diff --git a/cmd/vals/main.go b/cmd/vals/main.go index 1fb4a67..5270235 100644 --- a/cmd/vals/main.go +++ b/cmd/vals/main.go @@ -227,7 +227,7 @@ the vals-eval outputs onto the disk, for security reasons.`) if *export { l = "export " + l } - fmt.Fprintln(os.Stdout, l) + _, _ = fmt.Fprintln(os.Stdout, l) } case CmdKsDecode: evalCmd := flag.NewFlagSet(CmdKsDecode, flag.ExitOnError) @@ -269,9 +269,15 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) { var res yaml.Node = node - var kk yaml.Node - var vv yaml.Node - var ii int + // record the original data node + var datakk yaml.Node + var datavv yaml.Node + var dataii int + + // record the original stringData node + var stringDatakk yaml.Node + var stringDatavv yaml.Node + var stringDataii int isSecret := false mappings := node.Content[0].Content @@ -285,16 +291,32 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) { } if k.Value == "data" { - ii = i - kk = *k - vv = *v + dataii = i + datakk = *k + datavv = *v + } + if k.Value == "stringData" { + stringDataii = i + stringDatakk = *k + stringDatavv = *v } } - if isSecret && !kk.IsZero() { - kk.Value = "stringData" + // if not a secret, just return the node + if !isSecret { + return &res, nil + } - v := vv + // if data node not exists, just return the node + if datakk.IsZero() { + return &res, nil + } + + // stringData node not exists + if stringDatakk.IsZero() { + datakk.Value = "stringData" + + v := datavv nestedMappings := v.Content v.Content = make([]*yaml.Node, len(v.Content)) for i := 0; i < len(nestedMappings); i += 2 { @@ -309,10 +331,35 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) { v.Content[i+1] = nestedMappings[i+1] } - res.Content[0].Content[ii] = &kk - res.Content[0].Content[ii+1] = &v + res.Content[0].Content[dataii] = &datakk + res.Content[0].Content[dataii+1] = &v + return &res, nil + } + + // stringData and data node exist in the mean time + dv := datavv + sv := stringDatavv + dNestedMappings := dv.Content + for i := 0; i < len(dNestedMappings); i += 2 { + b64 := dNestedMappings[i+1].Value + decoded, err := base64.StdEncoding.DecodeString(b64) + if err != nil { + return nil, err + } + // replace the value of the nested mapping + dNestedMappings[i+1].Value = string(decoded) + + sv.Content = append(sv.Content, dNestedMappings[i]) + sv.Content = append(sv.Content, dNestedMappings[i+1]) } + // replace the stringData node + res.Content[0].Content[stringDataii] = &stringDatakk + res.Content[0].Content[stringDataii+1] = &sv + + // remove the data node + res.Content[0].Content = append(res.Content[0].Content[:dataii], res.Content[0].Content[dataii+2:]...) + return &res, nil } diff --git a/cmd/vals/main_test.go b/cmd/vals/main_test.go index b79e2bc..b580279 100644 --- a/cmd/vals/main_test.go +++ b/cmd/vals/main_test.go @@ -10,9 +10,12 @@ import ( func TestKsDecode(t *testing.T) { in := `data: foo: Rk9P +stringData: + bar: BAR kind: Secret ` outExpected := `stringData: + bar: BAR foo: FOO kind: Secret ` diff --git a/io.go b/io.go index cf73e89..c6065fb 100644 --- a/io.go +++ b/io.go @@ -87,7 +87,7 @@ func Output(output io.Writer, format string, nodes []yaml.Node) error { if err != nil { return err } - fmt.Fprintln(output, string(bs)) + _, _ = fmt.Fprintln(output, string(bs)) } else { encoder := yaml.NewEncoder(output) encoder.SetIndent(2) @@ -97,7 +97,7 @@ func Output(output io.Writer, format string, nodes []yaml.Node) error { } } if i != len(nodes)-1 { - fmt.Fprintln(output, "---") + _, _ = fmt.Fprintln(output, "---") } } return nil diff --git a/pkg/log/log.go b/pkg/log/log.go index a268164..31ae184 100644 --- a/pkg/log/log.go +++ b/pkg/log/log.go @@ -25,5 +25,5 @@ func New(c Config) *Logger { } func (l *Logger) Debugf(msg string, args ...interface{}) { - fmt.Fprintf(l.output, msg+"\n", args...) + _, _ = fmt.Fprintf(l.output, msg+"\n", args...) } diff --git a/pkg/providers/vault/kv_helper.go b/pkg/providers/vault/kv_helper.go index 3502ed2..321281c 100644 --- a/pkg/providers/vault/kv_helper.go +++ b/pkg/providers/vault/kv_helper.go @@ -2,6 +2,7 @@ package vault import ( "errors" + "net/http" "path" "strings" @@ -30,7 +31,7 @@ func kvPreflightVersionRequest(client *api.Client, path string) (string, int, er if err != nil { // If we get a 404 we are using an older version of vault, default to // version 1 - if resp != nil && resp.StatusCode == 404 { + if resp != nil && resp.StatusCode == http.StatusNotFound { return "", 1, nil } diff --git a/secret.yaml b/secret.yaml new file mode 100644 index 0000000..3ad11d7 --- /dev/null +++ b/secret.yaml @@ -0,0 +1,10 @@ +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: test +data: + foo: YmFy +stringData: + MY_SUPER_SECRET: "fsfsf"