controllers: improve decryptor and add tests #619
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hiddeco
added
enhancement
hiddeco
force-pushed
the
kustomize-decryptor-impr
branch
2 times, most recently
from
db389a4
to
15a45e3
Compare
pjbgf
approved these changes
Apr 14, 2022
- Refactored recursion while iterating over Kustomization files. References of files that have been visited are cached, and not visited again. In addition, symlinks are confirmed to not traverse outside the working directory. - Optimized various bits around (un)marshalling (encrypted) data, and YAML -> JSON -> YAML roundtrips are prevented where not required. - Added support for decrypting INI Kustomize EnvSource references using the dedicated SOPS store for the format. - Introduced support for decrypting Kustomize FileSources: https://pkg.go.dev/sigs.k8s.io/kustomize@v1.0.2/pkg/types#DataSources Signed-off-by: Hidde Beydals <hello@hidde.co>
hiddeco
force-pushed
the
kustomize-decryptor-impr
branch
from
15a45e3
to
105ebd9
Compare
stefanprodan
approved these changes
Apr 14, 2022
seh
reviewed
Apr 26, 2022
| // sopsFormatToMarkerBytes contains a list of formats and their byte | ||
| // order markers, used to detect if a Secret data field is SOPS' encrypted. | ||
| sopsFormatToMarkerBytes = map[formats.Format][]byte{ | ||
| // formats.Binary is a JSON envelop at encrypted rest |
There was a problem hiding this comment.
Suggested change
| // formats.Binary is a JSON envelop at encrypted rest | |
| // formats.Binary is a JSON envelope. |
seh
reviewed
Apr 26, 2022
| // file it is called with. | ||
| // After a successful decrypt, the absolute path of the file is added to the | ||
| // given map. | ||
| func (d *KustomizeDecryptor) decryptKustomizationEnvSources(visited map[string]struct{}) visitKustomization { |
There was a problem hiding this comment.
See #636 for a few revisions to this method.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
References of files that have been visited are cached, and not
visited again.
YAML -> JSON -> YAML roundtrips are prevented where not required.
the dedicated SOPS store for the format.
https://pkg.go.dev/sigs.k8s.io/kustomize@v1.0.2/pkg/types#DataSources