Skip to content
Permalink
Browse files
fix(deploy): do not print secret values in debug mode by default
Only print secret values in debug mode if additional WERF_DEBUG_SECRET_VALUES=1 environment variable is set

Signed-off-by: Timofey Kirillov <timofey.kirillov@flant.com>
  • Loading branch information
distorhead committed Apr 19, 2022
1 parent cda82f7 commit 44be01a3461d471b16757954ce9617d7cd3f317f
Showing with 25 additions and 4 deletions.
  1. +25 −4 pkg/deploy/helm/chart_extender/werf_chart.go
@@ -125,19 +125,39 @@ func (wc *WerfChart) ChartDependenciesLoaded() error {
return nil
}

func debugSecretValues() bool {
return os.Getenv("WERF_DEBUG_SECRET_VALUES") == "1"
}

func debugPrintValues(ctx context.Context, name string, vals map[string]interface{}) {
data, err := yaml.Marshal(vals)
if err != nil {
logboek.Context(ctx).Debug().LogF("Unable to marshal %q values: %s\n", err)
} else {
logboek.Context(ctx).Debug().LogF("%q values:\n%s---\n", name, data)
}
}

func (wc *WerfChart) makeValues(inputVals map[string]interface{}, withSecrets bool) (map[string]interface{}, error) {
vals := make(map[string]interface{})

debugPrintValues(wc.ChartExtenderContext, "service", wc.ServiceValues)
chartutil.CoalesceTables(vals, wc.ServiceValues) // NOTE: service values will not be saved into the marshalled release

if withSecrets {
if debugSecretValues() {
debugPrintValues(wc.ChartExtenderContext, "secret", wc.SecretsRuntimeData.DecodedSecretValues)
}
chartutil.CoalesceTables(vals, wc.SecretsRuntimeData.DecodedSecretValues)
}

debugPrintValues(wc.ChartExtenderContext, "input", inputVals)
chartutil.CoalesceTables(vals, inputVals)

data, err := yaml.Marshal(vals)
logboek.Context(wc.ChartExtenderContext).Debug().LogF("-- WerfChart.makeValues result (err=%v):\n%s\n---\n", err, data)
if debugSecretValues() {
// Only print all values with secrets when secret values debug enabled
debugPrintValues(wc.ChartExtenderContext, "all", vals)
}

return vals, nil
}
@@ -148,6 +168,8 @@ func (wc *WerfChart) MakeValues(inputVals map[string]interface{}) (map[string]in
}

func (wc *WerfChart) MakeBundleValues(chrt *chart.Chart, inputVals map[string]interface{}) (map[string]interface{}, error) {
debugPrintValues(wc.ChartExtenderContext, "input", inputVals)

vals, err := wc.makeValues(inputVals, false)
if err != nil {
return nil, fmt.Errorf("failed to coalesce werf chart values: %w", err)
@@ -166,8 +188,7 @@ func (wc *WerfChart) MakeBundleValues(chrt *chart.Chart, inputVals map[string]in

chartutil.CoalesceChartValues(chrt, valsCopy)

data, err := yaml.Marshal(vals)
logboek.Context(wc.ChartExtenderContext).Debug().LogF("-- WerfChart.MakeBundleValues result (err=%v):\n%s\n---\n", err, data)
debugPrintValues(wc.ChartExtenderContext, "all", valsCopy)

return valsCopy, nil
}

0 comments on commit 44be01a

Please sign in to comment.