakeValues(inputVals map[string]interface{}) (map[string]interface{}, error) {
vals := make(map[string]interface{})

debugPrintValues(bundle.ChartExtenderContext, "service", bundle.ServiceValues)
chartutil.CoalesceTables(vals, bundle.ServiceValues)

if debugSecretValues() {
debugPrintValues(bundle.ChartExtenderContext, "secret", bundle.SecretsRuntimeData.DecodedSecretValues)
}
chartutil.CoalesceTables(vals, bundle.SecretsRuntimeData.DecodedSecretValues)

debugPrintValues(bundle.ChartExtenderContext, "input", inputVals)
chartutil.CoalesceTables(vals, inputVals)

if debugSecretValues() {
// Only print all values with secrets when secret values debug enabled
debugPrintValues(bundle.ChartExtenderContext, "all", vals)
}

data, err := yaml.Marshal(vals)
logboek.Context(bundle.ChartExtenderContext).Debug().LogF("-- Bundle.MakeValues result (err=%v):\n%s\n---\n", err, data)

@@ -26,17 +26,21 @@ func NewSecretsRuntimeData() *SecretsRuntimeData {
}

type DecodeAndLoadSecretsOptions struct {
GiterminismManager giterminism_manager.Interface
CustomSecretValueFiles []string
LoadFromLocalFilesystem bool
GiterminismManager giterminism_manager.Interface
CustomSecretValueFiles []string
LoadFromLocalFilesystem bool
WithoutDefaultSecretValues bool
}

func (secretsRuntimeData *SecretsRuntimeData) DecodeAndLoadSecrets(ctx context.Context, loadedChartFiles []*chart.ChartExtenderBufferedFile, chartDir, secretsWorkingDir string, secretsManager *secrets_manager.SecretsManager, opts DecodeAndLoadSecretsOptions) error {
secretDirFiles := GetSecretDirFiles(loadedChartFiles)

var loadedSecretValuesFiles []*chart.ChartExtenderBufferedFile
if defaultSecretValues := GetDefaultSecretValuesFile(chartDir, loadedChartFiles); defaultSecretValues != nil {
loadedSecretValuesFiles = append(loadedSecretValuesFiles, defaultSecretValues)

if !opts.WithoutDefaultSecretValues {
if defaultSecretValues := GetDefaultSecretValuesFile(chartDir, loadedChartFiles); defaultSecretValues != nil {
loadedSecretValuesFiles = append(loadedSecretValuesFiles, defaultSecretValues)
}
}

for _, customSecretValuesFileName := range opts.CustomSecretValueFiles {
@@ -395,9 +395,8 @@ func (wc *WerfChart) CreateNewBundle(ctx context.Context, destDir, chartVersion
}
}

return NewBundle(ctx, destDir, wc.HelmEnvSettings, wc.RegistryClient, BundleOptions{
return NewBundle(ctx, destDir, wc.HelmEnvSettings, wc.RegistryClient, wc.SecretsManager, BundleOptions{
BuildChartDependenciesOpts: wc.BuildChartDependenciesOpts,
IgnoreInvalidAnnotationsAndLabels: wc.extraAnnotationsAndLabelsPostRenderer.IgnoreInvalidAnnotationsAndLabels,
},
)
})
}

0 comments on commit 2daea2b

Please sign in to comment.