Skip to content

Commit

Permalink
Add -d to decode secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@howardjohn
howardjohn committed Oct 28, 2021
1 parent 50d310c commit 7cb0233
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 6 deletions.
5 changes: 4 additions & 1 deletion cmd/cmd.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ var (
unlist = false
summary = false
clean = false
decode = false
regex = ""
invertRegex = false
insensitiveRegex = false
Expand Down Expand Up @@ -44,7 +45,7 @@ var rootCmd = &cobra.Command{
selector.Regex = rx
selector.InvertRegex = invertRegex
}
if err := pkg.GrepResources(selector, cmd.InOrStdin(), cmd.OutOrStdout(), dm); err != nil {
if err := pkg.GrepResources(selector, cmd.InOrStdin(), cmd.OutOrStdout(), dm, decode); err != nil {
return err
}
return nil
Expand All @@ -58,6 +59,8 @@ func init() {
"Summarize output")
rootCmd.PersistentFlags().BoolVarP(&clean, "clean", "n", clean,
"Cleanup generate fields")
rootCmd.PersistentFlags().BoolVarP(&decode, "decode", "d", decode,
"Decode base64 fields in Secrets")

rootCmd.PersistentFlags().StringVarP(&regex, "regex", "r", regex,
"Raw regex to match against")
Expand Down
42 changes: 37 additions & 5 deletions pkg/grep.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package pkg

import (
"bufio"
"encoding/base64"
"fmt"
"io"
"regexp"
Expand Down Expand Up @@ -113,7 +114,7 @@ const (
CleanStatus
)

func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode) error {
func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode, decode bool) error {
output := func(d string) {
_, _ = fmt.Fprint(out, d)
}
Expand All @@ -129,7 +130,7 @@ func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode)
return fmt.Errorf("failed to read document: %v", err)
}
// Optimization: Do not do YAML marshal if not needed
if sel.MatchesAll() && mode == Full {
if sel.MatchesAll() && mode == Full && !decode {
if !first {
fmt.Fprint(out, "---\n")
}
Expand All @@ -146,12 +147,16 @@ func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode)
if !obj.Empty() {
output(obj.String() + "\n")
}
} else if mode == Clean || mode == CleanStatus {
} else if mode == Clean || mode == CleanStatus || decode {
raw := genericMap{}
if err := yaml.Unmarshal(text, &raw); err != nil {
return err
}
o, err := yaml.Marshal(strip(raw, mode))
raw = strip(raw, mode)
if decode && obj.Kind == "Secret" {
raw = decodeSecret(raw)
}
o, err := yaml.Marshal(raw)
if err != nil {
return err
}
Expand All @@ -174,7 +179,34 @@ func GrepResources(sel Selector, in io.Reader, out io.Writer, mode DisplayMode)
return nil
}

func strip(raw genericMap, mode DisplayMode) interface{} {
func decodeSecret(raw genericMap) genericMap {
data, ok := raw["data"]
if !ok {
return raw
}
gm, ok := data.(genericMap)
if !ok {
return raw
}
for k, v := range gm {
gm[k] = base64Decode(v)
}
return raw
}

func base64Decode(d interface{}) interface{} {
t, ok := d.(string)
if !ok {
return d
}
b, err := base64.StdEncoding.DecodeString(t)
if err != nil {
return d
}
return string(b)
}

func strip(raw genericMap, mode DisplayMode) genericMap {
if mode == Clean || mode == CleanStatus {
deleteNested(raw, "metadata", "annotations", "kubectl.kubernetes.io/last-applied-configuration")
deleteNested(raw, "metadata", "generation")
Expand Down

0 comments on commit 7cb0233

Please sign in to comment.