airship/airshipctl
Code Issues Proposed changes

Allow airshipctl phase render to display encrypted secrets

Browse Source 
Relates-to: #453
Change-Id: I150a48cbec5c87943ed6c07a8ef8d562437fda46
This commit is contained in:
Alexey Odinokov 2021-02-16 05:03:56 +00:00
parent f50998935e
commit f2dc2ca3f6
4 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
cmd/phase/render.go
View File

@ -97,6 +97,12 @@ func addRenderFlags(filterOptions *phase.RenderCommand, cmd *cobra.Command) {
"error will be returned\n"+ "error will be returned\n"+
"executor: rendering will be performed by executor if the phase\n"+ "executor: rendering will be performed by executor if the phase\n"+
"config: this will render bundle containing phase and executor documents") "config: this will render bundle containing phase and executor documents")
flags.BoolVarP(
&filterOptions.FailOnDecryptionError,
"decrypt",
"d",
false,
"ensure that decryption of encrypted documents has finished successfully")
} }
// RenderArgs returns an error if there are not exactly n args. // RenderArgs returns an error if there are not exactly n args.

1
cmd/phase/testdata/TestRenderGoldenOutput/render-with-help.golden vendored
View File

@ -23,6 +23,7 @@ airshipctl phase render initinfra --source executor
Flags: Flags:
-a, --annotation string filter documents by Annotations -a, --annotation string filter documents by Annotations
-g, --apiversion string filter documents by API version -g, --apiversion string filter documents by API version
-d, --decrypt ensure that decryption of encrypted documents has finished successfully
-h, --help help for render -h, --help help for render
-k, --kind string filter documents by Kinds -k, --kind string filter documents by Kinds
-l, --label string filter documents by Labels -l, --label string filter documents by Labels

1
docs/source/cli/airshipctl_phase_render.md
View File

@ -35,6 +35,7 @@ airshipctl phase render initinfra --source executor
``` ```
-a, --annotation string filter documents by Annotations -a, --annotation string filter documents by Annotations
-g, --apiversion string filter documents by API version -g, --apiversion string filter documents by API version
-d, --decrypt ensure that decryption of encrypted documents has finished successfully
-h, --help help for render -h, --help help for render
-k, --kind string filter documents by Kinds -k, --kind string filter documents by Kinds
-l, --label string filter documents by Labels -l, --label string filter documents by Labels

13
pkg/phase/render.go
View File

@ -16,6 +16,7 @@ package phase
import ( import (
"io" "io"
"os"
"strings" "strings"
"opendev.org/airship/airshipctl/pkg/config" "opendev.org/airship/airshipctl/pkg/config"
@ -49,8 +50,11 @@ type RenderCommand struct {
// phase the source will use kustomize root at phase entry point // phase the source will use kustomize root at phase entry point
// config will render a bundle that comes from site metadata file, and contains phase and executor docs // config will render a bundle that comes from site metadata file, and contains phase and executor docs
// executor means that rendering will be delegated to phase executor // executor means that rendering will be delegated to phase executor
Source string Source string
PhaseID ifc.ID // FailOnDecryptionError makes sure that encrypted documents are getting decrypted by avoiding setting
// env variable TOLERATE_DECRYPTION_FAILURES=true
FailOnDecryptionError bool
PhaseID ifc.ID
} }
// RunE prints out filtered documents // RunE prints out filtered documents
@ -58,6 +62,11 @@ func (fo *RenderCommand) RunE(cfgFactory config.Factory, out io.Writer) error {
if err := fo.Validate(); err != nil { if err := fo.Validate(); err != nil {
return err return err
} }
if !fo.FailOnDecryptionError {
os.Setenv("TOLERATE_DECRYPTION_FAILURES", "true")
}
cfg, err := cfgFactory() cfg, err := cfgFactory()
if err != nil { if err != nil {
return err return err