feat: refactor KsDecode to handle stringData and data nodes (#543)

yxxhero · web-flow · commit a9480c55980b · 2024-10-14T08:25:46.000+08:00
* feat: refactor KsDecode to handle stringData and data nodes

Signed-off-by: yxxhero &lt;aiopsclub@163.com&gt;

* feat(secret): remove sensitive data from secret file

Signed-off-by: yxxhero &lt;aiopsclub@163.com&gt;

---------

Signed-off-by: yxxhero &lt;aiopsclub@163.com&gt;
diff --git a/cmd/vals/main.go b/cmd/vals/main.go
@@ -227,7 +227,7 @@ the vals-eval outputs onto the disk, for security reasons.`)
 			if *export {
 				l = "export " + l
 			}
-			fmt.Fprintln(os.Stdout, l)
+			_, _ = fmt.Fprintln(os.Stdout, l)
 		}
 	case CmdKsDecode:
 		evalCmd := flag.NewFlagSet(CmdKsDecode, flag.ExitOnError)
@@ -269,9 +269,15 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) {
 
 	var res yaml.Node = node
 
-	var kk yaml.Node
-	var vv yaml.Node
-	var ii int
+	// record the original data node
+	var datakk yaml.Node
+	var datavv yaml.Node
+	var dataii int
+
+	// record the original stringData node
+	var stringDatakk yaml.Node
+	var stringDatavv yaml.Node
+	var stringDataii int
 
 	isSecret := false
 	mappings := node.Content[0].Content
@@ -285,16 +291,32 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) {
 		}
 
 		if k.Value == "data" {
-			ii = i
-			kk = *k
-			vv = *v
+			dataii = i
+			datakk = *k
+			datavv = *v
+		}
+		if k.Value == "stringData" {
+			stringDataii = i
+			stringDatakk = *k
+			stringDatavv = *v
 		}
 	}
 
-	if isSecret && !kk.IsZero() {
-		kk.Value = "stringData"
+	// if not a secret, just return the node
+	if !isSecret {
+		return &res, nil
+	}
 
-		v := vv
+	// if data node not exists, just return the node
+	if datakk.IsZero() {
+		return &res, nil
+	}
+
+	// stringData node not exists
+	if stringDatakk.IsZero() {
+		datakk.Value = "stringData"
+
+		v := datavv
 		nestedMappings := v.Content
 		v.Content = make([]*yaml.Node, len(v.Content))
 		for i := 0; i < len(nestedMappings); i += 2 {
@@ -309,10 +331,35 @@ func KsDecode(node yaml.Node) (*yaml.Node, error) {
 			v.Content[i+1] = nestedMappings[i+1]
 		}
 
-		res.Content[0].Content[ii] = &kk
-		res.Content[0].Content[ii+1] = &v
+		res.Content[0].Content[dataii] = &datakk
+		res.Content[0].Content[dataii+1] = &v
+		return &res, nil
+	}
+
+	// stringData and data node exist in the mean time
+	dv := datavv
+	sv := stringDatavv
+	dNestedMappings := dv.Content
+	for i := 0; i < len(dNestedMappings); i += 2 {
+		b64 := dNestedMappings[i+1].Value
+		decoded, err := base64.StdEncoding.DecodeString(b64)
+		if err != nil {
+			return nil, err
+		}
+		// replace the value of the nested mapping
+		dNestedMappings[i+1].Value = string(decoded)
+
+		sv.Content = append(sv.Content, dNestedMappings[i])
+		sv.Content = append(sv.Content, dNestedMappings[i+1])
 	}
 
+	// replace the stringData node
+	res.Content[0].Content[stringDataii] = &stringDatakk
+	res.Content[0].Content[stringDataii+1] = &sv
+
+	// remove the data node
+	res.Content[0].Content = append(res.Content[0].Content[:dataii], res.Content[0].Content[dataii+2:]...)
+
 	return &res, nil
 }
 
diff --git a/cmd/vals/main_test.go b/cmd/vals/main_test.go
@@ -10,9 +10,12 @@ import (
 func TestKsDecode(t *testing.T) {
 	in := `data:
   foo: Rk9P
+stringData:
+  bar: BAR
 kind: Secret
 `
 	outExpected := `stringData:
+  bar: BAR
   foo: FOO
 kind: Secret
 `
diff --git a/io.go b/io.go
@@ -87,7 +87,7 @@ func Output(output io.Writer, format string, nodes []yaml.Node) error {
 			if err != nil {
 				return err
 			}
-			fmt.Fprintln(output, string(bs))
+			_, _ = fmt.Fprintln(output, string(bs))
 		} else {
 			encoder := yaml.NewEncoder(output)
 			encoder.SetIndent(2)
@@ -97,7 +97,7 @@ func Output(output io.Writer, format string, nodes []yaml.Node) error {
 			}
 		}
 		if i != len(nodes)-1 {
-			fmt.Fprintln(output, "---")
+			_, _ = fmt.Fprintln(output, "---")
 		}
 	}
 	return nil
diff --git a/pkg/log/log.go b/pkg/log/log.go
@@ -25,5 +25,5 @@ func New(c Config) *Logger {
 }
 
 func (l *Logger) Debugf(msg string, args ...interface{}) {
-	fmt.Fprintf(l.output, msg+"\n", args...)
+	_, _ = fmt.Fprintf(l.output, msg+"\n", args...)
 }
diff --git a/pkg/providers/vault/kv_helper.go b/pkg/providers/vault/kv_helper.go
@@ -2,6 +2,7 @@ package vault
 
 import (
 	"errors"
+	"net/http"
 	"path"
 	"strings"
 
@@ -30,7 +31,7 @@ func kvPreflightVersionRequest(client *api.Client, path string) (string, int, er
 	if err != nil {
 		// If we get a 404 we are using an older version of vault, default to
 		// version 1
-		if resp != nil && resp.StatusCode == 404 {
+		if resp != nil && resp.StatusCode == http.StatusNotFound {
 			return "", 1, nil
 		}
 

Original file line number	Diff line number	Diff line change
`@@ -10,9 +10,12 @@ import (`
`10`	`10`	`func TestKsDecode(t *testing.T) {`
`11`	`11`	in := `data:
`12`	`12`	`foo: Rk9P`
	`13`	`+stringData:`
	`14`	`+ bar: BAR`
`13`	`15`	`kind: Secret`
`14`	`16`	`
`15`	`17`	outExpected := `stringData:
	`18`	`+ bar: BAR`
`16`	`19`	`foo: FOO`
`17`	`20`	`kind: Secret`
`18`	`21`	`
Original file line number	Diff line number	Diff line change
`@@ -87,7 +87,7 @@ func Output(output io.Writer, format string, nodes []yaml.Node) error {`
`87`	`87`	`if err != nil {`
`88`	`88`	`return err`
`89`	`89`	`}`
`90`		`- fmt.Fprintln(output, string(bs))`
	`90`	`+ _, _ = fmt.Fprintln(output, string(bs))`
`91`	`91`	`} else {`
`92`	`92`	`encoder := yaml.NewEncoder(output)`
`93`	`93`	`encoder.SetIndent(2)`
`@@ -97,7 +97,7 @@ func Output(output io.Writer, format string, nodes []yaml.Node) error {`
`97`	`97`	`}`
`98`	`98`	`}`
`99`	`99`	`if i != len(nodes)-1 {`
`100`		`- fmt.Fprintln(output, "---")`
	`100`	`+ _, _ = fmt.Fprintln(output, "---")`
`101`	`101`	`}`
`102`	`102`	`}`
`103`	`103`	`return nil`
Original file line number	Diff line number	Diff line change
`@@ -25,5 +25,5 @@ func New(c Config) *Logger {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`func (l *Logger) Debugf(msg string, args ...interface{}) {`
`28`		`- fmt.Fprintf(l.output, msg+"\n", args...)`
	`28`	`+ _, _ = fmt.Fprintf(l.output, msg+"\n", args...)`
`29`	`29`	`}`