fix: only loading required values when using --dir limit

mxcd · mxcd · commit a11bf9fb5643 · 2024-03-07T10:22:54.000+01:00
diff --git a/internal/secret/loader.go b/internal/secret/loader.go
@@ -52,7 +52,7 @@ func LoadLocalSecretsLimited(targetTypeFilter SecretTargetType, directoryLimit s
 	)
 	for _, secretFileName := range secretFileNames {
 		bar.Add(1)
-		secret, err := FromPath(secretFileName)
+		secret, err := FromPath(secretFileName, directoryLimit)
 		if err != nil {
 			bar.Finish()
 			return nil, err
diff --git a/internal/secret/secret.go b/internal/secret/secret.go
@@ -47,6 +47,7 @@ type Secret struct {
 }
 
 type SecretTargetType string
+
 var SecretTargetTypeVault SecretTargetType = "vault"
 var SecretTargetTypeKubernetes SecretTargetType = "k8s"
 var SecretTargetTypeAll SecretTargetType = "all"
@@ -57,15 +58,15 @@ type SecretFile struct {
 	Name       string            `yaml:"name,omitempty"`
 	Namespace  string            `yaml:"namespace" default:"default"`
 	Type       string            `yaml:"type" default:"Opaque"`
-	Data			 map[string]string `yaml:"data"`
+	Data       map[string]string `yaml:"data"`
 	ID         string            `yaml:"id,omitempty"`
 }
 
 type TemplateData struct {
 	Values map[interface{}]interface{}
 }
 
-func (s *Secret) Load() error {
+func (s *Secret) Load(directoryLimit string) error {
 	if s.Path == "" {
 		return errors.New("secret path is empty")
 	}
@@ -78,7 +79,7 @@ func (s *Secret) Load() error {
 
 	// execute templating on the secret file data
 	data := TemplateData{
-		Values: templating.GetValuesForPath(s.Path),
+		Values: templating.GetValuesForPath(s.Path, directoryLimit),
 	}
 	stringData := string(decryptedFileContent)
 	tmpl, err := template.New(s.Path).Parse(stringData)
@@ -103,7 +104,7 @@ func (s *Secret) Load() error {
 	yaml.UnmarshalStrict(s.BinaryData, &secretFile)
 
 	s.TargetType = secretFile.TargetType
-	
+
 	if secretFile.Target != "" {
 		s.Target = secretFile.Target
 	} else {
@@ -128,13 +129,13 @@ func (s *Secret) Load() error {
 	} else {
 		s.Type = "Opaque"
 	}
-		
+
 	s.Data = secretFile.Data
 
 	if util.GetCliContext().Bool("print") {
 		s.PrettyPrint()
 	}
-	
+
 	return nil
 }
 
@@ -160,16 +161,15 @@ func (s *Secret) PrettyPrint() {
 	}
 }
 
-func FromPath(path string) (*Secret, error) {
-	s := Secret {
+func FromPath(path string, directoryLimit string) (*Secret, error) {
+	s := Secret{
 		Path: path,
 	}
 
-	err := s.Load()
+	err := s.Load(directoryLimit)
 	if err != nil {
 		return nil, err
 	}
 
 	return &s, nil
 }
-
diff --git a/internal/secret/secret_test.go b/internal/secret/secret_test.go
@@ -12,7 +12,7 @@ func TestLoadSecret1(t *testing.T) {
 	secret := Secret {
 		Path: f,
 	}
-	err := secret.Load()
+	err := secret.Load("")
 
 	if err != nil {
 		t.Error(err)
@@ -31,7 +31,7 @@ func TestLoadSecret2(t *testing.T) {
 	secret := Secret {
 		Path: f,
 	}
-	err := secret.Load()
+	err := secret.Load("")
 
 	if err != nil {
 		t.Error(err)
diff --git a/internal/templating/templating.go b/internal/templating/templating.go
@@ -14,26 +14,33 @@ import (
 )
 
 type TemplateValues []*TemplateValuesPath
+
 var templateValues = TemplateValues{}
 
 type TemplateValuesPath struct {
-	Path          string
-	Values        map[interface{}]interface{}
-	MergedValues  map[interface{}]interface{}
+	Path         string
+	Values       map[interface{}]interface{}
+	MergedValues map[interface{}]interface{}
 }
 
 var loaded = false
-func LoadValues() error {
+
+func LoadValues(directoryLimit string) error {
 	log.Trace("Loading values files")
 	secretFiles, err := util.GetSecretFiles()
 	if err != nil {
 		return err
 	}
 	var valuesFiles []string
-	for _, secretFile := range secretFiles {
-		if strings.HasSuffix(secretFile, "values.gitops.secret.enc.yaml") || strings.HasSuffix(secretFile, "values.gitops.secret.enc.yml") {
-			valuesFiles = append(valuesFiles, secretFile)
+	for _, secretFileName := range secretFiles {
+		if !strings.HasSuffix(secretFileName, "values.gitops.secret.enc.yaml") && !strings.HasSuffix(secretFileName, "values.gitops.secret.enc.yml") {
+			continue
+		}
+		if !valuesFileApplicable(secretFileName, directoryLimit) {
+			log.Trace("Skipping values file due to directory filter: ", secretFileName)
+			continue
 		}
+		valuesFiles = append(valuesFiles, secretFileName)
 	}
 
 	for _, valuesFile := range valuesFiles {
@@ -46,8 +53,8 @@ func LoadValues() error {
 		var values map[interface{}]interface{}
 		yaml.UnmarshalStrict(decryptedFileContent, &values)
 		templateValues = append(templateValues, &TemplateValuesPath{
-			Path:    fmt.Sprintf("%s/", filepath.ToSlash(filepath.Dir(valuesFile))),
-			Values:  values,
+			Path:   fmt.Sprintf("%s/", filepath.ToSlash(filepath.Dir(valuesFile))),
+			Values: values,
 		})
 	}
 
@@ -59,20 +66,20 @@ func LoadValues() error {
 func mergeMaps(a, b map[interface{}]interface{}) map[interface{}]interface{} {
 	out := make(map[interface{}]interface{}, len(a))
 	for k, v := range a {
-			out[k] = v
+		out[k] = v
 	}
 	for k, v := range b {
-			// If you use map[string]interface{}, ok is always false here.
-			// Because yaml.Unmarshal will give you map[interface{}]interface{}.
-			if v, ok := v.(map[interface{}]interface{}); ok {
-					if bv, ok := out[k]; ok {
-							if bv, ok := bv.(map[interface{}]interface{}); ok {
-									out[k] = mergeMaps(bv, v)
-									continue
-							}
-					}
+		// If you use map[string]interface{}, ok is always false here.
+		// Because yaml.Unmarshal will give you map[interface{}]interface{}.
+		if v, ok := v.(map[interface{}]interface{}); ok {
+			if bv, ok := out[k]; ok {
+				if bv, ok := bv.(map[interface{}]interface{}); ok {
+					out[k] = mergeMaps(bv, v)
+					continue
+				}
 			}
-			out[k] = v
+		}
+		out[k] = v
 	}
 	return out
 }
@@ -100,9 +107,9 @@ func (t TemplateValues) merge() {
 	}
 }
 
-func GetValuesForPath(path string) map[interface{}]interface{} {
+func GetValuesForPath(path string, directoryLimit string) map[interface{}]interface{} {
 	if !loaded {
-		err := LoadValues()
+		err := LoadValues(directoryLimit)
 		if err != nil {
 			log.Panic(err)
 		}
@@ -125,4 +132,33 @@ func GetValuesForPath(path string) map[interface{}]interface{} {
 	}
 
 	return values
-}
+}
+
+func valuesFileApplicable(secretFile, directoryLimit string) bool {
+	secretFile = filepath.Clean(secretFile)
+	directoryLimit = filepath.Clean(directoryLimit)
+
+	if directoryLimit == "" {
+		return true
+	}
+
+	secretFileParentDir := filepath.Dir(secretFile)
+	secretFileDirectoryElements := strings.Split(secretFileParentDir, string(filepath.Separator))
+	directoryLimitElements := strings.Split(directoryLimit, string(filepath.Separator))
+
+	if len(secretFileDirectoryElements) <= len(directoryLimitElements) {
+		for i, secretFileDirectoryElement := range secretFileDirectoryElements {
+			if secretFileDirectoryElement != directoryLimitElements[i] {
+				return false
+			}
+		}
+	} else {
+		for i, directoryLimitElement := range directoryLimitElements {
+			if directoryLimitElement != secretFileDirectoryElements[i] {
+				return false
+			}
+		}
+	}
+
+	return true
+}
diff --git a/internal/templating/templating_test.go b/internal/templating/templating_test.go
@@ -9,18 +9,18 @@ import (
 
 func TestMapMerge1(t *testing.T) {
 	a := map[interface{}]interface{}{
-		"foo": "bar",
+		"foo":  "bar",
 		"fizz": "buzz",
 	}
 	b := map[interface{}]interface{}{
 		"fizz": "fizz",
 	}
 	c := map[interface{}]interface{}{
-		"foo": "bar",
+		"foo":  "bar",
 		"fizz": "fizz",
 	}
 	d := mergeMaps(a, b)
-	assert.Equal(t, c, d, "Maps should be equal")	
+	assert.Equal(t, c, d, "Maps should be equal")
 }
 
 func TestMapMerge2(t *testing.T) {
@@ -39,7 +39,7 @@ func TestMapMerge2(t *testing.T) {
 		"d": "4",
 	}
 	d := mergeMaps(a, b)
-	assert.Equal(t, c, d, "Maps should be equal")	
+	assert.Equal(t, c, d, "Maps should be equal")
 }
 
 func TestMapMerge3(t *testing.T) {
@@ -55,7 +55,7 @@ func TestMapMerge3(t *testing.T) {
 		"b": 42,
 	}
 	d := mergeMaps(a, b)
-	assert.Equal(t, c, d, "Maps should be equal")	
+	assert.Equal(t, c, d, "Maps should be equal")
 }
 
 func TestMapMerge4(t *testing.T) {
@@ -71,7 +71,7 @@ func TestMapMerge4(t *testing.T) {
 		"b": []interface{}{"2", "3"},
 	}
 	d := mergeMaps(a, b)
-	assert.Equal(t, c, d, "Maps should be equal")	
+	assert.Equal(t, c, d, "Maps should be equal")
 }
 
 func TestTemplateValuesMerge(t *testing.T) {
@@ -159,31 +159,57 @@ func TestTemplateValuesMerge(t *testing.T) {
 	assert.Equal(t, expectedMergedTemplateValues, templateValues, "TemplateValues should be equal")
 }
 
-
 func TestValuesFileLoading(t *testing.T) {
 	c := util.GetDummyCliContext()
 	util.SetCliContext(c)
 	util.ComputeRootDir(c)
-	
-	LoadValues()
-	
+
+	LoadValues("")
+
 	valuesSet1 := map[interface{}]interface{}{
-		"namespace": "gitops-dev",
-		"stage": "dev",
+		"namespace":        "gitops-dev",
+		"stage":            "dev",
 		"databaseUsername": "my-very-strong-username",
 		"databasePassword": "my-very-strong-password",
 	}
 
-	mergedValues1 := GetValuesForPath("test_assets/implicit-name.gitops.secret.enc.yml")
+	mergedValues1 := GetValuesForPath("test_assets/implicit-name.gitops.secret.enc.yml", "")
 	assert.Equal(t, valuesSet1, mergedValues1, "Values should be equal")
 
 	valuesSet2 := map[interface{}]interface{}{
-		"namespace": "gitops-dev",
-		"stage": "sub-dev",
+		"namespace":        "gitops-dev",
+		"stage":            "sub-dev",
 		"databaseUsername": "my-very-strong-username",
 		"databasePassword": "my-very-strong-password",
-		"key": "fooo",
+		"key":              "fooo",
 	}
-	mergedValues2 := GetValuesForPath("test_assets/subdirectory/subdir-secret.gitops.secret.enc.yml")
+	mergedValues2 := GetValuesForPath("test_assets/subdirectory/subdir-secret.gitops.secret.enc.yml", "")
 	assert.Equal(t, valuesSet2, mergedValues2, "Values should be equal")
-}
+}
+
+func TestIsInParentPath(t *testing.T) {
+	tests := []struct {
+		name     string
+		path1    string
+		path2    string
+		expected bool
+	}{
+		{"Direct Parent", "a/b/c.txt", "a/b/d/", true},
+		{"Grandparent", "a/b/c.txt", "a/b/d/e/", true},
+		{"Not a Parent", "a/b/c.txt", "f/g/h/", false},
+		{"Same Directory", "a/b/c.txt", "a/b/", true},
+		{"Root Directory", "c.txt", "/", false},
+		{"Path2 is Parent", "a/b/c/d.txt", "a/b/c", true},
+		{"Nested under filter", "a/b/c/d.txt", "a/", true},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			result := valuesFileApplicable(tt.path1, tt.path2)
+
+			if result != tt.expected {
+				t.Errorf("isInParentPath(%q, %q) = %v; expected %v", tt.path1, tt.path2, result, tt.expected)
+			}
+		})
+	}
+}

Original file line number	Diff line number	Diff line change
`@@ -52,7 +52,7 @@ func LoadLocalSecretsLimited(targetTypeFilter SecretTargetType, directoryLimit s`
`52`	`52`	`)`
`53`	`53`	`for _, secretFileName := range secretFileNames {`
`54`	`54`	`bar.Add(1)`
`55`		`- secret, err := FromPath(secretFileName)`
	`55`	`+ secret, err := FromPath(secretFileName, directoryLimit)`
`56`	`56`	`if err != nil {`
`57`	`57`	`bar.Finish()`
`58`	`58`	`return nil, err`
Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,7 @@ type Secret struct {`
`47`	`47`	`}`
`48`	`48`
`49`	`49`	`type SecretTargetType string`
	`50`	`+`
`50`	`51`	`var SecretTargetTypeVault SecretTargetType = "vault"`
`51`	`52`	`var SecretTargetTypeKubernetes SecretTargetType = "k8s"`
`52`	`53`	`var SecretTargetTypeAll SecretTargetType = "all"`
`@@ -57,15 +58,15 @@ type SecretFile struct {`
`57`	`58`	Name string `yaml:"name,omitempty"`
`58`	`59`	Namespace string `yaml:"namespace" default:"default"`
`59`	`60`	Type string `yaml:"type" default:"Opaque"`
`60`		- Data map[string]string `yaml:"data"`
	`61`	+ Data map[string]string `yaml:"data"`
`61`	`62`	ID string `yaml:"id,omitempty"`
`62`	`63`	`}`
`63`	`64`
`64`	`65`	`type TemplateData struct {`
`65`	`66`	`Values map[interface{}]interface{}`
`66`	`67`	`}`
`67`	`68`
`68`		`-func (s *Secret) Load() error {`
	`69`	`+func (s *Secret) Load(directoryLimit string) error {`
`69`	`70`	`if s.Path == "" {`
`70`	`71`	`return errors.New("secret path is empty")`
`71`	`72`	`}`
`@@ -78,7 +79,7 @@ func (s *Secret) Load() error {`
`78`	`79`
`79`	`80`	`// execute templating on the secret file data`
`80`	`81`	`data := TemplateData{`
`81`		`- Values: templating.GetValuesForPath(s.Path),`
	`82`	`+ Values: templating.GetValuesForPath(s.Path, directoryLimit),`
`82`	`83`	`}`
`83`	`84`	`stringData := string(decryptedFileContent)`
`84`	`85`	`tmpl, err := template.New(s.Path).Parse(stringData)`
`@@ -103,7 +104,7 @@ func (s *Secret) Load() error {`
`103`	`104`	`yaml.UnmarshalStrict(s.BinaryData, &secretFile)`
`104`	`105`
`105`	`106`	`s.TargetType = secretFile.TargetType`
`106`		`-`
	`107`	`+`
`107`	`108`	`if secretFile.Target != "" {`
`108`	`109`	`s.Target = secretFile.Target`
`109`	`110`	`} else {`
`@@ -128,13 +129,13 @@ func (s *Secret) Load() error {`
`128`	`129`	`} else {`
`129`	`130`	`s.Type = "Opaque"`
`130`	`131`	`}`
`131`		`-`
	`132`	`+`
`132`	`133`	`s.Data = secretFile.Data`
`133`	`134`
`134`	`135`	`if util.GetCliContext().Bool("print") {`
`135`	`136`	`s.PrettyPrint()`
`136`	`137`	`}`
`137`		`-`
	`138`	`+`
`138`	`139`	`return nil`
`139`	`140`	`}`
`140`	`141`
`@@ -160,16 +161,15 @@ func (s *Secret) PrettyPrint() {`
`160`	`161`	`}`
`161`	`162`	`}`
`162`	`163`
`163`		`-func FromPath(path string) (*Secret, error) {`
`164`		`- s := Secret {`
	`164`	`+func FromPath(path string, directoryLimit string) (*Secret, error) {`
	`165`	`+ s := Secret{`
`165`	`166`	`Path: path,`
`166`	`167`	`}`
`167`	`168`
`168`		`- err := s.Load()`
	`169`	`+ err := s.Load(directoryLimit)`
`169`	`170`	`if err != nil {`
`170`	`171`	`return nil, err`
`171`	`172`	`}`
`172`	`173`
`173`	`174`	`return &s, nil`
`174`	`175`	`}`
`175`		`-`